Scenario
UNFO traditionally has been a brick-and-mortar retailer, and the management has experiences of associated business risks such as employee theft and shoplifting. However, as the organization moves into the e-commerce model, new risks will be introduced to the organization. As the junior information security analyst, it will be your role to summarize the business impact of these new risks, the motivating factors that one may have to exploit vulnerabilities, and how the risks can be mitigated.
Tasks
Prepare a report for presentation to senior management to assist the team in understanding IT security risks associated with an e-commerce model. Additionally, the senior management team will need to use the report as guidance for determining a budget allocation for hiring new IT professionals. Through the given scenario of UNFO, identify the weaknesses and vulnerabilities associated with the proposed Web platform. To do so, you must:
1. Research and classify common weaknesses and attacks associated with ecommerce and social networking applications.
2. Identify the motivation for potential attacks.
3. Identify the roles such as system administrator, developer, security engineer, and quality assurance analyst for each classification.
4. Explain the business impacts of a successful exploit on a Web application's weakness.
5. Summarize the importance of identifying weaknesses and motivation for attacks early in the development or implementation process.