This presentation describes IT risks and their respective mitigation and contingency strategies for eCommerce and online stores Courtesy: www.ifour-consultancy.com

1. IT RISKS AND MITIGATION
STRATEGIES IN E-COMMERCE

2. Expected risks in business
• To understand expected risks, it has been divided into two
parts:
• Information Risks
• Technological Risks

3. Information risks
• Information Risks could be:
• Invasion of privacy suits stemming from posted textual content
• Copyright, patent, or trade secret infringement violations
• After unauthorized access to a web site, online information about
employees or customers is stolen, damaged or released
• Electronic bulletin boards containing defamatory statements
• Credit card information intercepted in transit is disclosed
• Information that has been changed or inserted in transmission is
processed leading to erroneous results
• Flight of intellectual property due to employees moving to
competitors

4. Technological Risks
• Technical risks to business could be:
• Unauthorized access to a web site
• Infecting a web site with computer viruses
• Internet service provider (ISP) server crashes
• Software content risk that violates a copyright or is libelous
• Insufficient bandwidth to handle traffic
• Risk due to excessive ISP outages or poor performance
• Intercepting and copying or changing non-credit card information
during transmission
• Risk of improperly integrating e-commerce system with internal
databases
• Risk of improperly integrating e-commerce system with internal
operational processes
• Inability of customer or supplier computers to handle graphical
downloads

5. Measures taken to curb IT risks
• CIA triad has been implemented to secure Confidentiality,
Integrity and Availability
• Confidentiality will be maintained for
• Product information
• Customer data
• Transaction data
• Cash card details
• Payment transaction

6. • Integrity will be maintained for
• Product details
• Cash transfer details
• Customer details
• Customer transactions
• Availability of information is provided 24x7 for:
• Online service
• Customer care
• Online payment
• Product details
• Online tracking

7. • Payment policy will be implemented to have secure and
successful payment for each transaction
• Data will be encrypted to avoid unauthorized manipulation
• Authorized access will be given to specific authorized
people of organization to minimize the risk of data
exposure
• Backup ISP available in case of ISP service failure
• Firewall and updated anti-virus implemented to avoid
virus attack from internet
• Easy graphical download for customer to view products

8. Reference
• http://ifour-consultancy.com/eCommerce-solutions.aspx
• Custom software development company