Download presentation
Presentation is loading. Please wait.
Published byDonald Alexander Modified over 9 years ago
1
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security
2
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Outline What is Security What is Electronic security Objectives of security Importance of security Types of security Security policy Security Tips
3
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE What is Security? That which secures; protection; a state of safety or safe keeping.
4
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Electronic Security The process of preventing and detecting unauthorized use of a computer based information system Prevention measures to stop unauthorized users from accessing any part of the computer based information system
5
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Importance of Security Privacy Crime Networks and their associated technologies have opened the door to an increasing number of security threats. Important data can be lost, privacy can be violated and the computer can even be used by an outside attacker to attack other computers on the Internet.
6
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE WHO MIGHT ATTACK? Hackers In security circles, most of these people are known as "script kiddies." Business rivals Competitors may try to obtain information illicitly through your virtual back doors.
7
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE WHO MIGHT ATTACK? Foreign intelligence Another area of concern is foreign espionage. France, Israel, and Russia are known to have active industrial espionage efforts underway against the United States. Insiders they may be hackers for their own amusement, for example, or they may be working for rivals or foreign intelligence agencies.
8
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Internet Access Corporate Intranet Internet Presence eCommerce Extranets Security Considerations Internet Business Value
9
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Objectives of Security Confidentiality Integrity Availability
10
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Confidentiality The process used to protect secret information from unauthorized disclosure. Secret data needs to be protected when it is stored or when it is being transmitted over the network.
11
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Integrity Refers to the unauthorized changing of creation of values of data within the system. Data Integrity detects whether the data has been modified during transmission. Such modification may be the result of an attack or a transmission error ( corruption).
12
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Integrity (cont.) There are legal concerns regarding Anonymity of source Ease of reproduction Detection of alteration Unauthorised disclosure attribution
13
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Availability Caused by equipment malfunction, equipment destruction (natural disaster) or equipment loss (theft). Example: Computer Virus ( causes the system to be unavailable for an extended period while the virus is removed and corrupted data is reprocessed).
14
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Types of Security Technical Countermeasures Non-Technical Countermeasures Physical Procedural
15
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE A Balanced Approach to Security Security Conscious People Policies & Procedure Network Controls Security Software Threats Resources
16
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Technical Countermeasures Passwords Encryption Cryptography Digital Signatures Firewalls Key locks Smart cards biometrics
17
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Passwords computer system is password protected Make passwords as meaningless as possible No real words (forward or backwards) Mixture of letters and numbers Change passwords regularly Never divulge passwords to anyone
18
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Encryption Encryption technology ensures that messages cannot be intercepted or read by anyone other than the authorized recipient. Encryption is usually deployed to protect data that is transported over a public network such as the Internet and uses advance mathematical algorithms to ‘scramble’ messages and their attachments.
19
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Where is Encryption used: ATM’s EFTPOS Internet transaction Protects medical records, corporate trades secrets, air traffic control centres etc.
20
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Cryptography It is the practical art of converting messages or data into a different form, such that no-one can read them without having access to the 'key'. The message may be converted using a 'code' (in which case each character or group of characters is substituted by an alternative one), or a 'cypher' or 'cipher' (in which case the message as a whole is converted, rather than individual characters). Cryptanalysis is the science of 'breaking' or 'cracking' encryption schemes, i.e. discovering the decryption key.
21
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Symmetric Cryptography The same key is used for encrypting and decrypting messages
22
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Cryptography Multiple people encrypt messages using the recipient’s well-known public key. The recipient decrypts it with her private key.
23
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Cryptography (cont.) A message encrypted with a Public Key can only be decrypted with the private Key A message encrypted with the private key can only be decrypted with the public key
24
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Cryptography (cont.) Key Distribution Certification Authority (CA) acts as a trusted third party which distributes digital certificates. The digital certificates which are publicly distributed contain a user’s public key as well as other information such as the user’s personal details and the expiry date of the key. Registration Authoriy verifies a user’s identity at the time the user applies for a digital certificate. Often the CA and an RA are the same entities.
25
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Distribution
26
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Digital Signatures Block of text that is used to verify that a message really comes from the claimed sender. Can also be used to verify the time document was sent. can only be generated by the sender and is very difficult for anyone else to forge.
27
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Digital Signature Process
28
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Digital Envelopes 1.Sender generates a random message key (K). Sender encrypts the message (M) with K, creating the cipher text message (CM). 2.Sender encrypts K with recipient’s public key (RPubK), generating cipher text CK. 3.Sender computes a digital signature (S) using her private signature (SPrivK) 4.Sender sends CK, CM and S to recipient. 5.Recipient uses his private key (RPrivK) to decrypt CK and obtain K. 6.Recipient uses K to decrypt CM and get M. 7.Recipient uses sender’s public key (SPubK) to validate S.
29
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
30
Firewalls A firewall is a device that is placed between your system and the internet. It can monitor and filter any incoming and outgoing traffic. Offers a single point at which security can be monitored and alarms generated. Encryption can be used as a safeguard. There should be a security policy in place. An important point need to keep in mind that firewalls are not always impenetrable.
31
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Physical Countermeasures Is defined as the protection of its resources against threats of damage, theft and natural disasters. Involves a layered approach
32
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Computer Security Building Security End User Security Hacker Attacks Physical Intrusion Unauthenticated Access Environmental Disruption
33
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Building Security Guard Alarm system Surveillance system Perimeter security ( adequate lighting, security fences) Warning signs Centralized control (response to an attack as quickly as possible)
34
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Procedural Conditions of use (layout expectations) Key locks Supervision Usage monitoring Safe storage of data Backup (make copies of data and softwares) User authorisation Intruder detection Monitoring and control Business Continuity Plans Disaster Recovery Plans
35
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Disaster Recovery Plan Approved set of arrangements and procedures that enable an organisation to respond to a disaster and resume its critical business functions within a defined time frame Business Continuity Plan Process of developing advanced arrangements and procedures that enable an organisation to respond to an event in such a manner that critical business functions continue without interruption or essential change
36
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Natural Disasters Causes extensive damage such as: Loss of power, communication lines and processing; buildings set on fire; building collapsing. To overcomes the damages organizations should: Secure external communication links; Install lighting protection; create firebreaks around buildings; insure appropriate building construction.
37
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE IT Security Policy Example http://www.uts.edu.au/div/publications/policies/select/itsecurity.html
38
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Assess the Situation Fix High Risk Vulnerabilities Secure the Perimeter Secure the Interior Deploy Monitors Test\Attack High Risks How to secure an environment
39
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security Tips Use protection software "anti-virus software" and keep it up to date. Don't open email from unknown sources. Use hard-to-guess passwords. Protect your computer from Internet intruders -- use "firewalls". Don't share access to your computers with strangers. Learn about file sharing risks. Back up your computer data.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.