Issues and Protections

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Ch.5 It Security, Crime, Compliance, and Continuity
THE INFORMATION SECURITY PROBLEM
Security Controls – What Works
Security+ Guide to Network Security Fundamentals
1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
E-Commerce Security and Fraud Issues and Protections
Computer Security: Principles and Practice
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 10 E-Commerce Security.
Storage Security and Management: Security Framework
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
What does “secure” mean? Protecting Valuables
Prepared by: Dinesh Bajracharya Nepal Security and Control.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Security Architecture
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information Systems Security Operational Control for Information Security.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Copyright © 2015 Springer Education 1 Lecture 6 ReF: chapter 10 E -C OMMERCE S ECURITY AND F RAUD I SSUES AND P ROTECTIONS.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Information Security and Privacy in HRIS
CS457 Introduction to Information Security Systems
Learning Objectives Understand the importance and scope of security of information systems for EC. Describe the major concepts and terminology of EC security.
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Information Security, Theory and Practice.
Add video notes to lecture
Data and database administration
Security
Information Security Awareness
Chapter 17 Risks, Security and Disaster Recovery
Managing the IT Function
Securing Information Systems
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
E-Commerce Security and Fraud Issues and Protections
Chapter 9 E-Commerce Security and Fraud Protection
INFORMATION SYSTEMS SECURITY and CONTROL
How to Mitigate the Consequences What are the Countermeasures?
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Issues and Protections E -Commerce Security and Fraud Issues and Protections Copyright © 2015 Springer Education Lecture 6 ReF: chapter 10

Learning Objectives Understand the importance and scope of security of information systems for EC. Understand about the major EC security threats, vulnerabilities, and technical attacks. Understand Internet fraud, phishing, and spam. Describe the information assurance security principles. Describe the major technologies for protection of EC networks. Describe various types of controls and special defense mechanisms. Discuss enterprise wide implementation issues for EC security. Understand why it is so difficult to stop computer crimes. Copyright © 2015 Springer Education 4-2

10.1 THE INFORMATION SECURITY PROBLEM Copyright © 2015 Springer Education

10.1 THE INFORMATION SECURITY PROBLEM A variety of activities and methods that protect information systems, data, and procedures from any action designed to destroy, modify, or degrade the systems and their operations. Computer security: The protection of data, networks, computer programs, computer power, and other elements of computerized information systems. Computer security aims to prevent, or at least minimize, the attacks. Copyright © 2015 Springer Education 4-4

10.1 THE INFORMATION SECURITY PROBLEM Types of Attacks: Corporate Espionage: Many attacks target energy-related companies because their inside information is valuable. Political Espionage and Warfare: Political espionage and cyberwars are increasing in magnitude. Sometimes, these are related to corporate espionage. Copyright © 2015 Springer Education 4-5

10.2 BASIC E-COMMERCE SECURITY ISSUES AND LANDSCAPE Copyright © 2015 Springer Education

10.2 BASIC E-COMMERCE SECURITY ISSUES AND LANDSCAPE The EC Security Battleground: The essence of EC security can be viewed as a battleground between attackers and defenders and the defenders’ security requirements. Components of Battleground: The attacks, the attackers, and their strategies. The assets that are being attacked (the targets) in vulnerable areas. The security defense, the defenders, and their methods and strategy. Copyright © 2015 Springer Education 4-7

10.2 BASIC E-COMMERCE SECURITY ISSUES AND LANDSCAPE Unintentional Threats Categories: Human errors: They can occur in the design of the hardware, software, or information systems. It can also occur in programming , testing and data collection. Environmental Hazards: Include natural disasters and other environmental conditions outside of human control; sand storms, floods and fires. Malfunctions in the Computer System: Defects can be the result of poor manufacturing, defective materials, memory leaks, and outdated or poorly maintained networks. Copyright © 2015 Springer Education 4-8

10.2 BASIC E-COMMERCE SECURITY ISSUES AND LANDSCAPE EC Security Requirements: The following set of security requirements are used to assure success and to minimize EC transaction risks: Authentication: A process used to verify (assure) the real identity of an EC entity, which could be an individual, software agent, computer program, or EC website. Authorization: The provision of permission to an authenticated person to access systems and perform certain operations in those specific systems. Copyright © 2015 Springer Education 4-9

10.2 BASIC E-COMMERCE SECURITY ISSUES AND LANDSCAPE EC Security Requirements : Auditing When a person or program accesses a website or queries a database, various pieces of information are recorded or logged into a file. Availability Assuring that systems and information are available to the user when needed and that the site continues to function. Non repudiation: (Close to authentication) The assurance that online customers or trading partners will not be able to falsely deny their purchase, transaction, sale, or other obligation. Copyright © 2015 Springer Education 4-10

10.2 BASIC E-COMMERCE SECURITY ISSUES AND LANDSCAPE The Defense: Defenders, Strategy, and Methods: EC security strategy consists of multiple layers of defense that includes several methods. This defense aims to deter, prevent, and detect unauthorized entry into an organization’s computer and information systems. Deterrent methods: countermeasures that make criminals abandon their idea of attacking a specific system. Prevention measures: help stop unauthorized people from accessing the EC system. Detection measures: help find security breaches in computer systems. Copyright © 2015 Springer Education 4-11

10.5 THE INFORMATION ASSURANCE MODEL AND DEFENSE STRATEGY Copyright © 2015 Springer Education

10.5 THE INFORMATION ASSURANCE MODEL AND DEFENSE STRATEGY Information Assurance (IA): - Making sure that a customer is safe and secure while shopping online is a crucial part of improving the online buyer’s experience. - Measures taken to protect information systems and their processes against all risks. In other words assure the systems’ availability when needed. The assurance includes all tools and defense methods. Information Assurance (IA) model: A point of reference used to identify problem areas and evaluate the information security of an organization. The use of the model includes three necessary attributes: Confidentiality. Integrity. Availability. The success and security of EC can be measured by these attributes. Copyright © 2015 Springer Education 4-13

10.5 THE INFORMATION ASSURANCE MODEL AND DEFENSE STRATEGY Confidentiality: The assurance of data secrecy and privacy. Namely, the data is disclosed only to authorized people (encryption and passwords). Integrity: The assurance that data are accurate and that they cannot be altered. The integrity attribute needs to be able to detect and prevent the unauthorized creation, modification, or deletion of data or messages in transit. Availability: The assurance that access to any relevant data, information websites, or other EC services and their use is available in real time, whenever and wherever needed. Copyright © 2015 Springer Education 4-14

10.5 THE INFORMATION ASSURANCE MODEL AND DEFENSE STRATEGY E-Commerce Security Strategy: EC security needs to address the IA model and its components. The Phases of Security Defense: Prevention and deterrence (preparation): Good controls may prevent criminal activities and human error from occurring. Initial Response: Verifying if there is an attack. If so, determine how the intruder gained access to the system and which systems and data are infected or corrupted. Detection: The earlier an attack is detected, the easier it is to fix the problem, and the smaller amount of damage is done. Containment (contain the damage): It is to minimize or limit losses once a malfunction has occurred. Copyright © 2015 Springer Education 4-15

10.5 THE INFORMATION ASSURANCE MODEL AND DEFENSE STRATEGY The Phases of Security Defense: Eradication: Remove the malware from infected hosts. Recovery: Recovery needs to be planned for to assure quick return to normal operations at a reasonable cost. One option is to replace parts rather than to repair them. Correction: Finding the causes of damaged systems and fixing them. Awareness and compliance: All organization members must be educated about possible hazards and must comply with the security rules and regulations. Copyright © 2015 Springer Education 4-16

10.9 IMPLEMENTING ENTERPRISEWIDE E-COMMERCE SECURITY Copyright © 2015 Springer Education

Drivers for EC security management: 10.9 IMPLEMENTING ENTERPRISEWIDE E-COMMERCE SECURITY Drivers for EC security management: The laws and regulations with which organizations must comply. The conduct of global EC. Information assets have become critical to the operation of many businesses. New and faster information technologies are shared throughout organizations. The complexity of both the attacks and the defense require an organization wide collaboration approach. Copyright © 2015 Springer Education 4-18

10.9 IMPLEMENTING ENTERPRISEWIDE E-COMMERCE SECURITY EC Security Policies and Training: An important security task is developing an organizational EC security policy, as well as procedures for specific security and EC activities such as access control and protecting customer data. The policies need to be disseminated throughout the organization and necessary training needs to be provided. Copyright © 2015 Springer Education 4-19

10.9 IMPLEMENTING ENTERPRISEWIDE E-COMMERCE SECURITY EC Security Policies and Training: First example, To protect privacy during data collection, policies need to specify that customers should: Know that data is being collected. Give their permission for the data to be collected. Have knowledge and some control over how the data is controlled and used. Be informed that the information collected is not to be shared with other organizations. Second example, To protect against criminal use of social media, you can: Develop policies and procedures to exploit opportunities but provide customer protection. Educate employees and others about what is acceptable and what is not acceptable. Copyright © 2015 Springer Education 4-20

10.9 IMPLEMENTING ENTERPRISEWIDE E-COMMERCE SECURITY The major reasons Internet crime is so difficult to stop: Making Shopping Inconvenient. Lack of Cooperation by Business Partners. Shoppers’ Negligence. Ignoring EC Security Best Practices. Design and Architecture Issues. Lack of Due Care in Business Practices. Copyright © 2015 Springer Education 4-21

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.