Computer security: a comprehensive controls checklist
Computer security: a comprehensive controls checklist
Cost-effectiveness modeling for a decision support system in computer security
Computers and Security
Security in computing
A fundamental framework for network security
Journal of Network and Computer Applications
Security service level agreements: quantifiable security for the enterprise?
Proceedings of the 1999 workshop on New security paradigms
Issues in the law of electronic commerce
netWorker
Active security — a proactive approach for computer security systems
Journal of Network and Computer Applications
Security models for web-based applications
Communications of the ACM
Software security and privacy risks in mobile e-commerce
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Building Trust in Electronic Commerce
IT Professional
E-Commerce Trust Metrics and Models
IEEE Internet Computing
Trust Issues and User Reactions to E-Services and E-Marketplaces: A Customer Survey
DEXA '01 Proceedings of the 12th International Workshop on Database and Expert Systems Applications
Developing and Validating Trust Measures for e-Commerce: An Integrative Typology
Information Systems Research
How to Systematically Classify Computer Security Intrusions
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Managing vulnerabilities of information systems to security incidents
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
Fundamentals of Database Systems, Fourth Edition
Fundamentals of Database Systems, Fourth Edition
Understanding the Value of Countermeasure Portfolios in Information Systems Security
Journal of Management Information Systems
Priority indexing model for evaluating and analysing organisations' information security systems
International Journal of Information Systems and Change Management
Coverage of egovernment security issues in mass media
EGOV'11 Proceedings of the 10th IFIP WG 8.5 international conference on Electronic government
International Journal of Information Management: The Journal for Information Professionals
Hi-index | 0.00 |
Electronic commerce and the Internet have enabled businesses to reduce costs, attain greater market reach, and develop closer partner and customer relationships. However, using the Internet has led to new risks and concerns. This paper provides a management perspective on the issues confronting CIO's and IT managers: it outlines the current state of the art for security in e-commerce, the important issues confronting managers, security enforcement measure/techniques, and potential threats and attacks. It develops a scheme for probabilistic evaluation of the impact of security threats with some illustrative examples. This methodology may be used to assess the probability of success of attacks on information assets in organizations, and to evaluate the expected damages of these attacks. The paper also outlines some possible remedies, suggested controls and countermeasures. Finally, it proposes the development of cost models which quantify damages of these attacks and the effort of confronting these attacks. The construction of one such cost model for security risk assessment is also outlined. It helps decision makers to select the appropriate choice of countermeasure(s) to minimize damages/losses due to security incidents. Finally, some recommendations for future work are provided to improve the management of security in organizations on the whole.