I will first make clear what electronic business security is. Electronic business security, which I will refer to as e-business security, is concerned with all aspects of how business information is collected and handled, how hardware and software process and communicate that information, how information is stored and prote

The first phase is the Investigation phase. The management must first assemble a security team from responsible managers, employees and contractors. This team must assess their current situation and decide what their project scope and expectations must be. Also, they must provide a program security policy that outlines the projected outcomes and goals of the project. Once this is completed they must propose this to the head management and receive the okay to move on with the project, redesign the scope or forget the project completely. Another part of the Investigation phase is to perform a risk assessment.(Braithwaite, pg.35)

As you can see, there are many things that a CIO must consider and go through when trying to implement a system or just improve upon an existing system. They must first choose who they think is qualified to help him make the proper decisions also making sure that they understand their roles. They must also be aware of all the threats or vulnerabilities that they are dealing with. Once they have assessed the current situation they must decide whether it is worth their time and money to continue with the project. If they decide that it is vital that they continue there are many plans and strategies that they must consider. So next time you are on E-bay ordering your favorite collectible item or just logging on to your e-mail think about all of the hard work and evaluation that has gone into securing your personal information.

There are many different levels involved when considering changes in the structure of the security system. The Chief Information Officer is in charge of everything in the sense that they are responsible for making sure that all the appropriate actions are accomplished. They must report periodically to the board of directors and the CEO of any changes and or the state of the security system.

Since it would be so hard and so expensive to protect yourself against every threat I feel that the project team and the management should assess the threats that are most likely to happen and which ones would cause the most problems. This procedure is called an attack profile. An attack profile is a detailed description of activities during an attack. It is used to determine the extent of damage that could result to a business unit if the attack were successful.(Whitman and Mattord,pg.241) The reason that I say that both the management and project team should be involved is that something may be important to the upper management but not to the employees or the consulting firm or vice versa. The consulting firm, if they weren’t an honest company, may want to implement a security procedure that may not be applicable for the company so that the firm can make more money. On the other hand the upper management may overlook something that could be very beneficial to the employees so they also need to be involved in the decision making process.

The final unintentional threat is use or operator error. This type of threat is where the software is unable to process an error during normal operations. A single way to reduce the likelihood of having one of these threats affect the system is through comprehensive testing. This testing will reduce the likelihood of software defects and extensive testing of the system’s ability to successfully handle human error. I as the manager would have to enforce software and security testing policies also. Physical threats such as water damage, power loss or civil disorder are very hard to guard against.(Braithwaite,pg.53) To prevent loss of this information is to have back-up generators and power surge protection for the power loss and make sure you have offsite replications of critical information. Again, this is very expensive and a thorough risk assessment, which I will talk about later, and it must be performed to decide what is necessary for proper protection.

Training and education are a must if you want your employees t

Some topics in this essay:
Electronic Commerce, Technical Threats, Leading Organizations”, Corporate Auditing, Threats Unintentional, Mitigation Acceptance, Virus Scan, Acceptance Acceptance, Bureau Investigation, Plan Disaster, security system, risk assessment, response plan, incident response, virus scan, business operations, disaster recovery, project team, incident response plan, unintentional threats, risk assessment programs, business continuity plan, electronic business, disaster recovery plan, threats physical threats,