Module Review 11.1
1. What can be done to improve e-commerce security on the Internet? Give several examples of security measures, and technologies you would use.
As we know that the IT department is responsible for all kinds of stuff that are related to the computer especially the security. So, managers in business think the security is only IT department jobs which is not true, fail to remember that the "I" in IT stands for "information." Therefore, information is the lifeblood of any business. If anyone out of business network gain access to it, all departments is going to be suffered and have bad consequences. We know that It department the one that is in charge for the most ...view middle of the document...
Be suspicious of unexpected emails that include attachments whether they are from a known source or not. Another step is to protect your computer from Internet intruders by using firewalls. There are two forms of firewalls: software firewalls that run on your personal computer, and hardware firewalls that protect computer networks, or groups of computers.
2. What potential security problems do you see in the increasing use of intranets and extranets in business? What might be done to solve such problems? Give several examples.
While companies have been realizing massive benefits with the tying together of disparate business functions through intranets and extranets, companies must also realize certain security issues exist.
Most notable of these problems is that, while different business units may be able to use the intranet and extranet to share and gather information, business information has several levels of importance. Internal data is information used on a daily basis which has only minor damaging effects if released into the wrong hands; proprietary information is of a more sensitive nature and might include patentable ideas, process drawings, and so forth; and private data belongs to individuals and could fall under disclosure laws such as HIPAA. These are only a few examples, but without proper data security management, companies might find more important and thus more damaging data in the hands of those less scrupulous or at least less trustable. A company's shipping department does not need to have cash flow analyses for the past three years, but someone in that shipping department may find a rather lucrative trade in sensitive company data. Proper access control based around least-permissions rules (only enough access to do one's job and no more) serve to segregate and protect sensitive data from less-sensitive areas and people.
Additionally, one need only look at TJX, the parent company of TJ Maxx, to see the effects of loose security protocols in a corporate intranet. TJX, owing to lax wireless security, allowed several million credit cards to be stolen over a period of several months, costing many banks and a not-insignificant number of people serious financial damage, in card replacement, fraud, and other related expenses. Data breaches are becoming ever more common in an environment of increasingly-coupled intranets and extranets; while good security practices can mitigate damage in an attack, the evidence is not encouraging on the idea that good security is a perfect barrier against all threats.
There are however good inroads to be made with coupling industrial-grade security with intranets and extranets. Increasing data segregation, improving the secure interfaces between the company and the outside world, and controlling the spread of any attack; these are all good ways to minimize data loss. Secure programming practices, which emphasize a security-first design and programming model, decrease the attack surface of...