Presentation is loading. Please wait.

Presentation is loading. Please wait.

MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security.

Similar presentations


Presentation on theme: "MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security."— Presentation transcript:

1 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security

2 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Outline  What is Security  What is Electronic security  Objectives of security  Importance of security  Types of security  Security policy  Security Tips

3 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE What is Security?  That which secures;  protection;  a state of safety or safe keeping.

4 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Electronic Security  The process of preventing and detecting unauthorized use of a computer based information system  Prevention measures to stop unauthorized users from accessing any part of the computer based information system

5 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Importance of Security  Privacy  Crime  Networks and their associated technologies have opened the door to an increasing number of security threats.  Important data can be lost, privacy can be violated and the computer can even be used by an outside attacker to attack other computers on the Internet.

6 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE WHO MIGHT ATTACK?  Hackers In security circles, most of these people are known as "script kiddies."  Business rivals Competitors may try to obtain information illicitly through your virtual back doors.

7 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE WHO MIGHT ATTACK?  Foreign intelligence Another area of concern is foreign espionage. France, Israel, and Russia are known to have active industrial espionage efforts underway against the United States.  Insiders they may be hackers for their own amusement, for example, or they may be working for rivals or foreign intelligence agencies.

8 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Internet Access Corporate Intranet Internet Presence eCommerce Extranets Security Considerations Internet Business Value

9 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Objectives of Security  Confidentiality  Integrity  Availability

10 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Confidentiality  The process used to protect secret information from unauthorized disclosure.  Secret data needs to be protected when it is stored or when it is being transmitted over the network.

11 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Integrity  Refers to the unauthorized changing of creation of values of data within the system.  Data Integrity detects whether the data has been modified during transmission. Such modification may be the result of an attack or a transmission error ( corruption).

12 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Integrity (cont.)  There are legal concerns regarding  Anonymity of source  Ease of reproduction  Detection of alteration  Unauthorised disclosure  attribution

13 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Availability  Caused by equipment malfunction, equipment destruction (natural disaster) or equipment loss (theft).  Example: Computer Virus ( causes the system to be unavailable for an extended period while the virus is removed and corrupted data is reprocessed).

14 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Types of Security  Technical Countermeasures  Non-Technical Countermeasures  Physical  Procedural

15 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE A Balanced Approach to Security Security Conscious People Policies & Procedure Network Controls Security Software Threats Resources

16 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Technical Countermeasures  Passwords  Encryption  Cryptography  Digital Signatures  Firewalls  Key locks  Smart cards  biometrics

17 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Passwords  computer system is password protected  Make passwords as meaningless as possible  No real words (forward or backwards)  Mixture of letters and numbers  Change passwords regularly  Never divulge passwords to anyone

18 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Encryption  Encryption technology ensures that messages cannot be intercepted or read by anyone other than the authorized recipient.  Encryption is usually deployed to protect data that is transported over a public network such as the Internet and uses advance mathematical algorithms to ‘scramble’ messages and their attachments.

19 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Where is Encryption used:  ATM’s  EFTPOS  Internet transaction  Protects medical records, corporate trades secrets, air traffic control centres etc.

20 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Cryptography  It is the practical art of converting messages or data into a different form, such that no-one can read them without having access to the 'key'.  The message may be converted using a 'code' (in which case each character or group of characters is substituted by an alternative one), or a 'cypher' or 'cipher' (in which case the message as a whole is converted, rather than individual characters).  Cryptanalysis is the science of 'breaking' or 'cracking' encryption schemes, i.e. discovering the decryption key.

21 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Symmetric Cryptography The same key is used for encrypting and decrypting messages

22 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Cryptography Multiple people encrypt messages using the recipient’s well-known public key. The recipient decrypts it with her private key.

23 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Cryptography (cont.)  A message encrypted with a Public Key can only be decrypted with the private Key  A message encrypted with the private key can only be decrypted with the public key

24 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Cryptography (cont.)  Key Distribution  Certification Authority (CA) acts as a trusted third party which distributes digital certificates.  The digital certificates which are publicly distributed contain a user’s public key as well as other information such as the user’s personal details and the expiry date of the key.  Registration Authoriy verifies a user’s identity at the time the user applies for a digital certificate. Often the CA and an RA are the same entities.

25 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Distribution

26 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Digital Signatures  Block of text that is used to verify that a message really comes from the claimed sender.  Can also be used to verify the time document was sent.  can only be generated by the sender and is very difficult for anyone else to forge.

27 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Digital Signature Process

28 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Digital Envelopes 1.Sender generates a random message key (K). Sender encrypts the message (M) with K, creating the cipher text message (CM). 2.Sender encrypts K with recipient’s public key (RPubK), generating cipher text CK. 3.Sender computes a digital signature (S) using her private signature (SPrivK) 4.Sender sends CK, CM and S to recipient. 5.Recipient uses his private key (RPrivK) to decrypt CK and obtain K. 6.Recipient uses K to decrypt CM and get M. 7.Recipient uses sender’s public key (SPubK) to validate S.

29 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

30 Firewalls  A firewall is a device that is placed between your system and the internet. It can monitor and filter any incoming and outgoing traffic.  Offers a single point at which security can be monitored and alarms generated.  Encryption can be used as a safeguard.  There should be a security policy in place.  An important point need to keep in mind that firewalls are not always impenetrable.

31 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Physical Countermeasures  Is defined as the protection of its resources against threats of damage, theft and natural disasters.  Involves a layered approach

32 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Computer Security Building Security End User Security Hacker Attacks Physical Intrusion Unauthenticated Access Environmental Disruption

33 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Building Security  Guard  Alarm system  Surveillance system  Perimeter security ( adequate lighting, security fences)  Warning signs  Centralized control (response to an attack as quickly as possible)

34 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Procedural  Conditions of use (layout expectations)  Key locks  Supervision  Usage monitoring  Safe storage of data  Backup (make copies of data and softwares)  User authorisation  Intruder detection  Monitoring and control  Business Continuity Plans  Disaster Recovery Plans

35 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE  Disaster Recovery Plan  Approved set of arrangements and procedures that enable an organisation to respond to a disaster and resume its critical business functions within a defined time frame  Business Continuity Plan  Process of developing advanced arrangements and procedures that enable an organisation to respond to an event in such a manner that critical business functions continue without interruption or essential change

36 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Natural Disasters  Causes extensive damage such as:  Loss of power, communication lines and processing; buildings set on fire; building collapsing.  To overcomes the damages organizations should:  Secure external communication links; Install lighting protection; create firebreaks around buildings; insure appropriate building construction.

37 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE IT Security Policy  Example http://www.uts.edu.au/div/publications/policies/select/itsecurity.html

38 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Assess the Situation Fix High Risk Vulnerabilities Secure the Perimeter Secure the Interior Deploy Monitors Test\Attack High Risks How to secure an environment

39 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security Tips  Use protection software "anti-virus software" and keep it up to date.  Don't open email from unknown sources.  Use hard-to-guess passwords.  Protect your computer from Internet intruders -- use "firewalls".  Don't share access to your computers with strangers. Learn about file sharing risks.  Back up your computer data.


Download ppt "MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security."

Similar presentations


Ads by Google