Doing eBusiness securely
 |
Professor Vijay Varadharajan |
Internet security expert Professor Vijay Varadharajan believes security technologies are often wrongly accused for causing eCommerce problems.
Varadharajan believes these problems are more often due to poor integration of security technologies and security management policies than with specific security technology.
“That is not to say that security technologies are foolproof,” says Varadharajan. “There is no such thing as absolute security; security is relative to the set of perceived threats in a given environment.”
Information and Networked Systems Security Research Group
Varadharajan, who has 25 years experience in the business of security research, is the Director of the Information and Networked Systems Security Research Group (INSS) at Macquarie University.
The group’s ultimate aim is to enable secure design of systems and applications and to improve security in organisations. ECommerce security is one of the group’s five main research areas.
Security and risks
“In some sense it is about risk management. Security measures help to optimise risks,” says Varadharajan. “It is all relative and about how comfortable you feel about taking risks.
“In general, security technology has been improving over the years. Many of the security concepts have been relatively stable and it is the application and management of these technologies that create many challenges today. On the one hand, the technology gets better while on the other hand threats and attacks also increase. So it is a race between the security technology developers and the attackers.”
Security strategy
Varadharajan advises businesses to put security at the top of their list of priorities. It is about the protection of an organisation’s assets, tangible and non-tangible. Security is part and parcel of the cost of doing business, and security and privacy decisions impact business strategies and decisions at the highest level.
Some questions that need to be addressed include:
- Does the organisation have risk management and mitigation strategies? Does the company have security policies and strategies for managing risks?
- What security and disaster recovery procedures are in place, and how are they managed and kept up-to-date?
- If the IT systems go down and services are interrupted for several hours, how will this impact the business, revenue and customers? How critical is business continuity in IT operations?
- Does the company have implementation procedures for fast response in the case of attacks?
- Does the company have strategies to appropriately monitor and detect unauthorised conduct which may lead to litigation of the company?
“As there is no such thing as absolute security, essentially we use a variety of techniques and methods in security to optimise risk in different circumstances,” says Varadharajan. “Some of these methods are technology oriented, some are personnel and procedural oriented. These require a legal framework to be enforced. It is important to optimise your risks by looking at security aspects. One can minimise risks by disconnecting oneself completely from the outside world and not interacting with anyone in any form but this is of course totally impractical.”
For further information contact Professor Vijay Varadharajan vijay.varadharajan@mq.edu.au or visit Information and Networked Systems Security Research www.comp.mq.edu.au/research/inss