Pertemuan 20 Materi : Buku Wajib & Sumber Materi :

Slides:

Advertisements

Similar presentations

CS5038 The Electronic Society

Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Lecture 1: Overview modified from slides of Lawrie Brown.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Chapter 12 E-Commerce Security. © Prentice Hall Learning Objectives 1.Document the rapid rise in computer and network security attacks. 2.Describe.

Introducing Computer and Network Security

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Prentice Hall, Chapter 13 E-Commerce Security.

范錚強 1 E-Commerce Security 范錚強 2 The Security Threats Computer Crime and Security Survey % computers exposed to security violations 40% computers.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Chapter 11 E-Commerce Security. Electronic CommercePrentice Hall © Learning Objectives 1.Document the trends in computer and network security attacks.

Web server security Dr Jim Briggs WEBP security1.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Chapter 10 E-Commerce Security.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Security and Control Brian Mennecke. Planning for Security and Control In today’s net-enabled environment, an increasingly important part of IT planning.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

E-Commerce Security.

C8- Securing Information Systems

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Awicaksi E-Commerce Security & Payment System E-Commerce.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Topic 5: Basic Security.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

CSCE 548 Secure Software Development Security Operations.

Computer Security By Duncan Hall.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

E-commerce Security By John Doran. What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions.

Pertemuan 12 Materi : –Understanding Content management Concept and Application Buku Wajib & Sumber Materi : –Turban, Efraim, David King, Jae Lee and Dennis.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

E-COMMERCE SECURITY ELECTRONIC COMMERCE. E-Commerce Security Successful e-tailing requires addressing online security and privacy fears of your online.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Information Systems Security

Network security Vlasov Illia

CS457 Introduction to Information Security Systems

Botnets A collection of compromised machines

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Network Security Basics: Malware and Attacks

Instructor Materials Chapter 7 Network Security

Secure Software Confidentiality Integrity Data Security Authentication

Chapter 5 Electronic Commerce | Security

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Chapter 13 E-Commerce Security Prentice Hall, 2002.

Botnets A collection of compromised machines

Security in Networking

Chapter 5 Electronic Commerce | Security

Chapter 9 E-Commerce Security and Fraud Protection

INFORMATION SYSTEMS SECURITY and CONTROL

Faculty of Science IT Department By Raz Dara MA.

Computer Security By: Muhammed Anwar.

Chapter # 3 COMPUTER AND INTERNET CRIME

Mohammad Alauthman Computer Security Mohammad Alauthman

Presentation transcript:

Pertemuan 20 Materi : Buku Wajib & Sumber Materi : Understanding e-Business Systems & Security Concept and Application Buku Wajib & Sumber Materi : Turban, Efraim, David King, Jae Lee and Dennis Viehland (2004). Electronic Commerce. A Managerial Perspective, 2004. Prentice Hall. Bab 12

Brute Force Credit Card Attack Brute force credit card attacks require minimal skill Hackers run thousands of small charges through merchant accounts, picking numbers at random When the perpetrator finds a valid credit card number it can then be sold on the black market Some modern-day black markets are actually member-only Web sites like carderplanet.com, shadowcrew.com, and counterfeitlibrary.com

Brute Force Credit Card Attack Relies on a perpetrator’s ability to pose as a merchant requesting authorization for a credit card purchase requiring A merchant ID A password Both

Brute Force Credit Card Solution Signals that something is amiss: A merchant issues an extraordinary number of requests Repeated requests for small amounts emanating from the same merchants

Brute Force Credit Card Attack What we can learn… Any type of EC involves a number of players who use a variety of network and application services that provide access to a variety of data sources A perpetrator needs only a single weakness in order to attack a system

Brute Force What We Can Learn Some attacks require sophisticated techniques and technologies Most attacks are not sophisticated; standard security risk management procedures can be used to minimize their probability and impact

Accelerating Need for E-Commerce Security Annual survey conducted by the Computer Security Institute and the FBI Organizations continue to experience cyber attacks from inside and outside of the organization Next…..

Accelerating Need for E-Commerce Security The types of cyber attacks that organizations experience were varied The financial losses from a cyber attack can be substantial It takes more than one type of technology to defend against cyber attacks

Security Issues From the user’s perspective: Is the Web server owned and operated by a legitimate company? Does the Web page and form contain some malicious or dangerous code or content? Will the Web server distribute unauthorized information the user provides to some other party?

Security Issues (cont.) From the company’s perspective: Will the user not attempt to break into the Web server or alter the pages and content at the site? Will the user will try to disrupt the server so that it isn’t available to others?

Security Issues From both parties’ perspectives: Is the network connection free from eavesdropping by a third party “listening” on the line? Has the information sent back and forth between the server and the user’s browser been altered?

Security Requirements Authentication: The process by which one entity verifies that another entity is who they claim to be Authorization: The process that ensures that a person has the right to access certain resources Next…..

Auditing: The process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions Confidentiality: Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes Next…..

Integrity: As applied to data, the ability to protect data from being altered or destroyed in an unauthorized or accidental manner Nonrepudiation: The ability to limit parties from refuting that a legitimate transaction took place, usually by means of a signature

Types of Threats and Attacks Nontechnical attack: An attack that uses chicanery to trick people into revealing sensitive information or performing actions that compromise the security of a network

Types of Threats and Attacks

Types of Threats and Attacks Social engineering: A type of nontechnical attack that uses social pressures to trick computer users into compromising computer networks to which those individuals have access

Types of Threats and Attacks Multiprong approach used to combat social engineering: Education and training Policies and procedures Penetration testing

Types of Threats and Attacks Technical attack: An attack perpetrated using software and systems knowledge or expertise

Types of Threats and Attacks Common (security) vulnerabilities and exposures (CVEs): Publicly known computer security risks, which are collected, listed, and shared by a board of security-related organizations

Types of Threats and Attacks Denial-of-service (DoS) attack: An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources

Types of Threats and Attacks Distributed denial-of-service (DDoS) attack: A denial-of-service attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses these multiple computers to send a flood of data packets to the target computer

Types of Threats and Attacks

Types of Threats and Attacks Malicious code takes a variety of forms— both pure and hybrid Virus: A piece of software code that inserts itself into a host, including the operating systems, to propagate; it requires that its host program be run to activate it Worm: A software program that runs independently, consuming the resources of its host in order to maintain itself and is capable of propagating a complete working version of itself onto another machine

Types of Threats and Attacks Macro virus or macro worm: A virus or worm that is executed when the application object that contains the macro is opened or a particular procedure is executed Trojan horse: A program that appears to have a useful function but that contains a hidden function that presents a security risk

Managing EC Security Common mistakes in managing their security risks (McConnell 2002): Undervalued information Narrowly defined security boundaries Reactive security management Dated security management processes Lack of communication about security responsibilities

Managing EC Security Security risk management: A systematic process for determining the likelihood of various security attacks and for identifying the actions needed to prevent or mitigate those attacks

Managing EC Security Phases of security risk management Assessment Planning Implementation Monitoring

Managing EC Security Phase 1: Assessment Evaluate security risks by determining assets, vulnerabilities of their system, and potential threats to these vulnerabilities Next…..

Phase 2: Planning Goal of this phase is to arrive at a set of policies defining which threats are tolerable and which are not Policies also specify the general measures to be taken against those threats that are intolerable or high priority Next…..

Phase 3: Implementation Particular technologies are chosen to counter high-priority threats First step is to select generic types of technology for each of the high priority threats Next…..

Phase 4: Monitoring to determine Which measures are successful Which measures are unsuccessful and need modification Whether there are any new types of threats Whether there have been advances or changes in technology Whether there are any new business assets that need to be secured

Tugas Jawab pertanyaan ini dan kumpulkan hari ini: Sebutkan dan jelaskan tentang e-Business Application Architecture ! Sebutkan dan jelaskan tentang Tools for Enterprise Collaboration ! Sebutkan dan jelaskan tentang Marketing Information Systems !