Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be.

Slides:



Advertisements
Similar presentations
Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.
Advertisements

CS5038 The Electronic Society
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &
Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Network security policy: best practices
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Securing Information Systems
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Chapter 5 Security Threats to Electronic Commerce
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Internet Security for Small & Medium Business Week 6
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
ELC 200 Day 22 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 22 Agenda Quiz 3 Corrected –14 A’s, 2 B’s and 3 no-takes –Too easy!
ACM 511 Introduction to Computer Networks. Computer Networks.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Chapter 13 Understanding E-Security. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security.
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
Computer Security By Duncan Hall.
W elcome to our Presentation. Presentation Topic Virus.
Security and Ethics Safeguards and Codes of Conduct.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
IS3220 Information Technology Infrastructure Security
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Securing Information Systems
Security Issues in Information Technology
Securing Information Systems
Controlling Computer-Based Information Systems, Part II
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
INFORMATION SYSTEMS SECURITY and CONTROL
Security.
Chapter # 3 COMPUTER AND INTERNET CRIME
Presentation transcript:

Chapter 9 E-Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be April 30 Chap 13, 14, & 15 Assignment 8 (last) will be assigned next week Should be progressing on Framework Lecture/Discuss E-security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 3 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security How Much Risk Can You Afford? Virus – Computer Enemy #1 Security Protection & Recovery E-Security: Objectives

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 4 ABUSE & FAILURE Fraud Theft Disruption of Service Loss of Customer Confidence E-Security: Security in Cyberspace

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 5 WHY INTERNET IS DIFFERENT? E-Security: Security in Cyberspace Paper-Based CommerceElectronic Commerce Signed paper DocumentsDigital Signature Person-to-personElectronic via Website Physical Payment SystemElectronic Payment System Merchant-customer Face-to-faceFace-to-face Absence Easy Detectability of modificationDifficult Detectability Easy NegotiabilitySpecial Security Protocol

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 6 Digital Signature Act (Oct 1v 2000) A contract or agreement in interstate or foreign commerce will not be denied legal effect, validity, or enforceability if the contract or agreement is in electronic form and is signed by an electronic signature. Note that the act covers only foreign and interstate commerce. Therefore, where both parties to a contract are in the same state, the law would not seem to apply. However, most states have enacted their own digital signature laws, which cover intrastate transactions. The Act permits, but does not require the use of an electronic signature. A legal requirement to furnish a record to a consumer in writing can be satisfied by an electronic record, so long as the consumer consents. A legal record retention requirement can be satisfied with electronic records.

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 7 SECURITY CONCERNS Confidentiality Authentication Integrity Access Control Non-repudiation Firewalls E-Security: Conceptualizing Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 8 INFORMATION SECURITY DRIVERS Global trading –On-line, real time Availability of reliable security packages –Good products…expensive Changes in attitudes toward security –Strategic asset E-Security: Conceptualizing Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 9 PRIVACY FACTOR E-Security: Conceptualizing Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 10 DESIGNING FOR SECURITY Adopt a reasonable security policy –Cost effective –Proactive Consider web security needs –Data sensitivity Design the security environment Authorizing and monitoring the system –Accountability –Traceability E-Security: Designing for Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 11 ADOPT A REASONABLE SECURITY POLICY Policy –Understanding the threats information must be protected against to ensure Confidentiality Integrity Privacy –Should cover the entire e-commerce system Internet security practices Nature & level of risks Procedure of failure recovery E-Security: Designing for Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 12 SECURITY PERIMETER Firewalls Authentication Virtual Private Networks (VPN) Intrusion Detection Devices E-Security: Designing for Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 13 Security Design Process Adopt a Security Policy That Makes Sense Authorize and Monitor The Security System Police The Security Perimeter Design The Security Environment Consider Web Security Needs

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 14 AUTHORIZING & MONITORING SYSTEM Monitoring –Capturing processing details for evidence –Verifying e-commerce is operating within security policy –Verifying attacks have been unsuccessful E-Security: Designing for Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 15 HOW MUCH RISK CAN YOU AFFORD? Determine specific threats inherent to the system design Estimate pain threshold Analyze the level of protection required E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 16 KINDS OF THREATS / CRIMES Physically-related –Create physical changes Order-related –Manipulation of existing orders Electronically-related –Sniffers –Spoofers –Script kiddies E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 17 CLIENT SECURITY THREATS Why? –Sheer Nuisances –Deliberate Corruption of Files –Rifling Stored Information How? –Physical Attack –Virus –Computer-to-computer Attack E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 18 SERVER SECURIY THREATS Web server with an active port Windows NT server, not upgraded to act as firewall Anonymous FTP service Web server directories that can be accessed & indexed E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 19 HOW HACKERS ACTIVATE A DISTRIBUTED DENIAL OF SERVICE ATTACK (DDoS) Break into less-secured computers connected to a high-bandwidth network Installs stealth program which duplicate itself indefinitely to congest network traffic Specifies a target network from a remote location and activates the planted program Victim’s network is overwhelmed & users are denied access E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 20 VIRUS – COMPUTER ENEMY #1 A malicious code replicating itself to cause disruption of the information infrastructure Attacks system integrity, circumvent security capabilities & cause adverse operation Incorporate into computer networks, files & other executable objects E-Security: Virus – Computer Enemy #1

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 21 TYPES OF VIRUSES Boot Virus –Attacks boot sectors of the hard drive Macro Virus –Exploits macro commands in software application E-Security: Virus – Computer Enemy #1

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 22 VIRUS CHARACTERISTICS Fast –Easily invade and infect computer hard disk Slow –Less likely to detect & destroy Stealth –Memory resident –Able to manipulate its execution to disguise its presence E-Security: Virus – Computer Enemy #1

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 23 ANTI-VIRUS STRATEGY Establish a set of simple enforceable rules Educate & train users Inform users of the existing & potential threats to the company’s systems Update the latest anti-virus software periodically E-Security: Virus – Computer Enemy #1

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 24 BASIC INTERNET SECURITY PRACTICES Password – –Alpha-numeric –Mix with upper and lower cases –Change frequently –No dictionary names Encryption –Coding of messages in traffic between the customer placing an order and the merchant’s network processing the order E-Security: Security Protection & Recovery

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 25 SECURITY RECOVERY Attack Detection Damage Assessment Correction & Recovery Corrective Feedback E-Security: Security Protection & Recovery

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 26 FIREWALL & SECURITY Firewall –Enforces an access control policy between two networks –Detects intruders, blocks them from entry, keeps track what they did & notifies the system administrator E-Security: Firewall & Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 27 WHAT FIREWALL CAN PROTECT services known to be problems Unauthorized external logins Undesirable material, e.g. pornography Unauthorized sensitive information E-Security: Firewall & Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 28 WHAT FIREWALL CAN’T PROTECT Attacks without going through the firewall Weak security policy ‘Traitors’ or disgruntled employees Viruses via floppy disks Data-driven attack E-Security: Firewall & Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 29 SPECIFIC FIREWALL FEATURES Security Policy Deny Capability Filtering Ability Scalability Authentication Recognizing Dangerous Services Effective Audit Logs E-Security: Firewall & Security

Awad –Electronic Commerce 2/e © 2003 Prentice Hall 30 Assignment # 7 On Page 276 Answer Discussion Questions 1, 2 & 3 –Answers should be well reasoned and explained in under one page per question –Turn in a well formatted typed response sheet –Due Tuesday, November 19 at start of class

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.