Internet & Intranet Security Management - Risks & Solutions
Internet & Intranet Security Management - Risks & Solutions
Internet & Intranet Security Management - Risks & Solutions
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Risk and Trust<br />
Risk is an essential component of trust; "one must take a risk in order to engage in trusting<br />
action" (Mayer et al, 1995, p. 724). However, "It is unclear whether risk is an antecedent to trust, is<br />
trust, or is an outcome of trust" (Mayer et al, 1995, p. 711). One could argue that risk-taking<br />
behaviour and trust behaviour "are really different sides of the same coin" (Deutsch, 1958, p. 266).<br />
What really matters is that the connection between risk and trust depends on the situation and the<br />
context of a specific, identifiable relationship.<br />
Risk-taking takes into account the probability of the occurrence of an event between parties and the<br />
difference in the anticipated ratio of what Deutsch (1958) calls 'positive and negative emotional<br />
consequences' to the parties. The probability of negative consequences will depend on how risky the<br />
situation is and the existence of security measures that can avoid the risk from happening or reduce<br />
its impact. However, what level of security is adequate is difficult to establish as organisations and<br />
individuals vary considerably from one another in the degree of assurance they require before they<br />
will act in a situation that has the potentiality of danger or negative consequences.<br />
Knowledge of the risk and security processes behind e-commerce appears not to be widespread. Parties<br />
trading on the <strong>Internet</strong> either take risk and security for granted or assume they are absent. An example<br />
of the latter view is that 'nothing should be sent on the <strong>Internet</strong> which one would not send by postcard<br />
since the security levels are about the same.' Before examining the security requirements for e-<br />
commerce we outline its major business and technological risks. It should be remembered that risks<br />
don't generally occur in isolation but tend to interact with each other.<br />
Business <strong>Risks</strong><br />
As previously stated, e-commerce is a means of exchanging products, services and information over<br />
electronic networks that make up the <strong>Internet</strong>. The <strong>Internet</strong> is a non-hierarchical, democraticallystructured,<br />
collaborative arrangement entered into by millions of users. This informality and lack of<br />
overall control creates the perception that the <strong>Internet</strong> is inherently insecure. As a consequence<br />
business risks arise as follows (Fink, 1998).<br />
• Products and services. The risk exists that products and services ordered on the <strong>Internet</strong> are not of<br />
the quality promised or are not delivered even though they have been paid for. The buyer may even<br />
deny having placed the order.<br />
• Inadequate legal provisions. Concern currently exists in a number of areas which have not been<br />
adequately defined or tested in law. Questions are asked as to what constitutes an offer and