Online IT risk management strategies that drive

E-commerce portal uses a threat model approach for online IT risk management. A look at how Ticketvala counters online security threats.

Mumbai-based travel portal is basically a bus ticket platform which leverages the internet to provide travel services. Ticketvala provides real-time bus booking services for round trips, multiple payment channels, cost comparison, an in-house call centre, and home delivery of tickets.

Ticketvala's business model has two components -- the B2B section available only for business partners (services providers and channel sales partners) and the B2C portal (the Web portal). As the entire business model is web-based, security threats are a major business risk for Ticketvala. "Some of the common threats that e-commerce portals like Ticketvala deal with are denial of service, cross-site scripting, buffer overflows, injection flaws, using known application bugs, and phishing attacks," says Prameet Savla, the chief technology officer of

Security mantras at Ticketvala

Security has been the keystone of Ticketvala's IT architecture right from its initial days. While designing the security strategy, Savla gave priority to confidentiality (allowing only authorized parties to read protected information), integrity (ensuring that data remains 'as is' from the sender's end to the receiver's end) and availability (ensuring access to authorized resources).

Ticketvala's security policy consists mainly of threat models, strict developer guidelines, internal security audits, and strict password policies. In addition, the organization also uses guidelines on how to respond to security issues in real time.

The company's threat model uses mainly two approaches — software-centric and attacker-centric approaches. Software-centric threat modeling (also known as design or architecture -centric) starts from the system design stage, looking for attacks against each element of the model. In this approach, threats are examined and countermeasures are identified at the application design state itself (before code is written). This way, defensive mechanisms are built into the code and it is much more cost effective.

Steps in software-centric threat modeling
• Define the application requirements (Identify business objectives, user roles, application data and use cases for operating on application data).
• Model the application architecture (model components, service roles that components will act under, external dependencies, calls from roles to components, and data store).
• Identify threats to the confidentiality, availability and integrity of the data and the application. This process is based on the data access control matrix that the application should enforce.
• Assign risk values and determine risk responses.
• Determine the countermeasures to implement based on your chosen risk responses.
• Continually update the threat model based on the emerging security landscape.

According to Savla, attacker-centric threat modeling involves thinking about who might want to attack Ticketvala's assets and understanding how they might attack the organization. This approach primarily uses tools like attack trees and attack patterns, which help identify and document potential attacks on the organization's system in a structured and hierarchical manner. "When creating an attack tree, you should assume the attacker's role. Consider what you must do to launch a successful attack. Follow this up with identification of the attack's goals and sub-goals," Savla advises.

The attack tree approach creates each application's attack profile and the required mitigation efforts. "Your test team can use the trees to create test plans that validate security design. Architects or developer leads can use the attack trees to evaluate security costs associated with alternate approaches. Developers can use these trees to make informed coding decisions during implementation," Savla suggests.

The security controls

Ticketvala's servers are colocated in a Mumbai-based internet data center. These servers are protected by two firewall layers with a demilitarized zone and a honey pot server (to mislead attackers). "Both firewalls use intrusion detection software to detect unauthorized access attempts. We also have an intrusion protection system in place to identify possible intrusions and block them in real time," Savla says.

Ticketvala uses third-party payment gateways provided by leading banks for online credit card transactions. "We deliberately chose to go for the banks' landing pages to process credit card information rather than collect it on our site. It's better to leave this aspect to the experts. These gateways are highly secure and support the Internet's strongest security technologies," Savla explains. The client software encrypts transaction information using 280-bit RSA encryption before sending it through a secure socket layer (SSL) pipe using 128-bit encryption.

To protect customers from Phishing attacks, the Ticketvala Web portal uses VeriSign's secure site SSL Certificates and has the VeriSign secured seal.

Going forward

Ticketvala is in the process of evaluating security products available on software as a service (SaaS) models. The objective is to identify security components that can be moved to the SaaS delivery model for cost advantages, without compromising on the overall security of applications.

Read more on IT risk management