Security in a Web-Based Environment

This paper sets forth a conceptual model for web security within the context of the overall systems development effort, and within the context of traditional accounting internal control processes and structures. Such a model allows for the enterprise-wide control of security risks over a prolonged period of time. Although a website offers amazing new capabilities for communicating with a broader range of customers, it is still essentially an information system. Consequently, the well-established methods of information system analysis are applicable in assessing the system's risks and vulnerabilities regardless of the unique, new risks involved. We illustrate the approach to analyzing security by structuring the paper around each of the following phases of development: systems analysis; systems design; systems implementation. The paper concludes with a few case studies indicating how this approach can be applied in real-world situations.