·Mention and briefly describe five ITsecurity risks which can negatively impact the e-business Following aresome of the IT security risks that could effect pickaboo,                             Insecure Deserialization: It is avulnerability which happens when untrusted data is being used for abusing thelogic of an website. insecure deserialization is linked to serialization anddeserialization. serialization is the process of converting an item into a fileand it can be stored, send to streams or network. The format can be XML, JSONetc.

Deserialization is transforming serialized formats in the website.. Graffiti:Thebenefit of  making a website for thecompany is numerous but this could also prove to be a great cause ofembarrassment as in many websites there are chat room for all the consumers todiscuss about the companies product and servises but some people provide falseinformation about the company, its products and services and to other consumerthis in turn compromises with the reputation of the company , this kind ofspreading of false information is popularly known as ‘web graffiti’. Denial of serviceAsPickaboo relies heavily on Internet trade, ‘denial of service’ is major riskfor the company. It involves someone has been interfering with the technologyin such a way to prevent the company from carrying out its Internet-basedactivities.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

The company’s computer systems are made to disconnect from theInternet or to fail completely. It  mightbe followed by the threat of extortion. Some of the famous Internet basedcompanies have been affected by denial of service such as Yahoo!, e-Bay, CNN.

com and Amazon .Cyber-squattingCyber-squattingis also known as ‘abusive registration’ occurs when the hacker registers thedomain name with which he has  nolegitimate connection and then tries to sell it at  higher inflated price. A  major number of Court judgements have found itin favour of the true brand owner and against the cyber-squatter. legal actionsalways distract the attention of the management.

And making a new website needsto be delayed until the legal procedure is over, the creation of a web presencewould need to be delayed until the dispute is resolved. For a e-businesscompany it is very important to register the company, product and its servicewith the internet authorities as early as possible even if it is a hectic taskin a country like Bangladesh where it could take weeks to register.Cross-site scripting: It is a type of ITsecurity risk in which the hacker injects client-side scripts with the help ofXSS.

it is mainly used to pass though access control. The effects of XSS mayvary according to the type of data and its nature.           ·From those identified risks, selecttwo which most likely to cause severe damage. 1)     Insecure Deserialization2)      Cross-site scripting·For those two, suggest securitymanagement (both technical and managerial) which can prevent or manage thoserisks. Technical  Security Management:For risk mitigation, Technical security can be usedto protect against different types of risks. These can vary from simple tocomplex measures and normally involve system architectures; engineeringdisciplines; and security packages with a mix of hardware, software, andfirmware. These measures have work together to secure a critical and securedata, information, and IT system functionaries. Technical controls can beclassified into the following major categories, according to primary purpose: • Support  : Supportingcontrols are traditional  IT securitytools.

These controls must be in place in order to implement other controls. • Prevent  : Preventivemeasures focus on preventing security breaches from occurring in the firstplace. • Detect andRecover  : These measures focus ondetecting and recovering from a security breach.

  Managerial  Security Management :Security controls, in collaboration with technicaland operational measures, are implemented to manage and reduce the risk of lossand to provide protection to the organization’s mission. Management measuresfocus on the reservation of information protection policy, guidelines, andstandards, which are carried out through operational procedures to fulfill theorganization’s goals and missions. Preventive Management Security measures include: • Assigning security responsibility to ensure thatadequate amount of security is provided for the mission-critical IT systems. • Developingand maintaining a system security plan to document current controls and addressesplanned controls for IT systems in support of the organization’s mission. • Conducting security awareness and technicaltraining to ensure that end users and system users are aware of the rules andregulations, especially their responsibilities in protecting the organization’sgoal.