Potential Liability on Cross-site Scripting - Essay Example

The high-level management personalities of diverse disciplines, howsoever trustworthy, cannot digress from their own responsibilities to justifiably oversee such crucial and important functional branches as online security. The insurance industry has a solid customer base and vast financial inputs. Online security must be exclusively handled by security experts just like operations, program development and network operations are handled by experts in these fields. Otherwise, the industry could become an easy target of ceaseless and relentless attacks of malevolent hackers spread all over the globe.

The managers of the three disciplines meet only twice annually as the security management committee to co-ordinate security developments and plans. This step-motherly treatment to security could prove to be counterproductive and expensive in the long run. Other potential liabilities the company needs to address are risks arising from the high volume of online interactions and transactions with clients. When clients forget their username and/or password, they are required to answer a challenge question to retrieve the information by email.

If anyone can forget the username and/or password there is no guarantee they are likely to remember challenge questions and answers. Ideally, the company must provide clients with passwords. (Case Information)Recommendation on the immediate handling of the XSS threat to LIB The first and foremost action recommended is to employ a full-time security consultant and fix responsibilities inclusive of the XSS threat to LIB. The immediate next step is to make clients aware of the XSS risk and educate them on the course of action they need to bear in mind and act upon whenever browsing the LIB website.

The operations manager, program development manager, and network operations manager must continue to maintain vigilance in security matters and report unusual occurrences to the security department/consultant. These three management entities must coordinate with security daily or at least on a weekly basis. (The Cross-Site Scripting (XSS) FAQ)Recommendations on improvement in the management of security at LIBHaving a separate entity to handle online security issues at LIB is the ideal decision and the first step to address risks to the overall business.

The company can further improve its online security concerns by maintaining high alert on offline areas as well. A systematic reward scheme must be put in place for those providing information and alerts on unusual online movements. The company must also have its own discreet methods to test its security system by using tactics such as sting operations periodically in top secrecy. The company must also keep itself abreast of hackers' modus operandi and the susceptibilities and vulnerabilities of the online insurance industry.

As a standard measure, every company using online business systems and networks will ostensibly possess security technologies applicable to its sphere of operation and guard the interests of its clients and its own by routing online communications by encrypting, scrambling and decoding.