ebusiness at eBusinessProgrammers.com ::   Putting 'e' in your Business.
eBusiness ConsultantseBusiness consultants
Privacy for eBusiness
ECommerce Vs
EBusiness Security
Case Study
Case Study
Contact Us
About Us
Partner With Us

GoECart Ecommerce Solution

Within five years of time, all companies will be Internet Companies or they wont be any Companies at all.

~ (Groove 1999)
Privacy for eBusiness

The whole issue of security in an ebusiness environment has evolved to encompass issues of privacy and trust. Security does not always entail privacy, but privacy requires security. Keeping information confidential requires much more than a technology solution. It is about business policy and the processes they support. Data privacy is about choice: the freedom of individuals to choose how they wish to be treated by organizations that control data that describes them. Data privacy has emerged as a major societal issue as individuals have begun to question the levels of technological intrusiveness they will tolerate. Privacy includes several aspects. First and foremost, privacy enables companies to protect personal and organizational assets, such as information about customers and partners; these. good guys. must be let in to access and modify this data, without unauthorized users being able to see it.
Infrastructure and Policy

Privacy must be built directly into the security infrastructure. Privacy is a matter of policy: determining who can see what within the corporate IT environment. But any privacy policy is only as good as the security infrastructure that backs it up. The security infrastructure is vital to the ongoing relationship with partners and customers. The combination of security infrastructure and a sound privacy policy creates an environment of trust among partners and other users. This protects not only users but also the enterprises that hold that data. and which could be held liable for its loss.

Businesses can harness their customers. Desire for privacy controls into a strategic competitive advantage. On the other hand, a company needs to be aware of the impact of losing control of customer information.
Implementation of eBusiness Security
Installing an ebusiness security solution includes creating a blueprint of security needs, selecting skills and resources, and implementation. Enterprises should recognize the need to implement security and privacy solutions that can span the end-to-end ebusiness environment. These systems must provide a range of security controls, including intrusion detection, authentication and authorization tools, vulnerability scanning, incident management, and firewall administration. The system must take into account data control processes for sensitive information. This infrastructure must support a comprehensive common security and privacy model that can expand to new applications and resources. This enables companies to lower their total cost of ownership (TCO), focus on their core competencies, and rest assured their networks are maintained with the latest technologies applicable to their particular needs and vertical industry.
Planning: The Blueprint
The first step in the process is creating a blueprint by assessing security needs and determining how to address them. By definition, these needs should align with the company’s business objectives. There are several stages in creating this blueprint. The assessment stage establishes a baseline or initial diagnosis of the overall security posture. Within the assessment stage are two main pillars: the technical and the business components. Technical assessments generally involve two main aspects: a vulnerability assessment to determine system weaknesses and a threat assessment to determine likely threats. The business assessment can contain the following aspects:
  • Physical environment assessment covers the actual office and hardware.
  • Incident response assessment reviews the processes necessary to restore functionality in the event of attack or other incident.
  • Information protection assessment examines all policies, procedures, and controls with respect to information access and retention.
  • A privacy health check will evaluate all of the current processes and procedures, as well as levels of adherence. This check will also evaluate risk of disclosure of confidential data.
  • Security awareness assessment of employees. The next step in the blueprint process is an architectural analysis, which is designed to look at the security solutions already in place and determine what aspects must change. Then the company must create a security strategy plan to implement these changes.
Selection Process for Skills and Resources
Once the security and privacy needs have been outlined, a company needs to determine if it has the necessary skills in-house to implement the blueprint. Some companies will have all the necessary skills in-house, while others must outsource some or all of the implementation. When looking at possible vendors, which come from many backgrounds, companies must ask and receive answers to the following types of questions:
  • Does the service provider have the necessary experience (backed by customer examples and reference accounts) to overcome the security challenges associated with a particular vertical industry or individual business?
  • Have the necessary capital investments been made in tools, staffing, global infrastructure, and support?
  • Does the service provider have alliances with other key industry players to deliver an integrated security service, or is it operating in a vacuum? Are these just paper alliances, or are they well coordinated and market tested? If outsourcing with multiple vendors, which vendor would act as the prime, and would one have contact with the other solutions vendors?
  • Is the provider able to not only implement security solutions but also manage them on an ongoing basis if needed?
  • Does the provider take into account privacy issues for empowering customers to control their own information? Examples of privacy issues include opt-in or opt-out controls for information gathering, data handling procedures, and data retention standards.
Once these questions have been answered, the enterprise enters the implementation stage. On the technical side, a combination of the assessment, architecture analysis, and strategy and planning stages will determine whether the hardware and software requirements are fulfilled. The company must also decide whether to use a phase-over or cut-over strategy for moving to the new security solution. Consequently, integration best practices involve the creation of a pilot implementation, which can be performance-tested and debugged before migration to the new solution. This practice is designed to limit downtime, complications, or disruption in business service. Testing and debug services will also continue to play a key role in the implementation of information security engagements because the testing data from such services is used to calculate network device management thresholds and performance baselines. Several human factors should also be considered, such as training, staffing, and processes. A perfectly executed integration of the security system is rendered helpless if the IT staff has no idea how to operate, manage, and maintain the network. Precisely documented policies, procedures, and specifications, in addition to education and training of IT personnel, are critical success factors.
As security and privacy threats grow in both scope and sophistication, forward-thinking organizations of all shapes and sizes will continue to strengthen their defenses against these threats. Some organizations will continue to rely on internal systems and resources to manage the cyber risks associated with operating in the new economy. Others, however, may lack the training, skills, resources, or interest needed to operate there IT infrastructure securely and will subsequently turn to outside experts for help. Whether a company looks outside or in-house to implement a new security infrastructure, it must take a series of specific steps. Without following this blueprint, a company cannot hope to create a system that is both secure and up to date, encompassing the divergent needs of greater information sharing and greater privacy.
Signup for Newsletter
E-Business White Papers

©2007 www.eBusinessProgrammers.com. All rights reserved.
Ecommerce Solution and Offshore Software Development Powered by MachroTech, a leading ECommerce Software Company
legal privacy
Your information highway http://www.eCommerceProgram.com  
Your premiere destination for Offshore IT Development http://www.OffshoreITOutsourcing.com