While expanding its business in the Internet StarCross can face the same problems and threats as all websites devoted to the e-commerce do:

* unauthorized access to the databases – hackers can steal private information about StarCross’ customers or orders from company’s databases and use it illegally in their own purposes. In such case hackers can forge information about clients, send electronic junk mail (‘spam’) to the clients or change orders’ details and then StarCross will not be able to implement its contracts in the proper way and consequently company will loose its clients base. In the worst case hackers can completely destroy the database and then integrity of StarCross’ system will be broken.

* security of payments – all online transactions must be secure enough otherwise customers’ credit card numbers will be a subject to hackers’ attacks.
* integrity of information flow – all data flow must be transmitted completely and in its true value. Distortion of the data flow can lead to many problems up to inability to implement contracts.
* authentication – senders and recipients of the data flow must be authenticated.
* stability and availability of service – hackers’ attacks can overload the server and it can result in its slow performance, unavailability for clients or even cause a malfunction.
* suits from unsatisfied customers – some misunderstandings can cause suits from customers.

The above list represents only general threats that are likely to impinge on StarCross’ system.

In order to perform the desired business transactions StarCross needs the following assets:

1) based on the importance to the mission:

* a website and functional database (as Oracle or Sybase etc) containing information about clients and orders (e.g. what client have ordered and where the order must be shipped and other information).
* electronic vendor account at one of online electronic funds transfer companies such as 2CheckOut.com. This account will be used for receiving payments from the clients, making refunds and chargebacks etc. Electronic funds transfer company will checkout the credit card (or other kind of payment) of the customer in a secure internet payment zone on SSL server and transfer payment to StarCross’ bank account after the products will be shipped to the client – in other words this company will be an intermediary between StarCross and its internet customers.

2) based on the importance to StarCross:

* own server along with the software for its functioning (e.g. Apache Server, Microsoft Internet Information Server etc).
* software: operational system (Unix or Windows), antivirus systems (for security reasons), cryptographic systems (to encipher data flows), firewall systems (to prevent hackers’ attacks).
* system administrators which will run company’s website, update it and solve problems concerning its integrity, security and functionality.

In order to sell its products online successfully and securely StarCross should develop security policies. The following security means must be an essential parts of security policies:

1) Company’s website must be developed by professionals and does not contain any information prohibited by the law; website must encrypt all information collected from the customers and transmit it to the base by secure channels.

2) All databases must be secured by passwords; there should not be any user that has absolutely all privileges while working with the database because such user can become a threat if his password would be stolen. All information from the database must be regularly backed up. All updates must be provided only with stable internet connections because data flow can be distorted in some way if connection is not stable. Databases should not be available for all company’s staff just for authorized commercial managers or administrators, clients should not have direct access to the databases and make queries – this privileges should be given only to certain employees. Database must be constantly available online for making queries, inserting new information and updating.

3) Electronic vendor account is protected by a password so this password (and all other too) must not be written down anywhere or stored on computers, it must be complex enough. When receiving information about the order and the client from electronic funds transfer company the data flow must be validated with MD5 Hash to avoid its intentional distortion by hackers or swindlers. Then this information should be encrypted and stored in the database.

4) Own server must be ran and controlled by professional system administrator to avoid malfunctions and bugs. It must be powerful enough and there must be licensed and modern software installed on server in order to provide security and information. Unauthorized persons must not have access to the server.

5) All the data flow must be encrypted, all senders and recipients of the data must prove their identities to each other with the help of digital signatures or MD5 Hash.

Custom essay writing services ESSAY-911.com. Buy essays online!