PFIRES: Project DescriptionProblem
The tremendous growth in e-commerce has increased the risks companies face.
• exposure to theft and fraud
• loss of competitive advantage
• loss of privacy and confidentiality
• denial of service
• regulatory requirements
• material effect on financial statements
Because the internet is rapidly changing, today's security policies may become tomorrow's security weaknesses. A risk assessment process must be established for use in contemplating solutions in e-commerce. Moreover, new solutions must be systematically implemented in order to maintain information security.
This project will deliver a framework which will help organizations develop and maintain a policy for managing e-commerce risk. This framework will answer such questions as:
• How do organizations determine risk?
• How are risk acceptance and risk shifting decisions made?
• How are these decisions transformed into practice and policy?
• How is the process monitored for effectiveness and change?
Using this framework, organizations will develop their own information security policies and safe methods of change. The project, which will include an implementation package, will be available via the internet and in print.
This project makes possible the very first partnership between industry and cross-discipline academia. The team consists of members of the GTIS security group of Andersen Consulting and faculty and students of Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS). Dr. Eugene Spafford, a visionary in the information security field, is among the Purdue participants. Furthermore, the project will be reviewed by a team of industry representatives.
Please direct all comments ands questions to: