Describe the business threats posed by each of the following situations and explain what its effect may be if a Web application is compromised.
- A publicly traded retailer with retail outlets and online shopping and shipping options
- Loss of integrity of inventory
- Loss of confidentiality of customer’s PII data – Name, Address, Phone number, credit card details
- Severe PCI DSS compliance penalties
- Delayed order fulfilment
- Loss of customers and credibility
- Possible theft and redirection of organization funds
- Dipping of stocks
- Major stakeholders may pull out their investments from the organization
- A small, private law firm whose small website features forms for potential clients to complete that require name, address, contact number, and reason for scheduling an appointment
- Loss of confidentiality – potential clients’ details are leaked
- Competitors may gain from this information – leading to loss of leads
- Clients lose faith in the firm and will chose a competitor
- Loss of scheduling information can lead to cancelled and forgotten appointments further showing that the firm in unprofessional and cannot be trusted
- A small firm will face the backlash and find it difficult to build credibility again
- A real estate appraisal company that provides residential-loan applicants of a publicly traded financial institution with online appraisals – all applicant information is sent to the appraisal company electronically
- Loss of confidential data
- Severe penalties under the SOX (Sarbanes Oxley) Act
- Possible litigations by individuals and the Federal Trade Commission (FTC)
- Identity theft of clients – leading to more losses and litigation
- A Web hosting company that provides leased servers for the websites of clients, ranging from small firms to large online retailers
- Disruption in services – leading to loss of network and cloud availability to clients
- Breach of service contract – can lead to financial losses and litigation
- Loss of reputation and clientele
- Labelled unreliable, insecure – and no clients will want such services to host their organizations data and websites.
- Possible loss of integrity and confidentiality with the clients’ hosted data – leading to catastrophic and cascading repercussions.
- A city government that allows people with parking tickets to pay the fines online using a credit card or online check
- Loss of credit card information
- Financial fraud with stolen details
- PCI-DSS compliance violations
- A local residential-cleaning business with a website that acts as a company brochure; no forms of any type are located on the website
- Possible defacing of the website – by malicious hackers
- Change in contact information – leading to possible clients contacting a competitor
- A software development company that develops and licenses online shopping software to large corporations
- Loss of highly confidential data involving license keys and digital signatures
- Leads to frauds involving clients’ software
- Huge financial losses for the clients
- Clients will sue for losses
- Possible loss of clients’ payment details – leading too financial losses – and compliance violations and litigations
- Loss in intellectual property involving algorithms used for generation license keys
- Can lead to the company going bankrupt and shutting down
- A private, locally owned bank with a website that accepts loan applications online
- Loss of customer’s PII data – leading to possible identity theft and compliance violations
- Lost data can be very useful for competitors
- Loss of customers
- Loss of reputation
- A local doctor’s office that maintains all patient information within the office; it doesn’t share electronically with any entities and doesn’t have a website or use any custom-developed software
- Business threats are offline – loss of paperwork, patient’s details, stolen information, loss of information through dumpster diving, social engineering etc.
- HIPAA violations – leading to steep penalties
- Can lead to the health care providers losing their licenses
- Complete loss of credibility, severe losses, and irreparable damages
- An online-only retailer which sells athletic equipment using shopping-cart software that has been developed in-house and uses PayPal whenever a customer makes a purchase
- Loss of orders
- Loss of inventory details
- Forged orders leading to loss of goods
- Loss of genuine customers
- Financial losses