Java Reference
In-Depth Information
Chapter
6
Risk Assessment for the
typical e-Commerce
Web Application
his chapter is aimed at providing an insight into the risk assessment process for a typical Web-
based e-commerce application. he chapter will delve into the processes of risk assessment, such
as identiication of critical information assets, threat proiling, impact evaluation and control, and
identiication and formulation of detailed security requirements. Risk assessment provides clarity
on the security functionality that is to be designed and developed into the application based on its
criticality, exposure to sensitive information, user base, volume of transactions, legal requirements,
and impact of security breach.
6.1 System Characterization of Panthera's
e-Commerce Application
6.1.1 Identiication of Critical Information Assets
Identiication of critical information assets is the irst and foremost step in a Web application risk
assessment process. Based on critical information assets, the application architects can design
security functionality into the application, which will be commensurate with the criticality and
sensitivity of the data in question. he process of identiication of critical information assets is one
that determines the efectiveness of the entire risk assessment process and consequently the secu-
rity functionality built into the Web application based on the result of the risk assessment.
6.1.2 Practical Techniques to Identify Critical Information Assets
An information asset is of immense value to an organization. Information assets are key to any
organization's name and reputation in business today, and the organization's operations and
109
Search WWH ::
Custom Search