Managing Security Vulnerabilities in a Business-to-Business Electronic Commerce Organization

Abstract

GlobalUBid.com is a B2B (business-to-business) e-commerce company offering excess and obsolete inventory to online customers. GlobalUBid is rapidly expanding into the global online marketplace, but recently, its Web site crashed due to a denial-of-service (DOS) attack. A lack of security awareness at an organizational level has left GlobalUBid’s online system vulnerable to internal and external attacks. Though informal security policies are in place, many employees are not aware of them and they are not enforced on a regular basis. Unsecured aspects of the physicalworkplace make the organization vulnerable to disgruntled employees, hackers, and unscrupulous competition. GlobalUBid has hired URSecure consultants to conduct a security assessment in uncovering internal and external vulnerabilities. URSecure has made recommendations for improved security, though the organization must develop most of the implementation details. GlobalUBid management recognizes the need for improved security, though there is a concern about the financial implications of implementing a security plan.