Attacking More Than Just the Enterprise, Case Study Example

Information Security

There are massive studies related to electronic commerce security on websites as the combat is still on between the hackers and the researchers, who are continuously researching on improving the security online. The literature review breakdown the topic to make it more precise and will highlight issues of data privacy related to websites. Data privacy includes customer personal name, address, contact numbers, secret questions or secret keywords etc.

Business suffer severe losses from data theft issues as in 2009 investigators related to data breach reported from Verizon business that crooks nabbed 285 million records. Peter Tippett, who is the author of the report and vice president of innovation and technology with Verizon Business, says that the report includes all the IP addresses associated with the account that are used in the thefts, and criminals are identified only because of in depth investigations by collaborative support of law enforcement agencies including FBI and Scotland Yard. From this particular report, 90 security breaches were studied out of which 68 were reversed for further investigation to a specific IP address and location. The conclusions highlighted Eastern Europe as a common source followed by East Asia and North America. Online data thefts occur when online businesses fail to protect their database by security breaches conducted by hackers or cyber criminals. The data including all the personal information of the customer is breached resulting in exposure of customer personal information and financial status.

If an organization is affected by a security breach, in some cases, it is complex to calculate risks related to information assets present on the network. Likewise, it depends on the severity of the threat that may have caused large disruptions in network-based services. This is the point where digital forensic expert are incorporated for identifying the threat, impact and network incidents caused by it. Organizations experience new techniques and methods from an ongoing investigation by a digital forensic expert. Likewise, the point of interception, methodology and protection etc. are considered to be critical. Moreover, financial institutions are keener to adopt forensic analysis, as this domain including business model and nature of the data, cannot compromise on security (Network postmortem: Forensic analysis after a compromise, n.d.). For instance, master card, visa, American express demonstrates a solid online security framework. In the current scenario, where a network is already breached by a threat, these forensic experts focus on three core factors i.e. (Network postmortem: Forensic analysis after a compromise, n.d.):

• A discovery process focused on understanding the application and network infrastructure, as well as the business information flow of the organization
• Interviews with key personnel to understand the facts of the case from the customer’s perspective and identify suitable sources of forensics data
• Data collection to gather critical sources of evidence to support the investigation, followed by analysis

Regulation from FTC

Federal Trade Commission (FTC) is examining issues related to online privacy since 1995. The commission believes on the stability factors, as it will not only benefit web users but also businesses. Every organization using the POS and electronic commerce must state a comprehensive privacy policy, in order to achieve customer confidence. A study demonstrated that websites for 33 out of 100 largest cities do not have a privacy policy statement. Likewise, they were violating laws and regulations because they were collecting personal data. However, in 2001, most popular commercial website, collecting data from the customers, have clearly mentioned privacy policy statements on their websites. Moreover, some websites out of these most popular commercial sites have not published a complete privacy policy.

Emphasizing on Privacy

One more study shows that online companies emphasize and focus more on online privacy policy rather than any other aspect. Even online security is considered as the second option. Moreover, the study also concluded that online customers are more worried about their privacy rather than POS targeted and online threats, as they are considered to be in control. In addition, the study also demonstrated a comparison between the two decades i.e. 1999-2001 and 2005-2007 which highlighted the factors that are mentioned previously.

Focusing on Customer Demands

However, study concluded one interesting factor i.e. the rankings and ratings of policies created for Internet continues to focus on demands of the web users. Moreover, consumer privacy continues to be on top in both the decades. The amplified awareness by the contributors i.e. legislators and advocates shows interest level is comparatively high.

Sugar Coating Privacy Policy Clauses

It is very common for an organization using POS seeking for a privacy policy will only able to read some pages mentioned in terms of points, applauses etc. In order to enhance customer experience with privacy policies, there must be an interactive medium via which customer can get awareness. Literature related to serious implication was also found, For instance, organizations construct the structure of sentences in a way that suits their legal rights. A study conducted by (Pollach, 2007) shows that the structure of sentences in a privacy policy related to a typical online shopping website are sugarcoating data handling practices. They are foregrounding optimistic facets and at the same time back-grounding privacy incursions.

Approach from Corporate Organizations

A study conducted by (Markel, 2005). He concluded that corporate organizations gather personal information from their users on four core factors stated below:

• To provide value added services to special customers via POS or online. For instance, history of customers reflects high profile of purchasing or selling products via the site. Moreover, these websites also provide forms, in order to register a customer so that he or she can access ‘only members’ portion of the website that may include special discounts and offers.
• Organizations also customize website contents and design according to the type of customer, in order to modify web experience. The customization is carried out as per customer’s interest that is extracted from the past history of buying and selling products.
• Moreover, in order to buy any product from the website, corporate organizations require shipping and billing information in order to sell the product to the web user.
• Corporate organization also trade customer information to third parties. This business activity is carried out to strengthen business relationships. The information can only be used for online marketing and advertisement purposes. Moreover, corporate organizations can also sell personal information of their customers to other companies via intermediaries or directly to them.

References

Markel, M. (2005). The rhetoric of misdirection in corporate privacy-policy statements. Technical Communication Quarterly, 14(2), 197-214. doi:10.1207/s15427625tcq1402_5

Network postmortem: Forensic analysis after a compromise … (n.d.). Retrieved from http://www.computerworld.com/s/article/87969/Network_postmortem_Forensic_analysis_after_a_compromise

Pollach, I. (2007). What’s wrong with online privacy policies? Communications of the ACM, 50(9), 103-108..