ECommerce Web Servers CSH 6 Chapter 30 ECommerce

Topics ØIntroduction ØBusiness Policies & Strategies ØRules of Engagement ØRisk Analysis ØOperational Requirements ØTechnical Issues ØEthical & Legal Issues VERY LONG SLIDE DECK: USE FOR PREPARATION BEFORE AND REVIEW AFTER READING ENTIRE CHAPTER. 2 Copyright © 2020 M. E. Kabay. All rights reserved.

Introduction Ø E-commerce becoming ubiquitous Ø Desire for efficiency may harm security q. Should not use same systems for brick-andmortar business as Web-enabled q. Don’t use wireless access from kiosks & cash registers into accounting systems Ø TJX case (2007) early example q. Inadequately secured corporate network & back-office systems hacked by criminals q. Breach compromised >94 M credit cards q. Payouts of $40. 9 M in damages 3 Copyright © 2020 M. E. Kabay. All rights reserved.

Business Policies & Strategies 4 Ø Best practices evolve constantly Ø Must consider & secure B 2 C & B 2 B systems Ø Framework proposed: 1. Define Information. Security Concerns 2. Develop Security. Service Options 3. Select Security-Service Options 4. Ensure Ongoing Attention to Changes Ø Using Security Services Framework Ø Framework Conclusion Copyright © 2020 M. E. Kabay. All rights reserved. B 2 B = business-tobusiness B 2 C = business-tocustomer

1. Define Information Security Concerns Ø Study impact of security breaches on business Ø Use transactional follow-the-flow diagrams q. Tracks transactions & data through servers & networks q. Functional & logical view (what happens & how) q. Identify data sources, interfaces q. Define processing (changes) q. See Exhibit 30. 1 (p 30. 4) as example 5 Copyright © 2020 M. E. Kabay. All rights reserved.

Define Information Security Concerns (2) Usually have to study and include Ø Clients q. PCs, thin clients, PDAs, WAP-compliant phones Ø Servers q. Web, application, DB, middleware, back-end Ø Network devices q. Switches, routers, FW, network interface cardsd (NICs), codecs, modems, hosting sites Ø Network spaces q. DMZs, intranets, extranets, Internet 6 Copyright © 2020 M. E. Kabay. All rights reserved.

2. Develop Security Service Options (1) Ø Consider possible security options for each component and all data types Ø Factors affecting requirements q Industry q Company’s tolerance for risk q Maturity of security group/function q Organizational structure ([de]centralized) q Past security incidents q Internal organizational issues q Politics q Regulations q Perceived strategic value of INFOSEC 7 Copyright © 2020 M. E. Kabay. All rights reserved.

Develop Security Service Options (2) Services to consider include 1. Policy & procedures 2. Confidentiality & Encryption 3. Identification & Authentication 4. Authorization 5. Authenticity 6. Monitoring & Audit 7. Access Controls & Intrusion Detection 8. Trusted Communication 9. Antivirus 10. System Integrity Controls 11. Data Retention & Disposal 12. Data Classification 8 Copyright © 2020 M. E. Kabay. All rights reserved.

3. Select Security Service Options Ø Cost-benefit & risk-management analysis q. Final selection of security service options q. Distribute along continuum of importance üSee Exhibit 30. 2, p 30. 8 Ø Four additional factors in option selection 1. Implementation risk or feasibility 2. Cost to implement & support 3. Effectiveness in increasing control 4. Data classification 9 Copyright © 2020 M. E. Kabay. All rights reserved.

Implementation Risk or Feasibility Ø Feasibility of implementing option Ø Factors affecting ease of implementation q. Product maturity q. Scalability q. Complexity q. Supportability q. Skills available (capabilities, prior experience) q. Legal issues q. Integration required q. Limitations of technology 10 Copyright © 2020 M. E. Kabay. All rights reserved.

Cost to Implement & Support Ø HW & SW q. Implementation q. Support q.

Effectiveness in Increasing Control Ø Reduction of risk q. Impact & likelihood of harmful event q. Compare before & after implementation of security service / mitigating strategies Ø Example: theft of credit-card #s from DB q. Losses to consumers (data subjects) q. Negative public relations q. Decrease future business 12 Copyright © 2020 M. E. Kabay. All rights reserved.

Data Classification Ø Criticality & sensitivity of information Ø Protection against q. Misuse q. Disclosure q. Theft q. Destruction Ø Throughout lifecycle Ø Creator usually considered responsible q. Classification q. Identification q. Labeling 13 Copyright © 2020 M. E. Kabay. All rights reserved.

4. Ensure Ongoing Attention to Changes Ø Threats evolve q Therefore defenses must evolve Ø Changes inevitable q Compliance q Regulation q Technological advances q New attacks Ø “Security is a process, not a product. ”* q … or a static end-state _____ * 14 Schneier, B. (2000). “Computer Security: Will We Ever Learn? ” Crypto-Gram Newsletter (May 15, 2000). < http: //www. schneier. com/crypto-gram-0005. html#1 > Copyright © 2020 M. E. Kabay. All rights reserved.

Using Security Services Framework Ø Detailed examples of analyses are provided in text for q. B 2 C Security Services q. B 2 B Security Services Ø However, these examples are not discussed in this slide presentation Ø Will serve as examples for reader’s / student’s own analyses Ø Case studies may be used as basis for exam questions; e. g. , “Using the case studies in Chapter 30, analyze the different security requirements for Norwich University’s public Web site (www. norwich. edu) and for its intranet site (my. norwich. edu)” 15 Copyright © 2020 M. E. Kabay. All rights reserved.

Rules of Engagement Ø Web Site-Specific Measures Ø Defining Attacks Ø Defining Protection Ø Maintaining Privacy Ø Working with Law Enforcement Ø Accepting Losses Ø Avoiding Overreaction Ø Appropriate Responses to Attacks Ø Counter-Battery Ø Hold Harmless 16 Copyright © 2020 M. E. Kabay. All rights reserved.

Website-Specific Measures Ø Website may be most important element of interaction with outside world q. High availability: 24 x 7 x 365 due to expectations & potentially worldwide market q. Accuracy and confidentiality required q. Perturbations may profoundly affect customers, cash flow, long-term reputation Ø Most Website problems caused by inside technical glitches, not glamorous hacker attacks Ø External events can wreak havoc; e. g. , 9/11 Ø Best practices & scale important q. Small organizations may succeed with less formal solutions than large ones 17 Copyright © 2020 M. E. Kabay. All rights reserved.

Defining Attacks Ø Large numbers of repeated attempted connections may be attack – or not q. Customer with technical problem q. Problem on network q. Attack on server 18 Copyright © 2020 M. E. Kabay. All rights reserved.

Defining Protection Ø Web sites Internet-visible assets q. Internet-visible not intended for public use üEasier to anticipate usage, traffic Ì means “proper subset” q. Web site activity varies (part of but not the whole) üPotentially worldwide public üSurge could be due to attack or to popularity Ø Some protective measures have unexpected consequences; e. g. , q. Requiring visitor computers to have entry in inverse DNS instead of only DNS q. But not all legitimate sites have inverse DNS entries q. Becomes a policy issues, not just technical 19 Copyright © 2020 M. E. Kabay. All rights reserved.

Maintaining Privacy Ø Logging interactions q. Privacy policy üManagerial üLegal üCustomer relations q. Technical staff must respect laws, regulations Ø Always consult corporate privacy policy Ø Discuss with corporate counsel if necessary 20 Copyright © 2020 M. E. Kabay. All rights reserved. See CSH 6 Chapter 69 Privacy in Cyberspace: US & European Perspectives

Working with Law Enforcement Ø Complexity depends on type of attack q. Frauds easier than attacks q. Attacks require more consideration of policy Ø Status of Website q. Easier: Local server in control of organization q. Harder: server at hosting facility q. Hardest: server owned by third-party Ø What information can / should be logged? q. When? 21 Copyright © 2020 M. E. Kabay. All rights reserved. See CSH 6 Chapter 61 Working with Law Enforcement

Accepting Losses Ø Security breaches should be prepared for as if inevitable despite best efforts of all q. Increasing complexity of site content q. Growing application code Ø Reaction plans important q. Similar to discussion of Web-based vulnerabilities q. Difference is greater effect on customers q. Prepare & refine computer security incident response team and plans See CSH 6 Chapter 21: Web-Based Vulnerabilities & CSH 6 Chapter 56: Computer Security Incident Response Teams 22 Copyright © 2020 M. E. Kabay. All rights reserved.

Avoiding Overreaction Ø Some reactions may cause more problems than attack Ø Define decision-making authority & guidelines Ø Decide in advance what conditions will force Website to be taken offline Ø Key principles: q. Defensive actions almost always permissible q. Offensive actions of any kind almost always impermissible q. Transparency (invisibility) to customer best 23 Copyright © 2020 M. E. Kabay. All rights reserved.

Appropriate Responses to Attacks Ø International law recognized attacks on naval vessel = act of war q Fire if fired upon q Similar rules give citizens right to defend themselves in absence of law enforcement personnel q “Rules of engagement” Ø Information technologists do not have legal standing for counterattack q Focus on appropriateness to situation üPolitical, legal, business issue üPolicy, legality, public relations, feasibility üNational security vs private property 24 Copyright © 2020 M. E. Kabay. All rights reserved.

Counter-Battery Ø Targeting system that has attacked Ø But counter-battery is illegal in most jurisdictions q. No legal standing for attack against a computer system Ø Practical problems q. Malefactor may not be correctly identified q. Effects of attack may spill over to innocent victims Ø Example: Canter & Siegel (1994) q. Spammers in Arizona (2 lawyers) q. Retaliation (protest e-mails) crashed their ISP servers q. Innocent victims: customers of spammers’ ISP 25 Copyright © 2020 M. E. Kabay. All rights reserved.

Hold Harmless Ø Need fast responses Ø Employees must be protected against retaliation q. Acting in good faith q. According to responsibilities q. Within documented policy & procedures Ø Errors q. Lead to procedural correction q. Not punishment of individual employee 26 Copyright © 2020 M. E. Kabay. All rights reserved.

Risk Analysis ØBusiness Loss ØPR Image ØLoss of Customers & Business ØInterruptions ØProactive vs Reactive Threats ØThreat & Hazard Assessment See CSH 6 Chapter 62: Risk Assessment & Management & CSH 6 Chapter 63: Management Responsibilities & Liabilities 27 Copyright © 2020 M. E. Kabay. All rights reserved.

Business Loss Ø Customers should be considered as both… q. Outsiders accessing Internet presence

PR Image (1) Ø Web site = public face 24/7/365 q. Prime target for attack Ø Many examples of hostile activity q. US Congress “Thomas” site q. US Dept Justice q. Government sites around world Ø Activity often surges after major public events Ø Hacking contests Ø Defamation by angry consumers Ø Random targeting 29 Copyright © 2020 M. E. Kabay. All rights reserved.

PR Image (2) 30 Copyright © 2020 M. E. Kabay. All rights reserved.

Loss of Customers & Business Ø Internet customers highly mobile & impatient q. May switch to competitor quickly q. Even momentary delay may cause switch Ø Competitors usually abound Ø Functional degradation may cause switch q. E. g. , problems with shipment tracking 31 Copyright © 2020 M. E. Kabay. All rights reserved.

Interruptions Ø Just in Time (JIT) delivery q. Production üDisruption may be disastrous to entire operation q. Supply chain üService-oriented architecture (SOA) q. Delivery chain üTracking status Ø Information delivery q. Banks, brokerages, utilities… provide services online q. Offer reports on demand 32 Copyright © 2020 M. E. Kabay. All rights reserved.

Proactive vs Reactive Threats Ø Some defensive tactics open up new potential for availability problems Ø E. g. , common strategy: multiple name servers for translating IP address to domain names q Must define 2 name servers for DNS zone q But updating DNS zones can cause problems üError in providing name servers makes site unavailable üMost sites make ISP responsible for resolution of domain names § Increases complexity of architecture § Must be remembered during problem analysis & resolution 33 Copyright © 2020 M. E. Kabay. All rights reserved.

Threat & Hazard Assessment Ø Threats may be universal or specific Ø Threat analysis q. Deliberate vs accidental üActs of G-d üActs of clod q. In risk analysis & planning, deliberate attacks may be equivalent to acts of G-d Ø No enterprise is immune to accident or attack 34 Copyright © 2020 M. E. Kabay. All rights reserved.

Operational Requirements (1) Ø Protection not purely technical issue Ø Degree of exposure to Internet: risk-management issue q. Cannot set technical solutions without business context q. Cannot evaluate risks without knowledge of technical issues Ø Outsourcing introduces additional complexity Ø Protecting Web site is lifecycle process q. Ongoing system evolution q. Monitoring, detection, correction q. Analysis, changes in underlying causes 35 Copyright © 2020 M. E. Kabay. All rights reserved.

Operational Requirements (2) Ø Ubiquitous Internet Protocol Networking Ø Internal Partitions Ø Critical Availability Ø Accessibility Ø Applications Design Ø Provisioning Ø Restrictions Ø Multiple Security Domains Ø What Needs to Be Exposed Ø Access Controls Ø Site Maintenance Ø Maintaining Site Integrity 36 Copyright © 2020 M. E. Kabay. All rights reserved.

Ubiquitous Internet Protocol Networking Ø Switch from locally controlled networks to Internet greatly increased exposure to attack Ø Wider range of connected equipment q. Vo. IP telephones q. FAX q. Copiers → network printers q. Soft drink dispensers (!) etc. Ø Conflict between ease of access & security q. Safest: unconnected to world q. Easiest to use: no security restrictions Ø Must balance issues 37 Copyright © 2020 M. E. Kabay. All rights reserved.

Internal Partitions Ø Complex corporate environments q Often best protected by including partition q Define separate security domains üOwn legal, technical, cultural needs üE. g. , medical records, CRM, SCM, ERP q Often require separate policies for firewalls, access controls…. Ø Damage control improved by partitions q E. g. , malware attack may be contained q Defense in depth CRM: customer relationship management 38 SCM: supply-chain management ERP: enterprise resource planning Copyright © 2020 M. E. Kabay. All rights reserved.

Critical Availability Ø Different sectors may have different needs for availability q. Second-to-second (e. g. , real-time production controls, SCADA) q. Minute-to-minute (e. g. , customer Web functions, Help desk) q. Hour-to-hour (e. g. , shipping, scheduling) q. Day-to-day (e. g. , line management reports, billing) q. Week-to-week (e. g. , regulatory reporting, management accounting) SCADA: Ø Poorly planned shutdowns can cause more supervisory control problems than attack and data acquisition 39 Copyright © 2020 M. E. Kabay. All rights reserved.

Accessibility Ø Users must be involved in defining rules q. But users need awareness & education üE. g. , university faculty often insist on removal of all security rules Ø Some individuals & functions do not need Internet access for their work q. Individuals may resent being blocked q. But need to define business case for access or exclusion 40 Copyright © 2020 M. E. Kabay. All rights reserved.

Applications Design Ø Site processing confidential information q Must support HTTPS q Typically through port 443 q Requires valid digital certificate Ø In case of uncertainty about security requirements, err on side of security q Enable HTTPS anyway q Encryption best/only way of protecting potentially sensitive traffic Ø Use encryption within organization too q E. g. , for sensitive transactions involving employee information Ø Suppress display of confidential info q E. g. , full credit-card numbers q Be sure not to vary in parts that are suppressed ü Prevent inference by collecting parts from different screens 41 Copyright © 2020 M. E. Kabay. All rights reserved.

Provisioning Ø Plan for disruption Ø Use redundancy Ø High-availability public-facing Web site may need 2 geographically separated facilities Ø Evaluate degree of functional duplication required by applications / services Ø Costs of unavailability may be orders of magnitude > cost of redundancy See CSH 6 Chapter 58: Business Continuity Planning & CSH 6 Chapter 59: Disaster Recovery 42 Copyright © 2020 M. E. Kabay. All rights reserved.

Restrictions Ø Web servers must be behind firewall Ø Incoming / outgoing services restricted using specific protocols (e. g. , HTTPS, ICMP) Ø Disable unused ports Ø Block disabled ports by firewalls Ø Store customer information on separate systems (not Web server) 43 Copyright © 2020 M. E. Kabay. All rights reserved.

Multiple Security Domains Ø Web servers ≠ database servers Ø Link Web server to DB q. Dedicated & restricted-use protocol q. Prevents hijacked Web server from allowing access to DB Ø Segregate DB servers behind additional firewalls 44 Copyright © 2020 M. E. Kabay. All rights reserved.

What Needs to Be Exposed (1) Ø Despite public access to Web server, must prevent exploitation for subversion Ø All connections to Internet go through firewall q. Firewall restricts traffic to Webrelated protocols only Ø DMZ: demilitarized zone (devices with firewalls in front of and behind them) 45 Reprinted from Computer Desktop Encyclopedia V 22. 3 (3 rd quarter 2009) with permission Copyright © 2009 Computer Language Company. http: //www. computerlanguage. com Copyright © 2020 M. E. Kabay. All rights reserved.

What Needs to Be Exposed (2) Ø Exposed systems q. Minimize q. Consider roles, not just machines q. May prefer to have several different servers rather than one larger server üImpact of downtime grows q. But new trend of virtualization pushes towards single server with multiple functions Ø Hidden Subnets q. Hide servers supporting Web site from visibility q. Can use private Internet IPv 4 & IPv 6 addresses üSee RFC 1597 http: //www. ietf. org/rfc 1597. txt 46 Copyright © 2020 M. E. Kabay. All rights reserved.

Access Controls Ø Restrict # individuals with access to Web server q. Apply controls q. Analyze reports q. Monitor Ø Cleared individuals need individual accounts (IDs) q. Not generic functional account q. Essential for audit trail Ø Immediate termination of access upon q. Change of responsibilities within organization q. Termination of employment 47 Copyright © 2020 M. E. Kabay. All rights reserved.

Site Maintenance Ø Even single-character error in public Web site can harm function and reputation q. E. g. , in link Ø Content changes move through Web in minutes q. Search engines q. Archival capture Ø Change-control procedures essential See CSH 6 Chapter 40: Managing Software Patches & Vulnerabilities CSH 6 Chapter 47: Operations Security & Production Controls CSH 6 Chapter 52: Application Controls 48 Copyright © 2020 M. E. Kabay. All rights reserved.

Maintaining Site Integrity Ø Restrict write-access to Web server Ø Use secure methods for accessing servers q. Do not use unsecured access via Web Ø Secure mechanisms for update: q. Secure FTP q. FTP from specific node within inner firewall q. KERMIT on directly wired port q. Logins & file transfers via SSH q. Physical media transfers (air gap) 49 KERMIT: A file transfer protocol developed at Columbia University, noted for its adaptability to noisy lines, enabling transfers to succeed under the worst conditions. Kermit supports streaming over the Internet, sliding windows for links with long round-trip delays, record and character conversion of text files, restart/recovery from point of failure and platform-independent transfer of directory trees with a mix of text and binary files. Computer Desktop Encyclopedia v 22. 3 (3 rd quarter 2009). Copyright © Computer Language Company. Used with permission. Copyright © 2020 M. E. Kabay. All rights reserved.

Technical Issues Ø Inside / Outside Ø Hidden Subnets Ø What Need be Exposed? Ø Multiple Security Domains Ø Compartmentalization Ø Need to Access Ø Accountability Ø Read-Only File Security Ø Going Off-Line Ø Auditing Ø Emerging Technologies 50 Copyright © 2020 M. E. Kabay. All rights reserved.

Inside / Outside Ø Fundamentals q. Inside: trustable systems q. Outside: untrustworthy systems q. But not absolute distinction üMay be trustworthy for one application or context but not another üMajority of harm done by authorized users § Incompetence or malfeasance Ø Router tables must prevent IP spoofing q. Inside to outside 51 q. Outside to inside Copyright © 2020 M. E. Kabay. All rights reserved.

Preventing IP Spoofing Ø Inbound packets from outside cannot have originator addresses within target Ø Outbound packets to public network must have originator addresses within originating network Ø Outbound packets to public network must not have destination addresses within originating network Ø Exception: stealth internal networks q. Internal addresses correspond to external addresses 52 Copyright © 2020 M. E. Kabay. All rights reserved.

Hidden Subnets Ø Firewalls funnel network traffic through 1 or few chokepoints q Likelihood of security breach of entire NW rises with # independent access points q If p = P(access point will fail) then q P(access point will not fail) = (1 - p) and q If n = # access points then q P(all access points will not fail) = (1 - p)n q P(at least one access point will fail) = 1 - (1 - p)n Ø Use RFC 1918 internal addresses q For IPv 4 within protected networks q Never occur in public Internet q Similar to addresses used in NAT (dynamic network address translation) 53 Copyright © 2020 M. E. Kabay. All rights reserved.

What Need be Exposed? Ø Air gaps (total disconnection) can be useful q Industrial real-time control systems q SCADA q Life-critical systems q High-confidentiality systems Ø Publishing information to Web servers q Media exchange q Controlled one-way transfers Ø Restrictions on protocols q E. g. , library can allow HTTP but block FTP Ø Beware of tunnels through firewalls Ø Or convert LAN to untrusted network q Use VPNs to connect internal corporate systems 54 Copyright © 2020 M. E. Kabay. All rights reserved.

Multiple Security Domains (1) Ø Monolithic firewall defines only outside & inside Ø But better is Outside / DMZ / Inside Ø Can also attach DMZ to single port on outer firewall Ø May find internal compartmentalization useful 55 Copyright © 2020 M. E. Kabay. All rights reserved.

Multiple Security Domains (2) Ø Brokerage with 2 trading networks, Ω & Γ Ø Each gateway could q. Monitor communications with Web server q. Monitor traffic with competing trading NW q. Attack other gateway q. Disrupt communications with other gateway q. Attack brokerage’s internal network 56 Copyright © 2020 M. E. Kabay. All rights reserved.

Compartmentalization Ø Reduces potential for complete network meltdown Ø Prevent accidents from cascading Ø Prevent infection by malware Ø Portable storage devices q. Including USB memory / disks q. Make situation worse q. Increase value of compartmentalization 57 Copyright © 2020 M. E. Kabay. All rights reserved.

Need to Access Ø Careful analysis required for determining need to access to which resources Ø Physical & logical access controls q. Needed to protect Internet-accessible systems q. Must be understood, respected & enforced Ø Regular audits necessary Ø Internal communications should also be secured q. Encryption (e. g. , SSL, VPNs) q. Access by employees outside organization must be secured using VPNs 58 See CSH 6 Chapter 32: Virtual Private Networks & Secure Remote Access Copyright © 2020 M. E. Kabay. All rights reserved.

Accountability Ø No perimeter is likely to be perfect Ø Encourage employees to report security vulnerabilities & accidents q. Avoid pressures to hide such problems q. Want early warning q. Fix problems before they are exploited q. Analyze root causes & resolve Ø Do not punish people for false alarms 59 Copyright © 2020 M. E. Kabay. All rights reserved.

Read-Only File Security Ø Many sites permit downloads (HTTP, FTP) of forms, manuals, instructions, maps, service guides Ø Must ensure that q. Servers supporting FTP are secure q. Contents of public file store are read-only & have change-control procedures q. Entire contents can be restored quickly if compromised q. Designated (named) party responsible for maintaining, protecting & restoring public store 60 Copyright © 2020 M. E. Kabay. All rights reserved.

Going Off-Line Ø Out-of-service costs critical to determine q. Loss of business q. Waste of professional time (e. g. , salaries) q. Damaged PR q. Lowered morale Ø Disconnection may be rational & required q. E. g. , FORD cut connection to Internet during May 2000 ILOVEYOU attack q. Must establish WHO can disconnect for what reasons q. Have written procedures & delegation of authority 61 Copyright © 2020 M. E. Kabay. All rights reserved.

Auditing Ø Monitoring (logging) provides essential information on q. Normal (baseline) behavior q. Peaks (design for maximum expected needs) q. Trends (plan for expansion before problems hit) Ø Audit & analysis should include q. Physical communications infrastructure q. Firewalls, router tables, filtering rules q. Host security q. File security q. Traffic patterns on backbones, DMZ, etc. q. Physical security of systems & comm infrastructure 62 Copyright © 2020 M. E. Kabay. All rights reserved.

Audits 63 Copyright © 2020 M. E. Kabay. All rights reserved.

Emerging Technologies Ø New technologies alter challenges Ø E. g. , HTTPS for encrypted tunnels q. Useful to authorize use of TCP port 443 q. Allow connection to Web sites needing secure information Ø BUT HTTPS for tunneling also creates vulnerabilities q. Compromised desktop can monitor network q. Send data to system outside network using SSL q. IDS may need to spot HTTPS connections that do not fit profile of normal Web access 64 Copyright © 2020 M. E. Kabay. All rights reserved.

Ethical & Legal Issues ØLiabilities ØCustomer Monitoring, Privacy & Disclosure ØLitigation ØApplication Service Providers

Liabilities Ø Many laws affect disclosure of personally-identifiable information (PII) Ø Web sites increasingly manage sensitive information Ø E-mail also carries confidential data Ø Must establish practice of due diligence q. Show reasonable steps q. Ensure integrity, safety, confidentiality 66 Copyright © 2020 M. E. Kabay. All rights reserved.

Customer Monitoring, Privacy & Disclosure Ø Customer monitoring a sensitive subject q. Can accumulate spending profiles q. May show interesting products q. But could assemble dossier for blackmail q. Turn over data to hostile / paranoid government agencies Ø Many organizations fail to encrypt PII on servers Ø Data mining may lead to incorrect conclusions q. Do not confuse casual associations with superficial interpretations q. E. g. , businessman who meets young woman in hotel – his daughter! 67 Copyright © 2020 M. E. Kabay. All rights reserved.

Litigation Ø Increasing volumes of Web-related litigation Ø Civil: be prepared for discovery procedures Ø Regulatory: verify compliance with records retention requirements for all appropriate agencies Ø Criminal: safeguard evidence, cooperate with law enforcement & courts Ø Logs, Evidence, Recording Facts q Key to success q Accurate, complete, accessible (right software available!) q Be sure you know which records are stored where 68 Copyright © 2020 M. E. Kabay. All rights reserved.

Application Service Providers (ASPs) Ø External organizations providing specific applications (e. g. , accounting, manufacturing) Ø Enterprise, not ASP, bears responsibility for security failures Ø Due diligence q. Choosing ASP q. Defining contracts q. Monitoring quality of service (Qo. S) 69 Copyright © 2020 M. E. Kabay. All rights reserved.