Site Security Planning
.gif "Next Topic")
Threats over the Internet
Businesses gain a competitive advantage both by using the Internet to share information and resources with key partners, and by transacting business with customers. However, with that advantage comes a security challenge: to protect enterprise data and private customer information as they are communicated over the Internet.
In the Internet business environment, information assets take on new forms and appear in unaccustomed places. You will need to account for such changes in form and placement as you build your inventory of assets. For example, if you plan to offer online purchasing to customers, your company will transmit and receive credit card numbers and other private information across the Internet. Formerly confined to file cabinets and an internal network, this informationnow transmitted in data packets on public networksis an old asset that will be transmitted in a new environment. You will need to account for this development in your inventory of all assets that must be secured.
Opening the corporate network to communication from users outside the firewall presents opportunities for amateur programmers to exploit your organization through:
Software bugs that compromise security, leaving your site vulnerable if the bugs are not fixed.
Inadequately secured data that is routed over the Internet, leaving your data exposed to interception and illegitimate use.
Unsecured executable Web application code with system access, leaving your back-end data exposed to access from unauthorized users.
Identify any threats to your assets. Include potential perpetrators, the ways in which they operate, and the targets your organizational environment presents to them. Evaluate the severity of the threats, and the degree of harm that successful attacks could cause.
See the following: