You are in the: Small Business Computing Channelarrow
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

http://www.ecommerce-guide.com/news/trends/article.php/125561

Back to Article

Let's Talk About Threats... Installment One
By Mark Merkow, CCP, CISSP
October 8, 1998

So What Can You Do?

John Wylder, a senior vice president for information technology at SunTrust Service, one of the larger banks in Atlanta, has said, "The key to making sure you have the right security is not so much knowing the features of all the products. It''s really just understanding what kind of Internet use creates what kinds of threats-and matching products to those threats."

Following his own advice, Wylder along with other IT executives, developed a list of nine basic threats to Web sites as part of the Open User Recommended Solutions (OURS) Task Force, a Chicago-based committee of 60 corporate users and computer vendors. Over the next few weeks we''ll look at ways you can protect yourself from these specific e-commerce related threats on Web resources:

  • Data destruction - The accidental or malicious loss of data on a Web site and the interception of data flowing from or to the Web site, whether this data be encrypted or not.
  • Interference - The derailing of a Web site by rerouting data intended for a site or overloading a site with data not intended for it, thus crippling the server.
  • Modification - The altering of incoming or outgoing data for a particular Web site, whether intentional or not. A particularly pernicious hazard since modification is difficult to detect in large transmissions.
  • Misrepresentation - The kind of electronic posturing that is the source of so many stories about bogus Web sites, where the perpetrator hands out false credentials, perhaps creating a counterfeit Web site to siphon off traffic intended for a legitimate destination.
  • Repudiation - The denial on the part of a consumer or customer that an on-line order was ever placed or the goods ever received.
  • Accidental use - The inadvertent misuse of a Web site by a bonafide user.
  • Unauthorized altering or downloading - The inappropriate use of data, whether copying or updating, by someone without the proper security rights.
  • Unauthorized transactions - Any use of a Web site by someone without approval.
  • Unauthorized disclosure - The viewing of data without the appropriate permissions.

Most experts in the field of electronic security agree that before a company rushes out to purchase firewall software or invests heavily in encryption services, it should first assess the sensitivity of its various data and consider the potential loss of this data to any of the threats listed above.

Start thinking about these risks as they pertain to your site and bring some ideas ''to the table''. If you want to share these ideas with me, please send them my way. See you in two weeks!


  Go to page: Prev  1  2  3  4