Site Security Planning

Assessing Threats to Security

This section provides a framework for assessing threats to the security of a Web site and its assets. A Web site is considered to include one or more server platforms and associated Web services under unified administrative control.

To effectively plan the security of your Web site you must:

• Keep pace with changes in business that might require new security measures. For example, e-commerce will require encryption of private information sent over the Internet.

• Identify and assess threats to the security of online assets. For example, if you open your corporate intranet to access by employees from home, their user IDs and passwords are assets that will be made vulnerable to the threat of exposure on the Internet.

• Prioritize threats according to potential exposure and recovery costs. For example, if you allow customers to purchase services from your Web site, determine what assets would be exposed and what the cost would be to secure them.

In the emerging online business environment, accurate threat assessment is vital to achieving cost-effective security for assets shared over the Web within your organization, as well as among your business partners and customers.

See the following:

• Threat Identification

• Threats on Intranet

• Threats over the Internet