E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level 2 2013-2014 Try to be the Best.

Slides:

Advertisements

Similar presentations

CS5038 The Electronic Society

Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

Information Security Policies and Standards

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.

Prentice Hall, Chapter 13 E-Commerce Security.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Introduction (Pendahuluan)  Information Security.

Overview of IS Auditing n Need for control and Audit of Computers –Org cost of data loss –cost of incorrect decision –Value of hardware, software, personnel.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Introduction to Network Defense

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Information Security Technological Security Implementation and Privacy Protection.

SEC835 Database and Web application security Information Security Architecture.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Cryptography and Network Security

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

BUSINESS B1 Information Security.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Dimensions of E – Commerce Security

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Information Security What is Information Security?

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Topic 5: Basic Security.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

CONTROLLING INFORMATION SYSTEMS

Computer Security By Duncan Hall.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Copyright © 2013 – Curt Hill Computer Security An Overview.

UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 16 – IT Security.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Information Management System Ali Saeed Khan 29 th April, 2016.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Network Security Overview

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

Issues and Protections

Pertemuan 20 Materi : Buku Wajib & Sumber Materi :

Secure Software Confidentiality Integrity Data Security Authentication

Chapter 17 Risks, Security and Disaster Recovery

INFORMATION SYSTEMS SECURITY and CONTROL

Cybersecurity Threat Assessment

PLANNING A SECURE BASELINE INSTALLATION

Mohammad Alauthman Computer Security Mohammad Alauthman

Definition Of Computer Security

ONAP Risk Assessment – Preparation Material - Overview of the Process - Terminology - Assumptions

Presentation transcript:

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best

Elements of Lecture Introduction Why SecurityBasic Security IssuesSecurity Risk ManagementTypes of threats and attackSecurity Technologies

Introduction Why Security  With the rapid growth of EC, things have changed, consumers use their credit cards to purchase goods and services online, they also use their account to conduct business. “This needs a serious protection of the data being transferred over the internet, so security needed.”

Basic Security Issues AuthenticationAuthorizationAuditingPrivacyIntegrity

Basic Security Issues Authentication

Basic Security Issues  The Process to verify (assure) the real identity of an individual, computer, computer program, or EC Web site  Authentication requires evidence in the form of identifications, which can take a variety of forms including something known; something possessed or something unique such as passwords, smartcards and signatures. Authentication

Basic Security Issues Authorization Allow Not Allow

Basic Security Issues Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform Authorization

Basic Security Issues Auditing

Basic Security Issues If a person or program accesses a web site, various pieces of information are noted in a log file. If a person or program queries a database, the action is also noted in a log file. Process of recording information about what Web site, data, file, or network was accessed, when, and by whom or what. Auditing

Basic Security Issues It’s the collection of information about accessing particular resources, using particular privileges, or performing other security actions is known as auditing. Auditing

Basic Security Issues Privacy

Basic Security Issues Privacy: information that is private or sensitive should not be disclosed to unauthorized individuals, some examples are business plans, credit card numbers and even fact that a person visited a particular web site. This information is confidential and private. Privacy

Basic Security Issues Integrity

Basic Security Issues Integrity: the ability to protect data from being altered or destroyed in an unauthorized or accidental manner is called integrity. Data can be altered or destroyed while it's in transit of after it is stored. Integrity

Security Risk Management Risk Management consists of four phases, assessment, planning, implementation and monitoring phases. To understand these phases a few definitions are in order.

Security Risk Management Assets: Anything of value that is worth securing. They can include tangible goods and intangible. Threat: Any eventuality that represents a danger to an asset. Vulnerability: Weakness in software or other mechanism that threatens the confidentiality, integrity, or availability of an asset. It can be directly used by a hacker to gain access to a system or network

Security Risk Management In this phase, organizations evaluate their security risks by determining their assets, threats, and vulnerabilities.

Security Risk Management HOW

Security Risk Management 1)Determine organizational objective: it's possible to safeguard against every eventuality, safeguards should be selected on the basis of an organization's objectives and requirements. 2)Inventory Assets: should be itemize all of the critical tangible and intangible assets on the network. The relative value and criticality of these assets also needs to be determined.

Security Risk Management 3)Delineate threats: potential risks can come from any person or thing that can use the network to harm an organization's assets, including hackers, viruses, human errors 4)Identify Vulnerabilities

Security Risk Management 5)Quantify the value for each risk: this is what is meant by quantitative risk analysis, in which equations used to assign a numerical value to a risk. The calculated values of the various risks are used to prioritize those risks that need safeguarding. Risk= Assets X Threat X Vulnerability.

Security Risk Management In this phase, the primary goal of this phase is to arrive at a set of security policies defining which threats are tolerable and which are not.

Security Risk Management HOW

Security Risk Management 1)Define Specific Policies: each policy needs to detail how a particular safeguard will be instituted, why the safeguard is being implemented, when it will be responsible for the safeguard.

Security Risk Management 2)Establish processes for audit and review: security is an ongoing activity that needs to be adapted to changes in an organization's objectives, assets, threats and vulnerabilities. This requires regular reviews in order to determine the effectiveness of particular policies.

Security Risk Management 3)Establish an incident response team and contingency plan.

Security Risk Management In this phase, particular technologies are chosen to counter high-priority threats. The selection of particular technologies is based on the general guidelines established in the planning phase. A first step of this phase is selecting generic types of technology for each of the high priority threats. Given the generic types, particular software from particular vendors can then be selected.

Security Risk Management It's ongoing process that is used to determine which measures are successful. Which measures are unsuccessful and need modification, whether there are any new types of threat, whether there have been advances or changes in technology and whether there are any new business requirements that need securing.

Types of threats and attacks

Security Tehcnologies