Confidentiality
Information retrieved from buyers should only be available to authorised parties, in other words the website owner is responsible for the protection of information passed to site.Confidential information should be isolated from external access and totally separated from the public.
Availability
Security must be made available with access and authorisation to resources.
Data Integrity
The integrity of data must be preserved. This means that data must remain the same from the sender to the receiver and devoid of corruption. Backing up of data is very essential in case of data corruption or server damage.
Security Features
The characteristics of a secured site are:
- Authentication
- Authorisation
- Encryption (Privacy)
- Auditing
Authorisation is needed in order to identify the user, and the data they can access. This is usually done by restricting access to data or by programs within the web application
Authentication is done by the utilisation of username and passwords. This is to ensure that the user is who he claims to be.
Encryption of data is vital to enhance the security and privacy of customers and subscribers. Data encryption has been described as the scrambling of data into unintelligible characters using passwords. The encrypted file is restored to its previous state by using the correct password or key. The encryption may have a ‘password,’ Structure, which may be referred to as the ‘key’.
Auditing involves records of operation. This includes log analysis and evaluation.
Secure Server and Hypertext Transmission Protocol, secure (HTTPS)
An e-commerce website must include a Secure Socket layer (SSL).
There is a need to secure confidential data over the Internet; the use of this protocol prevents data from been seen or altered by malicious intruders. The TLS (Transport Level Security) handles the HTTPS algorithms, which sets up a secure encrypted link between a web browser and the web server. TLS secures the data being transferred to the web and the retrieval of confidential data from the web server.
The need for a Firewall
A firewall is positioned in front of a group of computers and its main function is to control communication from and to this group of computers. The firewall will examine all traffic passing in and out of the server, thereby acting as a complementary access control system to the router. This way the firewall can block intrusive access to the server.
There are two basic types of firewalls, these are:
- Hardware firewalls
- Software firewalls
The firewalls can be in form of a standalone hardware machine or it may be in form of software applications that can run under operating systems such as Unix and Windows 2000 or Windows NT.
Security Policy
The merchants are responsible for the security of customer details in there possession. If Host companies are used, then the host company is also responsible.
There is a need to develop a security policy, which will specify organisational policies with regards to the use of the system, access, monitoring and other issues.
Users should be educated on the importance of security. For instance :
- Passwords should not be weak or exposed.
- User should always log off after using secure site.
