1. Introduction

In the age of the Internet and World Wide Web, system security is one of the most important issues in any global web-based business information systems. This is confirmed by the strong of commitment from system security professionals, research community and major business application software vendors. The types of impacts include losses in productivity, revenue, customer confidence, stock price and other negative results. Recent denial of service attacks, viruses, computer intrusions, hackers and insider activities have cost companies millions of dollars. In a recent computer crime survey, respondents from 273 U.S. corporations, government agencies, financial institutions, medical institutions and universities reported losses totalling over $265 million [1]. The most serious financial losses occurred through theft of proprietary information and financial fraud. As the rapid growth of Internet access, the adoption of the Internet by businesses and the increased global competition, the financial and political impacts of these incidents will increase and security threats cannot be avoided.