E-Commerce: Software, Security, Payments, & Planning


Security Overview One of the biggest issues that exist online is the security of information on a computer. There are two main types of security that have to be considered: physical and logical. Physical security is what is being done to protect the actual hardware of the server, while logical security is what the impact an issue can have on customers to the site. Some of the different things to look at are how the company manages risk, the elements of the security the company has in place, and the company's security policy and integration of security. A company can manage the risks of various events that could occur on the Web, the main two being eavesdroppers, which will gather information in an unethical manner; and thieves, which use information gathered to obtain items by stealing through various download methods. Some elements of computer security include secrecy, integrity, and necessity. Secrecy is when a business protects data from being obtained without consent. Integrity is when a company prevents its data from being modified in order to alter the original use of that data. Necessity is when a company makes sure that the information it shares makes it to its targeted recipient without delay or the request to send it being denied. Most all companies that do business online have a security policy that states what items are protected and why, who is in charge of monitoring the protection, and the norms of the company. There are five areas that are usually addressed, which include: Physical security Network security Access authorization Virus protection Disaster recovery. At a minimum, a security policy should address the following requirements: Secrecy Integrity Availability Key management Nonrepudiation Authentication Although it is impossible to make sure there is no way to access secured information through any means, if a company places enough barriers in front of the information, it will make it harder for someone to gain unauthorized access to the information.	Organizations Promoting Computer Security There have been many organizations formed simply for the purpose of sharing information about vaious security issues and how to combat them. One of the most well known organizations is CERT, or the Computer Emergency Response team. The main role of CERT is to "maintain an effictive and quick communications infrastructure among security experts to avoid or prevent security issues." It also alerts Internet users of new security threats so they can keep their information safe from the newest threats. There are a multitude of organizations that have formed with the same purpose in mind. Some of them are the SANS Institute, CERIAS, the Center for Internet Security, Microsoft Security Research Group, CSO Online, and the U.S. Department of Justice's Cybercrimes. Although each may serve various purposes, their main goal is to ensure security on the Web. Although the term "hacker" usually has a negative connotation behind it, there are some people who do this in an ethical manner in a field called computer forensics. Many companies use this service to make sure they have secured their information as much as possible without any loopholes that hackers may be able to find.
Previous Topic: Software	Client/Server Security	Communication Security	Next Topic: Payments
Copyright 2010, Albert Smarowsky	Site Map	Home	Contact

Security Overview

One of the biggest issues that exist online is the security of information on a computer. There are two main types of security that have to be considered: physical and logical. Physical security is what is being done to protect the actual hardware of the server, while logical security is what the impact an issue can have on customers to the site. Some of the different things to look at are how the company manages risk, the elements of the security the company has in place, and the company's security policy and integration of security.

A company can manage the risks of various events that could occur on the Web, the main two being eavesdroppers, which will gather information in an unethical manner; and thieves, which use information gathered to obtain items by stealing through various download methods.

security

Some elements of computer security include secrecy, integrity, and necessity. Secrecy is when a business protects data from being obtained without consent. Integrity is when a company prevents its data from being modified in order to alter the original use of that data. Necessity is when a company makes sure that the information it shares makes it to its targeted recipient without delay or the request to send it being denied.

Most all companies that do business online have a security policy that states what items are protected and why, who is in charge of monitoring the protection, and the norms of the company. There are five areas that are usually addressed, which include:

Physical security
Network security
Access authorization
Virus protection
Disaster recovery.

At a minimum, a security policy should address the following requirements:

Secrecy
Integrity
Availability
Key management
Nonrepudiation
Authentication

Although it is impossible to make sure there is no way to access secured information through any means, if a company places enough barriers in front of the information, it will make it harder for someone to gain unauthorized access to the information.

Organizations Promoting Computer Security

There have been many organizations formed simply for the purpose of sharing information about vaious security issues and how to combat them. One of the most well known organizations is CERT, or the Computer Emergency Response team.

The main role of CERT is to "maintain an effictive and quick communications infrastructure among security experts to avoid or prevent security issues." It also alerts Internet users of new security threats so they can keep their information safe from the newest threats.

There are a multitude of organizations that have formed with the same purpose in mind. Some of them are the SANS Institute, CERIAS, the Center for Internet Security, Microsoft Security Research Group, CSO Online, and the U.S. Department of Justice's Cybercrimes. Although each may serve various purposes, their main goal is to ensure security on the Web.

Although the term "hacker" usually has a negative connotation behind it, there are some people who do this in an ethical manner in a field called computer forensics. Many companies use this service to make sure they have secured their information as much as possible without any loopholes that hackers may be able to find.

forensics

Previous Topic: Software

Client/Server Security

Communication Security

Next Topic: Payments

Site Map

Home

Contact