...A Framework for IT Governance in Small Businesses by Herman Koornhof A FRAMEWORK FOR IT G O V E R N A N C E by IN SMALL BUSINESSES Herman Koornhof TREATISE Submitted for the partial fulfilment of the requirements for the degree MAGISTER TECHNOLOGIAE in Business Information Systems in the FACULTY ENGINEERING, BUILT ENVIRONMENT OF THE AND INFORMATION TECHNOLOGY of the N E L S O N M A N D E L A M E T R O P O L I T A N U N I V E R SI T Y Supervisor: Prof. Rossouw von Solms January 2009 ii Declaration I, Herman Koornhof, hereby declare that: • • • The work in this treatise is my own work. All sources used or referred to have been documented and recognised. This treatise has not previously been submitted in full of partial fulfilment of the requirements for an equivalent or qualification at any other recognised educational institution. higher Herman Koornhof iii Acknowledgements I would like to express my gratitude to the following people: • My love, Jenny, for your love and understanding during the past year. Without your encouragement and inspiration this work would not have been possible. • • My family and friends for your interest and support. My supervisor, Prof. Rossouw von Solms, for your guidance and advice, and your detailed and constructive comments. • To Him who is able to do immeasurably more than all we ask or imagine, according to his power that is at work within us. iv Table...
Words: 36563 - Pages: 147
...Engineering Term Paper on Directions for Web and E-Commerce Applications Security SupervisorProf.P.M. Khilar Submitted byDinesh Shende Roll No-212CS2102 M.Tech(1st year) Directions for Web and E-Commerce Applications Security Abstract: This paper provides directions for web and e-commerce applications security. In particular, access control policies, workflow security, XML security and federated database security issues pertaining to the web and e-commerce applications are discussed. These security measures must be implemented so that they do not inhibit or dissuade the intended e-commerce operation. This paper will discuss pertinent network and computer security issues and will present some of the threats to e-commerce and customer privacy. These threats originate from both hackers as well as the e-commerce site itself. Another threat may originate at ostensibly friendly companies such as DoubleClick, MemberWorks and similar firms that collect customer information and route it to other firms. Much of this transaction information is able to be associated with a specific person making these seemingly friendly actions potential threats to consumer privacy. Many of the issues and countermeasure discussed here come from experiences derived with consulting with clients on how to maintain secure e-commerce facilities. These methods and techniques can be useful in a variety of client and server environments, also serving to alert e-commerce users of potential threats. 1. Introduction ...
Words: 3283 - Pages: 14
...give an overview of the three phases or undertakings that make up the risk management process and then conclude with a discussion and explanation of the six-step Risk Management Framework (RMF) developed by the Department of Defense and the National Institute of Standards and Technology (NIST) (National Institute of Standards and Technology, 2010). “Risk management is the process of Identifying risks, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level” (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Thus, risk management is merely the ability of a person or organization to implement due diligence and identify any potential issue and develop policies and security measures to combat these risks. Risk management is comprised of three phases: risk identification, risk assessment, and risk control (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Risk Identification Risk identification is simply the identification and documentation of the assets and the threats to those assets. Risk identification is an...
Words: 2778 - Pages: 12
...Harley-Davidson, Inc: Identifying eBusiness Risks and Related Assurance Services for the eBusiness Marketplace (Case Study) 1. What new risks did Harley-Davidson face by integrating eBusiness into its supply-chain management system and by allowing suppliers to have access to the company’s Intranet? E-commerce is a fantastic way for businesses to connect with customers around the world in a way that has never before been possible. Yet, that is not to say that eBusiness does not have risks that entrepreneurs must be aware of before setting up a presence online. Harley-Davidson faces a variety of risks by integrating eBusiness into its supply-chain management system and allowing supplier to have access to the company’s Intranet. 1) Although the eBusiness system implemented by Harley-Davidson is full-proof, considerable risks associated with hackers, viruses, and interception of credit card numbers travelling over the communication lines still exist in the system. Credit card information can be easily intercepted via internet for deceitful purposes increasing the risk of fraudulent transactions. 2) Technology itself poses a risk to eBusiness, simply because ecommerce is so dependent on it. Infrastructure problems, such as a server malfunctioning, can shut down a website. Likewise, viruses can delete valuable data, and software glitches can keep a site from working properly. 3) Suppliers may violate confidentiality agreements and disclose confidential...
Words: 2420 - Pages: 10
...Week 3 Lab - Assessment Worksheet Design Your DMZ and LAN-to-WAN Security Solution Overview This lab will demonstrate how to properly design a LAN-to-WAN DMZ given functional and technical business requirements. Students will transform the design requirements into a block diagram design of a DMZ with LAN-to-WAN security appliances. Lab Assessment Questions & Answers 1. Describe how creating zones is helpful in the design of a DMZ and security solution for the LAN-to-WAN Domain. The purpose of a DMZ is to add an additional layer of security to an organization's local area network. an external attacker only has direct access to equipment in the DMZ, rather than any other part of the network 2. How many zones does your design incorporate? Do you think an additional zone may be needed if the e-commerce server was implemented? Explain why or why not. 2 zones, I would implement a zone due to the costly nature of the e-commerce server I would want the added sevurity. 3. While supporting IP-SEC VPNs provides a secure, remote-access solution for mobile employees, it does not scale and requires stringent security operations and management procedures. What alternatives would you recommend for a scalable remote-access VPN solution for your design? SSL because almost all web browsers support ssl it provides extra security without any additional software needed 4. As per the functional and technical requirements, where must you...
Words: 582 - Pages: 3
...The Australian Cyber Security Capability Framework (CSCF) & Mapping of ISM Roles by Australian Government Information Management Office (AGIMO) formalizes training, certification, competency and development requirements for staff employed within the IT Security profession [14]. The 20- pages Framework has a two level structure with six main categories of capability: Service Delivery; IT Business Management; Business Change; Solutions Development; Solutions Implementation; and Service Support. The Security domain sits within the Service Delivery area and it is broken down into four capability groupings: Service Delivery; IS; Technology Audit; and Emerging Technology Monitoring. The competencies are mapped onto the Framework based on complexity...
Words: 911 - Pages: 4
...sections of an Information Security Policy. Final Project Timeline You should budget your time wisely and work on your project throughout the course. As outlined below, the assignments in the course are designed to assist you in creating your final project Information Security Policy. If you complete your course activities and use the feedback provided by the instructor, you will be on the right track to successfully complete your final project of creating an Information Security Policy. □ Week One: Introduction Review the two company profiles provided in your syllabus and select the one you will use for your final project company. You design the Information Security Policy for this company throughout the course. Once you have decided which company you are using, it may not be changed; therefore, considerable thought should be put into this decision. Next, decide which type of information security policy—program-level, program-framework, issue-specific, or system-specific—is appropriate for your final project company. Assignment: Final Project Information Security Policy: Introduction Complete and submit Appendix C. Note. Section 1 Introduction of Appendix C corresponds to Section 2 of Appendix B in the final compilation due in Week Nine. In completing Appendix C, provide an overview of your final project company, describe the type of security policy that is appropriate for your scenario, and explain your security goals in terms of confidentiality...
Words: 899 - Pages: 4
...Securing Information Systems Objectives • Why are information systems vulnerable to destruction, error, and abuse? • What is the business value of security and control? • What are the components of an organizational framework for security and control? • Evaluate the most important tools and technologies for safeguarding information resources. Online Games Need Security, Too • Problem: Threat of attacks from hackers hoping to steal information or gaming assets. • Solutions: Deploy an advanced security system to identify threats and reduce hacking attempts. • NetContinuum’s NC-2000 AG firewall and Cenzic’s ClickToSecure service work in tandem to minimize the chance of a security breach. • Demonstrates IT’s role in combating cyber crime. • Illustrates digital technology’s role in achieving security on the Web. [pic] System Vulnerability and Abuse • An unprotected computer connected to Internet may be disabled within seconds • Security: • Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems • Controls: • Methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards Why Systems Are Vulnerable • Hardware problems • Breakdowns, configuration errors, damage from...
Words: 1747 - Pages: 7
...16/04/2012 What is e-commerce? The key components to establishing and providing a successful e-commerce solution within an e-business environment. CONTENTS CHAPTER | PAGE | Introduction & Aims/Objectives of assignment. | 3 | 1. What is e-commerce? | 5 | 2. E-environment | 6 | 3. Establishing an e-business. How to support an e-business? | 9 | 4. E-business systems: infrastructure of hardware and software | 14 | 5. E-Logistics: Supply Chain & Procurement | 17 | 6. E-Security: Protecting and e-business & its infrastructure | 19 | 7. E-Marketing: How to push your e-commerce business using marketing tools online. | 21 | 8. E-CRM: Managing customer relations online | 24 | 9. The future of e-business | 29 | Conclusion | 31 | Bibliography | 34 | Introduction: Through this assignment I will be discussing the use of e-commerce in modern retailing. This essay aims to explore: What e-commerce is, the infrastructure needed to establish an e-business and the wider impact of e-commerce on the traditional business and retail environment. These aims will outline the main effects of e-commerce on a business. These will be achieved through: * Outlining the origins of e-business * Assessing the external impact of e-commerce on the environment & traditional retailing. * Examining the implementation and sustainability of an e-commerce business: Systems, Structures & Costs. * The impact of e-commerce on...
Words: 9784 - Pages: 40
...Introduction West Suburban bank has worked hard to protect its customer information and the related data that is provided to the bank in order to business with them. In collaboration with Perimeter E-Security Company, West Suburban bank has excellent network security system that recognizes the threats within seconds and figures out a solution to fix the problem. Perimeter E-Security offers excellent information security and messaging services helping many businesses to secure their data from unauthorized users. West Suburban bank took advantage of the services provided by Perimeter E-Security as well in order to protect the assets of their clients. There are hundreds of defense methods however for this paper our major focus will be on the six defenses used by West Suburban bank in order to provide best security services to its clients and protect its information. We will be looking at firewalls, data security, Internet security, application security, access control and anti spyware defenses. Firewalls defense Firewalls implement security at every layer. Firewalls are barriers between a trusted network or PC and the untrustworthy Internet, it is a network node consisting of both hardware and software that isolates a private network from a public network. On the Internet, the data and requests sent from one computer to another are broken into segments called packets. Each packet contains the Internet address of the computer sending the data, as well as the Internet address...
Words: 1408 - Pages: 6
...Securing Information Systems LEARNING OBJECTIVES C H A P T E R 7 STUDENT LEARNING OBJECTIVES After completing this chapter, you will be able to answer the following questions: 1. Why are information systems vulnerable to destruction, error, and abuse? What is the business value of security and control? What are the components of an organizational framework for security and control? What are the most important tools and technologies for safeguarding information resources? 2. 3. 4. ISBN 1-256-42913-9 232 Essentials of MIS, Ninth Edition, by Kenneth C. Laudon and Jane P. Laudon. Published by Prentice Hall. Copyright © 2011 by Pearson Education, Inc. C HAPTER O UTLINE Chapter-Opening Case: Boston Celtics Score Big Points Against Spyware 7.1 System Vulnerability and Abuse 7.2 Business Value of Security and Control 7.3 Establishing a Framework for Security and Control 7.4 Technologies and Tools for Protecting Information Resources 7.5 Hands-on MIS Projects Business Problem-Solving Case: Are We Ready for Cyberwarfare? BOSTON CELTICS SCORE BIG POINTS AGAINST SPYWARE While the Boston Celtics were fighting for a spot in the playoffs several years ago, another fierce battle was being waged by its information systems. Jay Wessel, the team’s vice president of technology, was trying to score points against computer spyware. Wessel and his IT staff manage about 100 laptops issued to coaches and scouts, and sales, marketing, and finance employees, and these...
Words: 21009 - Pages: 85
...Security Monitoring: The inputs and outputs of business James P. England CMGT/442 April 9, 2012 David Conway Security Monitoring: The inputs and outputs of business Rapidly changing technological advances make computers a part of the every workplace. Companies store important data on computer systems, databases, networks, and workplace communication uses computers and networks. Computers can reduce paperwork, distribute data quickly and stay competitive, but it allows the potential for security issues ultimately affecting business operations (Friend, 2012). The majority of data on computers and almost all communication are on a company’s computer network, and the security of the data is crucial for the success of the business. Monitoring in the workplace of computers uses a variety of software products that monitor computer networks. This software can monitor or track employee activity and productivity for a company. Using a software package for security of data in a system blocks certain websites, alert information technology staff of potential threats, such as computer viruses, monitors computers, and Internet use by employees. Companies should consider using computer monitoring software in the workplace, and do extensive research on different products and services. Some software can be costly, but it may be worth the investment to protect the integrity of a business, and the safety of the employees. Allowing employees to see the software and its capabilities...
Words: 1060 - Pages: 5
...The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction ..................................................................................................................................................................... 3 CSC 1: Inventory of Authorized and Unauthorized Devices ............................................................................ 8 CSC 2: Inventory of Authorized and Unauthorized Software ....................................................................... 14 CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers ....................................................................................................................................... 19 CSC 4: Continuous Vulnerability Assessment and Remediation ................................................................. 27 CSC 5: Malware Defenses .......................................................................................................................................... 33 CSC 6: Application Software...
Words: 31673 - Pages: 127
...Abstract E-commerce has presented a new way of doing business all over the world using internet. Organizations have changed their way of doing business from a traditional approach to embrace ecommerce processes. As individuals and businesses increase information sharing, a concern regarding the exchange of money securely and conveniently over the internet increases. Therefore, security is a necessity in an e-commerce transaction. The purpose of this paper is to present a token based Secure E-commerce Protocol. The purpose of this paper is to present a paradigm that is capable of satisfying security objectives by using token based secure Keywords: Trusted Third Party (TTP), Pretty Good Privacy (PGP), Secure Socket layer (SSL), Secure Electronic Transaction (SET). 1. INTRODUCTION E-commerce refers to a wide range of online business activities for products and services. Security is the basic need to secure information on internet. It also pertains to any form of business transaction in which the parties interact electronically rather than by physical exchanges or direct physical contact. A security objective is the contribution to security that a system or a product is intended to achieve. E-commerce has become a dynamic force, changing all kinds of business operations world-wide. E-commerce is conducted on global network i.e. Internet which is un-trusted. So confidentiality is required during transmission and it must be kept secure against all type of threats The related...
Words: 2757 - Pages: 12
...COLLEGE OF BUSINESS UNIVERSITI UTARA MALAYSIA __________________________________________________________________________ COURSE CODE: BKAS2013 COURSE NAME: ACCOUNTING INFORMATION SYSTEMS PREREQUISITE: BKAS1013 IT IN ACCOUNTING AND BKAF1023 INTRODUCTION TO FINANCIAL ACCOUNTING __________________________________________________________________________ 1. SYNOPSIS This course introduces students to the important concepts of Accounting Information Systems (AIS). The course contents are divided into three main sections. The first section introduces the basic concepts of AIS including its objectives, components, and subsystems. The concept of E-business as an emerging trend of conducting business in the new era of information technology (IT) is also covered in this section. The second section discusses in depth the common features of transaction processing systems such as revenue and accounts receivable, purchase and accounts payable, manufacturing and inventory, human resource as well as general ledger and reporting system. Integration of selected accounting software will also take place at this stage to enable students apply the AIS concepts into practice. This section also introduces students to the techniques of documenting accounting systems and database modeling tools. The final section discusses the emerging issues in computer crimes, computer ethics and concept of internal controls in organization...
Words: 926 - Pages: 4
