Security

Security is the essential enabler of on-line services, especially e-commerce and other services delivered across the Internet.

On-line services appear to threaten the traditional basis of most existing system security by connecting an organisation's core assets to the outside (and potentially hostile) world. This may introduce a plethora of additional risks to the business. Many of these can be mitigated with appropriate controls and countermeasures. But until a Structured Security Risk Assessment has been performed it cannot be determined which of those controls are most appropriate. Risks are measured in terms of two orthogonal factors, the impact and the probability. A low impact risk that is likely to happen on a daily basis can ultimately be more significant than a high impact risk which is however unlikely ever to occur. Many organisations apply controls based entirely on the few risks that they've thought of or have previously encountered. Inevitably these tend to be the higher impact risks. Often this leaves many much more probable risks completely unaddressed. A structured risk assessment is intended to identify and quantify (as far as possible) all the risks that can be anticipated, and can then be used as the basis of establishing the security requirements to ensure that the appropriate controls are put in place. The assessment is based on identifying the vulnerabilities and threats to the service, out of which the risks can be determined.

Alnpete can provide the expertise and experience to perform Structured Security Risk Assessments on systems and services, especially e-commerce and other on-line services.

Alnpete consultants have been concerned with the security aspects of financial services for many years, from designing the protocols at the heart of the City's trading systems in the 1980s through the strategic design of PKI solutions in the 1990s right up to the architecting of secure messaging solutions for financial services in 2008. For clients we have provided security and risk reviews of existing and planned services, as well as innovative designs for the appropriate use of security mechanisms.