(8)What are cyber security risks considerations in E-Commerce? Also list down relevant controls for the same
Answer: Following are some of the cyber security risk considerations:
Controls for addressing cyber security Risks
- The most common Cyber security threats for e-commerce is unprotected online services.
- Other type of threats includes phishing attacks, hacking, credit card fraud and data errors.
- Cyber security risk can have either direct financial impact or indirect financial impact.
- Direct Financial Impact: A hacker can exploit vulnerability in the application and steal the funds through cyber attacks.
- Indirect Financial Impact: Hackers can steal Personally Identifiable Information (PII) or card numbers of customer and cause significant reputational damage to company.
Controls for addressing cyber security Risks
- Secure configurations for each type of authorized hardware and software should be maintained and implemented.
- Secure configurations of network devices such as firewalls and Routers shall be maintained.
- Secure application software development guidelines to be adopted.
- User access to application data should be based “On Need to Know”.
- Anti-virus and Anti-malware should be installed.
- Data leakage prevention solutions should be deployed.
- Incident response capability should be developed to handle any Cyber attack incidents.
- Data Back-Up should be taken regularly and checked timely by restoration of data.
- Training to be provided for all employees to ensure awareness of cyber security guidelines.