Tuesday, 20 September 2011

Data transmission and application development

20:45 Shahid Yasin No comments

All sensitive information being transmitted should be encrypted. Businesses can opt to refuse clients who can't accept this level of encryption. Confidential and sensitive information should also never be sent through e-mail. If it must be, then it should also be encrypted.[5]
Transferring and displaying secure information should be kept to a minimum. This can be done by never displaying a full credit card number for example. Only a few of the numbers may be shown, and changes to this information can be done without displaying the full number. It should also be impossible to retrieve this information online.[5]
Source code should also be kept in a secure location. It should not be visible to the public.[5]
Applications and changes should be tested before they are placed online for reliability and compatibility.[5]

System administration

Security on default operating systems should be increased immediately. Patches and software updates should be applied in a timely manner. All system configuration changes should be kept in a log and promptly updated.[5]
System administrators should keep watch for suspicious activity within the business by inspecting log files and researching repeated logon failures. They can also audit their e-business system and look for any holes in the security measures.[5] It is important to make sure plans for security are in place but also to test the security measures to make sure they actually work.[9] With the use of social engineering, the wrong people can get a hold of confidential information. To protect against this, staff can be made aware of social engineering and trained to properly deal with sensitive information.[5]
E-businesses may use passwords for employee logons, accessing secure information, or by customers. Passwords should be made impossible to guess. They should consist of both letters and numbers, and be at least seven to eight digits long. They should not contain any names, birth dates, etc. Passwords should be changed frequently and should be unique each time. Only the password's user should know the password and it should never be written down or stored anywhere. Users should also be locked out of the system after a certain number of failed logon attempts to prevent guessing of passwords

Posted in:

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More
RSS FeedSubscribe to RSS feed!
Follow Us on Twitter!Follow Us on Twitter!

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Colgate Coupons