oa South African Journal of Information Management - Hacker risk in e-commerce systems with specific reference to the disclosure of confidential information
Many businesses have started engaging in electronic transactions in a Web-centric environment. This includes various parties, such as the e-commerce company, its client and a bank. Confidentiality and security are two of the essential building blocks in merging the business processes of this extended enterprise with the supporting technological processes, which further adds to the complexity of the Web-centric environment. Despite having security policies and procedures in place to control access to database information, unauthorized intrusion still occurs. The objective of this study was to identify the main hacker risks and to address them by identifying the components of control that should be in place to prevent such risks. Microsoft's SQL Server was chosen as an example of a database system that is used to manage confidential information. It is suggested that the best way to reduce hacker intrusion risks to an acceptable level is to implement a three-level control system. This system should firstly include a control framework with control objectives to manage systems, business risks and internal controls, secondly a control model for the design, implementation and maintenance of the risk management system and thirdly appropriate preventative, detective and remedial control techniques to address the stated business and control objectives.
Article metrics loading...