E-tendering security issues and countermeasures

Tendering is a process whereby the principal invited capable tenderer participates in competitive bid for winning a large project. Due to the E-tendering efficiency and effectiveness, this system is introduced and adopted in many countries. Although the system provides opportunities in improving bus...

Full description

Saved in:
Bibliographic Details
Main Authors: Muhammad Robie, Mohd Afdhal, Mohd, Haslina, Baharom, Fauziah, Muhd Darus, Norida, Yasin, Azman, Muner, Wan Farez Saini
Format: Article
Published: American Scientific Publishers 2014
Subjects:
Online Access:http://repo.uum.edu.my/20573/
http://doi.org/10.1166/asl.2014.5291
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Utara Malaysia
Description
Summary:Tendering is a process whereby the principal invited capable tenderer participates in competitive bid for winning a large project. Due to the E-tendering efficiency and effectiveness, this system is introduced and adopted in many countries. Although the system provides opportunities in improving business processes which may lead to paperless, reduced reliance on human capability during transaction, reduced costs and shortened evaluation period, however there still remain uncertainties in legal and security issues. These issues are strongly related to the threats of the E-tendering system.Therefore, this paper is intended to propose a secure solution of the E-tendering system development together with basic countermeasures to overcome the threats. The findings from this study are the identified threats, security technology and related countermeasure of E-tendering process. The procedure in identifying threats and countermeasures are following risk analysis process.Meanwhile, the selections of countermeasures are based on analysis from identified threats.The proposed countermeasures are based on ISO/IEC 27001 and 27002, STRIDE and NIST 800-53 standard.These findings will be used to construct a software architecture secure E-Tendering for IT project.