Structuring e-Commerce Systems including Web Sites

The fundamental rule for keeping an e-commerce Web site secure is that your entire e-commerce system must be protected with consistent and appropriate security measures. It is not enough to simply safeguard the interaction between the customer and the Web site's server.

The software components that comprise an organisation's e-commerce Web site are not secure 'out of the box', because the individual components are complex and often not designed with security in mind. Therefore it is important to analyse each component for its security weaknesses and protect it accordingly.

You may find this diagram helpful.

It gives an overview of the main components in your e-commerce planning.

To view the related Policy click      

  • e-Commerce Web sites can fail through a lack of adequate technical planning. This can damage your business, irretrievably because of the wide public exposure on the Internet.

    Caution : e-Commerce is, by definition, 'hi-tech', and you will require input and guidance from specialists in the field. The risks of not involving specialists can be great.

  1. The technical design of a perimeter security fence to secure access to/from networks.
  2. Where hosted by your ISP (the guardians of your data), investigate the technical and operational safeguards which are in place.
  3. Consider how Web browser software security limitations could increase your risk.
  4. Explore the server software security for the platform in question, weighing the pros and cons of each.
  5. Recognise the need for resilience of the operating system software; see Operating System Hardening.
  6. Identify the probable need for scripting software and the resultant security implications.
  7. The resilience of the hardware and its configuration.
  8. Encryption techniques (e.g. SSL) to safeguard the confidentiality of transmitted and stored data.


Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page