Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Commerce Security and Fraud Issues and Protections

Published byKelly Rice Modified over 8 years ago

Similar presentations

Presentation on theme: "E-Commerce Security and Fraud Issues and Protections"— Presentation transcript:

1 E-Commerce Security and Fraud Issues and Protections
Chapter 10 E-Commerce Security and Fraud Issues and Protections

2 Learning Objectives Understand the importance and scope of security of information systems for EC. Describe the major concepts and terminology of EC security. Understand about the major EC security threats, vulnerabilities, and technical attacks. Understand Internet fraud, phishing, and spam. Describe the information assurance security principles. Identify and assess major technologies and methods for securing EC access and communications.

3 Learning Objectives Describe the major technologies for protection of EC networks. Describe various types of controls and special defense mechanisms. Describe consumer and seller protection from fraud. Discuss enterprisewide implementation issues for EC security. Understand why it is so difficult to stop computer crimes.

4 The Information Security Problem
What Is EC Security? The Status of Computer Security in the United States Personal Security National Security Security Risks for 2014 and-2015

5 Major EC Security Management Concerns for 2011

6 The Information Security Problem
Cyberwars and Cyberespionage Across Borders Cyberwarefare Attacking Information Systems Types of Attacks Corporate espionage Political espionage and warfare

7 The Information Security Problem
The Drivers of EC Security Problems The Internet’s Vulnerable Design The Shift to Profit-Induced Crimes The Increased Volume of Wireless Activities and the Number of Mobile Devices The Globalization of the Attackers The *Darknet *Internet Underground Economy The Internet Silk Road *Keystroke logging (keylogging) The Explosion of Social Networking The Dynamic Nature of EC Systems and the Acts of Insiders The Sophistication of the Attacks The Cost of Cyber Crime

8 Basic E-Commerce Security Issues and Landscape
Basic Security Terminology *Business continuity plan *Cybercrime *Cybercriminal *Exposure *Fraud *Malware (malicious software) *Phishing *Risk *Social engineering *Spam *Vulnerability *Zombie

9 Basic E-Commerce Security Issues and Landscape
The EC Security Battleground The attacks, the attackers, and their strategies The assets that are being attacked (the targets) in vulnerable areas The security defense, the defenders, and their methods and strategy

10 The EC Security Battleground

11 Basic E-Commerce Security Issues and Landscape
The Threats, Attacks, and Attackers Unintentional Threats Human Error Environmental Hazards Malfunctions in the Computer System Intentional Attacks and Crimes The Criminals and Methods *Hacker *Cracker

12 Basic E-Commerce Security Issues and Landscape
The Targets of the Attacks in Vulnerable Areas Vulnerable Areas Are Being Attacked Vulnerability Information Attacking Attacking Smartphones and Wireless Systems The Vulnerability of RFID Chips The Vulnerabilities in Business IT and EC Systems Pirated Videos, Music, and Other Copyrighted Material

13 Basic E-Commerce Security Issues and Landscape
EC Security Requirements *Authentication *Authorization Auditing Availability *Nonrepudiation

14 Basic E-Commerce Security Issues and Landscape
The Defense: Defenders, Strategy, and Methods EC Defense Programs and Strategy *EC security strategy *Deterrent methods *Prevention measures *Detection measures *Information assurance (IA) Possible Punishment Defense Methods and Technologies Recovery

15 Technical Malware Attack Methods: From Viruses to Denial of Service
Technical and Nontechnical Attacks: An Overview The Major Technical Attack Methods Malware (Malicious Code): Viruses, Worms, and Trojan Horses * Viruses * Worms

16 The Major Technical Security Attack Methods

17 Technical Malware Attack Methods: From Viruses to Denial of Service
* Macro virus (macro worm) * Trojan horse Some Recent Security Bugs: Heartbleed and Crytolocker * Denial-of-service (DoS) attack Web Server and Web Page Hijacking * Page hijacking * Botnets Malvertising

18 How a Computer Virus Can Spread

19 Nontechnical Methods: From Phishing to Spam and Fraud
Social Engineering and Fraud Social Phishing *Phishing *Pharming Fraud and Scams on The Internet Examples of Typical Online Fraud Attacks Scams Top 10 Attacks and Remedies *Identity Theft and Identify Fraud Cyber Bank Robberies

20 Social Engineering: From Phishing to Financial Fraud and Crime

21 How Phishing Is Accomplished

22 Nontechnical Methods: From Phishing to Spam and Fraud
Spam Attacks * spam Typical Examples of Spamming *Spyware Social Networking Makes Social Engineering Easy How Hackers Are Attacking Social Networks Spam in Social Networks and in the Web 2.0 Environment *Search engine spam *Splog *Data Breach (Leak)

23 The Information Assurance Model And Defense Strategy
Confidentiality, Integrity, and Availability *Confidentiality *Integrity *Availability Authentication, Authorization, and Nonrepudiation

24 The Information Assurance Model And Defense Strategy
E-Commerce Security Strategy The Phases of Security Defense Prevention and deterrence (preparation) Initial response Detection Containment (contain the damage) Eradication Recovery Correction Awareness and compliance Security Spending Versus Needs Gap

25 E-Commerce Security Strategy Framework

26 The Information Assurance Model And Defense Strategy
The Defense Side of EC Systems Defending access to computing systems, data flow, and EC transactions Defending EC networks General, administrative, and application controls Protection against social engineering and fraud Disaster preparation, business continuity, and risk management Implementing enterprisewide security programs Conduct a vulnerability assessment and a penetration test Assessing Vulnerabilities and Security Needs *Vulnerability assessment *Penetration test (pen test)

27 The Defense I: Access Control, Encryption, and PKI
Authorization and Authentication Biometric Systems *Biometric authentication *Biometric systems Encryption and the One-Key (Symmetric) System *Encryption *Plaintext *Ciphertext *Encryption algorithm *Key (key value) *Key space *Symmetric (Private) Key Encryption

28 Symmetric (Private) Key Encryption

29 The Defense I: Access Control, Encryption, and PKI
*Public key infrastructure (PKI) *Public (asymmetric) key encryption *Public key *Private key The PKI Process: Digital Signatures and Certificate Authorities *Digital signatures *Hash function *Message digest *Digital envelope *Certificate authorities (CAs) Secure Socket Layer (SSL) Other Topics and Methods of Defense

30 Digital Signature

31 The Defense II: Securing E-Commerce Networks
*Firewalls *Packets The Dual Firewall Architecture: The DMZ *Personal Firewalls *Virtual private network (VPN) *Protocol tunneling *Intrusion Detection Systems (IDS) Cloud Computing Prevents DoS Attacks Honeynets and Honeypots *Honeynet *Honeypots Security

32 The Two Firewalls: DMZ Architecture

33 The Defense III: General Controls, Spam, Pop Ups, Fraud, And Social Engineering Controls
*Application controls General, Administrative, and Other Controls Physical Controls Administrative Controls Protecting Against Spam *CAN-SPAM Act

34 Major Defense Controls

35 The Defense III: General Controls, Spam, Pop Ups, Fraud, And Social Engineering Controls
Protecting Your Computer from Pop-Up Ads Tools for Stopping or at Least Minimizing Pop-Ups Protecting against Other Social Engineering Attacks Protecting against Phishing Protecting against Malvertising Protecting Against Spyware Protecting Against Cyberwars

36 The Defense III: General Controls, Spam, Pop Ups, Fraud, And Social Engineering Controls
Fraud Protection Business Continuity, Disaster Recovery, and Risk Management Risk-Management and Cost-Benefit Analysis

37 Business Continuity Services and IT Recovery Process

38 Implementing Enterprisewide E-Commerce Security
The Drivers of EC Security Management Senior Management Commitment and Support EC Security Policies and Training Cyber Threat Intelligence (CTI) EC Risk Analysis and Ethical Issues *Business impact analysis (BIA) Ethical Issues

39 Enterprisewide EC Security and Privacy Model

40 Implementing Enterprisewide E-Commerce Security
Why Is It Difficult to Stop Internet Crime? Making Shopping Inconvenient Lack of Cooperation by Business Partners Shoppers’ Negligence Ignoring EC Security Best Practices Design and Architecture Issues Lack of Due Care in Business Practices *Standard of due care Protecting Mobile Devices, Networks, and Applications Mobile Security Issues The Defense

41 Managerial Issues What steps should businesses follow in establishing a security plan? Should organizations be concerned with internal security threats? What is the key to establishing strong e-commerce security?

42 Summary The importance and scope of EC information security.
Basic EC security issues. Threats, vulnerabilities, and technical attacks. Internet fraud, phishing, and spam. Information assurance. Securing EC access control and communications.

43 Summary Technologies for protecting networks.
The different controls and special defense mechanisms. Protecting against fraud. Enterprisewide EC security. Why is it so difficult to stop computer crimes?

Download ppt "E-Commerce Security and Fraud Issues and Protections"

Similar presentations

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Lecture 4 ref: Chapter 10 E-Commerce Fraud and Security Copyright © 2010 Pearson Education, Inc. 1.

Lecture 4 ref: Chapter 10 E-Commerce Fraud and Security Copyright © 2010 Pearson Education, Inc. 1.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Ch.5 It Security, Crime, Compliance, and Continuity

Ch.5 It Security, Crime, Compliance, and Continuity
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
THE INFORMATION SECURITY PROBLEM

THE INFORMATION SECURITY PROBLEM
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google