Cyber Security Risk Management for E-Commerce Companies: A Report

Verified

Added on 2022/10/10

AI Summary

This report analyzes cyber security concerns within e-commerce companies, specifically focusing on risk management strategies and the application of relevant frameworks. The report examines the importance of a robust security management system within organizations like PayPal, which heavily relies on online payment systems. It highlights the significance of IT risk management, security management, and IT governance in such environments. The report delves into the ISO/IEC 27000 family of standards (including ISO/IEC 27001 and ISO/IEC 27002) and COBIT 5 as key frameworks for establishing and maintaining strong cyber security. The report also suggests the application of PAS 555, ISO/IEC 27032, ISO/IEC 27035, ISO/IEC 27031, and ISO/IEC 22301 to reduce cyber-crimes and enhance data security. In conclusion, the report emphasizes the critical need for e-commerce companies to adopt these frameworks to protect their data and maintain customer trust, ultimately enhancing their overall cyber security posture.

Running head: CYBER SECURITY CONCERN OF E-COMMERCE COMPANY
CYBER SECURITY CONCERN
OF
E-COMMERCE COMPANY
Name of the Student
Name of the University
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1Cyber Security
Introduction:
The primary objective if this paper is to elaborate the importance of security
management system, its utilization as well as the risk management in an organization like
PayPal. Followed by the aspects PayPal is an organization which operates the system of
online payment. Hence, it has been noticed that in the operations of this organization there is
a significant important of IT risk management, security management as well as the
Information Technology governance (Trautman 2015). Since, the organization process is
based on information technology system it is very essential to maintain high security for their
money transactions this paper will elaborate the above mentioned aspects.
Cyber Security Risk Management:
ISO/IEC 27000, ISO/IEC 27001, ISO/IEC 27002-
ISO/IEC 27001 is a security standard which has been introduced to protect the
organizational information. Due to the adoption of the mentioned standard an organization
will adopt the capabilities of protecting their critical data from cyber criminals, it will help to
reduce the chances of data breach. Thus, it can be stated that the organization with ISO/IEC
27001 standards are capable of gaining customer trust and show best security practices to
their data (Evans 2016). Followed by the above security standards the ISO/IEC 27000
standard holds the capability to control the security standards of ISO/IEC 27001 with the
purpose to maximize the benefits due the above mentioned security regulation. Along with
the capabilities of the ISO/IEC 27000 and ISO/IEC 27001, the ISO/IEC 27002 has the
responsibility to effectively gather a proper guideline for the organization which will help the
organization to implement as well as to improve the IT security management of an
organization (Janakiraman & Narayanan 2019). Hence, from the above discussion it has been
noticed that ISO/IEC 27000 and ISO/IEC 27000 offers the regulations for cyber security and

2Cyber Security
the security standard ISO/IEC 27002 collectively determines the best practices for the
security standards.
COBIT 5-
Followed by the above security standards the COBIT 5 is a framework which
incorporates the IT governance and security management process in an organization. The
primary objective behind the incorporation of COBIT 5 is to adopt effective IT services into
their business as well as it helps the organization to gather more effective information which
supports the decision making process of the organization.
Followed by the data integrity, data confidentiality as well as the data availability is
also significant aspects of cyber security which needs to be followed by the organization.
Recommendation:
Followed by this above security standards and frameworks the application of PAS 555
will be accurate while reducing the aspect of cyber-crime in case of any e-commerce
business. Followed by this ISO/IEC 27032, ISO/IEC 27035, ISO/IEC 27031, ISO/IEC 22301
is also effective to reduce the cyber-crimes in the e-commerce business platforms by keeping
their data safe (Peltier 2016).
Summary:
Hence, followed by the above discussion it can be stated that in an organization like
PayPal there is a significant impact of security standards in it as it is performs financial
operation. From the above discussion it has been also determined that the incorporation of
ISO/IEC 27032, ISO/IEC 27035, ISO/IEC 27031, ISO/IEC 22301 and PAS 555 along with
the ISO/IEC 27000, ISO/IEC 27001, ISO/IEC 27002 will be highly effective to enhance the
cyber security in the nominated organization.

3Cyber Security
Reference:
Evans, L. (2016). Protecting information assets using ISO/IEC security
standards. Information Management, 50(6), 28.
Janakiraman, V., & Narayanan, A. (2019). Ensuring Site Reliability through Security
Controls.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
Trautman, L. J. (2015). E-Commerce, cyber, and electronic payment system risks: lessons
from PayPal. UC Davis Bus. LJ, 16, 261.