In: Categories » Computers and technology » Data security » E Commerce Solutions Create New Security Responsibilities
| The breadth of information security in e-commerce applications is broader than you might expect. Many system architects and developers are accustomed to thinking about security as a low-level topic, dealing only with networks, firewalls, operating systems, and cryptography. However, e-commerce is changing the risk levels associated with deploying software, and, as a consequence, security becomes an important design issue for any software component. The scope of e-commerce security is so broad because these applications typically cut across lines of business. There are many examples of new business models that drive security needs:
E-CommerceE-commerce sites on the Internet rely on credit card authorization services from an outside company. A federated relationship between an e-commerce company and a credit card service depends on trustworthy authenticated communication. Cross-Selling and Customer Relationship ManagementCross-selling and customer relationship management rely on customer information being shared across many lines of business within an enterprise. Cross-selling allows an enterprise to offer a customer new products or services based on existing sales. Customer relationship management allows the enterprise to give consistent customer support across many different services. These e-commerce services are very valuable, but if they are not properly constrained by security policies, the services may violate a customer’s wishes for privacy. Supply Chain ManagementSupply chain management requires continuing communication among all of the suppliers in a manufacturing chain to ensure that the supply of various parts is adequate to meet demand. The transactions describing the supply chain that are exchanged among the enterprises contain highly proprietary data that must be protected from outside snooping. Bandwidth on DemandBandwidth on demand allows customers to make dynamic requests for increases in the quality of a telecommunication service and to get instant results. Bandwidth on demand is an example of self-administration, where users handle many of their own administrative functions rather than relying on an administrator within the enterprise to do it for them. Self-administration provides better service for customers at a lower cost, but comes with significant security risks. Because corporate servers that were previously available to system administrators are now accessible by end users, security mechanisms must be in place to ensure that sensitive administrative functions are off-limits. In each of the cases previously described, one enterprise or line of business can expose another organization to increased security risk. For example, a partner can unintentionally expose your business to security attack by providing their customers access to your business resources. As a result, security risk is no longer under the complete control of a single organization. Risks must be assessed and managed across a collection of organizations, which is a new and very challenging security responsibility.
 |
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
Spoofing is the term hackers use to describe the act of faking information sent to a computer. This is a broad definition of spoofing, but there are many subtle variations of this attack. However, the purpose is generally the same: to disguise the location from which the attack originates. Session hijacking takes the act of spoofing one step further. It involves the faking of one's identity in order to take over a connection that is already established. Because spoofing is required in order to successfully hijack a conn...
2. Which Are The Most Common Network Security Risks
A network security incident isany network-related activity with negative security implications. Security incidents on the Internet can come in all shapes and sizes, launched from specific systems or networks. An intrusion may be a comparatively minor event involving a single site or a major event in which tens of thousands of sites are compromised. A typical attack pattern consists of gaining access to a user's account and using the victim's system as a launch platform for attacks on other sites. The following are other example...
3. The Most Common Network Security Tools and Technologies
The following taxonomy is useful in understanding the security systems, technologies and authentication tools widely available to support secure transmission and storage of information in a networked e-business environment. Firewalls Firewalls are used to keep a network secure from intruders. A firewall is a network node consisting of both hardware and software that isolates a private network. In order to understand how a firewall works, one should have an understanding of packets, IP addresses and DoS attacks. Howev...
4. Securing Multiple Servers and Domains with SSL
As organizations and service providers enhance their Web sites and extranets with newer technology to reach larger audiences, server configurations have become increasingly complex. They must now accommodate: Redundant server backups that allow Web sites and extranets to maximize site performance by balancing traffic loads among multiple servers Organizations running multiple servers to support multiple site names Organizations running multiple servers to support a s...
5. How to protect against Unexpected Inputs
When you surf the Internet, you download one of two types of Web pages to your computer: static or dynamic. A static Web page sits on a Web server until a client computer sends a request for it. Once requested, the Web page is then downloaded to the client computer exactly as it was created, where the Web browser then views the page. A static Web page is really nothing more than a brochure or advertisement, and does not allow the true power of the Internet to be expressed. However, a static page is relatively safe from hackers....
6. What are Buffer Overflows
Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is. A computer program consists of many different variables, or value holders. As a program is executed, these different variables are assigned a specific amount of memory as required by the type of information the variable is expected to hold. For example, a short integer ...
7. Protecting the Security of Information
The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathemati...
8. Why Is Authenticated SSL Necessary
Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade. In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between ...