Abstract
The dawning of the twenty-first century and genesis of a new millennium has been extremely kind to technological advance. Industries and society alike have reaped the extreme benefits of technology at its finest. Technological progress has also proven to be extraordinarily beneficial to businesses and their bottom lines when properly employed. The need for automated business logic and functionality has spawned numerous concepts and efforts to capitalize on advanced business requirements. Probably the most popular and revolutionary to date of all initiatives is the advent of eBusiness. A direct descendant of Electronic Data Interchange (EDI), eBusiness has and continues to evolve into more than a phenomenon, but rather a sound component of successful corporations and organizations. The evolution and acceptance of eBusiness has created a ripple effect throughout the technical and business worlds. The promise of this wonderful concept and its accompanying technology has forced companies to completely rethink strategic planning efforts, and to sit up and pay full attention to this ever-growing development. One area that has been extremely affected by the wide spread acceptance of eBusiness and its counterparts are the architectures and infrastructures now utilized to support these efforts. Enterprise architectures that had originally been designed to shield internal business activities from the public eye of the Internet and other domains have been either replaced, redesigned, or melded with new architectural designs that proclaim companies and their offerings to the world, all in a digital atmosphere. This proclamation can be exceptionally lucrative and damaging, all at the same time. The conception of the Internet has without a doubt been the single most important episode in the continuing fairytale and illumination of technological advance. What once was considered the Underground Railroad of information; limited to universities, research groups, and government organizations has become the Autobahn of electronic data, and continues to evolve and transcend barriers and boundaries. The ability to surpass traditional barriers such as geography and distance serves as a definite attraction for organizations to eBusiness, and a tremendous amount of companies are acting upon this attraction. However, the dark side of the Internet is a playground for adversaries such as, but not limited to hackers (crackers), lone criminals, malicious insiders (disgruntled employees), industrial spies, media representatives, organized crime, terrorists, national intelligence organizations, special interest groups, competitors, script kiddies, and infowarriors to name a few. All of these can and should be considered a potential danger while individuals and organizations alike interact via the Internet and private networks as well. Nowhere are the aforementioned dangers as prevalent as they are in the increasingly popular world of e. eBusiness, eCommerce, eMarketPlaces, eAuctions, eSupplyChains, etc., etc.; the list goes on and on. The digitization of data is big business, and organizations are realizing the infinite potential involved with participating in these markets, as well as utilizing it to streamline day-to-day business operations and management. Around the globe scores of innovative, thought-provoking systems are deployed daily to feed upon the e landscape and take advantage of this new and exciting world of prosperity. However, the same factions that make haste to establish an Internet or web-based presence and rush to take advantage of digital data and goods are often the very ones that almost always either forget, simply neglect, or place a low priority on an absolute vital necessity of all e-efforts. Security! Therefore, the intent of this thesis is to examine and introduce methodical approaches to designing and implementing security life cycles that are driven by policy for secure eBusiness architectures. In order to provide the necessary assurance and security needed for eBusiness architectures efficient well thought out life cycles must be employed for security practices. Security, like any other component of Information Technology (IT) is not a hit or miss scenario. It is a continuos and meticulous process that is all encompassing of all veins of an enterprise. In order to design a secure architecture a procedural approach must be taken, so that all threats, vulnerabilities, adversaries, holes, nooks, and crannies are covered. Even after all these things have been addressed there is no such thing as an impenetrable system or infrastructure, especially in a networked environment. Given enough time and resources the strongest of confines can be made as vulnerable as a home PC connected to the Net. This is especially true for those systems that operate over public networks such as the Internet. Therefore, processes and procedures must be introduced, refined and constantly managed to maintain a secure state of operation. This text will illustrate the process of assessing technical environments utilized for eBusiness initiatives and gathering requirements for secure operation. Then taking those requirements and developing a functional security policy to govern over the system. Next, the document will discuss extracting requirements from the actual security policy and using them to create a plan of implementation. Also, during the implementation phase exists several testing and assurance activities that should be addressed. After, the overall implementation is completed and deployed, streamlined processes must be applied and properly managed to ensure that the hardened solution continues to function, as it should. An adequate cycle is much more intensive than described above, and this thesis will provide the detail needed to thoroughly address the concepts described here.
Library of Congress Subject Headings
Electronic commerce--Security measures; Computer security; Internet--Security measures; Computer networks--Security measures
Publication Date
2001
Document Type
Thesis
Department, Program, or Center
Information Sciences and Technologies (GCCIS)
Advisor
Wells, Timothy
Advisor/Committee Member
Leone, Jim
Advisor/Committee Member
Courton, Michael
Recommended Citation
Cutts, Marcus, "Policy driven security architectures for eBusiness" (2001). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/782
Campus
RIT – Main Campus
Comments
Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: HF5548.37 C877 2001