Best practices for e-commerce self-defense.Attacks on e-commerce Web sites have online merchants in a cold sweat cold sweat n. A reaction to nervousness, fear, pain, or shock, characterized by simultaneous perspiration and chill and cold moist skin. over downtime-induced revenue losses. But Web-savvy CPAs can help clients by offering these e-sabotage prevention tips. [] Conduct a risk assessment of the enterprise. If possible, do it before implementing technical controls so that weaknesses can be eliminated before costly adjustments are needed. [] Develop security standards. Communicate security policy to employees so they understand their responsibilities, the penalties for violations and what to do if they suspect online security has been breached. [] Test defenses. Conduct a full systems audit, testing security--especially firewalls--to identify potential weak points, including remote access to systems by e-mail, the Internet and telephone. [] Get an independent opinion on security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security . Have an objective outsider evaluate overall online security, including firewalls, antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. and risk analysis tools. [] Limit access to e-commerce controls. Give access to the fewest people and the fewest systems possible for the minimum time it takes to perform essential functions. Use authentication tools, such as passwords, smart cards Example of widely used contactless smart cards are Hong Kong's Octopus card, Paris' Calypso/Navigo card and Lisbon' LisboaViva card, which predate the ISO/IEC 14443 standard. The following tables list smart cards used for public transportation and other electronic purse applications. and digital certificates to verify identities online. [] Use firewalls to block intrusions. Pass transmissions through a control point where they can be checked for compliance with security provisions. [] Monitor employees' online activity. Use systems management tools to enforce security policies consistently across multiple online environments and to automate user access. Use e-mail analysis tools to intercept and scan e-mail for possible security violations. [] Monitor networks for unusual activity. Determine whether installing additional security measures or systems resources, such as RAM, would reduce the impact of a hacker attack. Also, use intruder detection In information security, intruder detection is the art of detecting intruders behind attacks as unique persons. This techniques try to identify the person analyzing their computational behaviour. software to maintain overall awareness of possible threats to systems--for example, surreptitious SURREPTITIOUS. That which is done in a fraudulent stealthy manner. large-scale incursions during diversionary attacks. [] Consult the Internet service provider Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. . Determine whether it can block attacks before they reach company systems. [] Inform the proper authorities when systems are violated. Stress the importance of preserving system activity logs, which may help identify intruders. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion