There is a range of important ecommerce security concerns and the
steps that can be implemented to address them. Some of the measures
that can increase security for both the vendor and the customer
are: Encryption, Digital Signatures, Digital Certificates, Passwords,
Virus Protection and Firewalls.
A limited number of models dedicated to the understanding of threats
to e-commerce (automated) information systems are currently available.
The Expanded McCumber Model (also known as the "Information
Assurance Model"), a revision of the original model created
by John McCumber in 1998, is used to appropriately organize the
18 baseline categories for analysis and to address the possible
threats to e-commerce (automated) systems.
Information Assurance Model Maconachy
et al (2001)
Why is this important?
The three dimensions focus on information states,
critical information characteristics, and security countermeasures.
We live in an information intensive environment, and information
is power. This model broadens the scope and the overall understanding
of information and systems protection.
1) Information States At any moment, information
is found in any of three states: is either being stored,
is being processed or transmitted.
2) Security Services Information has to always
be Available to authorized persons. Integrity
means that data has to be complete and unchanged. Authentication
establishes the validity of the information, whether is a message,
the identity of a person, or the transmission. Confidentiality
assures that the information is not disclosed to unauthorized users.
Non-repudiation provides proof of the identity of a sender
of a message as well as proof of delivery, where neither can be
denied at a later time.
3) Security Countermeasures Is a proactive
approach to account for people (Training and Education),
software and hardware (Technology), and operations (Policy
BACK - NEXT