oviders must also be secure. A security flaw within a provider will also open the company to attack. End-user services. Internet services used by company employees, such as e-mail and news services, must be secure. Business services. The company’s Internet commerce Web server and all other Internet based services must be secured (DALE 12). Obviously, a company must first decide on the scope of its Internet commerce and other usage before developing a security plan. The basic concept of developing a security plan is risk analysis, in which all aspects of a company’s operations are examined for security flaws and the minimization of various risks are evaluated according to some type of cost/benefit analysis. However, a growing number of experts believe that such complicated and costly approach to Internet security may not be warranted because of the amount of guesswork involved in predicting risks (BULLETIN 2). These experts advocate a baseline controls approach to Internet security issues (BULLETIN 3). The baseline controls approach calls for implementing the first phase, according to standards of due diligence, basic technological and policy measures of Internet security, such as firewalls, secure protocols, employee Internet usage policies, and security management procedures (password issuing, security auditing, etc). An additional phase would involve looking at security issues specific to the unique aspects of a company’s operations and implementing additional measures according to the same standards of due diligence. Proponents argue that the baseline approach may provide the same degree of security as a systematic risk analysis approach and may protect a company against lawsuits if appropriate due care is exercised (BERKELEY 4). Electronic Commerce Systems Several alternative payment systems have been worked out using security techniques discussed in this paper and are currently being offered for secure int...
