Wednesday, November 20, 2019

Potential Liability on Cross-site Scripting Essay

Potential Liability on Cross-site Scripting - Essay Example These high level management personalities of diverse disciplines, howsoever trustworthy, cannot digress from their own responsibilities to justifiably oversee such crucial and important functional branch as online security. The insurance industry has solid customer base and vast financial inputs. Online security must be exclusively handled by security experts just like operations, program development and network operations are handled by experts in these fields. Otherwise the industry could become an easy target of ceaseless and relentless attacks of malevolent hackers spread all over the globe. The managers of the three disciplines meet only twice annually as the security management committee to co-ordinate security developments and plans. This step-motherly treatment to security could prove to be counterproductive and expensive in the long run. Other potential liabilities the company needs to address are risks arising from high volume of online interactions and transactions with clients. When clients forget their username and/or password, they are required to answer a challenge question to retrieve the information by email. If anyone can forget username and/or password there is no guarantee they are likely to remember challenge questions and answers. Ideally, the company must provide clients with passwords. (Case Information) Recommendation on the immediate handling of the XSS threat to LIB The first and foremost action recommended is employ full time security consultant and fix responsibilities inclusive of the XSS threat to LIB. The immediate next step is to make clients aware of the XSS risk and educate them on the course of action they need to bear in mind and act upon whenever browsing LIB website. The operations manager, program development manager and network operations manager must continue to maintain vigilance in security matters and report unusual occurrences to the security department/consultant. These three management entities must coordinate with security on daily or at least on weekly basis. (The Cross Site Scripting (XSS) FAQ) Recommendations on improvement in the management of security at LIB Having a separate entity to handle online security issues at LIB is the ideal decision and the first step to address risks to the overall business. The company can further improve its online security concerns by maintaining high alert on offline areas as well. A systematic reward scheme must be put in place for those providing information and alerts on unusual online movements. The company must also have its own discreet methods to test its security system by using tactics such as sting operations periodically in top secrecy. The company must also keep itself abreast on hackers' modus operandi and the susceptibilities and vulnerabilities of the online insurance industry. As a standard measure, every company using online business systems and network will ostensibly possess security technologies applicable to its sphere of operation and guard the interests of its clients and its own by routing online communications by encrypting, scrambling and decoding

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.