Presentation is loading. Please wait.

Presentation is loading. Please wait.

MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security.

Published byDonald Alexander Modified over 8 years ago

Similar presentations

Presentation on theme: "MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security."— Presentation transcript:

1 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security

2 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Outline  What is Security  What is Electronic security  Objectives of security  Importance of security  Types of security  Security policy  Security Tips

3 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE What is Security?  That which secures;  protection;  a state of safety or safe keeping.

4 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Electronic Security  The process of preventing and detecting unauthorized use of a computer based information system  Prevention measures to stop unauthorized users from accessing any part of the computer based information system

5 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Importance of Security  Privacy  Crime  Networks and their associated technologies have opened the door to an increasing number of security threats.  Important data can be lost, privacy can be violated and the computer can even be used by an outside attacker to attack other computers on the Internet.

6 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE WHO MIGHT ATTACK?  Hackers In security circles, most of these people are known as "script kiddies."  Business rivals Competitors may try to obtain information illicitly through your virtual back doors.

7 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE WHO MIGHT ATTACK?  Foreign intelligence Another area of concern is foreign espionage. France, Israel, and Russia are known to have active industrial espionage efforts underway against the United States.  Insiders they may be hackers for their own amusement, for example, or they may be working for rivals or foreign intelligence agencies.

8 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Internet Access Corporate Intranet Internet Presence eCommerce Extranets Security Considerations Internet Business Value

9 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Objectives of Security  Confidentiality  Integrity  Availability

10 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Confidentiality  The process used to protect secret information from unauthorized disclosure.  Secret data needs to be protected when it is stored or when it is being transmitted over the network.

11 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Integrity  Refers to the unauthorized changing of creation of values of data within the system.  Data Integrity detects whether the data has been modified during transmission. Such modification may be the result of an attack or a transmission error ( corruption).

12 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Integrity (cont.)  There are legal concerns regarding  Anonymity of source  Ease of reproduction  Detection of alteration  Unauthorised disclosure  attribution

13 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Availability  Caused by equipment malfunction, equipment destruction (natural disaster) or equipment loss (theft).  Example: Computer Virus ( causes the system to be unavailable for an extended period while the virus is removed and corrupted data is reprocessed).

14 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Types of Security  Technical Countermeasures  Non-Technical Countermeasures  Physical  Procedural

15 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE A Balanced Approach to Security Security Conscious People Policies & Procedure Network Controls Security Software Threats Resources

16 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Technical Countermeasures  Passwords  Encryption  Cryptography  Digital Signatures  Firewalls  Key locks  Smart cards  biometrics

17 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Passwords  computer system is password protected  Make passwords as meaningless as possible  No real words (forward or backwards)  Mixture of letters and numbers  Change passwords regularly  Never divulge passwords to anyone

18 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Encryption  Encryption technology ensures that messages cannot be intercepted or read by anyone other than the authorized recipient.  Encryption is usually deployed to protect data that is transported over a public network such as the Internet and uses advance mathematical algorithms to ‘scramble’ messages and their attachments.

19 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Where is Encryption used:  ATM’s  EFTPOS  Internet transaction  Protects medical records, corporate trades secrets, air traffic control centres etc.

20 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Cryptography  It is the practical art of converting messages or data into a different form, such that no-one can read them without having access to the 'key'.  The message may be converted using a 'code' (in which case each character or group of characters is substituted by an alternative one), or a 'cypher' or 'cipher' (in which case the message as a whole is converted, rather than individual characters).  Cryptanalysis is the science of 'breaking' or 'cracking' encryption schemes, i.e. discovering the decryption key.

21 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Symmetric Cryptography The same key is used for encrypting and decrypting messages

22 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Cryptography Multiple people encrypt messages using the recipient’s well-known public key. The recipient decrypts it with her private key.

23 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Cryptography (cont.)  A message encrypted with a Public Key can only be decrypted with the private Key  A message encrypted with the private key can only be decrypted with the public key

24 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Cryptography (cont.)  Key Distribution  Certification Authority (CA) acts as a trusted third party which distributes digital certificates.  The digital certificates which are publicly distributed contain a user’s public key as well as other information such as the user’s personal details and the expiry date of the key.  Registration Authoriy verifies a user’s identity at the time the user applies for a digital certificate. Often the CA and an RA are the same entities.

25 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Public Key Distribution

26 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Digital Signatures  Block of text that is used to verify that a message really comes from the claimed sender.  Can also be used to verify the time document was sent.  can only be generated by the sender and is very difficult for anyone else to forge.

27 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Digital Signature Process

28 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Digital Envelopes 1.Sender generates a random message key (K). Sender encrypts the message (M) with K, creating the cipher text message (CM). 2.Sender encrypts K with recipient’s public key (RPubK), generating cipher text CK. 3.Sender computes a digital signature (S) using her private signature (SPrivK) 4.Sender sends CK, CM and S to recipient. 5.Recipient uses his private key (RPrivK) to decrypt CK and obtain K. 6.Recipient uses K to decrypt CM and get M. 7.Recipient uses sender’s public key (SPubK) to validate S.

29 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

30 Firewalls  A firewall is a device that is placed between your system and the internet. It can monitor and filter any incoming and outgoing traffic.  Offers a single point at which security can be monitored and alarms generated.  Encryption can be used as a safeguard.  There should be a security policy in place.  An important point need to keep in mind that firewalls are not always impenetrable.

31 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Physical Countermeasures  Is defined as the protection of its resources against threats of damage, theft and natural disasters.  Involves a layered approach

32 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Computer Security Building Security End User Security Hacker Attacks Physical Intrusion Unauthenticated Access Environmental Disruption

33 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Building Security  Guard  Alarm system  Surveillance system  Perimeter security ( adequate lighting, security fences)  Warning signs  Centralized control (response to an attack as quickly as possible)

34 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Procedural  Conditions of use (layout expectations)  Key locks  Supervision  Usage monitoring  Safe storage of data  Backup (make copies of data and softwares)  User authorisation  Intruder detection  Monitoring and control  Business Continuity Plans  Disaster Recovery Plans

35 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE  Disaster Recovery Plan  Approved set of arrangements and procedures that enable an organisation to respond to a disaster and resume its critical business functions within a defined time frame  Business Continuity Plan  Process of developing advanced arrangements and procedures that enable an organisation to respond to an event in such a manner that critical business functions continue without interruption or essential change

36 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Natural Disasters  Causes extensive damage such as:  Loss of power, communication lines and processing; buildings set on fire; building collapsing.  To overcomes the damages organizations should:  Secure external communication links; Install lighting protection; create firebreaks around buildings; insure appropriate building construction.

37 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE IT Security Policy  Example http://www.uts.edu.au/div/publications/policies/select/itsecurity.html

38 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Assess the Situation Fix High Risk Vulnerabilities Secure the Perimeter Secure the Interior Deploy Monitors Test\Attack High Risks How to secure an environment

39 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security Tips  Use protection software "anti-virus software" and keep it up to date.  Don't open email from unknown sources.  Use hard-to-guess passwords.  Protect your computer from Internet intruders -- use "firewalls".  Don't share access to your computers with strangers. Learn about file sharing risks.  Back up your computer data.

Download ppt "MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.

Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google