This chapter provides an overview of digital business security. It is informed by a contemporary analysis of perceived threats through the eyes of information technology managers both from a representative public institution (a University) and from a private company (a retail sales company). A brief overview of malicious software leads into more general consideration of the risks and threats of security breaches, which are analysed from both a company and a customer perspective. Common to both sectors is the requirement to secure corporate records and other digital information and management and policy guidance is provided here. Cybercrime remains rife, but is both under-reported and under-prosecuted. As managers may become involved in legal issues associated with information technology security breaches, this chapter also overviews the special nature of digital evidence.
TopIntroduction
For the majority of consumers, the Internet holds the promise of an environment that provides access to people and businesses on a global scale. For a few however, the Internet provides an easy means of concealing illegal and malicious activities. Gold (2008) and BERR (2008) suggest this trend is increasing, as hacking and the development of botnets1 becomes more of an organized crime than an amateur hobby2. The security of digital business is therefore under constant threat, for public and private sector alike.
Digital business security is a very broad topic and a complete overview of the issues would be impossible in one chapter3; however, we will attempt to cover the areas perceived to be of most concern, according to interviews4 conducted with Information Technology (IT) managers from government and non-government sources. These contemporary interviews are reported in this chapter to illustrate the points at issue. While we acknowledge our sample is small, the managers selected were purposively chosen to represent real decision makers concerned with these issues and who may be therefore expected to have concerns similar to many other practicing managers responsible for IT security.
The whole issue of digital business security involves an understanding of the need to account for the use of data both internally, as well as externally. External threats relate to internet security, which can be defined as the protection of the internet account and files from both internal and external threats. At the basic level, this involves passwords, files backups, and setting up file access permissions. In fact, the respondents in the interviews, reported later in this chapter, consider the internal threats, such as the indiscriminate use of USB flash drives, as more of a threat than external factors.
The risks involved in conducting business on the Internet are different from those associated with the traditional face-to-face commerce environment. This chapter will provide an overview of the digital business environment and outline the specific business concerns associated with security for Internet enabled, ecommerce applications, and catering for the demands and rights of existing staff in the internal environment.
Digital security management covers many aspects and these are discussed throughout this chapter. Specific areas of interest include the following:
- •
Analysis of the risks and threats
- •
Development of security policies
- •
Management of the risks and threats
- •
Planning for possible contingencies
- •
Business continuity planning in case of a disaster
- •
monitoring the effectiveness of existing security measures
- •
Collecting evidence to bring to justice those responsible for the misuse or misappropriation of an organization’s information resources.
Before looking in more detail at these aspects we begin by briefly reviewing some typical classes of risks and threats, and associated trends.