Security Management of E-Business Systems
Pradeep Ray
School of Information Systems, Technology and Management, University of New South Wales, Australia
Success of e-business systems depends very much on the secure functioning of networked applications.
Millions of business dollars are being lost every time a new virus or worm (e.g., MyDoom) appears in the
cyber-horizon. Techniques, such anti-virus, firewalls, public key encryption, smart cards,
Kerberos authentication and intrusion detection systems are already a part of the software environment
of e-businesses today. Given the increasing frequency of cyberattacks, none of these tools and techniques
are likely to provide total security. Hence e-businesses will now need to focus managing security.
Many of the security tools are either unused or under-utilised in enterprises today due to the
management problems. For example, intrusion detection systems are switched off due to frequent
false alarms and the lack of standard processes to action on these alarms. Issues related to
privacy and confidentiality often complicate the situation. This tutorial will present an overview
of the evolving management processes, tools and techniques for e-business security.
This half-day tutorial is organized into two parts that discuss two viewpoints of Integrated Management
of E-Business Security, namely
- Business Viewpoint
- Technology and Standards Viewpoint
Part 1 provides a brief review of the evolving e-business models and it discusses the problem of
integrated management from the security perspective in terms of the four key management dimensions
for e-business; people, organization, process, and technology. This part will be illustrated with
examples from e-healthcare environment.
Part 2 discusses various emerging technologies and standards covering the network security constituent
areas discussed in Part 1. This part discusses various evolving security standards, illustrated by a case
study on how to manage intrusion detection systems. The tutorial will conclude with a brief discussion
of some new research projects that have the potential to revolutionise this area in near future
(e.g., cooperative immunization systems for the Internet).
This tutorial is targeted at people with different background, such as IT managers,
e-commerce managers, engineers, students and practitioners interested in learning
about the evolving security management frameworks and techniques.
Pradeep Ray has been teaching Information Systems and Technology (IS/IT) networking courses at Masters
and Bachelor’s levels in Australian universities for last ten years. His research interests include
networked network /systems/services management, e-business security, enterprise services and
mobile computing in the context of various types of e-businesses, such as e-finance, e-healthcare
and e-telco. He has more than seventy international refereed publications (including two books published
as part of the international series of Network and Systems Management published by Kluwer Academic/Plenum
Publishers) in these areas. Pradeep has had more than ten years' technical and managerial experience
in the international information technology and telecommunications industry. He has been teaching courses
related to networking in both regular graduate programs and in executive programs in Australia, Europe
and Americas. He delivers tutorials at top international telecommunication conferences, such as SUPERCOMM,
GLOBECOM and NOMS. Pradeep is a member of the editorial board of the International Journal of Network and
Systems Management. He has been the Chair of the IEEE Technical Committee on Enterprise Networking (EntNet)
that sponsors events, such as EntNet@SUPERCOMM, Healthcom and Financecom. He is a Co-Chair of the
IEEE Globecom2004 Symposium on Network Management and Security. He has organised a number of international
conferences in this field. More details can be found at Pradeep’s home page
http://www.sistm.unsw.EDU.AU/people/pradeep/
back
|