Digital Business Security Development: Management Technologies

Digital Business Security Development: Management Technologies

Don Kerr (University of the Sunshine Coast, Australia), John G. Gammack (Griffith University, Australia) and Kay Bryant (Griffith University, Australia)
Indexed In: SCOPUS View 1 More Indices
Release Date: July, 2010|Copyright: © 2011 |Pages: 240
ISBN13: 9781605668062|ISBN10: 1605668060|EISBN13: 9781605668079|DOI: 10.4018/978-1-60566-806-2

Description

Security is an increasingly important area of study for businesses as failure to address company protection can have severe ramifications for the long-term viability of any e-commerce enterprise.

Digital Business Security Development: Management Technologies provides comprehensive coverage of issues associated with maintaining business protection in digital environments. Containing state-of-the-art research relevant to informing business practice, this Premier Reference Source provides base level knowledge for managers who are not specialists in the field as well as advanced undergraduate and postgraduate students undertaking research and further study.

Topics Covered

The many academic areas covered in this publication include, but are not limited to:

  • Authentication
  • Business continuity planning
  • Data Security
  • Digital Evidence
  • Fraud and identity theft
  • Password-based systems
  • Privacy policy statements
  • Uncertainty in complex and dynamic environments
  • Web 2.0 Technologies
  • Wireless devices and security issues

Reviews and Testimonials

This book contains state of the art research relevant to informing business practice. It provides base level knowledge for business managers who are not specialists in the field; however, the main audience will be advanced undergraduate and postgraduate students undertaking research and further study in the field, or looking towards a specialised career in this area. By providing an overview of the issues, coupled with in-depth chapters on specific key topics, both breadth and depth are addressed for these readerships.

– Don Kerr, University of the Sunshine Coast, Australia; and John Gammack, Griffith University, Australia

Table of Contents and List of Contributors

Search this Book:
Reset

Preface

INTRODUCTION

There is a widespread perception that conducting business on the Internet has a higher risk than in the traditional face-to-face environment. This is due, in part, to security concerns and to the need for an extra level of trust incurred when paying for goods or services before receiving them. For the majority of consumers, the benefits of immediate access and search capabilities, as well as 24-hour access to businesses on a global scale, outweigh many of these security and trust concerns.  Nonetheless, a healthy skepticism of some Web sites, and to deals offered, is essential because for a few people the Internet provides an easy means of concealing illegal and malicious activities. 

While there is a common perception that the security of Internet-based transactions is weak, the reality is otherwise.  Current security techniques are much stronger than techniques used when conducting transactions via fax or over the telephone.  Nonetheless, although the perception of vulnerability is stronger than the reality, digital threats do need to be taken seriously.  If an Internet organization is to survive and prosper, it must be fully aware of the threats and attacks (both internal and external) that can be used against it.  Both businesses and government agencies operating electronically need to be vigilant against information theft, espionage and liability.  They need to establish as many deterrents, defenses, and security measures as necessary, to protect their systems and data, and to understand the principles behind these to counter new threats.  Further, the digital business needs to establish an ongoing maintenance program, and good administrative practices, to ensure security measures are kept up to date.

THE OVERALL OBJECTIVES OF THE BOOK

The overriding aim of this collection is to provide managers with an awareness of a range of issues associated with managing and securing the digital business.  The specific objectives of the book are to:
•    Provide knowledge on the extent of the security threat for Internet organizations
•    Build knowledge about the types of threats facing businesses operating in a digital environment and the solutions that will minimize or eliminate those threats
•    Identify common mistakes that businesses make in implementing and managing security
•    Develop an appreciation of the importance of management strategies and legislation covering security issues in the digital environment.

THE TARGET AUDIENCE

This book contains state of the art research relevant to informing business practice.  It provides base level knowledge for business managers who are not specialists in the field; however, the main audience will be advanced undergraduate and postgraduate students undertaking research and further study in the field, or looking towards a specialised career in this area. By providing an overview of the issues, coupled with in-depth chapters on specific key topics, both breadth and depth are addressed for these readerships. We adopt a managerial, rather than a technical focus, since security principles are more enduring than specific technologies.

BOOK CONTENT

The book emphasizes managerial aspects of security and includes the following chapters:

Chapter 1 is an overview of the digital landscape and specifically looks at digital business security issues.  It attempts to cover the areas of most concern, according to contemporary interviews conducted with Information Technology (IT) managers from both government and non-government sources.  The issues extracted from these interviews are used to illustrate the major points of concern and the interviewees were chosen to represent real decision makers around security issues.

Chapter 2 considers evidence in forensic investigations. This is an important area because, increasingly, managers are being called on to undertake some form of investigative work due to legal disputes, and breaches of personnel regulations or criminal activity. The chapter presents a review of digital evidence to help business managers gain a practical understanding of digital evidence, and to help them to manage this aspect.

Chapter 3 looks at developments in simplified sign-on authentication.  Authentication is the process of determining whether a user is whom they claim to be. This is generally done via a login system, consisting of a user ID and password.  As users today have a need for multiple sign-on, this chapter discusses the problem of managing usernames and passwords to reduce the need for using insecure practices, such as writing passwords down, storing them electronically, or reusing the same login data on multiple websites repeatedly.  These insecure practices can increase the probability of online crime, such as fraud and identity theft and, furthermore, can compromise the privacy of the individual.  This chapter discusses a common network identity-verification method, called simplified sign-on, which allows users to roam between sites without having repeatedly to enter identifying information.

Chapter 4 looks at the effectiveness of Privacy Policy Statements (PPS).  A PPS is a public notice of privacy and security practices in relation to the personal data held by companies.  It is an important element in consumer trust, and in a consumer's decision to make purchases using Internet commerce services.  PPS could, therefore, be expected to play an important role in overcoming the impediments to consumer purchases online. This chapter adds to the growing research literature on PPS by describing research involving comparison of an organization’s PPS against a normative template developed based on professional practice and laws, policies, practices, and public expectations around the world. 

Chapter 5 evaluates user password practice and determines that password-based systems are often compromised by poor user security practices. This chapter presents the results of a survey of 884 computer users that examines user practice in creating and reusing password keys, and reports the findings on user password composition and security practices for email accounts. Despite a greater awareness of security issues, the results show that many users still select and reuse weak passwords keys that are based on dictionary words and other meaningful information.

Chapter 6 looks at a case study of Wireless handheld device and LAN security issues in a healthcare setting. This chapter divides the ICT communications into wired and wireless technologies. The chapter concentrates on wireless technology and provides information on user acceptance of the technology in the healthcare industry.  The major barrier to the uptake of wireless technology appears to be user concerns over various security issues including physical, logical, and data security. 

Chapter 7 looks at Web 2.0 technologies for business solutions from a security perspective.  This chapter discusses the business application of Web 2.0 and the security problems that can occur. Web 2.0 applications are the target for attacks from both external and internal agents and this chapter describes the background, applications, and security concerns of the Web 2.0 technologies used for digital businesses.

Chapter 8 looks at business continuity planning and explores the implications of the expectation that ICT systems need to be available 24/7 to internal and external users, regardless of the circumstances.  This chapter discusses the nature of uncertainty in complex and dynamic environments and shows how this makes business continuity planning essential.  The chapter argues that approaches such as virtualization can provide cost advantages to organizations by ensuring availability and resilience through flexible systems.

Chapter 9 looks at future trends in digital security. Technological predictions are notoriously uncertain but it is important to look forward and to outline some emerging directions.  While it is too early to be definitive about specific technologies still developing, some current areas, such as wireless technology security, along with security policies and technologies around removable media, mobile phones and social networks, are covered briefly, and the applicable management principles are covered more generally within the book. 

While this book offers valuable insights into the technologies that can help reduce the incidence of security breaches, in reality, the most important aspect of effective security is the human factor and employees doing the right thing with respect to the use of USB keys, accessing appropriate websites, and being vigilant about email attachments. This is the central message of this collection.

Author(s)/Editor(s) Biography

Don Kerr, PhD, is an Associate Professor of Information Systems at the University of the Sunshine Coast. His research interests include assessing and monitoring the level of online fraud amongst senior citizens, the development and evaluation of decision support systems and the evaluation of the implementation of enterprise resource planning systems with particular emphasis on training and security. He has published 76 peer reviewed papers in both agricultural and management journals and conferences over the past 20 years.
John Gammack (PhD Cambridge, 1988) is an adjunct Professor at Murdoch University in Perth, and also at Griffith University in Queensland, Australia. He has around 200 internationally recognised publications mostly concerning informatics, and was lead author of the first popular textbook in this general field. Professor Gammack is a former head of both IT and management schools, and was research director for cross-university interdisciplinary groups specialising in Internet studies and in user and societal (IT) needs. Currently John spends time at various Chinese institutions as a visiting faculty member, and continues his research in informatics and digital life.
Kay Bryant is an independent contractor with experience in information systems. She has extensive academic experience in teaching information systems. Her research covers information systems and data security and includes publications in the Australasian Journal of Information Systems and Expert Systems with Applications.

Indices

Editorial Board

  • John Gammack, Griffith University, Australia
  • John Campbell, University of Canberra, Australia
  • Kay Bryant, University of Canberra, Australia
  • Raj Gururajan, University of Southern Queensland, Australia