366
A Practical Guide to Security Assessments
ARCHITECTURE
8. What is the method of connection between the company and the B2B
partner and what security measures are in place to ensure that the con-
nection is secure? If information is sent across the Internet, how is it
secured?
Guidance:
At one time, EDI was the primary way that B2B transactions
were performed. These transactions were secured via the use of a Value
Added Network (VAN). Today, the Internet is leveraged for B2B transac-
tions. Virtual Private Networks (VPNs) and other security architectures are
used to secure the transactions. In this question, we are concerned with en-
suring that the transmittal of information from one business partner to an-
other is secure. This question should give rise to doing a detailed review of
the transaction process flow and the architecture to ensure that the trans-
mittal of data is secure. Ideally, security should have been considered up
front during the initial architecture design phase as redesigning can be-
come expensive and cause a service disruption. Some architecture-related
issues to consider are:
•
Encryption of information during transport —
Appropriate levels of
encryption should be used based on the nature of the connection and
the sensitivity of the information being transmitted.
•
Digital certificates —
Trading partners should agree on architecture
details related to encryption and signing. This will enable the senders
and receivers to authenticate the trading partner.
•
Authentication —
Reasonable authentication measures should be used
based on the nature of the B2B relationship. Where very sensitive
information is being accessed, strong authentication measures should
be considered.
Risk:
The risk associated with insecure transmittal of data varies based on
the nature of the data being transmitted. If sensitive information, such as
competitive pricing information or customer-related information, is not se-
cured during transmission, a risk exists that sensitive information may be
compromised and get into the wrong hands.
Client Response:
9. How are network perimeter security issues handled — i.e., how does the
company ensure that the network traffic from the business partner is
legitimate? How is B2B traffic authenticated?
AU1706_book.fm Page 366 Tuesday, August 17, 2004 11:02 AM
Appendix K
367
Guidance:
From an architecture perspective, once information is trans-
mitted from the business partner, it must enter the company’s network.
There are security considerations when architecting this that will vary
based on the company. For example, certain adjustments may have to be
made on the firewall to accommodate B2B traffic. Where the B2B traffic
terminates as well as authentication requirements must be reviewed when
considering network perimeter security issues. These security consider-
ations must be considered in light of the company’s security policy and
business requirements.
Risk:
Network perimeter security is a critical aspect of B2B security. If
these security issues are not dealt with, a risk exists of unauthorized access
to sensitive information being transmitted.
Client Response:
10. What measures does the business partner take to ensure that the com-
pany’s data is secure?
Guidance:
Depending on the nature of the B2B relationship, the business
partner will potentially have the company’s data on their machines. Al-
though the data resides on the business partner’s systems, the company is
ultimately accountable for it. The company must ensure that the business
partner is taking reasonable measures to ensure that the data is adequately
protected. This is an even more significant issue if personally identifiable
or customer-identifiable data is residing on the business partner’s machines.
For example, if health care companies are in a B2B relationship, personal-
ly identifiable health information might reside on the business partner’s
systems. These issues can be dealt with in the B2B agreement and in the
SLA.
Risk:
The risks related to sensitive data not being adequately protected can
range from minor operational impacts to significant legal impacts related
to noncompliance with laws such as the Health Insurance Portability and
Accountability Act (HIPAA). The impacts can include fines for violating
regulations or damage to the reputation of the company.
Client Response:
AU1706_book.fm Page 367 Tuesday, August 17, 2004 11:02 AM
368
A Practical Guide to Security Assessments
11. What access control measures does the business partner have in place to
ensure that access to the company’s data and systems is limited to only
those individuals who require it?
Guidance:
Access control to data or applications should normally be pro-
vided on a “need to have” basis. As it relates to the company’s data and the
B2B application, the business partner should limit access to only those
who require it. This should be part of the B2B agreement. One thing to
look out for is personnel from the business partner having “read” access.
Although someone with read access cannot perform a transaction, data
confidentiality issues still exist — i.e., read access should be limited to
only those who need it.
Risk:
The risk associated with inadequate access control measures related
to the company’s data at the business partner’s location is unauthorized ac-
cess to potentially sensitive data. This can eventually result in financial
damage or damage to the company’s reputation.
Client Response:
12. Does the company’s termination process remove access an employee
might have had to B2B applications?
Guidance:
When employees are terminated, their access to the B2B appli-
cation should be removed along with all other access they have. One issue
to look for is where personnel use a common ID and password to use the
B2B application (this should not be done in the first place). In this case, the
password should be changed immediately because the terminated employ-
ee knows the ID and password to use the application. In the scenario where
employees have individual access to B2B applications, that access should
also be removed. This scenario is particularly a problem because B2B ap-
plications are often Web based, which does not necessarily require network
access before accessing the B2B application. Therefore, if a terminated
employee’s access is not removed, that individual can still access the same
information as before.
Risk:
The risk associated with terminated employees as it relates to B2B
applications is the risk of unauthorized access to business partner systems.
It can ultimately result in an employee being terminated and then going to
a competitor and accessing the same information.
Client Response:
AU1706_book.fm Page 368 Tuesday, August 17, 2004 11:02 AM
Appendix K
369
13. Are user IDs periodically purged from B2B applications?
Guidance:
The purging process that should be performed for all IDs —
network, applications, devices, etc. — should also be performed for IDs on
the B2B application. This is a mitigating control in case the IDs were not
removed when they should have been. The frequency of this process de-
pends on the level of turnover and the strength of the company’s termina-
tion process.
Risk:
Similar to not terminating IDs, the risk associated with not purging
IDs is that ex-employees may still have access to B2B applications. This
can result in employees going to competitors and accessing the same in-
formation, which could eventually damage the relationship with the busi-
ness partner.
Client Response:
NOTE
1.
eAI Journal
—“Vitria Acquires XML Solutions,” March 27, 2001—http://www.eaijour-
nal.com/News.asp?NewsID=583
AU1706_book.fm Page 369 Tuesday, August 17, 2004 11:02 AM
AU1706_book.fm Page 370 Tuesday, August 17, 2004 11:02 AM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.