Abstract:
In a Web-centric environment, transactions between various parties, such as the e-commerce company, its client and a bank, are done electronically. Merging the business processes of this extended enterprise with the supporting technological processes adds to the complexity
of the Web-centric environment. One of the intrinsic building blocks and security requirements in such an environment is the confidentiality between parties who exchange value electronically across open, and sometimes insecure, channels via the Internet. Consumers need to feel secure and have assurance regarding the safety of private information that is captured and managed in the other party’s database, which has become
the heart of a company in this information age (Fogie and Peikari 2002). Moscove, Simkin and Bagranoff (2003:195) emphasize the fact that such private and sensitive information normally held in a database, must be protected from those not authorized to have access to it.
Databases and the information stored in them sometimes represent the most important asset
and are irreplaceable. A credit bureau’s database files, for example, are its business.
Databases are also critical components for corporate Web systems (Moscove, Simkin and
Bagranoff 2003:195).
Although companies seem to have security policies and procedures in place to control access
to database information, unauthorized intrusion still occurs. The objective of this study was
to identify the main hacker risks and to address them by identifying the components of
control that should be in place to prevent such risks, as well as unauthorized access to
confidential information.
Microsoft’s SQL Server was employed as an example of a database system that is used to
manage confidential information. Hacker-specific risks pertaining to the MS SQL Server
were therefore identified.
