The different information systems discussed thus far rely on the capture and exchange of information to achieve user expectations. However, when such information is compromised due to unethical practices (Guragai, Hunt, Neri, & Taylor, 2017), serious consequences can result for both the shoe retailer and the customer (Mollick, 2014).
A major concern associated with online shopping is that of pecuniary fraud and misapplication of personal data (Phillips Consulting, 2014). This has become more pronounced with rise in cybercrime. Additionally, sensitive information may also fall into the wrong hands through acts of sabotage leading to unintended consequences (Allen & Fisher, 2015). While some retailers have introduced some measures like pay on delivery that does not require card details of buyers during purchase to mitigate such consequences especially those of financial fraud (Gabriel, Ogbuigwe, & Ahiauzu, 2016), such preventive actions are not always possible. Furthermore, even when such actions are taken, the information that has fallen into the wrong hands may be used for other harmful purposes.
Moreover, because security determines customers attitude towards online purchases (Limbu, Wolf, & Lunsford, 2014), the shoe retailer must ensure that security issues are eliminated or kept to a minimum at the least. This is particularly crucial as lack of security can lead to less trust of an online shopping site (Al-Debei, Akroush, & Ashouri, 2015).
To safeguard information assets of the online retailer, it is necessary to implement information systems that will detect and prevent security exploits. However, if an exploit has happened before it could be prevented, these systems should also have capabilities to respond.
One of such systems is an Information Security Management System (ISMS) which is a systematic approach including people, processes and IT Systems to help organisations protect information assets from occurrences such as natural disasters, unauthorised access, and social engineering attacks by applying a risk management process (International Organization for Standardization, 2018). These occurrences usually target confidentially, integrity, availability, authenticity and accountability elements of information (Singh, Vaish, & Keserwani, 2014).
Though it must be noted that there is nothing like perfect or absolute security, a common technique applied to improve the security of information systems is cryptography which is used to protect information in transit and storage by changing the information into an unusable state except by an authorized user (encryption). This information can be decrypted to the original state with the appropriate cryptographic keys usually by an authorized user. Cryptography is also applied to user authentication as well to ensure that connection between the user and the online store is secured (Singh, Vaish, & Keserwani, 2014).
Additionally, other controls such as the implementation of anti-malware and anti-phishing solutions are applied to stop malware from compromising the retailer’s systems thus leading to a denial of service as witnessed with the incidences of denial of service occasioned by ransomware attacks like WannaCry which affected about 160,000 unique IP addresses worldwide with financial loss of just over $100,000 (Dahlberg, 2017).
References
Dahlberg, D. (2017). Assessing the Global Impact of WannaCry Ransomware. Bitsight. Retrieved June 17, 2018, from https://www.bitsighttech.com/blog/assessing-the-global-impact-of-wannacry-ransomware
Guragai, B., Hunt, N. C., Neri, M. P., & Taylor, E. Z. (2017). Accounting Information Systems and Ethics Research: Review, Synthesis, and the Future. JOURNAL OF INFORMATION SYSTEMS, 31(2), 65-81.
Mollick, J. S. (2014). How are concerns about errors and ethics related to demands for information systems audits? Communications of the IIMA, 14(1-2), 63-73.
Phillips Consulting. (2014). Online Shopping Report 2014. Retrieved June 14, 2018, from http://www.phillipsconsulting.net/files/online_shopping_report.pdf
Allen, C., & Fisher, W. (2015). Road warriors and information systems security: risks and recommendations. Journal of Management Information and Decision Sciences, 18(1), 84-96.
Gabriel, J. M., Ogbuigwe, T. D., & Ahiauzu, L. U. (2016, October 11). Online Shopping Systems in Nigeria: Evolution, Trend and Prospects. Asian Research Journal of Arts & Social Sciences, 1(4), 1-7.
Limbu, Y. B., Wolf, M., & Lunsford, D. (2014, June 01). Perceived ethics of online retailers and consumer behavioral intentions: The mediating roles of trust and attitude. Journal of Research in Interactive Marketing, 133-154.
Al-Debei, M. M., Akroush, M. N., & Ashouri, M. I. (2015). Consumer attitudes towards online shopping: The effects of trust, perceived benefits, and perceived web quality. Internet Research, 707-733. doi:https://doi.org/10.1108/IntR-05-2014-0146
International Organization for Standardization. (2018). Standards. Retrieved from International Organization for Standardization: https://www.iso.org/isoiec-27001-information-security.html
Singh, A., Vaish, A., & Keserwani, P. K. (2014). Information Security: Components and Techniques. International Journal of Advanced Research in Computer Science and Software Engineering, 4(1), 1072-1077.
A major concern associated with online shopping is that of pecuniary fraud and misapplication of personal data (Phillips Consulting, 2014). This has become more pronounced with rise in cybercrime. Additionally, sensitive information may also fall into the wrong hands through acts of sabotage leading to unintended consequences (Allen & Fisher, 2015). While some retailers have introduced some measures like pay on delivery that does not require card details of buyers during purchase to mitigate such consequences especially those of financial fraud (Gabriel, Ogbuigwe, & Ahiauzu, 2016), such preventive actions are not always possible. Furthermore, even when such actions are taken, the information that has fallen into the wrong hands may be used for other harmful purposes.
Moreover, because security determines customers attitude towards online purchases (Limbu, Wolf, & Lunsford, 2014), the shoe retailer must ensure that security issues are eliminated or kept to a minimum at the least. This is particularly crucial as lack of security can lead to less trust of an online shopping site (Al-Debei, Akroush, & Ashouri, 2015).
 |
| Figure 3 | Information Systems Security | Source: profstewards.com |
To safeguard information assets of the online retailer, it is necessary to implement information systems that will detect and prevent security exploits. However, if an exploit has happened before it could be prevented, these systems should also have capabilities to respond.
One of such systems is an Information Security Management System (ISMS) which is a systematic approach including people, processes and IT Systems to help organisations protect information assets from occurrences such as natural disasters, unauthorised access, and social engineering attacks by applying a risk management process (International Organization for Standardization, 2018). These occurrences usually target confidentially, integrity, availability, authenticity and accountability elements of information (Singh, Vaish, & Keserwani, 2014).
Though it must be noted that there is nothing like perfect or absolute security, a common technique applied to improve the security of information systems is cryptography which is used to protect information in transit and storage by changing the information into an unusable state except by an authorized user (encryption). This information can be decrypted to the original state with the appropriate cryptographic keys usually by an authorized user. Cryptography is also applied to user authentication as well to ensure that connection between the user and the online store is secured (Singh, Vaish, & Keserwani, 2014).
Additionally, other controls such as the implementation of anti-malware and anti-phishing solutions are applied to stop malware from compromising the retailer’s systems thus leading to a denial of service as witnessed with the incidences of denial of service occasioned by ransomware attacks like WannaCry which affected about 160,000 unique IP addresses worldwide with financial loss of just over $100,000 (Dahlberg, 2017).
References
Dahlberg, D. (2017). Assessing the Global Impact of WannaCry Ransomware. Bitsight. Retrieved June 17, 2018, from https://www.bitsighttech.com/blog/assessing-the-global-impact-of-wannacry-ransomware
Guragai, B., Hunt, N. C., Neri, M. P., & Taylor, E. Z. (2017). Accounting Information Systems and Ethics Research: Review, Synthesis, and the Future. JOURNAL OF INFORMATION SYSTEMS, 31(2), 65-81.
Mollick, J. S. (2014). How are concerns about errors and ethics related to demands for information systems audits? Communications of the IIMA, 14(1-2), 63-73.
Phillips Consulting. (2014). Online Shopping Report 2014. Retrieved June 14, 2018, from http://www.phillipsconsulting.net/files/online_shopping_report.pdf
Allen, C., & Fisher, W. (2015). Road warriors and information systems security: risks and recommendations. Journal of Management Information and Decision Sciences, 18(1), 84-96.
Gabriel, J. M., Ogbuigwe, T. D., & Ahiauzu, L. U. (2016, October 11). Online Shopping Systems in Nigeria: Evolution, Trend and Prospects. Asian Research Journal of Arts & Social Sciences, 1(4), 1-7.
Limbu, Y. B., Wolf, M., & Lunsford, D. (2014, June 01). Perceived ethics of online retailers and consumer behavioral intentions: The mediating roles of trust and attitude. Journal of Research in Interactive Marketing, 133-154.
Al-Debei, M. M., Akroush, M. N., & Ashouri, M. I. (2015). Consumer attitudes towards online shopping: The effects of trust, perceived benefits, and perceived web quality. Internet Research, 707-733. doi:https://doi.org/10.1108/IntR-05-2014-0146
International Organization for Standardization. (2018). Standards. Retrieved from International Organization for Standardization: https://www.iso.org/isoiec-27001-information-security.html
Singh, A., Vaish, A., & Keserwani, P. K. (2014). Information Security: Components and Techniques. International Journal of Advanced Research in Computer Science and Software Engineering, 4(1), 1072-1077.
No comments:
Post a Comment