Web security is a concern for any organization or agency tied to the Internet. Whether it be maintaining the browsers to avoid malicious attacks or monitoring a whole in house Web server, preventing damage to network content is key. As consumers make their way to the Web, companies will find that selling and distributing their product over the Internet is an effective way to cut costs and enhance customer service.
If maintaining a Web server in-house, protecting it and the internal network is important. Firewalls separate the inside from the out by filtering out certain information or connections. Whether a hardware, software, or hybrid solution is selected depends on the organization and its IS structure and goals. A company with an internet connection should have a firewall set up; even if not maintaining an in house Web server.
Selecting appropriate solutions for delivering Web content and handling secure commerce ultimately depends on the needs of the organization. Even if an organization's Web server is maintained by an external provider, IS personnel should be familiar with SSL protocols, certificate authorities, and other necessary tools so that appropriate questions can be asked and educated evaluation of the provider's services can be made.
Policy in this field revolves around what needs protecting, and how to protect it. Do we clamp down on all external services, or is restricting a few sufficient for the prposes of the policy making group? Right now, The internet and the Web are in the hands of corporate America and the public. Security policy here is constructed at the business or service provider level. The same technology that secures America's business networks, however, can and is used for military purposes. It is only a matter of time before some hacker circumvents these measures, and new ones need to be developed. Internet and WWW security is a rapidly changing field. That too is something that any security policy has to adjust for: change.