Strategic Importance of Security Standards

Strategic Importance of Security Standards

Alan D. Smith (Robert Morris University, USA)
DOI: 10.4018/978-1-59904-937-3.ch252
OnDemand PDF Download:


Even before September 11, 2001, security and privacy was a concern to nearly 80% of the current and potential Internet users around the globe, according to survey released by the Information Technology Association of America (ITAA) (Poulsen, 2000). The survey, commissioned by the American Express Company, randomly polled 11,410 people in 10 countries, and found that nearly half of the respondents enjoyed some form of Internet access. As might be expected, most of the world’s Internet users utilize Internet for e-mail, browsing, and entertainment. However, fewer than 28% do some shopping online, and 24% use the Internet for banking and financial transactions. But when Internet users and non-users of many countries were asked if they agree with the statement, “I am or would be concerned about security and privacy issues when purchasing or making financial transactions online,” 79% agreed. Prior to the tragedy of September 11, 2001, U.S. citizens also expressed legitimate concerns toward the issues of privacy and security, with an 85% showing. The poll released by the Information Technology Association of America also illustrated that approximately 80% have doubts about the U.S. government’s ability to maintain computer security and privacy. Hence, protecting operating systems is a major strategic concern if the success of e-government as a whole is to reach its potential. Although most of these issues are typically not discussed in relationship with e-government, the need for trusted computing systems within e-business and computing systems can be made as an effective argument that all these issues affect e-government systems as well. Secure computing systems issues in terms of e-government are just as important.  The scope of this article is to present a description of one the most generally known security certifications; namely, the trusted computer system evaluation (TCSEC) and its commercial implementation procedure in the commercial product evaluation process and discuss the influence of this evaluation/certification on the incidence of hacker attacks on e-business. As evident by the abundance of marketing literature of different operating systems for e-business that frequently refers to its security strength ranked against popular security certifications, it is very common to rank commercially available operating systems against TCSEC evaluation and/or certification criteria. This article will also explore where the many operating systems stands on this particular evaluation. In essence, given the vulnerabilities exposed after September 11, 2001, strategic security managers should be deeply concerned that the e-business platform they are responsible for contains the highest security standards to prevent any type of potentially harmful hacker attacks. Managers need to have a working knowledge of TCSEC security evaluation/certifications to become better informed when choosing the e-security platform for e-government/e-business. Essentially, the selection of a particular operating system for e-government/e-business have as much to do with factors ranging from existing skills, existing infrastructure, and economic reasons all the way up to political and strategic reasons. In dealing strategically with modern e-business environments, one of the most important factors that management must consider when choosing an operating system for their e-business platform is the security strength to resist computer hacker attacks on the operating system. If, for example, during different hacker attacks, one of the major aspects of these attacks is a certain operating system, as opposed to other systems, then this is a clear message to management to build in proper safeguards in the proposed operating system (Smith & Rupp, 2002a, 2002b). Certainly some of the reasons for frequent hacker attacks may probabilistic in terms and not random events, since Linux and Windows operating systems are more frequently used for e-commerce than other systems. So, it is not surprising that there are practically few reports of successful hacker attacks against operating systems that run e-business platforms (Smith, 2005; Smith & Lias, 2005; Smith & Offodile, 2002). 

Complete Chapter List

Search this Book: