Hacker risk in e-commerce systems with specific reference to the disclosure of confidential information
The original publication is available at http://www.sajim.co.za/
In a Web-centric environment, transactions between various parties, such as the e-commerce company, its client and a bank, are done electronically. Merging the business processes of this extended enterprise with the supporting technological processes adds to the complexity of the Web-centric environment. One of the intrinsic building blocks and security requirements in such an environment is the confidentiality between parties who exchange value electronically across open, and sometimes insecure, channels via the Internet. Consumers need to feel secure and have assurance regarding the safety of private information that is captured and managed in the other party’s database, which has become the heart of a company in this information age (Fogie and Peikari 2002). Moscove, Simkin and Bagranoff (2003:195) emphasize the fact that such private and sensitive information normally held in a database, must be protected from those not authorized to have access to it. Databases and the information stored in them sometimes represent the most important asset and are irreplaceable. A credit bureau’s database files, for example, are its business. Databases are also critical components for corporate Web systems (Moscove, Simkin and Bagranoff 2003:195). Although companies seem to have security policies and procedures in place to control access to database information, unauthorized intrusion still occurs. The objective of this study was to identify the main hacker risks and to address them by identifying the components of control that should be in place to prevent such risks, as well as unauthorized access to confidential information. Microsoft’s SQL Server was employed as an example of a database system that is used to manage confidential information. Hacker-specific risks pertaining to the MS SQL Server were therefore identified.