Importance of Information Security in E-Commerce - Essay Example

? E-commerce Table of Contents Introduction 3 Security in E-commerce- Overview 4 The impact of Security on E-Commerce on the management of organizations 4 The impact of Security on E-Commerce on technology 7 The impact of Security on E-Commerce on the organization 9 Conclusion 12 Reference 14 Introduction E-commerce has brought about profound impacts on the entire global economy. However, it is important to understand the risks involved with the conducting and maintenance of a robust business operation generating results. Thus it is crucial for the companies engaging in or considering e-commerce activities to audit their business processes to check for any vulnerabilities and implement required security solutions in their e-commerce plan. Rapid deployment of their cyber security measures helps to provide added security to their online resources such as e-commerce websites, extranets and intranets. It is essential for these resources to operate in safe, secure and stable environment as organizations work on huge stores of data and it is important to ensure to ensure integrity of the data and protect the company’s e-commerce and IT infrastructure. With the growth of e-commerce it becomes even more vital for the business leaders to ensure that their highly complex and networked infrastructure, customer bases, trade secrets and intellectual property rights remain uncompromised and at the same time the possibilities of revenue losses and business disruptions are minimized. With the dramatic evolution of communication and computing technologies and their standardizations, e-commerce has been more on the boom. Lowering of operation costs, enhancement of speed of transactions, and ease of global reach to vendors and customers are some of the major reasons for the increasing popularity of this emerging way of commerce today. The project analyses some of the major issues in terms of security of transaction and assets in e-commerce activities and components. Since transactions involve huge amounts of public money, the importance of information security cannot be ignored in this business. This requires analysis of security requirements in e-commerce systems from perceived vulnerabilities and threats. The research analyses the critical importance of information security in e-commerce from the technological, management and organizational perspective in this regard. The importance of information security for effectiveness of decision making for managers; its importance from the perspective of honour and goodwill of the organization and also from the technological perspective is discussed in the project. Security in E-commerce- Overview A secure e-commerce system accomplishes its tasks and goals without any unintended side effects. An insecure and unsafe e-commerce system may generate access to unintended complexities and threats which can have the potential to damage its intentions or purpose. In the software industry, security can be understood from two different perspectives. Software consumers regard protection of their information as one of the crucial and specific features of the system. Integrity, confidentiality and availability account for three of the main concepts in the protection of e-commerce system. This is crucial from both the perspectives of both the client and the vendor. A safe and secure e-commerce system not only allows easy and effective transaction between the vendor and the service provider but also adds to the goodwill and reputation of the company for being cautious about securing its clients’ information and data. It demonstrates its worth as being a reliable company which serves as its competitive strength in the market (IBM, 2005). The impact of Security on E-Commerce on the management of organizations It is important to understand that security is not only about technology. The security of e-commerce activities ultimately reflects through proper decision making and management of the organization. The primary essence of the management in any organization is decision making. Managers are constantly required to evaluate between multiple alternatives and chose the one most suited for the moment. Like the way there are multiple managerial styles, the decision making styles in the organization may also vary. Managers are required to deal with various risks, uncertainties evaluate between alternatives differing with regards to their extent of associated risks. The reason for the security of e-commerce is required in the organization arises out of the fact that many decisions are needed to be taken in the absence of complete information. Uncertainty raises the possibilities of different outcomes significantly for which the outcomes for each of the possibilities must be considered. For instance managers are required to manage diverse pool of employees based on different geographic locations. Extensive e-commerce activities are conducted through the work procedures between these individuals. Moreover there is extensive information sharing between individuals across diverse backgrounds. This requires high quality protection mechanisms for the same. It is not possible for the manager to eliminate chances of data insecurity for every work process between these individuals. A major part of the decision making procedure rests on the assumption that information exchange across the diverse workforce of the organization is absolutely secured through the right application of information and technology. Thus in the presence of uncertainties also, decisions have to be taken by the manager. This is because in the absence of choosing a particular course of action, extensive loss might be incurred by the organization. On the other hand the loss incurred through an unsafe and insecure e-commerce system which is open to threats and attacks can be much more and dangerous. This is primarily from the perspective of the management. Loss or misuse of information and data exchange between the diverse workforces can be harmful in terms of spoiling interpersonal relations among them. From an organizational perspective it also be said that information plays a crucial role for decision support system in the organization. A well secured e-commerce system is armed with such information which helps managers make decisions in a better manner. For instance, the front line managers who require direct activity cost information are able to manage revenues in a better manner and calculate costs and profits. Subsequently the organization is in a better position to attain greater consistency between the upper and lower level management layers by providing such authentic information across the organization. The importance of internet based security system is regarded highly in the e-commerce frameworks in today’s organizations. With the emergence of many user friendly query tools and internet based databases, corporations are increasingly turning towards decision support system (DSS) with the aim of analyzing these databases and converting them into information which is crucial for decision making. DSS normally includes report writing as well as analytical features which enable users to translate data into a useful form which supports decision making by the management. With the advent of decision support technology in today’s organizations, the need for information security and safety has become all the more important. It is gradually emerging as a high priority in recent organizations and among the firms’ information and technology departments. Besides being a flexible programming paradigm, DSS is comparable with other software such as ERP which is known for accelerating the process of routine operations in the organizations. The information security system in DSS is all the more important as it breaks up and slices the data into such understandable chunks which facilitates evaluation and decision making. When DSS techniques are applied in e-commerce activities in a firm, significant time of the firm can be saved by enabling users to handle complex problems and bring them down to simple pair wise comparisons across diverse criteria and options. Data which is open to threats in such systems can complicate processes even further. Instead of bringing down time, it can end up using more time than usual resulting in wastages and losses. The decisions based on such erroneous information can complicate processes considerably and finally indulges the management to take decisions based on the erroneous results. A wrong decision ends up making productivity losses, shrinks sales volumes and deteriorates performances considerably (Sanderson & Ghadaksaz, n.d. p.2). The impact of Security on E-Commerce on technology High security in the information and technology used in an organization is an ultimate reflection of usefulness of the technology. An ill secured system only brings down the level of efficiency, utility and usefulness of the technology in the organization. In this context it is important to understand the difference between a software system and a security system. In the designing of a software system the functional correctness of the application is of the highest concern to both the client and the service provider. In the software systems, it is the role of the designer to ensure that using reasonable input the user gets reasonable output too. This is traced down through the system specification. However, on the other hand in a security system, it is essential to preserve the system properties in the fact of threats. Therefore it is to be ensured that the system output does not generate disastrous results out of unreasonable inputs. In the security system, there can be active interference from adversaries for which the system must be hard enough to withstand it. In addition to this, in the security systems greater complexity implies greater security holes. The essential steps for designing security in a system is to first model the system, indentify the security properties which must be preserved, model the adversary and finally ensure preserving security properties under threats and attacks. Modelling the system in detail and identifying security properties is possible. However, it is not completely possible to accurately model the vulnerabilities and adversaries in the system. The result is that it is not possible to achieve absolute security in the system. Thus system security in general is perceived as a process rather than a one time developed product. Thus it is seen that the effectiveness of technology depends on the effectiveness of the security system attached with the technology. In the absence of a strong security system it is possible that the technology itself can crash. In this context surety perspective can be rather regarded as an attribute of the technology which determines the extent of efficiency or effectiveness of the technology (Sengupta, Mazumdar & Barik, 2005, p.7). In the absence of a well defined security system the technology would fail to yield the correct results or outcomes. In such cases data might get wrongly interpreted, formatted and ultimately represented in the wrong manner. In such a case the effectiveness of the security system is a reflection of the effectiveness of the technology used by the organization. This highlights on the aspects of security in e-commerce activities used in the organization (Sengupta, Mazumdar & Barik, 2005, p.7). With increasing interaction between the information systems in the organization, there is greater interaction between businesses. Mutual interdependence between technologies leads to greater interdependence in the businesses. This leads to greater realization of the importance of security of the partner’s business which can indirectly hurt the organization too. They need the assurance that these interactions between them do not expose their information assets unduly. This calls for a greater demand for the security of its information systems and audits of its security practices and policies in order to provide this assurance (Sanderson & Ghadaksaz, n.d. p.2). The advantage of e-commerce activities from the technological perspective is that it allows easy automation and generation of multiple payments using the minimum cost and effort. Previous too much dependence on banks for handling payments and transactions coupled with ubiquitous communications technology were responsible for making payment processes more difficult and expensive to establish. With the establishment of e-commerce technology such aspects have been made easy and comfortable. Additionally, the replacement of manual systems by e-commerce technology has reduced time delays as process payments can be done on real time basis reducing the possibilities of human interventions and subsequently reducing time delays. Also, with the availability of cheap communication and computing technologies, the application of the right software has enabled individual and small enterprises to have easy access and provide a wide range of information services which previously were available only to large organizations through dedicated networks. The overall impact of security in e-commerce systems in organizations is that it brings down the cost of information and technology in the organization to a considerable extent in the way of enhancing the efficiency and effectiveness of the software. With a strong security system, the need for regularly testing and reviewing of security measures are reduced considerably (Sanderson & Ghadaksaz, n.d. p.2). The impact of Security on E-Commerce on the organization In the era of cut throat competition between organizations, big and small, the need for securing their e-commerce activities is all the more important. This arises out of the common purposes for which it uses e-commerce activities such as making profits for providing goods and services at low costs; or even providing electronic library functions for confidential or sensitive information through the internet. From the organizational perspective, the costs of providing goods and services account for determining the ultimate profitability of the organization in the market. It is possible for the company to loose crucial information if its e-commerce technology is not fully secured. This can have immense detrimental effect in the form of increasing its cost of goods and services and lowering its profitability in the market. It can have a damaging effect on the efficiency improvement which is brought about by e-commerce technology, ultimately resulting in the lowering of its efficiency and brining down profits. Typically, as profitability determines the position of an organization in the market as against its competitors, it can be inferred that securing the e-commerce technology of the organization has a direct association to its position and competitive strength in the market. Securing the information used in e-commerce activities also has strategic implications for organizations. A highly secured technology is an implication of the efficiency of the technology used by the organization. Today’s organizations are highly technology driven; and the more efficiently it can use technology to its advantage the more competitive strength it is likely to hold in the market. A highly secure and safe information system in an organization only adds to its effectiveness in the long run and reduces possibilities of unintended errors and side effects. Such a highly advanced system has long term strategic implications from the perspective of the organization. A safe and secure service provider is preferred by all institutions in the market, and in this regard the organization would be regarded highly too. This can account for a major strategic strength of the organization among its competitors. From the perspective of the organization, importance of security of e-commerce system can be directly associated with the organizational goals and objectives. Security systems in e-commerce activities in organizations can be directly associated with efficiency and costs. The elimination of weaknesses from the system reflects through costs effectiveness of the security system. However, it must also be understood that planting a highly quality security system in the e-commerce system can be costly. Implementing additional security measures can end up increasing the costs more than the benefits. Thus it is crucial for the organization to ensure the extent of costs incurred in the implementation of the security system fetches cost effectiveness in proportion to the benefits. In other words, the organization requires determining the degree of security investment for yielding the required business results. Other aspects such as policies and laws on management systems, administration, operations and maintenance require high security issues. For instance, organizations work in association with numerous stakeholders. There are high chances that secured data and information are hacked or slashed by any of these stakeholders. The prevention of misuse of the e-commerce system can be well achieved through a well defined security system. It helps to prevent such cheating or hacking of information which can be confidential and private from the organization’s perspective. One policy which is randomly used by management operations, systems, maintenance and administration of this system is implementing a random and static number generator for each of the problems and their solutions. The generation of a static random number to problems and solutions ensures that each individual achieves a unique set of numbers in their problems and their solutions. The security system disallows the use of this information by another user. This way the problem of hacking can be minimized through a substantial degree and the possibilities of solving complex situations with ease and comfort can be enhanced (IBM, 2005). Conclusion Electronic commerce is regarded as a dramatically expanding technology in the globalized world. Various technologies have acted towards the facilitation and proliferation of e-commerce technology in recent organizations. Rapid acceleration of communication and computing technology coupled with sophisticated Electronic commerce systems have expanded across the business world. However, the proliferation of e-commerce application is not considered enough in the recent business environment. With the growth of hackers and increasing complexities of the processes, the need for securing the information and data used in the system have also increased. The security engineering life cycle is rightly used in different spheres if information technology for carrying e-business activities securely and safely. With the right understanding of business requirements and needs and the management of security resources in the enterprise, e-commerce has matured substantially and has yielded great business results for both organizations and individuals. With the involvement of huge amounts of public money in organizations, the need for securing information and data has climbed in importance today. The possibilities of vulnerabilities and threats must be reduced considerably for creating an effective e-commerce system. This is as important to the technological perspective of the organization as it is to the management of the organization. Besides enhancing effectiveness of the system and subsequently bringing down costs, it also bears strategic importance for the organization. A protected system allows managers to take decisions at their will and according to the welfare of the organization. Decision making by the management rests on a lot of uncertainties and risks. With the threat of uncertainties and risks involved in the process, their decisions are highly vulnerable and prone to criticism and accusation. The ease of management decision making is considerably enhance on the presence of a well secured electronic commerce system. Additionally the efficiencies of the software are also greatly increased through reducing delay timing, transaction costs and eliminating errors and side effects. From the organizational perspective, a well secured information system bears long term strategic importance in the way of earning goodwill and reputation of the organization as being a reliable provider of services and having integrity of operations too. Reference Sengupta, A., Mazumdar, C. & Barik. M. S. (2005). E-Commerce security – A life cycle approach. S?adhan?a Vol. 30, Parts 2 & 3, April/June 2005, pp. 119–140. [Pdf]. Available at: http://www.ias.ac.in/sadhana/Pdf2005AprJun/Pe1335.pdf. [Accessed on August 06, 2012]. Sanderson, B. & Ghadaksaz, M. (No Date). Trends in e-Commerce Security Practices. [Pdf]. Available at: http://www.touchbriefings.com/pdf/1417/lahaise.pdf. [Accessed on August 06, 2012]. IBM. (2005). e-Commerce security: Attacks and preventive strategies. [Online]. Available at: http://www.ibm.com/developerworks/websphere/library/techarticles/0504_mckegney/0504_mckegney.html. [Accessed on August 06, 2012]. Read More