Hacker risk in e-commerce systems with specific reference to the disclosure of confidential information

Date
2004-12
Authors
Lamprecht, C.
Journal Title
Journal ISSN
Volume Title
Publisher
AOSIS OpenJournals
Abstract
In a Web-centric environment, transactions between various parties, such as the e-commerce company, its client and a bank, are done electronically. Merging the business processes of this extended enterprise with the supporting technological processes adds to the complexity of the Web-centric environment. One of the intrinsic building blocks and security requirements in such an environment is the confidentiality between parties who exchange value electronically across open, and sometimes insecure, channels via the Internet. Consumers need to feel secure and have assurance regarding the safety of private information that is captured and managed in the other party’s database, which has become the heart of a company in this information age (Fogie and Peikari 2002). Moscove, Simkin and Bagranoff (2003:195) emphasize the fact that such private and sensitive information normally held in a database, must be protected from those not authorized to have access to it. Databases and the information stored in them sometimes represent the most important asset and are irreplaceable. A credit bureau’s database files, for example, are its business. Databases are also critical components for corporate Web systems (Moscove, Simkin and Bagranoff 2003:195). Although companies seem to have security policies and procedures in place to control access to database information, unauthorized intrusion still occurs. The objective of this study was to identify the main hacker risks and to address them by identifying the components of control that should be in place to prevent such risks, as well as unauthorized access to confidential information. Microsoft’s SQL Server was employed as an example of a database system that is used to manage confidential information. Hacker-specific risks pertaining to the MS SQL Server were therefore identified.
Description
The original publication is available at http://www.sajim.co.za/
Keywords
Electronic commerce -- Security measures, Computer security, Confidential communications, Disclosure of information
Citation
Lamprecht, C. 2004. Hacker risk in e-commerce systems with specific reference to the disclosure of confidential information. South African Journal of Information Management, 6(4),:1:10.doi:10.4102/sajim.v6i4.356.