Access control mechanisms must address the threats to a Web commerce system, the system's vulnerability to these threats, and the risk that the threats might materialize. These concepts are defined as follows:
Threat: An event or activity that has the potential to cause harm to the information systems or networks
Vulnerability: A weakness or lack of a safeguard that can be exploited by a threat, causing harm to the information systems or networks
Risk: The potential for harm or loss to an information system or network; the probability that a threat will materialize
Controls are implemented to mitigate risk and reduce the potential for loss. Controls can be preventive, detective, or corrective. Preventive controls are put in place to inhibit harmful occurrences; detective controls are established to discover harmful occurrences; and corrective controls are used to restore systems that are victims of harmful attacks.
Two important control concepts are the separation of duties and the principle of least privilege. Separation of duties requires that an activity or process must be performed by two or more entities for successful completion. Thus, the only way that a security policy can be violated is if there is collusion among the entities. For example, in a financial environment, the person requesting that a check be issued for payment should not also be the person who has authority to sign the check. In least privilege, the entity that has a task to perform ...