Defining Security Issues Chapter 8. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a.

Slides:



Advertisements
Similar presentations
Ethics, Privacy and Information Security
Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
BUSINESS PLUG-IN B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.
Lecture 10 Security and Control.
Lecture 10 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Chapter 8 Security and Control.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Securing Information Systems
Information Systems Today, 2/C/e ©2008 Pearson Education Canada 2-1 Lecture Outline 9 1. Using Information Systems for Competitive Advantage (p )
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Defining Security Issues
PART THREE E-commerce in Action Norton University E-commerce in Action.
Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.
Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.
Cyber crime & Security Prepared by : Rughani Zarana.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
C8- Securing Information Systems
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
Types of Electronic Infection
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Security and Ethics Safeguards and Codes of Conduct.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Securing Interconnect Networks By: Bryan Roberts.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Securing Information Systems
Information Systems Security
Security Issues in Information Technology
Securing Information Systems
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
INFORMATION SYSTEMS SECURITY and CONTROL
Presentation transcript:

Defining Security Issues Chapter 8

General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public ” network consisting of thousands of interconnected private computer networks. Private computer network systems are exposed to threats from anywhere on the public network.

Businesses must protect against the unknown. New methods of attacking networks and Web sites, and new network security holes, are being constantly discovered or invented. An E-Business cannot expect to achieve perfect security for its network and Web site. General E-Business Security Issues (cont’d)

Several aspects of E-Business computer systems security need to be addressed: How secure is the server software? How secure are communications? How is the data protected once it is delivered to the E-Business? How are credit card transactions authenticated and authorized? Security Questions

The biggest potential security problem in an E- Business is ________, rather than ________. The weakest link in any security system is the people using it. Social engineering Dumpster diving General Security Issues

Network and Web Site Security An entire glossary of words and phrases identifies network and Web security risks, such as hacker, cracker, Trojan horse, and more. As part of planning a startup E-Business ’ s security, management should become familiar with network and Web server security risk terminology.

Denial of Service Attacks (DoS) Designed to disable a Web site by flooding it with useless traffic or activity. Distributed denial of service (DDoS) attack uses multiple computers to attack in a coordinated fashion. Risk is primarily centered around downtime or lack of Web site availability. Defenses exist for these attacks. – Routers used to filter out certain types of network traffic

Viruses A common threat that is not unique to networks. Networks facilitate the spread of viruses. Potential for harm is high including loss of data and downtime. Good software defenses are available. Defenses require diligence.

Viruses Virus – small program that inserts itself into other program files that then become “infected” Trojan Horse – type of virus that emulates a benign application, that appears to do something useful, but is actually harmful (destroy files or creates a “back door” Worm – type of virus that replaces a document or application with its own code and then uses that code to replicate itself.

Viruses Logic bomb – virus whose attach is triggered by some event such as a date on a computer’s system clock Macro virus – malicious macro written in MS Office that run upon opening that MS Office document

Anti-Virus Information

Web Site Defacement Occurs when a hacker penetrates the system and replaces text or graphics with “other” material. Risk is primarily down time and repair costs. There have been many well publicized examples, including high profile industry and government sites. Ordinary defenses against unauthorized logins are a first line defense. Total security may be difficult to achieve.

Electronic Industrial Espionage A very serious problem, especially considering that “professional” hackers may be involved. Must implement and diligently maintain industry standard “best practices”. Additional recommendations: – Don’t open questionable or suspicious attachments. – Keep security software and virus checkers updated.

Credit Card Fraud & Data Theft E-Business is at risk from credit card fraud from stolen data. Secure your own data. Verify the identity of your customers and the validity of the incoming credit card data. Identity theft by a someone masquerading as someone else is also a common problem.

Data Spills A security problem caused, ordinarily by a bug or other “system” failure, occasionally hackers are behind this problem This is an unintended disclosure of customer or corporate data through the Web or other Internet service May expose firm to legal liability Statistics – p

E-Business Security An important issue that is often overlooked or given a lower priority in the face of startup activity. A startup firm should consider outsourcing Web and Internet services in part since the outsourcing company can address security concerns as part of the “package.”

Network and Web Site Security Tools such as passwords, firewalls, intrusion detection systems (IDS), and virus scanning software should be used to protect an E- Business ’ s network and Web site. Firewall – hardware or software used to isolate a private network from the public network IDS – ability to analyze real-time data to detect, log, and stop unauthorized network access as it happens.

Firewall

Transaction Security and Data Protection Tools to protect transaction/customer data: – Use a predefined key to encrypt and decrypt the data during transmission. – Use the secure sockets layer (SSL) protocol to protect data transmitted over the Internet. – Move sensitive customer information such as credit card numbers offline or encrypting the information if it is to be stored online.

Remove all files and data from storage devices including disk drives and tapes before getting rid of the devices. Shred all hard-copy documents containing sensitive information before trashing them. – Shredder market up Security is only as strong as the weakest link. Transaction Security and Data Protection (cont’d)

Security Audits and Penetration Testing Can provide an overall assessment of the firm’s current exposure and vulnerabilities. This is an outsourced item. Consultant will provide a comprehensive recommendation to address list of vulnerabilities. – Evaluation guidelines – p. 291

Hire an Ethical Hacker

Individual PC Security Risks Anti-virus – a given Personal firewall- software to guard against intrusions, especially for “always on” connections – Network ICE’s BlackICE Defender – Zone Lab’s ZoneAlarm

Security Providers and Products There are many security consultants. Many commercial products are available. Training for in-house staff is a key issue. Growth – p. 295

Risk Management Problems The list of potential risks is long and includes : – Business interruptions caused by Web site defacement or denial of service attacks – Litigation and settlement costs over employees ’ inappropriate use of and the Internet – Product or service claims against items advertised and sold via a Web site. – Web related copyright, trademark, and patent infringement lawsuits – Natural or weather-related disasters

Risk Management Program Network and Web site security and intruder detection programs Antivirus protection Firewalls Sound security policies and procedures Employee education

Risk Transfer (Insurance) A firm can manage and transfer risk through insurance products May be purchased as part of the firms business insurance package Consult an insurance professional

Insurance Coverage Options

Insurance Coverage Options (cont’d)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.