Potential Liability on Cross-site Scripting Essay

Potential Liability on Cross-site Scripting - Essay ExampleThese high level counselling personalities of diverse disciplines, howsoever trustworthy, cannot digress from their own responsibilities to justifiably oversee such crucial and important functional branch as online credential. The insurance industry has solid guest base and vast financial inputs. Online security must be exclusively handled by security experts just like surgical processs, program development and network operations atomic number 18 handled by experts in these fields. Otherwise the industry could become an easy target of ceaseless and relentless attacks of malevolent hackers spread all over the globe.The managers of the tether disciplines meet only twice annually as the security management committee to co-ordinate security developments and plans. This step-motherly treatment to security could prove to be counterproductive and expensive in the long run.Other potential liabilities the company needs to addre ss are risks arising from high volume of online inter action mechanisms and transactions with clients. When clients forget their username and/or password, they are required to answer a challenge question to retrieve the information by email. If anyone can forget username and/or password there is no warrantee they are likely to remember challenge questions and answers. Ideally, the company must provide clients with passwords. (Case Information)Recommendation on the immediate handling of the XSS threat to LIB The first and foremost action recommended is employ full time security consultant and fix responsibilities inclusive of the XSS threat to LIB. The immediate next step is to make clients aware of the XSS risk and modernise them on the course of action they need to bear in mind and act upon whenever browsing LIB website. The operations manager, program development manager and network operations manager must continue to maintain vigilance in security matters and report unusual occ urrences to the security department/consultant. These three management entities must unionise with security on daily or at least on weekly basis. (The Cross Site Scripting (XSS) FAQ)Recommendations on improvement in the management of security at LIBHaving a separate entity to handle online security issues at LIB is the ideal decision and the first step to address risks to the overall business. The company can get along improve its online security concerns by maintaining high alert on offline areas as well. A systematic reward scheme must be put in place for those providing information and alerts on unusual online movements. The company must also have its own discreet methods to test its security system by apply tactics such as sting operations periodically in top secrecy. The company must also keep itself abreast on hackers modus operandi and the susceptibilities and vulnerabilities of the online insurance industry. As a standard measure, every company using online business syste ms and network will ostensibly possess security technologies applicable to its sphere of operation and guard the interests of its clients and its own by routing online communications by encrypting, scrambling and decoding