Potential Liability on Cross-site Scripting Essay

latent Liability on Cross-site Scripting - Essay ExampleThese high level management personalities of diverse disciplines, howsoever trustworthy, cannot digress from their testify responsibilities to justifiably oversee such crucial and important functional branch as online security. The insurance manufacture has solid customer base and vast financial inputs. Online security must be exclusively handled by security experts just like operations, program development and network operations are handled by experts in these fields. Otherwise the industry could become an easy target of ceaseless and relentless attacks of malevolent hackers spread entirely over the globe.The omnibuss of the three disciplines meet only twice annually as the security management charge to co-ordinate security developments and plans. This step-motherly treatment to security could prove to be counterproductive and expensive in the foresighted run.Other potential liabilities the company needs to address are risks arising from high volume of online inter proceedings and transactions with clients. When clients block their username and/or password, they are required to answer a challenge question to retrieve the information by email. If anyone can forget username and/or password there is no guarantee they are likely to consider challenge questions and answers. Ideally, the company must provide clients with passwords. (Case Information)Recommendation on the immediate handling of the XSS affright to LIB The set-back and foremost action recommended is employ full time security consultant and fix responsibilities inclusive of the XSS threat to LIB. The immediate next step is to make clients aware of the XSS risk and educate them on the course of action they need to bear in mind and act upon whenever browsing LIB website. The operations manager, program development manager and network operations manager must continue to maintain vigilance in security matters and taradiddle unusual occurre nces to the security department/consultant. These three management entities must coordinate with security on periodical or at least on weekly basis. (The Cross Site Scripting (XSS) FAQ)Recommendations on improvement in the management of security at LIBHaving a separate entity to handle online security issues at LIB is the ideal finale and the first step to address risks to the overall business. The company can further improve its online security concerns by maintaining high alert on offline areas as well. A systematic reward scheme must be put in place for those providing information and alerts on unusual online movements. The company must also digest its own discreet methods to test its security system by using tactics such as sting operations periodically in top secrecy. The company must also keep itself up on(predicate) on hackers modus operandi and the susceptibilities and vulnerabilities of the online insurance industry. As a standard measure, every company using online bus iness systems and network will ostensibly possess security technologies applicable to its sphere of operation and guard the interests of its clients and its own by routing online communications by encrypting, scrambling and decoding