Information assurance metric development framework for electronic bill presentment and payment systems using transaction and workflow analysis

摘要

One of the fastest growing applications in the banking arena is Electronic Bill Presentation and Payment (EBPP), driven primarily by a desire to reduce costs associated with issuing and settling physical bills. EBPP is a secure system for companies to electronically present bills and other related information to their customers, and host the secure payment of these bills. This paper puts forth information assurance issues that are analyzed from a workflow and transaction analysis perspective. Various aspects and technologies deployed in EBPP systems are discussed with a view to understand security underpinnings. The paper develops a framework for the measurement of security levels of any EBPP system, which will help security personnel to ensure a higher level of understanding of information assurance issues and proactively engage in elevating security measures and fraud protection in their organizations. A step-by-step procedure is developed to help IT security managers and administrators to understand the metrics that can define proactive and reactive security service delivery levels, and implement the measurement framework that is necessary to demonstrate performance against these metrics.