Hacker risk in e-commerce systems with specific reference to the disclosure of confidential information
Date
2004-12
Authors
Lamprecht, C.
Journal Title
Journal ISSN
Volume Title
Publisher
AOSIS OpenJournals
Abstract
In a Web-centric environment, transactions between various parties, such as the e-commerce company, its client and a bank, are done electronically. Merging the business processes of this extended enterprise with the supporting technological processes adds to the complexity
of the Web-centric environment. One of the intrinsic building blocks and security requirements in such an environment is the confidentiality between parties who exchange value electronically across open, and sometimes insecure, channels via the Internet. Consumers need to feel secure and have assurance regarding the safety of private information that is captured and managed in the other party’s database, which has become
the heart of a company in this information age (Fogie and Peikari 2002). Moscove, Simkin and Bagranoff (2003:195) emphasize the fact that such private and sensitive information normally held in a database, must be protected from those not authorized to have access to it.
Databases and the information stored in them sometimes represent the most important asset
and are irreplaceable. A credit bureau’s database files, for example, are its business.
Databases are also critical components for corporate Web systems (Moscove, Simkin and
Bagranoff 2003:195).
Although companies seem to have security policies and procedures in place to control access
to database information, unauthorized intrusion still occurs. The objective of this study was
to identify the main hacker risks and to address them by identifying the components of
control that should be in place to prevent such risks, as well as unauthorized access to
confidential information.
Microsoft’s SQL Server was employed as an example of a database system that is used to
manage confidential information. Hacker-specific risks pertaining to the MS SQL Server
were therefore identified.
Description
The original publication is available at http://www.sajim.co.za/
Keywords
Electronic commerce -- Security measures, Computer security, Confidential communications, Disclosure of information
Citation
Lamprecht, C. 2004. Hacker risk in e-commerce systems with specific reference to the disclosure of confidential information. South African Journal of Information Management, 6(4),:1:10.doi:10.4102/sajim.v6i4.356.