Divide yourselves into groups of 3-4 to discuss company e-commerce security plans from a management perspective.You should try to answer the following questions:
1. How important is a corporate security policy? Why?
Technology on its own is not enough, the business requires staff policies to impliment security prosedures eg lock work stations when not present, limit access to server rooms and enable logs of phisical access to servers. ensure that data is limited to need to know bases and acess to these files reflect this
2. Can technology be the only answer in managing the risks of e-commerce?
- Policies & procedures
- Legal framework / Enforcement (eg. etransactions)
3. Identify the challenges encountered in setting up a corporate security policy.
- Prioritise info risks
- Carry out risk assessment
- Set goal / targets to achieve
- Personnel responsible for
4. What are the main issues an e-commerce security plan should address?
- eTransactions (online payment systems)
- Customer Databases
- Confidential company documents and accounts
5. Based on the above, what are the steps a company should take in order to develop an e-commerce security plan?
- Design and Development Policies
- Impliment Security Policies
- Create a security organization (education and training of users,Keep up-to-date with new risks & Technolgies, Administer access controls)
- Security Audit