Integrated e-enterprise security design and implementation: a case study of e-service in supply chain management

Web technology has enabled many organisations to form an e-enterprise for effective communicating, collaborating, and information sharing. To gain competitive advantages, it is necessary for e-enterprises to integrate the entire lines of business operations and critical business data with external organisations or individuals over the web, which may introduce significant security risks to the organisations' critical assets and infrastructures. This paper reports a case study of e-service security design and implementation at a leading US company. The paper first reviews security concerns and challenges in front-end e-business and back-end supply chain operations. This is followed by the analysis of the company's e-service and its security problems. The case then presents an integrated e-enterprise security methodology that has guided the company to meet its security needs. The results of this case study provides security professionals with practical steps and sustainable solutions for tackling the unique security challenges arising in an open, unbounded e-enterprise supply chain environment.

[1]  Averill M. Law,et al.  Simulation Modeling and Analysis , 1982 .

[2]  Gregory R. Doddrell Information security and the Internet , 1995, Inf. Manag. Comput. Secur..

[3]  Kai Rannenberg Recent Development in Information Technology Security Evaluation - The Need for Evaluation Criteria for Multilateral Security , 1993, Security and Control of Information Technology in Society.

[4]  Yao-Hua Tan,et al.  A Logical Model of Trust in Electronic Commerce , 2000, Electron. Mark..

[5]  Carol A. Siegel,et al.  Internet Security for Business , 1996 .

[6]  David A. Fisher,et al.  Emergent algorithms-a new method for enhancing survivability in unbounded systems , 1999, Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.

[7]  David A. Fisher,et al.  Survivability—a new technical and business perspective on security , 1999, NSPW '99.

[8]  Karen A. Forcht,et al.  Control of the Internet , 1997, Inf. Manag. Comput. Secur..

[9]  Heather M. Hinton Under-specification, composition and emergent properties , 1998, NSPW '97.

[10]  Daniel E. Geer,et al.  A survey of Web security , 1998, Computer.

[11]  Edward A. Cavazos,et al.  Cyberspace and the Law: Your Rights and Duties in the On-Line World, Edward Cavazos and Gavino Morin. 1994. MIT Press, Cambridge, MA. 220 pages. ISBN: 0-262-53123-2. $19.95 , 1994 .

[12]  Louise Yngström,et al.  A Holistic Approach to IT Security , 1995 .

[13]  Christopher Edwards,et al.  The Internet: a global telecommunications solution? , 2000, IEEE Netw..

[14]  Vladimir Zwass,et al.  Electronic Commerce: Structures and Issues , 1996, Int. J. Electron. Commer..