Information Technology Reference
In-Depth Information
9.16.1
Applied IA
2
: E-Commerce Safeguard Capability
Business drivers behind E-commerce include expanding current revenue streams or
introducing new revenue streams through Internet Web access. These may include
B2B, B2C, or C2C transactions or communications. E-commerce may be exam-
ined through every IA architectural view: people, business process, policies, devel-
opment, and information technology. Moreover, unless all views are working in
harmony, E-commerce is a short-lived venture if not the catalyst for bankruptcy.
Every aspect of the SDLC comes into play, including integrating E-commerce
into legacy infrastructure and systems, creating a secure operating environment
that includes defense-in-depth (firewalls, IDS, AV, internal secure network seg-
ments), and more.
The fundamental architecture questions for E-commerce are: What is E-com-
merce? How is it different from traditional commerce? How is it different from
retail, wholesale, bricks and mortar? How is it different from call center and phone
orders? These are significant E-commerce issues:
n
−
Presence or infrastructure to support the transaction
These are the largest differences among Web site, call center, bricks-and-
mortar retail outlet, etc.
Presence awareness
Consumer knowledge of Web site; business knowledge of extra-net capa-
bility—boils down to marketing
Service
Initial and ongoing satisfaction of expectations
Trust
Receive what paid for
Secure execution of transaction
Protect proprietary or personal privacy interests
n
−
n
−
n
−
−
n
IA plays a role in each of these areas. All four have some internally imposed
requirements, the specifics of which boil down to economics—what will most posi-
tively affect the bottom line, optimize revenue, and minimize costs. The last,
trust
,
also has some externally imposed legislative compliance requirements (e.g., HIPAA,
Sarbanes-Oxley, etc.). When considering compliance, the bottom-line motivation
still holds true, but from the more one-sided perspective of cost avoidance, that is,
compliance to avoid fines. IA can achieve real protection and show due diligence by
setting up protections recognized under the reasonable man legal assessment.
Business to business, business to consumer, and consumer to consumer, respectively.
