Page 336 - Introduction to Electronic Commerce and Social Commerce
P. 336
10.8 Implementing Enterprisewide E-Commerce Security 323
Senior Management Security Policies Security Procedures Security Tolls:
Commitment & Support & Training & Enforcement Hardware & Software
Figure 10.10 Enterprisewide EC security and privacy process
A related assessment is the business impact analysis. Shoppers’ Negligence
Business impact analysis (BIA) refers to an analysis of the
impact of losing the functionality of an EC activity (e.g., Many online shoppers are not taking the necessary (but incon-
e-procurement, e-ordering) to an organization. Once such venient) precautions to avoid becoming victims of identity
risks are computed, the organization should focus its defense theft or fraud.
strategy on the largest risks.
Ignoring EC Security Best Practices
Ethical Issues
Many companies do not have prudent IT security manage-
ment or employee security awareness. Many widespread
Implementing security programs raises several ethical issues.
threats in the United States stem from the lack of user aware-
First, some people are against the monitoring of any indi-
vidual’s activities. Imposing certain controls is seen by some ness of malware and hacking attacks.
as a violation of freedom of speech or other civil rights. A
survey by the Gartner Group found that even after the terror- Design and Architecture Issues
ist attacks of September 11, 2001, only 26% of Americans
approved a national ID database. Many even consider using It is well known that preventing vulnerability during the EC
design and pre-implementation stage is far less expensive
biometrics to be a violation of privacy.
Handling the privacy versus security dilemma is diffi- than mitigating problems later; unfortunately, such preven-
tion is not always made. Even minor design errors can
cult. There are other ethical and legal obligations that may
require companies to “invade the privacy” of employees and increase hacking.
monitor their actions. In particular, IT security measures are
needed to protect against loss, liability, and litigation. Lack of Due Care in Business Practices
Another reason for the difficulty is the lack of due care in
Why Is It Difficult to Stop Internet Crime? conducting many business processes (e.g., in crowdsourc-
ing). The standard of due care is the minimum and custom-
ary practice that a company is reasonably expected to take to
The following are the major reasons Internet crime is so
difficult to stop. protect the company and its resources from possible risks.
For a major survey see PWC (2013).
Making Shopping Inconvenient
Protecting Mobile Devices, Networks,
Strong EC security may make online shopping inconvenient and Applications
and may slow shopping time as well. Therefore, shoppers may
not like some security measures.
With the explosive growth of mobility and m-commerce comes
the task of protecting these systems from the security problems
Lack of Cooperation by Business Partners described earlier in this chapter and from some new ones.
There is a potential lack of cooperation from credit card issu- Mobile Security Issues
ers, suppliers, local and especially foreign ISPs, and other
business partners. If the source ISP would cooperate and sus- Typical security issues range from wireless transmissions not
pend the hacker’s access, it would be very difficult for hack- being encrypted, to lack of firewalls or passwords on mobile
ers to gain access to the systems. devices, or connecting to an unsecured WiFi network.
