80%(5)4 out of 5 people found this document helpful
This preview shows page 17 - 18 out of 18 pages.
This memorandum will first deal with available security measures to protect the computer network that Wordsong would like to establish. Control objectives and associated techniques specific to e-commerce are described in the second part of the memorandum, which ends with a summary overview of threats from computer hackers and measures available to guard against them. Security Measures/Network Controls Firewalls create a sense of security for a network and protect it from intrusions by unauthorized individuals. Another security measure would be to create an Intranet, which is nothing more than a private network based on Internet technology. Users external to the business would not have access to such a network; Wordsong would need to buy and install another server dedicated to e-commerce if the business were to use the Intranet. A wide variety of logical controls can be established to protect the network that the business wants to establish. Using sign-on procedures and providing employees with passwords is an essential basic measure to control access to the network. Along those lines, it would be a good idea to implement access control software that requires periodic password changes in order to limit network and data access to authorized individuals. Data encryption to protect confidential data and back-up copies of files to protect against data loss are other examples of available measures to protect networks against different types of risks. Logs should be maintained to ensure that employees access Internet sites strictly for business purpose. Moreover, if Wordsong decides to venture into e-commerce, logs of all successful and unsuccessful accesses to the network should be kept. These logs would help identify external breaches of security. Control Objectives User authentication, protection of confidential information, and access and non-repudiation controls are four examples of control objectives used for e-commerce. Authentication ensures that the sender and recipient of a message are legitimate users. Encryption protects confidential data by rendering data meaningless to those who do not possess the decryption key. Access controls limit and control access and protect systems from unauthorized access, while non-repudiation controls provide evidence that a transaction has taken place and identify the source. Hacker Intrusions Hacking attacks come in many forms. Alteration of Web pages, infection of systems, and theft of credit card numbers are among the best known. Installing firewalls and using software that detects attempted intrusions are two prevention techniques to guard against illegal intrusions, but these security measures must also be tested regularly to ensure their effectiveness.