NCC Members have free access to this Guideline on the Principia website.

Businesses are increasingly exploiting the opportunities provided by the new interconnected world in order to build upon existing business models and revenue streams, or to create new ones. Whilst the most obvious manifestation of e-business to the outside world is the corporate web site, organisations are also using a wide range of other e-business tools to make their own in-house processes more efficient and their relationships with trading partners more effective.

However, as organisations become increasingly dependent upon their information infrastructure, so the need to ensure the security of the business systems that manage, manipulate, store and distribute this information becomes ever more important. Security of business systems is concerned with reducing the risks posed to information and associated business processes to acceptable levels and is becoming one of THE major issues facing business today. The move to e-business increases this risk, often in ways that are not immediately obvious to business managers. The stakeholders in your business, for example business partners, customers, shareholders, auditors and employees, are taking a growing interest in the way that security is addressed.

This Guideline is concerned with managing the risks associated with deliberate or accidental attacks on the information systems that support e-business. Although it concentrates on issues relating to electronic business, these must be considered in the wider context of the protection of all aspects of information processing within an organisation.