E-Commerce/Network Security Considerations

E-Commerce security issues can be grouped under the categories of system availability, data integrity, and data privacy. System availability means that all necessary components are available to support a given users transmission requirements. Data integrity means that all valid messages that are sent are received, messages are not altered in such as way as to make them invalid, and unauthorized messages are not introduced and transmitted over the network. Data privacy means that transmitted messages contain only 'need to know' information and are seen only by their intended audience. Enterprise network security is typically reactive, and relies heavily on host security. This approach creates complicated interactions between protocols and systems that can cause incorrect behavior and slow response to attacks. Network security at both the e-commerce and customer sites must be constantly reviewed and suitable countermeasures must be planned. The security of a site depends on the security of the internal systems and the security of external networks

Mixed-Initiative Security Agents

Security decision-making is hard for both humans and machines. This is because security decisions are context-dependent, require highly dynamic, specialized knowledge, and require complex risk analysis. Multiple user studies show that humans have difficulty making these decisions, due to insufficient information and bounded rationality. However, current automated solutions are often too rigid to adequately address the problem and leave their users more confused and inept when they fail. A mixed-initiative approach, in which users and machines collaborate to make security decisions and make use of complementary strengths rather than weaknesses, is needed.