Information Management & Computer SecurityA security risk management approach for e-commerce M. Warren W. Hutchinson Article information: To cite this document: M. Warren W. Hutchinson, (2003),"A security risk management approach for e-commerce", Information Management & Computer Security, Vol. 11 Iss 5 pp. 238 - 242 Permanent link to this document: http://dx.doi.org/10.1108/09685220310509028 Downloaded on: 16 June 2015, At: 01:19 (PT) References: this document contains references to 7 other documents. To copy this document:
[email protected] The fulltext of this document has been downloaded 2412 times since 2006* Downloaded by Universiti Tunku Abdul Rahman At 01:19 16 June 2015 (PT) Users who downloaded this article also downloaded: Someswar Kesh, Sam Ramanujan, Sridhar Nerur, (2002),"A framework for analyzing e-commerce security", Information Management & Computer Security, Vol. 10 Iss 4 pp. 149-158 http://dx.doi.org/10.1108/09685220210436930 Godwin J. Udo, (2001),"Privacy and security concerns as major barriers for e-commerce: a survey study", Information Management & Computer Security, Vol. 9 Iss 4 pp. 165-174 http://dx.doi.org/10.1108/EUM0000000005808 Kwo-Shing Hong, Yen-Ping Chi, Louis R. Chao, Jih-Hsing Tang, (2003),"An integrated system theory of information security management", Information Management & Computer Security, Vol. 11 Iss 5 pp. 243-248 http:// dx.doi.org/10.1108/09685220310500153 Access to this document was granted through an Emerald subscription provided by emerald-srm:499410 [] For Authors If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information. About Emerald www.emeraldinsight.com Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online products and additional customer resources and services. Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation. *Related content and download information correct at time of download. emeraldinsight.1108/09685220310509028] [ 238 ] . The viable system model (VSM) developed by Stafford Beer (Beer.com/0968-5227. it is essential to understand the dynamics of its applicability and a diagrammatic representation is shown at Figure 1. Before using the VSM. The methods used in this model are the viable system model (VSM) and baseline security approach. Each unit has its own local management. Warren School of Information Technology. Deakin University. but to implement it. It is the function which controls the operational levels. which carry out the operational tasks in the system. This paper uses a systemic framework. The VSM consists of five subsystems. Security methods The aim of the research was too combine a information systems modeling method with a baseline security method to form a hybrid security method. They interact with their local environment. 2 Co-ordination (S2): this function co-ordinates the S1 units to ensure that each S1 unit acts in the best interest of the whole system. 3 Internal control (S3): this function interprets policy information from ``higher'' functions (S4). Edith Cowan University. The VSM is used to model an organisation's basic functions and associated data flows. 2000). The Emerald Research Register for this journal is available at http://www. This is the S3* audit function. The viable system model (VSM) Information Management & Computer Security 11/5 [2003] 238-242 # MCB UP Limited [ISSN 0968-5227] [DOI 10. These are the functions that are basic to the existence/purpose(s) of the system. 1985).A security risk management approach for e-commerce M. Australia W. The situation now arises that information systems are at threat from a number of security risks and what is needed is a security method to allow for these risks to be evaluated and ensure that appropriate security countermeasures are applied. which is connected to wider management by vertical information flows. and ``lower'' functions. or as subtle as morale among the workforce. and each S1 has another VSM embedded in it. whilst the baseline security approach is used to implement appropriate security countermeasures. Australia Downloaded by Universiti Tunku Abdul Rahman At 01:19 16 June 2015 (PT) Keywords Electronic commerce. Its purpose is to ensure that the policy making function (S5) is adequately briefed. Information systems Abstract E-commerce security is a complex issue. and each other. It has been successfully used to diagnose existing organisational structures and design new ones. and decisions are transmitted to S3. This has been encapsulated by the recent development of e-commerce in a consumer and business environment. This could be represented by something as simple as a timetable. uses the principles of cybernetics. Risk analysis. Mt Lawley. Its function is not to create policy. rather than its own. Hutchinson School of Computer and Information Science. the viable system model (VSM) to determine the high level security risks and then uses baseline security methods to determine the lower level security risks. In terms of this paper the model will be used to analyze potential security vulnerabilities to an organisation's information systems at a high level. Information arriving from the S1 function must periodically be audited for its quality and correctness. It is the generic nature of the VSM that allows it to be used in a number of different situations (Hutchinson and Warren.htm Introduction Information systems are now heavily utilized by all organizations and relied upon to the extent that it would be impossible to manage without them. This function is the ``doing'' part of an organization. The VSM has a recursive element.com/researchregister The current issue and full text archive of this journal is available at http://www. Geelong. These are: 1 Implementation (S1): this function consists of semi-autonomous units. This method could be used to evaluate high and low level security risks associated with e-commerce. 4 Intelligence and development (S4): this function acts as a filter of information from the S3 function and the overall outside environment. or functions.emeraldinsight. it is concerned with a number of security risks that can appear at either a technical level or organisational level. every organisation should have the same baseline security countermeasures implemented. Hutchinson A security risk management approach for e-commerce Figure 1 The viable system model Downloaded by Universiti Tunku Abdul Rahman At 01:19 16 June 2015 (PT) Information Management & Computer Security 11/5 [2003] 238-242 5 Strategy and policy (S5): this function is responsible for the direction of the whole system. These countermeasures are applied in a generic manner. The advantages of using baseline methods include (Warren and Hutchinson. . the cost of hiring consultants and/or training staff. 2000): . the time taken to carry out a review. These flows show the potential points of vulnerability to a ``computer based attack''. Baseline security offers an alternative to conventional risk methods as they represent the minimally acceptable security countermeasures that an organisation should have implemented. With this conceptual model of a viable system (organisation). there are major problems with the use of risk analysis. Baseline security approach The aim of risk analysis is to eliminate or reduce risks and vulnerabilities that affect the overall operation of organisational computer systems. The logic being that investigating functional shortcomings can be used to improve an organisation and show its weaknesses. and business and disaster protection. cheap to use. In practice. It must balance internal and external factors. to show possibilities for attack. The data flows between S1 and S5 and the environment are shown in Figure 1. but also covers other areas such as physical security.M. baseline security approaches were developed. simple to use. [ 239 ] . but also. Warren and W. human security. Risk analysis not only looks at hardware and software. To overcome these negative aspects. strategies and tactics can be developed to make the system ``non-viable'' or dysfunctional. for example. There is also a chance that the S2 function would be affected by viruses spreading from the S1 units and therefore become isolated causing the coordination function to collapse. It is therefore difficult to implement policy when structure of the information system infrastructure to be neutralized. and it is quicker then undertaking a full security review. A virus outbreak would focus upon the communication infrastructure of the S1 unit. S3 ± internal control. Commonly used baseline methods include: the Australian and New Zealand AS/NZS 4444 standard (Australian and New Zealand Standard Committee. This stage of the model is concerned with using the VMS model to determine the impacts and risks that a particular security threat would have upon an organisation The impact can be assessed upon the whole organisations as shown by Figure 1. The information provided by this will allow management to determine of effectiveness of security countermeasures.M. 1995. During the attack the S1 operating units will be affected. The virus will not . 1998). The appropriate baseline countermeasure are selected to reduce the security threat as defined in stage 1. The internal control of the information system will be disrupted because of the chaos at the lower levels. This will allow for the evaluation of the security countermeasure and show its effectiveness across the whole organization. e. Warren and W. S2 ± co-ordination. Hutchinson A security risk management approach for e-commerce Information Management & Computer Security 11/5 [2003] 238-242 . . Within an organization each S1 might well have their own IT infrastructure as part of the overall organization's system. .g. . . 1998) and German BSI standard (BSI. Because of the impact of the macro viruses S2 would not be able to work due to the isolation of the S1 units. For example. Vulnerabilities of the various functions (S1 to S5) are used to examine various options for attack. This approach can by used to evaluate any security risk associated with e-commerce. if the mail server crashes what else would crash? Therefore a macro virus attack might affect S1 units' ability to interact from their operating (local) environment as well as disconnecting them from other S1 units and separating them from management functions. . The attacks on the S1 unit will decrease the efficiency of the whole organization because of the disruption it will have upon the operational aspects. The impact will be that e-mail servers will crash under the extensive volume of data and possibly cause a cascade effect through the S1 unit by the increase of email traffic caused by the viruses. 1994). what are the BS7799 guidelines that relate to computer viruses. . In this section we will look at the impact of viruses. The stage 1 process is repeated but this time the impact of the security countermeasure is evaluated. S4 ± intelligence and development/S5 ± strategy and policy. Stage 1 ± VMS stage. The authors have developed software to assist in this task as shown by Figure 2. Downloaded by Universiti Tunku Abdul Rahman At 01:19 16 June 2015 (PT) Duality risk analysis model The aim of the duality risk analysis security model is to develop a security method that combines the strength of VMS and baseline approaches. the British BS7799 standards (British Standards Institute. The authors decided to develop a security assessment method by which baseline security techniques could be applied. The authors have created special advisory software that allows for appropriate countermeasures to be selected. Validation of research To validate the model the authors looked at a number of security risks that could impact organisations in relation to e-commerce. There would be a dramatic impact upon the coordinating function of the S1 units. Stage 1 ± VMS stage Figure 1 illustrates the different levels of a sample organisatons. S1 ± implementation. Stage 3 ± evaluation of impact. The impact of the virus attack upon that sample organization would be: . This type of approach will allow an [ 240 ] organisation to model what it perceives are the important security risks and how they could relate to their organization. The type of virus attack that is being modeled would be a ``Word macro'' virus infection similar to the ``Lovebug'' virus. no training is required to use the method. Another aim is to overcome the weaknesses associated with baseline security models and allows for the VMS approach to be used in a security environment. Stage 2 ± baseline stage. The stages of the duality risk analysis model are: . assuming that some S1 units do not effectively implement a proper virus protection system for example. The software will work by the user selecting an appropriate baseline security countermeasure that could be implemented. S1 ± implementation. No direct impact. unless the cascade effects of failures were dramatic to affect these higher level systems or unless the S4 and S5 functions were identified for attack and they would then become isolated from the rest of the organization. The software would then show the appropriate baseline security countermeasure such as: Implement appropriate virus protection strategy. Warren and W. S3 ± internal control. . . Conclusion The paper has shown that hybrid security risk analysis models can be used to model complex security solutions in relation to e-commerce. [ 241 ] . There would be localised disruption of a few S1 units. Stage 2 and Stage 3 can be repeated if a security countermeasure does not have the required effect in reducing a security risk to an acceptable level. The user can select this as being the security countermeasure that they wish to assess. Stage 3 ± re-evaluation of impact The user reviews the situation with the existing new countermeasure in place. Co-ordinations functions can be adapted to overcome these localised difficulties until the problem is quickly resolved. The aim of the research is not to fully replace detailed security risks analysis methods but to offer an easier alternative that can be used to model different e-commerce security risks and determine the impact of appropriate security countermeasures. No direct impact. Figure 3 shows a screenshot from the baseline security tool. The virus protection strategy localises the damage to a few S1 units. Stage 2 ± baseline security stage The decision support security software would be used to pick an appropriate baseline security countermeasure. .M. S2 ± co-ordination. The user would use the security baseline tool software (as shown in Figure 3) and find an appropriate security countermeasure that would relate to computer viruses. S4 ± intelligence and development/S5 ± strategy and policy. Hutchinson A security risk management approach for e-commerce Figure 2 Software developed by authors to model VSM situations Downloaded by Universiti Tunku Abdul Rahman At 01:19 16 June 2015 (PT) Information Management & Computer Security 11/5 [2003] 238-242 directly impact the S4 and S5 functions. using the VMS approach: . virus checkers out of date. [ 242 ] BSI (1994). Chichester.bsi. Information Technology Baseline Protection Manual. W. November.1 Information Security Management. M. S. ``The Australian and New Zealand Security Standard AS/NZS 4444''. (2000). BS7799-2. Deakin University. British Standards Institute (1995). BS7799 ± Code of Practice for Information Security Management. Bundesamt fur Sicherheit in der Informationstechnik. Vol. and Warren. Beer. BSI. Proceeding of the 1st Australian Information Security Management Workshop. (1985).bund. BSI. 1/2. Hutchinson A security risk management approach for e-commerce Figure 3 Security baseline tool Downloaded by Universiti Tunku Abdul Rahman At 01:19 16 June 2015 (PT) Information Management & Computer Security 11/5 [2003] 238-242 References Australian and New Zealand Standard Committee (1998). New Zealand Journal of Computing. Specification for Information Security Management Systems. Warren. available at: www. 8 No. pp 37-43.M. W. Australia. John Wiley & Sons. Diagnosing the System for Organisations. British Standards Institute (1998). London. . (2000). Warren and W. Information security management. ``Using the viable systems model to develop an understanding information system security threats to an organisation''. AS/NZS 4444. M. London. Geelong.de Hutchinson. and Hutchinson. This article has been cited by: Downloaded by Universiti Tunku Abdul Rahman At 01:19 16 June 2015 (PT) 1. Dan HarneskConvergence of Information Security in B2B Networks 571-595. [CrossRef] .