|
Security and privacy of electronic banking byBog'liq Security and Privacy of Electronic Bankinge) Password policies
Ensure that password policies are enforced for consumer s and internal users.
f) Intrusion detection and audits of security logs
One of the cornerstones of an effective security strategy is to prevent attacks and to detect
potential attackers. This helps understand the nature of the system's traffic, or as a starting point
for litigation against the attackers.
Suppose that you have implemented a password policy: If a consumer makes 6 failed logon
attempts, then his account is locked out. In this scenario, the company sends an email to the
customer, informing them that his account is locked. This event should also be logged in the
system, either by sending an email to the administrator, writing the event to a security log, or
both.
You should also log any attempted unauthorized access to the system. If a user logs on, and
attempts to access resources that he is not entitled to see, or performs actions that he is not
entitled to perform, then this indicates the account has been co-opted and should be locked out.
Analysis of the security logs can detect patterns of suspicious behavior, allowing the
administrator to take action.
In addition to security logs, use business auditing to monitor activities such as payment
processing. You can monitor and review these logs to detect patterns of inappropriate interaction
at the business process level.
The infrastructure for business auditing and security logging is complex, and most likely will
come as part of any middleware platform selected to host your site
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org
443
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
|
| |
