Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 E-Commerce Security and Fraud Protection

Published byGerald Watkins Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 9 E-Commerce Security and Fraud Protection"— Presentation transcript:

1 Chapter 9 E-Commerce Security and Fraud Protection

2 THE INFORMATION SECURITY PROBLEM
Computer security refers to the protection of data, networks, computer programs, computer power, and other elements of computerized information systems Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

3 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

4 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

5 THE INFORMATION SECURITY PROBLEM
Impact Frequency of attacks are reducing Still… Half the attacks are made by insiders Average loss btwn $168k and $526k ( ) 27% victims of targeted attacks Only 68% had security policy Only 27% is reported Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

6 THE DRIVERS OF EC SECURITY PROBLEMS
The Internet’s Vulnerable Design Designed for efficiency, security an afterthought The Shift to Profit-Induced Crimes Ie Personal/fin/banking data can be sold Internet Underground Economy Selling info, piracy Dynamic Nature and the role of Insiders People change roles, new systems added Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

7 THE SECURITY BASIC TERMINOLOGY
business continuity plan A plan that keeps the business running after a disaster occurs. Each function in the business should have a valid recovery capability plan. cybercrime Intentional crimes carried out on the Internet. exposure The estimated cost, loss, or damage that can result if a threat exploits a vulnerability. fraud Any business activity that uses deceitful practices or devices to deprive another of property or other rights. Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

8 THE SECURITY BASIC TERMINOLOGY
malware (malicious software) A generic term for malicious software. phishing A crimeware technique to steal the identity of a target company to get the identities of its customers. risk The probability that a vulnerability will be known and used. social engineering A type of nontechnical attack that uses some ruse to trick users into revealing information or performing an action that compromises a computer or network. Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

9 THE SECURITY BASIC TERMINOLOGY
spam The electronic equivalent of junk mail. vulnerability Weakness in software or other mechanism that threatens the confidentiality, integrity, or availability of an asset. It can be directly used by a hacker to gain access to a system or network. zombies Computers infected with malware that are under the control of a spammer, hacker, or other criminal. Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

10 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

11 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
Threats and Attacks Unintentional Threats Human error Environmental hazards Malfunctions in the computer system Intentional Attacks and Crimes Criminals and Social Engineering Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

12 TECHNICAL AND NONTECHNICAL ATTACKS
Examples Technical Malicious code: Virus, worm, trojan horses DOS or DDOS: bombardment Hijacking: changing webpage Botnets: get target computer to do work Nontechnical Phishing Fraud: ID theft Spam, spyware, splog Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

13 EC Security Requirements
authentication Process to verify (assure) the real identity of an individual, computer, computer program, or EC Web site. authorization Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform. Auditing Availability nonrepudiation Assurance that online customers or trading partners cannot falsely deny (repudiate) their purchase or transaction. Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

14 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

15 THE INFORMATION ASSURANCE MODEL AND DEFENSE STRATEGY
E-COMMERCE SECURITY STRATEGY Prevention and deterrence Detection Containment (contain the damage) Recovery Correction Awareness and compliance EC security programs All the policies, procedures, documents, standards, hardware, software, training, and personnel that work together to protect information, the ability to conduct business, and other assets. Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

16 THE DEFENSE I: ACCESS CONTROL, ENCRYPTION, AND PKI
Authentication and Passwords, biometrics Encryption Secure Socket Layer and Certificates Firewall: packet inspection and allow Virtual Private Network Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

17 THE DEFENSE II: SECURING E-COMMERCE NETWORKS
intrusion detection system (IDS) A special category of software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it sees. honeynet A network of honeypots. honeypot Production system (e.g., firewalls, routers, Web servers, database servers) that looks like it does real work, but that acts as a decoy and is watched to study how network intrusions occur. penetration test (pen test) A method of evaluating the security of a computer system or a network by simulating an attack from a malicious source, (e.g., a cracker). Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

18 THE DEFENSE III: GENERAL CONTROLS AND OTHER DEFENSE MECHANISMS
ie control access to data centre application controls Controls that are intended to protect specific applications. System alerts – for phishing, intrusion, attacks Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

19 BUSINESS CONTINUITY, SECURITY AUDITING, AND RISK MANAGEMENT
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Including exercises, simulations EC SECURITY POLICIES AND TRAINING EC SECURITY PROCEDURES AND ENFORCEMENT INDUSTRY STANDARDS FOR CREDIT CARD PROTECTION (PCI DSS) Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

20 IMPLEMENTING ENTERPRISE-WIDE E-COMMERCE SECURITY
WHY IS IT DIFFICULT TO STOP INTERNET CRIME? Making Shopping Inconvenient Shoppers’ Negligence Ignoring EC Security Best Practices Design and Architecture Issues standard of due care Cost is sometimes hard to justify if there are no attacks.. Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

21 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
Exercises Team Assignments and Projects Q1 Pick 2 Q2 Pick one “We should give up our freedom on the internet for increased security” Argue for or against Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

Download ppt "Chapter 9 E-Commerce Security and Fraud Protection"

Similar presentations

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Lecture 4 ref: Chapter 10 E-Commerce Fraud and Security Copyright © 2010 Pearson Education, Inc. 1.

Lecture 4 ref: Chapter 10 E-Commerce Fraud and Security Copyright © 2010 Pearson Education, Inc. 1.
Ch.5 It Security, Crime, Compliance, and Continuity

Ch.5 It Security, Crime, Compliance, and Continuity
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
THE INFORMATION SECURITY PROBLEM

THE INFORMATION SECURITY PROBLEM
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Securing Information Systems

Securing Information Systems
Learning Objectives Understand the importance and scope of security of information systems for EC. Describe the major concepts and terminology of EC security.

Learning Objectives Understand the importance and scope of security of information systems for EC. Describe the major concepts and terminology of EC security.
Chapter 10 E-Commerce Security.

Chapter 10 E-Commerce Security.

Similar presentations

Ads by Google