The role of security standards in Electronic Business (EB)
Faculty of Business and Public Management
School of Business
Companies are now very aware of the dangers and costs of security intrusion. Today, there is a plethora of security products on the market. However, security is not ensured simply by the installation offirewalls or intrusion detection software. It has become increasingly clear that IT security is not an issue which products alone will solve. Security measures must extend to all areas of business and awareness should be integrated into a company's internal policy and procedures. Within the electronic business (eB) arena it is also important for companies to obtain some assurance that their business partners' systems are also suitably secure. This paper examines the contribution that IT security standards, particularly the ISO 17799 security management standard and the CC/ISO 15048 product evaluation standard, can make to providing an organisation with an adequate level of IT security. The paper argues that compliance with either of the two standards alone is unlikely to provide an organisation with a level of security that is appropriate for today 's eB environment. The paper concludes that if both standards are used together, within a coherent and well designed IT infrastructure, a suitable level of security is more likely to result.