A Security Risk Management Approach for E Commerce.Pdf

In: Computers and Technology

Submitted By ridx
Words 2218
Pages 9
A security risk management approach for e-commerce

M. Warren School of Information Technology, Deakin University, Geelong, Australia W. Hutchinson School of Computer and Information Science, Edith Cowan University, Mt Lawley, Australia


Electronic commerce, Risk analysis, Information systems

Information systems are now heavily utilized by all organizations and relied upon to the extent that it would be impossible to manage without them. This has been encapsulated by the recent development of e-commerce in a consumer and business environment. The situation now arises that information systems are at threat from a number of security risks and what is needed is a security method to allow for these risks to be evaluated and ensure that appropriate security countermeasures are applied.


E-commerce security is a complex issue; it is concerned with a number of security risks that can appear at either a technical level or organisational level. This paper uses a systemic framework, the viable system model (VSM) to determine the high level security risks and then uses baseline security methods to determine the lower level security risks.

Security methods
The aim of the research was too combine a information systems modeling method with a baseline security method to form a hybrid security method. This method could be used to evaluate high and low level security risks associated with e-commerce. The methods used in this model are the viable system model (VSM) and baseline security approach. The VSM is used to model an organisation's basic functions and associated data flows, whilst the baseline security approach is used to implement appropriate security countermeasures.

The viable system model (VSM)

Information Management & Computer Security 11/5 [2003] 238-242 # MCB UP Limited [ISSN 0968-5227] [DOI…...

Similar Documents

Risk Management

...MANAGEMENT Risk Management In Banks R.S. Raghavan < E X E C U T I V E ◆Risk is inherent in any walk of life in general and in financial sectors in particular. Till recently, due to regulated environment, banks could not afford to take risks. But of late, banks are exposed to same competition and hence are compeled to encounter various types of financial and non-financial risks. Risks and uncertainties form an integral part of banking which by nature entails taking risks. There are three main categories of risks; Credit Risk, Market Risk & Operational Risk. Author has discussed U M M A R Y > in detail. Main features of these risks as well as some other categories of risks such as Regulatory Risk and Environmental Risk. Various tools and techniques to manage Credit Risk, Market Risk and Operational Risk and its various component, are also discussed in detail. Another has also mentioned relevant points of Basel’s New Capital Accord’ and role of capital adequacy, Risk Aggregation & Capital Allocation and Risk Based Supervision (RBS), in managing risks in banking sector. effectively controlled and rightly managed. Each transaction that the bank undertakes changes the risk profile of the bank. The extent of calculations that need to be performed to understand the impact of each such risk on the transactions of the bank makes it nearly impossible to continuously update the risk calculations. Hence,......

Words: 8623 - Pages: 35

Risk Management Security

...Project Part 1 Task 2 Risk Management Plan Alen Kovacevic C. Wyrick IS3110 January 29, 2013 Purpose The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP). Scope The risk management plan is for the organization use only and its network, including remote access company owned building in United States. Outside sources from this scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to the fact that the outside source may not protected to interact with other outside sources allowing hackers to infiltrate your system and steal important files. Compliances Federal Information Security Management Act (FISMA) compliance is required for federal agencies to protect their important information. Department of Homeland Security (DHS) compliance is to be required for protection to the United States against terrorists. There are other......

Words: 1365 - Pages: 6

Risk Management

...information security and for managing information system-related security risks (National Institute of Standards and Technology, 2010). One common methodology for implementing information security is known as Certification and Accreditation. Certification and Accreditation is a process that ensures that systems and major applications adhere to formal and established security requirements that are well documented and authorized (Tipton & Krause, 2007). In order to improve information security, strengthen risk management processes, guarantee standardization, and enforce federal policies, the National Institute of Standards and Technology (NIST) partnered with the Department of Defense to transform the traditional Certification and Accreditation (C&A) process into the six-step Risk Management Framework (RMF) (National Institute of Standards and Technology, 2010). The Risk Management Framework provides a structured, yet flexible approach for managing risk to the business processes of a federal organization; however, these principles are crucial to both federal and commercial IT operations since they certify that the management of security risks is consistent with the organization’s mission objectives. Additionally, they ensure the risk management framework is smoothly integrated into the organization’s enterprise architecture (NSIT, 2010). Risk Management Framework The following steps identify the six steps encompassed in the RMF and define the approach required......

Words: 1273 - Pages: 6

Security Risk Management Course Paper

...Therefore, a proper understanding of risk management and all that it entails is of the utmost importance for every IT professional, regardless of specialization. The purpose of this paper is to identify what risk management is and give an overview of the three phases or undertakings that make up the risk management process and then conclude with a discussion and explanation of the six-step Risk Management Framework (RMF) developed by the Department of Defense and the National Institute of Standards and Technology (NIST) (National Institute of Standards and Technology, 2010). “Risk management is the process of Identifying risks, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level” (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Thus, risk management is merely the ability of a person or organization to implement due diligence and identify any potential issue and develop policies and security measures to combat these risks. Risk management is comprised of three phases: risk identification, risk assessment, and risk control (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Risk Identification Risk identification is simply the identification and documentation of the assets and the threats to those assets. Risk identification is an iterative process that consists of six steps: the planning and organization of the risk management process, categorize the......

Words: 2778 - Pages: 12

Security and Risk Management

...operations are filled with risk. On a personal level we take risks crossing the road, travelling by train and making investment decisions. From a business perspective, risk is managed at many levels - operational, marketing, legal and financial. Traditionally, much risk inherent in a business operation has been managed through insurance. In reality, we are all aware that risk can no longer be managed on an ad hoc basis, but should be sewn into the fabric of corporate management. In other words, an organization will not be able to make strategic choices to maximise performance without having a clear understanding of the risk it faces. People make risk decisions at all levels in an organization, ranging from individual responsibilities to collective decisions made at Board level. Allowing individuals too much autonomy within an organisation can have disastrous consequences. Consequently, compliance and adherence to regulations is important to all risk management programmes, which in turn have focused organisations on corporate governance as a form of management control. Risk analysis helps put in place checks and procedures that reduce the chance of negative outcomes. In relation to the risk management situation, we can always relate to Nick Leeson's case, who had lost Baring’s Bank $1.3 billion on trading derivatives, destroying Barings and its reputation within a short period of time. Inter-related Crisis and Risk management Crisis and Risk management are two......

Words: 1044 - Pages: 5

Financial Institutions Management a Risk Management Approach 7e

... Financial Institutions Management A Risk Management Approach The McGraw-Hill/Irwin Series in Finance, Insurance and Real Estate Stephen A. Ross Franco Modigliani Professor of Finance and Economics Sloan School of Management Massachusetts Institute of Technology Consulting Editor FINANCIAL MANAGEMENT Adair Excel Applications for Corporate Finance First Edition Block, Hirt, and Danielsen Foundations of Financial Management Fourteenth Edition Brealey, Myers, and Allen Principles of Corporate Finance Tenth Edition Brealey, Myers, and Allen Principles of Corporate Finance, Concise Second Edition Brealey, Myers, and Marcus Fundamentals of Corporate Finance Sixth Edition Brooks FinGame Online 5.0 Bruner Case Studies in Finance: Managing for Corporate Value Creation Sixth Edition Chew The New Corporate Finance: Where Theory Meets Practice Third Edition Cornett, Adair, and Nofsinger Finance: Applications and Theory First Edition DeMello Cases in Finance Second Edition Grinblatt (editor) Stephen A. Ross, Mentor: Influence Through Generations Grinblatt and Titman Financial Markets and Corporate Strategy Second Edition Higgins Analysis for Financial Management Ninth Edition Kellison Theory of Interest Third Edition Kester, Ruback, and Tufano Case Problems in Finance Twelfth Edition Ross, Westerfield, and Jaffe Corporate Finance Ninth Edition Ross, Westerfield, Jaffe, and Jordan Corporate Finance: Core Principles and Applications Third Edition Ross, Westerfield, and Jordan......

Words: 393337 - Pages: 1574

E-Security Review

...E-SECURITY REVIEW 2008 Submission from Microsoft Australia Introduction Microsoft Australia welcomes the opportunity to participate through this Submission in the Whole-of Government Review of E-Security. A periodic review of the E-Security framework, in light of the quickly evolving threat landscape, is both timely and appropriate. Over the last thirty years there have been dramatic advances in information technology - the development of the microprocessor, the rise of the personal computer, the emergence of the Internet - which have revolutionised the way information is created, stored, shared, and used. Today, powerful, affordable and diverse devices, together with expanding broadband networks, create a powerful opportunity for connectivity for individuals and communities. Over the past two decades, rapid advances in software, IT services, and communications have enabled many traditionally separate and disparate infrastructures and business operations to become more connected. Through this connectivity virtually every aspect of society has experienced a transformation. Businesses and governments have been able to manage and streamline their operations. Individuals have been offered ready access to multiple sources of information thereby expanding knowledge and choice. Across every field of endeavour – commercial, social, scientific and philanthropic – the power of information has been increased and the transaction costs of engagement have been lowered. Our broad reliance...

Words: 13936 - Pages: 56

Risk Management

...RISK MANAGEMENT FOR COLLABORATIVE SOFTWARE DEVELOPMENT MOJGAN MOHTASHAMI is a Ph.D. candidate at the School of Management of Rutgers University and a lecturer at New Jersey Institute of Technology (NJIT). She can be reached at mojgan@oak.njit.edu. THOMAS MARLOWE is a professor of mathematics and computer science at Seton Hall University. He received Ph.D.s from Rutgers in 1975 and 1989. VASSILKA KIROVA received a Ph.D. in computer science from NJIT. Her areas of interest include specification and software productivity and quality. She can be reached at kirova@bell-labs.com. FADI P. DEEK is professor and dean of the College of Science and Liberal Arts at NJIT. His research interests include software engineering and learning systems. Mojgan Mohtashami, Thomas Marlowe, Vassilka Kirova, and Fadi P. Deek Collaborative software development involving multiple organizational units, often spanning national, language, and cultural boundaries, raises new challenges and risks that can derail software development projects even when traditional risk factors are being controlled. This article presents a framework that can be used to manage collaborative software development projects, based on an extended set of risk management principles. Three risk factors — trust, culture, and collaborative communication — are discussed in depth. OLLABORATIVE SOFTWARE DEVELOPment (CSD) entails multiple teams, working for multiple organizational units within the same or different companies, and no......

Words: 6555 - Pages: 27

Risk Management

...overview of understand the risk management functions in business, understand how business risk is assessed and managed, understand the effects of business risks and how they can be managed and understand approaches to crisis management and business continuity planning. The aim of this assignment is to raise business risk awareness and develop skills to assess, monitor and control business risks and to develop an appreciation of the implications of business risks I certify that the work submitted for this assignment is my own and research sources are fully acknowledged. Name: Date: Table of content Content | Page | Declaration | 1 | LO1: Understand the risk management function in business | 3 | P1.1 Examine the role of the risk management function in business | 3 | P1.2 Assess the role of business function sin the management of risk | 4 | LO2: Understand how business risk is assessed and managed | 5 | P2.1: Analyse the risk assessment process | 5 | P2.2 Evaluate approaches to managing risk | 7 | P2.3 Examine the risk management process | 8 | LO3: Understand the effects of business risks and how they can be managed | 9 | P3.1 Analyse the main drivers of business risk | 9 | P3.2 Appraise the impact of different types of risk for a business organisation | 10 | P3.3 Assess which business areas are high risk | 11 | P3.4 Analyse risk management strategies | 12 | LO4: Understand approaches to crisis management and business......

Words: 3970 - Pages: 16

Risk Management

...Financial Institutions Center Commercial Bank Risk Management: An Analysis of the Process by Anthony M. Santomero 95-11-B THE WHARTON FINANCIAL INSTITUTIONS CENTER The Wharton Financial Institutions Center provides a multi-disciplinary research approach to the problems and opportunities facing the financial services industry in its search for competitive excellence. The Center's research focuses on the issues related to managing risk at the firm level as well as ways to improve productivity and performance. The Center fosters the development of a community of faculty, visiting scholars and Ph.D. candidates whose research interests complement and support the mission of the Center. The Center works closely with industry executives and practitioners to ensure that its research is informed by the operating realities and competitive demands facing industry participants as they pursue competitive excellence. Copies of the working papers summarized here are available from the Center. If you would like to learn more about the Center or become a member of our research community, please let us know of your interest. Anthony M. Santomero Director The Working Paper Series is made possible by a generous grant from the Alfred P. Sloan Foundation Commercial Bank Risk Management: An Analysis of the Process Anthony M. Santomero Richard K. Mellon Professor of Finance The Wharton School October 8, 1996 I. Introduction The past decade has seen dramatic losses in......

Words: 12869 - Pages: 52

Risk Management in Justice and Security

...Running Head: RISK MANAGEMENT IN JUSTICE AND SECURITY ORGANIZATIONS Risk Management in Justice and Security Organizations Rita A. Davis University of Phoenix CJA/520 Group ID: MSAS0KCAO6 RJ Schafer September 11, 2009 Risk Management in Justice and Security Organizations Introduction Risk management is essential to the security and well being of any organization. Risk management is crucial in guaranteeing that security controls and spending are proportionate with the actual risks to which the organization is exposed. Following a comprehensive and formal risk management approach requires a sound understanding of the principles of risk. Risk goes beyond the questions of efficiency, technique. This paper will discuss the role of risk management in justice and security organizations What is Risk? “Risk is the uncertainty of financial loss, the variations between actual and expected results, or the probability that a loss has occurred, or will occur… three main categories are personal, property, and liability” ( Broder, p. 3). An organization should perform a risk analysis, which is a, “management tool, the standards for which are determined...

Words: 986 - Pages: 4

Risk Management

... EBB20603 RISK MANAGEMENT IN ISLAMIC FINANCIAL INSTITUTIONS DR. FEKRI ALI MOHAMMED SHAWTERI (IF70) REPORT CIMB ISLAMIC BANK BERHAD REPORTED BY: Nur Atteya Amanda binti Amirudin 62289214273 Syamimi Fatihah binti Mohd Sobri 62289214372 Nur Aizat binti Mun 62289214006 Norhafiza binti Alalguring 62289214119 Noor Rahimah binti Abdul Rauf 62289214281 TABLE OF CONTENTS NO | TOPIC | PAGES | 1.0 | Introduction | 3 | 2.0 | Bank Profile | 5 | 3.0 | Financial Analysis | 7 | 4.0 | Credit Risk | 14 | 5.0 | Liquidity Risk | 24 | 6.0 | Operational Risk | 27 | 7.0 | Market Risk | 30 | 8.0 | Shariah Risk | 34 | 9.0 | Capital Requirement | 36 | 10.0 | Conclusion | 39 | 11.0 | References | 39 | 1.0 INTRODUCTION CIMB Islamic was officially launched by Malaysia’s Bank Negara Governor Tan Sri Dato' Dr Zeti Akhtar Aziz in June 2003. Since then, CIMB Islamic has won numerous accolades for its innovative Shariah-compliant solutions. It providing the consumer market with an Islamic alternative for deposit accounts and financing. CIMB Islamic offers a range of deposit and investment products to help manage business cash flow and cash reserves more effectively such as Wadiah Current Account-I, Fixed Return Income Account-I, and Special Investment Account-I. The money will only be invested in Shariah-Compliant activities. In the context risk, risk refers to the probability of loss. Risk actually elucidates the probability that an actual return on an investment will be......

Words: 7514 - Pages: 31

Security Risk Management Plan

...SECURITY RISK MANAGEMENT PLAN Prepared by Jeremy Davis Version control Project title | Security Risk Management Plan Draft | Author | Jeremy Davis | VC | 1.0 | Date | 25/10/10 | Contents Executive summary 4 Project purpose 5 Scope of Risk management 5 Context and background 5 Assumptions 5 Constraints 5 Legislation/Standards/Policies 6 Risk management 6 Identification of risk 7 Analysis of risk 8 Risk Category 9 Review of Matrix 9 Action plan 9 Testing Procedures 11 Maintenance 11 Scheduling 11 Implementation 12 Training 12 Milestones 12 Monitoring and review 13 Definition 13 Authorisation 14 Reference 15 Executive summary A Security Risk Management Plan (SRMP) helps CBS by providing specific guidelines and rules to ensure risk management is considered and included. It provides guidelines for its implementation that can minimise the threats by planning, policies, processes and procedures that can help your business get everything back to normal as soon as possible. This SRMP was designed for the guidelines for its implementation of risk management in CBS and in its operations in order to ensure its security and safety of its staff and assets. Throughout this SRMP it identifies threats, procedures, policies, responsible person and etc which will provide you and your staff information to prepare you with the worst disaster event. Every business these days has a SRMP in case of any events which may occur,...

Words: 2028 - Pages: 9

Security Risk Management

...Security Risk Management Plan Sydney Head Office 175 Sydney Rd Sydney NSW 2000 DOCUMENT VERSION CONTROL Document Name: | Amalgamation of GSC | Version Number: | 0.1 | Date: | 18 July 2016 | Reviewed By: | | Authorised By: | | CHANGE HISTORY Version | Issue Date | Author | Reason for Change | 0.1 | 20.05 | ABCELLO | Original Document | | | | | | | | | | | | | | | | | | | | | | | | | DISTRIBUTION LIST Copy No | Name | Location | 1. | Master | Project Office | 2. | <Project Manager> | | 3. | <Project Sponsor> | | 4. | <Executive Sponsor> | | 5. | | | | | | | | | | | | | | | CONTENTS INTRODUCTION | 4 | | | SCOPE OF WORKS | 4 | DISCLAIMER AND LIMITATIONS | 4 | | | METHODOLOGY | 4 | | | STRATEGIC CONTENT | 4 | STAKEHOLDER LIST | 5 | RISK MANAGEMENT CONTEXT | 5 | THE RISK MANAGEMENT PROCESS | 6 | | | ANALYSIS OF SECURITY RISK | 7 | TREATMENT OPTIONS | 7 | | | SOURCES OF EVENT RISK | 8 | | | RISK IMPLEMENTATION/RISK IDENTIFICATION | 9 | | | RISK ASSESSMENT SUMMARY | 9 | RISK 1 - Operational | 10 | RISK 2 - Strategic | 10 | RISK 3 - Human / Animal Resources | 11 | RISK 4 - Systems | 11 | RISK 5 - Financial | 12 | RISK 6 - Legal | 12 | | | RISK ASSESSMENT TABLES & CONSEQUENCE | 13 -18 | STAKEHOLDERS SIGN OFF | 19 | BIBLIOGRAPHY | 20 | |......

Words: 3116 - Pages: 13

Banking Management - Draw an Approach for E-Banking Deployment for Retail Customers and Explain

...Need Answer Sheet of this Question paper, contact aravind.banakar@gmail.com www.mbacasestudyanswers.com ARAVIND – 09901366442 – 09902787224 Banking Management CASE-01: BANKING ON RELATIONSHIP The birth of ABC Bank took place after the RBI issued guidelines for the entry of new private sector banks in January 1993. Subsequently, the promoter of ABC Bank sought permission to establish a commercial bank and retained KPMG, a management consultant of international repute, to prepare the groundwork for establishing a commercial bank. The Reserve Bank of India conveyed its approval in principle to establish ABC Bank on February 11, 1994. Thereafter, the Bank was incorporated under The Companies Act in September 1994. The bank started its operations in November 1995. The ABC Bank was promoted by the tenth largest development bank in the world, which had a magnificent record of promoting world-class institutions in India. The promoter was a strategic investor in a plethora of institutions, which had revolutionized the Indian financial markets. QUESTIONS FOR DISCUSSION 1. Analyze the case, using SWOT. 2. Comment on the strategies used by the bank for penetrating the Nagpur market. 3. Suggest strategies for sustenance and growth of the bank in view of the changing scenario of the Nagpur region. Section II Answer Any Six: 1. Explain buyers credit and suppliers credit by giving examples of each type of credit. Also explain with a......

Words: 778 - Pages: 4