Electronic Commerce: Top 10 IT control based on ISO 27001

ISO 27001/27002 stated that the electronic information passing over public networks should be protected from fraudulent activity, contract dispute and unauthorized disclosure and modification. In implementing this, there are a number of interlinked issues, many of which should be addressed in formal agreements between parties:

1. Authentication, to ensure that there is some confidence that customers or traders are who they say they are.

2. Authorization, to ensure that trading partners know that prices set, or contracts agreed, have been agreed by someone authorized to do so, and that trading partners know what each other’s authorization procedures are.

3. Dealing, in online contract and tendering processes, with non-repudiation, with confidentiality, integrity, proof of despatch and receipt of documents.

4. How confidential are discount arrangements and how reliable are advertised prices?

5. How is the confidentiality of transaction details (including payment and delivery details) to be protected?

6. What vetting of payment information is necessary?

7. What is the most secure method of payment, and how is credit card fraud to be dealt with?

8. How are duplicate transactions, or loss of transactions, to be avoided?

9. Who carries the risk in any fraudulent transactions, and how is insurance to be dealt with?

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Facebook
  • Google
  • Yahoo
  • Technorati

Trackback URL for this post:

http://www.smashingpasswords.com/trackback/89

User login

Who's online

There are currently 0 users and 1 guest online.

Who's new

  • asejPeelwrx
  • swigicky
  • EthefwafMaife
  • lerafuxse
  • NugRigquiff