IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information.

Slides:



Advertisements
Similar presentations
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Advertisements

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
IS6303 Intro to Voice and Data Security
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
1 Telstra in Confidence Managing Security for our Mobile Technology.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
22 November Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Network Security of The United States of America By: Jeffery T. Pelletier.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures
Chapter 1 Introduction to Security
Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Presentation By Timothy Mangas. Why should we worry? Crimes committed using the computer or Internet can be more costly (money wise) than other crimes.
CYBER CRIME AND SECURITY TRENDS
IS3513 Information Assurance and Security
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Introduction and Security Trends Chapter 1.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
APA of Isfahan University of Technology In the name of God.
Securing Information Systems
Kholoud AlSafadi Ethical Issues in Information Systems and the Internet.
Viruses.
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
L esson 1 Course Introduction. UTSA IS 6353 Incident Response Overview Course Administrivia Info Assurance Review Incident Response.
Cyber crime & Security Prepared by : Rughani Zarana.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.
Trends and Issues Basic Computer Concepts Education  Children are outpacing adults on the technology track. Education plays a major role in guiding.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
L esson 1 Course Introduction. UTSA IS 3523 ID & Incident Response Overview Course Administrivia Info Assurance Review Incident Response.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
CS 4001Mary Jean Harrold1 Class 25 ŸComputer crime ŸAssign ŸTerm paper—due 11/20.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Cybercrime What is it, what does it cost, & how is it regulated?
What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.
Lesson 1-Introduction and Security Trends. Background  Terrorists have targeted people and physical structures. – The average citizens are more likely.
Computer threats, Attacks and Assets upasana pandit T.E comp.
Lesson 1 Course Introduction
MIS323 – Business Telecommunications Chapter 10 Security.
Securing Information Systems
Securing Information Systems
Cyber Security Zafar Sadik
To spy or not to spy; that is the question
Securing Information Systems
Security in Networking
Today’s Risk. Today’s Solutions. Cyber security and
Cyber Trends and Market Update
A Gift of Fire Third edition Sara Baase
Forensic and Investigative Accounting
Presentation transcript:

IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information –Send via to

Student Background Information Name Phone # (opt) and reliable address IS/CS background Security background Why you are taking this course What do you expect out of this course

Syllabus

Who relies on computers? Transportation Systems Personal and corporate financial records and systems Banking and financial institutions Hospitals and the medical community The public telephone network Air Traffic Control Power systems and other utilities The government and the military Just about everybody

Citibank Probably the largest and most famous publicly acknowledged theft Occurred in 1994 Vladimir Levin, a 30-year old Russian hacker stole more than $10M All but a few hundred thousand dollars recovered The actual dollar figure lost was minimal to an organization as large as Citibank, what was more important is how this affected people’s impression of the bank. How many accounts were lost as a result of this public incident?

Worcester Airport Occurred in early year old hacker broke into a NYNEX digital loop carrier system through a dial-in port The individual, who called himself “jester”, disrupted telephone service for over 600 residents of Rutland, Mass as well as communications at Worcester Airport Communication to the tower and emergency services was disrupted as well as the main radio transmitter and an electronic system which enables aircraft to send a signal to activate the runway lights

Omega Engineering Timothy Lloyd was convicted in May 2000 of causing an estimated $12 million in damages to his former employer. Back in 1996, Lloyd discovered he was about to be fired He planted a logic bomb that systematically erased all of Omega’s contracts and the proprietary software used by the company’s manufacturing tools. Lloyd’s act of insider cyberterrorism cost Omega its competitive position in the electronics manufacturing market. At Lloyd’s trial, plant manager Jim Ferguson said, “We will never recover.”

And probably the most widely known security problem… In March 1999, David Smith, a New Jersey resident, released the Melissa virus. The estimated damage it caused: $80 million. In May 2000, 23-year old college Philippine college student, Onel de Guzman, released the “Love Bug” virus which proceeded to cause an estimated $8 Billion in damages worldwide.

DISA VAAP Results PROTECTIONPROTECTION DETECTIONDETECTION REACTIONREACTION 38,000 Attacks 24,700 Succeed 13,300 Blocked 988 Detected 23,712 Undetected 267 Reported 721 Not Reported

To date, Chinese hackers already have unlawfully defaced a number of U.S. web sites, replacing existing content with pro-Chinese or anti-U.S. rhetoric. In addition, an Internet worm named "Lion" is infecting computers and installing distributed denial of service (DDOS) tools on various systems. Hack Attack: New Global Way Of War Washington Times April 23, 2001, Front Page “China Warns Of Hack Attack” Collateral Damage May Soon Have A New Definition ADVISORY Issued 04/26/2001

You have to have security, or else… 1999 CSI/FBI Computer Crime & Security Survey –521 security “practitioners” in the U.S. 30% reported system penetrations from outsiders, an increase for the third year in a row 55% reported unauthorized access from insiders, also an increase for the third year in a row Losses due to computer security breaches totaled (for the 163 respondents reporting a loss) $123,779,000 Average loss $759,380

You have to have security, or else… 2000 CSI/FBI Computer Crime and Security Survey –643 security “practitioners” in the U.S. 90% reported computer security breaches within the previous 12 months 70% reported unauthorized use 74% suffered financial losses due to breaches Losses due to computer security breaches totaled (for the 273 respondents reporting a loss) $265,589,940 Average loss $972,857

You have to have security, or else… 2001 CSI/FBI Computer Crime and Security Survey –538 security “practitioners” in the U.S. 91% reported computer security breaches within the previous 12 months 70% reported their Internet connection as a frequent point of attack (up from 59% in 2000) 64% suffered financial losses due to breaches, 35% could quantify this loss. Losses due to computer security breaches totaled (for the 186 respondents reporting a loss) $377,828,700 Average loss $2,031,337

You have to have security, or else… 2002 CSI/FBI Computer Crime & Security Survey –503 security “practitioners” in the U.S. 90% detected computer security breaches 40% detected penetrations from the outside 80% acknowledged financial losses due to breaches $455,848,000 in losses due to computer security breaches totaled (for the 223 respondents reporting a loss) 26 reported theft of proprietary info ($170,827,000) 25 reported financial fraud ($115,753,000) 34% reported intrusions to law enforcement 78% detected employee abuse of internet access privileges, i.e. pornography and inappropriate use Average loss $2,044,161

A sampling of activity from a security perspective March EBay gets hacked March Melissa virus hits Internet April Chernobyl Virus hits May Hackers shut down web sites of FBI, Senate, and DOE June Worm.Explore.Zip virus hits July Cult of the Dead Cow (CDC) releases Back Orifice Sept Hacker pleads guilty to attacking NATO and Gore web sites Oct teenage hacker admits to breaking into AOL Nov BubbleBoy virus hits Dec Babylonia virus spreads Feb several sites experience DOS attacks Feb Alaska Airlines site hacked May Love Bug virus ravages net

Internet Security Software Market $7.4 Billion est $4.2 Billion $3.1 Billion $2 Billion ’97 & ’98 figures based on a study released by market research firm International Data Corp. in Framingham, Mass. ’99 & ’02 figures from IDC study based on a survey of 300 companies with more than $100 million in annual revenues

What are our goals in Security? The “CIA” of security –Confidentiality –Integrity –Availability –(authentication) –(nonrepudiation)

The “root” of the problem Most security problems can be grouped into one of the following categories: –Network and host misconfigurations Lack of qualified people in the field –Operating system and application flaws Deficiencies in vendor quality assurance efforts Lack of qualified people in the field Lack of understanding of/concern for security

Computer Security Operational Model Protection = Prevention+ (Detection + Response) Access Controls Encryption Firewalls Intrusion Detection Incident Handling

Proactive –vs- Reactive Models “Most organizations only react to security threats, and, often times, those reactions come after the damage has already been done.” “The key to a successful information security program resides in taking a pro- active stance towards security threats, and attempting to eliminate vulnerability points before they can be used against you.”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.