Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information.

Published byAbel Thornton Modified over 9 years ago

Similar presentations

Presentation on theme: "IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information."— Presentation transcript:

1 IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information –Send via Email to robkaufmaniii@aol.com

2 Student Background Information Name Phone # (opt) and reliable email address IS/CS background Security background Why you are taking this course What do you expect out of this course

3 Syllabus http://faculty.business.utsa.edu/rkaufman/

4 Who relies on computers? Transportation Systems Personal and corporate financial records and systems Banking and financial institutions Hospitals and the medical community The public telephone network Air Traffic Control Power systems and other utilities The government and the military Just about everybody

5 Citibank Probably the largest and most famous publicly acknowledged theft Occurred in 1994 Vladimir Levin, a 30-year old Russian hacker stole more than $10M All but a few hundred thousand dollars recovered The actual dollar figure lost was minimal to an organization as large as Citibank, what was more important is how this affected people’s impression of the bank. How many accounts were lost as a result of this public incident?

6 Worcester Airport Occurred in early 1997 14 year old hacker broke into a NYNEX digital loop carrier system through a dial-in port The individual, who called himself “jester”, disrupted telephone service for over 600 residents of Rutland, Mass as well as communications at Worcester Airport Communication to the tower and emergency services was disrupted as well as the main radio transmitter and an electronic system which enables aircraft to send a signal to activate the runway lights

7 Omega Engineering Timothy Lloyd was convicted in May 2000 of causing an estimated $12 million in damages to his former employer. Back in 1996, Lloyd discovered he was about to be fired He planted a logic bomb that systematically erased all of Omega’s contracts and the proprietary software used by the company’s manufacturing tools. Lloyd’s act of insider cyberterrorism cost Omega its competitive position in the electronics manufacturing market. At Lloyd’s trial, plant manager Jim Ferguson said, “We will never recover.”

8 And probably the most widely known security problem… In March 1999, David Smith, a New Jersey resident, released the Melissa virus. The estimated damage it caused: $80 million. In May 2000, 23-year old college Philippine college student, Onel de Guzman, released the “Love Bug” virus which proceeded to cause an estimated $8 Billion in damages worldwide.

9 DISA VAAP Results PROTECTIONPROTECTION DETECTIONDETECTION REACTIONREACTION 38,000 Attacks 24,700 Succeed 13,300 Blocked 988 Detected 23,712 Undetected 267 Reported 721 Not Reported

10 To date, Chinese hackers already have unlawfully defaced a number of U.S. web sites, replacing existing content with pro-Chinese or anti-U.S. rhetoric. In addition, an Internet worm named "Lion" is infecting computers and installing distributed denial of service (DDOS) tools on various systems. Hack Attack: New Global Way Of War Washington Times April 23, 2001, Front Page “China Warns Of Hack Attack” Collateral Damage May Soon Have A New Definition 101001000110010010100100010010001000100101001 ADVISORY 01- 009 Issued 04/26/2001

11 You have to have security, or else… 1999 CSI/FBI Computer Crime & Security Survey –521 security “practitioners” in the U.S. 30% reported system penetrations from outsiders, an increase for the third year in a row 55% reported unauthorized access from insiders, also an increase for the third year in a row Losses due to computer security breaches totaled (for the 163 respondents reporting a loss) $123,779,000 Average loss $759,380

12 You have to have security, or else… 2000 CSI/FBI Computer Crime and Security Survey –643 security “practitioners” in the U.S. 90% reported computer security breaches within the previous 12 months 70% reported unauthorized use 74% suffered financial losses due to breaches Losses due to computer security breaches totaled (for the 273 respondents reporting a loss) $265,589,940 Average loss $972,857

13 You have to have security, or else… 2001 CSI/FBI Computer Crime and Security Survey –538 security “practitioners” in the U.S. 91% reported computer security breaches within the previous 12 months 70% reported their Internet connection as a frequent point of attack (up from 59% in 2000) 64% suffered financial losses due to breaches, 35% could quantify this loss. Losses due to computer security breaches totaled (for the 186 respondents reporting a loss) $377,828,700 Average loss $2,031,337

14 You have to have security, or else… 2002 CSI/FBI Computer Crime & Security Survey –503 security “practitioners” in the U.S. 90% detected computer security breaches 40% detected penetrations from the outside 80% acknowledged financial losses due to breaches $455,848,000 in losses due to computer security breaches totaled (for the 223 respondents reporting a loss) 26 reported theft of proprietary info ($170,827,000) 25 reported financial fraud ($115,753,000) 34% reported intrusions to law enforcement 78% detected employee abuse of internet access privileges, i.e. pornography and inappropriate email use Average loss $2,044,161

15 A sampling of activity from a security perspective March 1999 - EBay gets hacked March 1999 - Melissa virus hits Internet April 1999 - Chernobyl Virus hits May 1999 - Hackers shut down web sites of FBI, Senate, and DOE June 1999 - Worm.Explore.Zip virus hits July 1999 - Cult of the Dead Cow (CDC) releases Back Orifice Sept 1999 - Hacker pleads guilty to attacking NATO and Gore web sites Oct 1999 - teenage hacker admits to breaking into AOL Nov 1999 - BubbleBoy virus hits Dec 1999 - Babylonia virus spreads Feb 2000 - several sites experience DOS attacks Feb 2000 - Alaska Airlines site hacked May 2000 - Love Bug virus ravages net

16 Internet Security Software Market 2002 - $7.4 Billion est. 1999 - $4.2 Billion 1998 - $3.1 Billion 1997 - $2 Billion ’97 & ’98 figures based on a study released by market research firm International Data Corp. in Framingham, Mass. ’99 & ’02 figures from IDC study based on a survey of 300 companies with more than $100 million in annual revenues

17 What are our goals in Security? The “CIA” of security –Confidentiality –Integrity –Availability –(authentication) –(nonrepudiation)

18 The “root” of the problem Most security problems can be grouped into one of the following categories: –Network and host misconfigurations Lack of qualified people in the field –Operating system and application flaws Deficiencies in vendor quality assurance efforts Lack of qualified people in the field Lack of understanding of/concern for security

19 Computer Security Operational Model Protection = Prevention+ (Detection + Response) Access Controls Encryption Firewalls Intrusion Detection Incident Handling

20 Proactive –vs- Reactive Models “Most organizations only react to security threats, and, often times, those reactions come after the damage has already been done.” “The key to a successful information security program resides in taking a pro- active stance towards security threats, and attempting to eliminate vulnerability points before they can be used against you.”

Download ppt "IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information."

Similar presentations

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)

Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
IS6303 Intro to Voice and Data Security

IS6303 Intro to Voice and Data Security
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
22 November 2010. Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.

22 November Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Network Security of The United States of America By: Jeffery T. Pelletier.

Network Security of The United States of America By: Jeffery T. Pelletier.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures

Similar presentations

Ads by Google