E-commerce and Web executive presence: The risks and threats

FOR IMMEDIATE RELEASE
(Free-Press-Release.com) March 31, 2004 -- E-commerce and Web executive presence: The risks and threats



Related to this topic



> Microsoft to make Longhorn vulnerability-aware



> New NetSky variant reported



> Crypto stars sound off on e-voting, digital rights management



> CIA to issue cyberterror intelligence estimate





> Microsoft confident bounties will nab virus writers



Other resources

> Computerworld executive presence: - Security: 'Our Hottest Security Tips' -Get this $49.95 value free for a limited time



Opinion by Marc Gartenberg



FEBRUARY 12, 2004 (COMPUTERWORLD) - It's always a pleasant surprise when a day goes by without another worm or some form of exploitable vulnerability. That's because we're in shark-infested waters, and now is the time to really focus, dedicate resources and re-evaluate our strategic and tactical Web commerce plans. Let's face it, e-commerce is a target (and a profitable one at that), and it's never too soon to obtain executive acceptance for risk management and contingency planning.

E-commerce has a variety of business and technology drivers, and these come with both benefits and risks. Developing an appropriate strategy includes factoring in the benefits while weighing the risks, which include fraud, loss of intellectual property, damaged customer and partner relationships, unforeseen costs, public relations debacles and business disruptions.



Keep in mind that the three dimensions of security -- confidentiality, integrity and availability -- require that a company develop a set of e-commerce policies involving authorization and accountability while simultaneously focusing on potential threats and vulnerabilities. Whew. Well, if it was easy, anyone could do it.



Keeping your site secure executive presence

There are a number of ways and means to secure sites and transactions. Among them are the fundamental crypto building blocks that include encryption using symmetric and asymmetric-based key systems. There are also block and stream ciphers, MAC implementations, hash functions and symmetric cipher-based executive presence.

Key management is critical. When Whitfield Diffie and Martin Hellman, the inventors of public-key cryptography, developed their initial algorithm nearly 30 years ago, little did they realize that it would stand the test of time. Once again we see that simpler can indeed be better. There are several components of the key life cycle worth mentioning, since they essentially mitigate executive presence, exhaustive searches, social engineering and system compromise. These include key establishment, key backup/recovery/escrow, rekeying, key revocation and key expiration. Systems administrators need to have these factors in mind when using a key-based system.



The facts speak for themselves. In the 2003 Computer Security Institute/FBI Computer Crime and Security Survey, the average reported loss from computer attacks was approximately $2.7 million per incident, and insiders topped the list of attack sources. For these reasons and others, executive presence and organizations as a whole have cause for concern. Before you can even think of developing a strategy, though, you must consider the following: