Blogs >> Technology >>
Web information assurance in indian websites
Recently i found in most of the indian OTAs(online travel agencies) websites, many of them are not clear about their web information assurance policy. This web info. assurance covers mainly the concepts of Security, privacy and business integrity. These concepts are set right and ensured by certificates issued by SSL (Secure Sockets Layer) provider namely, VeriSign, thawte, truste, geotrust, etc... of these, some companies take the responsible of providing security as the main component (VeriSign) and some for privacy (TRUSTe). Based on this the content provided by site also changes.
The Dimensions of Web information are,
1.Security(unauthorized access)
2.Transaction integrity(alteration/deletion/duplication)
3.Authenticity of parties to transaction(identity theft)
4.Privacy compliance(inappropriate use)
5.Business Integrity(grievance redress)
6.Financial Settlements(diversion of payments, non repudiation)
Any website which gives these assurance,can be said to be providing the right information.
Security:Unauthorized access and distributed denial of service attacks are mainly concentrated in this part. These problems have potential remedies like intrusion detection software, firewalls, traffic management software, back-up servers and IP numbers, proper password generation guidelines, prompt application of software patches, and proxy servers.
Transaction integrity: Apart from alteration/deletion/duplication of documents,diversion/non receipt of documents also falls in this category.The potential remedy for the same are software controls,encryption,electronic receipts for the sender.
Authenticity of parties to transaction:Identity theft is one serious issue in this category.The potential remedy available for the same issue is through Digital signatures/certificates (those from VeriSign) and encryption.
These three issue category can be grouped and can be seen as Security issues.
Privacy compliance:The issue addressed in this is unauthorized access and inappropriate use. Potential remedy for these issues are through software /electronic controls,physical controls,managerial controls/restrictions to access data that could aid in profiling; and privacy seals like TRUSTe,BBBOnline reliability
Business integrity:Grievance redress is the main issue in this category.By comprehensive audit of business practices,role of arbitrator/mediator,and seals like BBBOnline reliability gives potential remedy.
Financial Settlements:Diversion of payments,Unauthorized usage of financial data,non-repudiation*(An authentication that with high assurance can be asserted to be genuine) are some of the issues in this category.The potential remedy for this issues are through providing Escrow services.("an account established by a broker under the provisions of the license law for the purpose of holding funds on behalf of the broker's principal or some other person until the consummation or termination of a transaction'"... courtesy Wikipedia)
Web assurance services are based on the idea of making the vulnerable party(the consumer) more comfortable with the transaction ensuring that the other(the company)follows through on its promises.
This also gives a great treat for the info searcher,like payment methods and secured searches. Though most of the sites provides the assurance in their t&c,privacy policies...the organisation should think more in the way of providing an integrated platform of providing both security and also privacy. In present market situation organisation cant think security and privacy as separate. Moreover the 3rd degree is business integration. So the organisations should think of the same...
I wish the reader should also think about the same.If you have any more idea in the same topic please get back to me...
cheers,
Sundar
|
|
