Losing sellable products

From OWASP
Revision as of 13:51, 23 June 2008 by Dcabra01 (Talk | contribs)

Jump to: navigation, search

Description:

The business is not set up to effectively distribute, sell or maintain products for existing or new customers. Businesses basically fall into two categories: product providers and service providers. Product providers sell the products to the customers. Service providers maintain customer’s throughout the life-cycle. This means that special needs have to be made to take care of the customer so that they will continue to use your services. Risk Factors:

• Irate customers.

• Sellable equipment, services and/or features missing from applications .

• Network and application failures frustrates both users and customers.

• Profits decrease for the company.

• Legal action occurs.

• Fraudulent users unlawfully use customer data to send devices to an authorized location.


Example:

Decrease in Revenue

A sales tool application is down for two hours which impacts users to sell products to customers. The Service Level Agreement (SLA) of the application is not met. Potential loss of revenue for those two hours is estimated at $200K. (Note: each application has its own SLA agreement pre-determined and an Application Business Impact Analysis (ABIA) survey determines the financial loss).

Profits Sailing Down

Saleable equipment is missing from an application. A customer wants to purchase one of the missing items and is not able to proceed with their order. The customer gets frustrated and the sale is lost.

Related Technical Impacts

- Loss of integrity

- Loss of availability

- Loss of accountability

References

OWASP Top 10 - Ruby on Rails version, http://www.lulu.com/items/volume_62/1412000/1412042/1/print/Owasp-rails-security.pdf