IT Governance, Risk, and Compliance » Business-to-Consumer

Electronic Commerce – Part IV

Robert Davis — Tue, 26 May 2009 18:14:01 +0000

EDI is commonly defined as the transfer of data between different companies utilizing networks. For the vast majority of entities, enhanced transactional traceability, reliability, and accessibility are derived EDI benefits; but without appropriate controls, communication interdependency can elevate legal, security and operational risks. As an accepted remedial risk measure, public key infrastructure (PKI) is the primary technological resource permitting E-commerce portable trust. However, to achieve E-commerce security transparency requires an appropriate trading partner compatibility solution that addresses various entity-centric encryption and digital signature techniques.

“View Part I of the Electronic Commerce series here“

Electronic Commerce – Part III

Robert Davis — Fri, 22 May 2009 19:00:10 +0000

EDI between trading partners can be interpreted as legally binding contracts. For instance, when a transaction is initiated by one of the trading partners, such as a purchase order, it constitutes an “offer”. In turn, if a trading partner agrees to supply the merchandise requested, it normally is considered “acceptance” of the offer. Thus, interpretively, under the U.S. Uniform Commercial Code a contract between buyer and seller is established.

Regarding effective security, two topics have gained notoriety: managerial ease and portable trust. Managerial ease focuses on making the security infrastructure’s integration and utilization with various applications transparent to enable adoption by trading parties. Portable trust supports telecommunication links with external parties through faith in resource authorizations and reliable message delivery. Inadvertent data loss during transmission reduces the cost savings generally associated with EDI deployment. Furthermore, message integrity issues can jeopardize connectivity status.

“View Part I of the Electronic Commerce series here“

Electronic Commerce – Part II

Robert Davis — Tue, 19 May 2009 19:52:11 +0000

Delineated, B2B is E-commerce between discernibly distinct entities. B2B links enable the exchange of products, services, or information between entities. Cascading down, Electronic Data Interchange (EDI) methodologies are the precursors and pillars of Internet integrated B2B relationships. Depending on activity frequency and application, EDI control risk can become material. Where EDI is implemented, lack of direction, reliance on third parties, and system dependencies potentially expose an entity to additional legal, security, and operational risks.

“View Part I of the Electronic Commerce series here“

Electronic Commerce – Part I

Robert Davis — Fri, 15 May 2009 18:48:43 +0000

With an ever-increasing number of organizations and individuals relying on the Internet to exchange confidential and sensitive information, adequate message security continues to be a technological management concern. Serviceable standard electronic commerce (E-commerce) models include Business-to-Business (B2B), Business-to-Consumer (B2C), Business-to-Employee (B2E), and Business-to-Government (B2G) architectures. In order to programmatically manage E-commerce related IT security risks, management must designate an information assets protection perimeter. Axiomatically, the primary purpose of establishing a security perimeter is to provide a defined ambit for entity-centric policies and safeguards. However, with the advent of E-commerce, erecting layered protective barriers that preserve IT configurations can introduce a tactical security quagmire.