FRANÇAIS   Contact Us CA Store Login
Chartered Accountants of Canada
Home  >  Research & Guidance  >  Research Activities  >  Recent Publications
Bookmark and Share
Uniting the Canadian Accounting Profession
Subscribe / Unsubscribe
Annual Report 2010-2011
RSS Feed

 

Secure IT Infrastructure for E-commerce


Order information
Product Number 03620
Price: Members $42.50 Non-members $47.50
Order Form


Staff contact
David Moore, CA
research.studies@cica.ca




Executive summary

Project objective

This research report describes what it takes to create a secure IT infrastructure for e-commerce. The term "infrastructure" has become a commonly used umbrella term encompassing a variety of information technology components that comprise enterprise systems. An entity’s IT infrastructure includes facilities, mainframes, servers, networks and other related IT components, shared IT services, shared and standard applications, and the human resources required to operate these components. E-commerce activities depend on an efficient and effective IT infrastructure, and security is one of the key deliverables of such an IT infrastructure. Security is the comfort of knowing that assets, including systems and information, are protected from misuse and destruction. Typically, a key element of providing such protection involves restricting access to authorized users. In an e-commerce context, however, access to systems must be relatively open to external users so that they can make their transactions as buyers or sellers over the Internet. Unfortunately, such easy access makes systems vulnerable to attacks by hackers and others with malevolent intentions. Also, access controls alone will not protect an entity from “attacks” by its own employees - and employees are responsible for a large proportion of reported security breaches. Thus, e-commerce requires a reconsideration of an entity’s IT infrastructure security features.

In December 2002, the CICA’s Information Technology Advisory Committee decided to commission a project to consider these issues. Professor Efrim Boritz and the Centre for Information Systems Assurance at the University of Waterloo agreed to undertake this project. The project’s terms of reference were:

  • To undertake research aimed at answering the following questions: What is an IT infrastructure? How does an IT infrastructure vary with type of e-business model? What are the components of a security infrastructure? What is the relationship between a security infrastructure and an IT infrastructure for e-business? How would these principles affect security strategy?
  • To present reports to the members of the CICA’s Information Technology Advisory Committee on each of the above issues (which will be considered consequentially) for their reaction and comment.
  • To develop a report to be published as part of the CICA’s research studies or research reports series.

(Principal Author - J.E. Boritz, PhD, FCA, CA•CISA/IT, University of Waterloo)

  Privacy Statement  |  Copyright  |  Site Map  |  Links
Share |
THE CANADIAN INSTITUTE OF CHARTERED ACCOUNTANTS
277 Wellington Street West Toronto ON M5V 3H2 Canada
Tel: 1.416.977.3222 Fax: 1.416.977.8585