There is a range of important ecommerce security concerns and the steps that can be implemented to address them. Some of the measures that can increase security for both the vendor and the customer are: Encryption, Digital Signatures, Digital Certificates, Passwords, Virus Protection and Firewalls.

A limited number of models dedicated to the understanding of threats to e-commerce (automated) information systems are currently available. The Expanded McCumber Model (also known as the "Information Assurance Model"), a revision of the original model created by John McCumber in 1998, is used to appropriately organize the 18 baseline categories for analysis and to address the possible threats to e-commerce (automated) systems.

Information Assurance Model Maconachy et al (2001)

Why is this important?

The three dimensions focus on information states, critical information characteristics, and security countermeasures. We live in an information intensive environment, and information is power. This model broadens the scope and the overall understanding of information and systems protection.

1) Information States At any moment, information is found in any of three states: is either being stored, is being processed or transmitted.

2) Security Services Information has to always be Available to authorized persons. Integrity means that data has to be complete and unchanged. Authentication establishes the validity of the information, whether is a message, the identity of a person, or the transmission. Confidentiality assures that the information is not disclosed to unauthorized users. Non-repudiation provides proof of the identity of a sender of a message as well as proof of delivery, where neither can be denied at a later time.

3) Security Countermeasures Is a proactive approach to account for people (Training and Education), software and hardware (Technology), and operations (Policy and Practice).

BACK - NEXT