Presentation on theme: "E-Commerce Security and Fraud Issues and Protections"— Presentation transcript:
1 E-Commerce Security and Fraud Issues and Protections Chapter 10E-Commerce Security andFraud Issues and Protections
2 Learning ObjectivesUnderstand the importance and scope of security of information systems for EC.Describe the major concepts and terminology of EC security.Understand about the major EC security threats, vulnerabilities, and technical attacks.Understand Internet fraud, phishing, and spam.Describe the information assurance security principles.Identify and assess major technologies and methods for securing EC access and communications.
3 Learning ObjectivesDescribe the major technologies for protection of EC networks.Describe various types of controls and special defense mechanisms.Describe consumer and seller protection from fraud.Discuss enterprisewide implementation issues for EC security.Understand why it is so difficult to stop computer crimes.
4 The Information Security Problem What Is EC Security?The Status of Computer Security in the United StatesPersonal SecurityNational SecuritySecurity Risks for 2014 and-2015
6 The Information Security Problem Cyberwars and Cyberespionage Across BordersCyberwarefareAttacking Information SystemsTypes of AttacksCorporate espionagePolitical espionage and warfare
7 The Information Security Problem The Drivers of EC Security ProblemsThe Internet’s Vulnerable DesignThe Shift to Profit-Induced CrimesThe Increased Volume of Wireless Activities and the Number of Mobile DevicesThe Globalization of the AttackersThe *Darknet*Internet Underground EconomyThe Internet Silk Road*Keystroke logging (keylogging)The Explosion of Social NetworkingThe Dynamic Nature of EC Systems and the Acts of InsidersThe Sophistication of the AttacksThe Cost of Cyber Crime
9 Basic E-Commerce Security Issues and Landscape The EC Security BattlegroundThe attacks, the attackers, and their strategiesThe assets that are being attacked (the targets) in vulnerable areasThe security defense, the defenders, and their methods and strategy
11 Basic E-Commerce Security Issues and Landscape The Threats, Attacks, and AttackersUnintentional ThreatsHuman ErrorEnvironmental HazardsMalfunctions in the Computer SystemIntentional Attacks and CrimesThe Criminals and Methods*Hacker*Cracker
12 Basic E-Commerce Security Issues and Landscape The Targets of the Attacks in Vulnerable AreasVulnerable Areas Are Being AttackedVulnerability InformationAttackingAttacking Smartphones and Wireless SystemsThe Vulnerability of RFID ChipsThe Vulnerabilities in Business IT and EC SystemsPirated Videos, Music, and Other Copyrighted Material
13 Basic E-Commerce Security Issues and Landscape EC Security Requirements*Authentication*AuthorizationAuditingAvailability*Nonrepudiation
14 Basic E-Commerce Security Issues and Landscape The Defense: Defenders, Strategy, and MethodsEC Defense Programs and Strategy*EC security strategy*Deterrent methods*Prevention measures*Detection measures*Information assurance (IA)Possible PunishmentDefense Methods and TechnologiesRecovery
15 Technical Malware Attack Methods: From Viruses to Denial of Service Technical and Nontechnical Attacks: An OverviewThe Major Technical Attack MethodsMalware (Malicious Code): Viruses, Worms, and Trojan Horses* Viruses* Worms
17 Technical Malware Attack Methods: From Viruses to Denial of Service * Macro virus (macro worm)* Trojan horseSome Recent Security Bugs: Heartbleed and Crytolocker* Denial-of-service (DoS) attackWeb Server and Web Page Hijacking* Page hijacking* BotnetsMalvertising
19 Nontechnical Methods: From Phishing to Spam and Fraud Social Engineering and FraudSocial Phishing*Phishing*PharmingFraud and Scams on The InternetExamples of Typical Online Fraud AttacksScamsTop 10 Attacks and Remedies*Identity Theft and Identify FraudCyber Bank Robberies
20 Social Engineering: From Phishing to Financial Fraud and Crime
22 Nontechnical Methods: From Phishing to Spam and Fraud Spam Attacks* spamTypical Examples of Spamming*SpywareSocial Networking Makes Social Engineering EasyHow Hackers Are Attacking Social NetworksSpam in Social Networks and in the Web 2.0 Environment*Search engine spam*Splog*Data Breach (Leak)
23 The Information Assurance Model And Defense Strategy Confidentiality, Integrity, and Availability*Confidentiality*Integrity*AvailabilityAuthentication, Authorization, and Nonrepudiation
24 The Information Assurance Model And Defense Strategy E-Commerce Security StrategyThe Phases of Security DefensePrevention and deterrence (preparation)Initial responseDetectionContainment (contain the damage)EradicationRecoveryCorrectionAwareness and complianceSecurity Spending Versus Needs Gap
26 The Information Assurance Model And Defense Strategy The Defense Side of EC SystemsDefending access to computing systems, data flow, and EC transactionsDefending EC networksGeneral, administrative, and application controlsProtection against social engineering and fraudDisaster preparation, business continuity, and risk managementImplementing enterprisewide security programsConduct a vulnerability assessment and a penetration testAssessing Vulnerabilities and Security Needs*Vulnerability assessment*Penetration test (pen test)
27 The Defense I: Access Control, Encryption, and PKI Authorization and AuthenticationBiometric Systems*Biometric authentication*Biometric systemsEncryption and the One-Key (Symmetric) System*Encryption*Plaintext*Ciphertext*Encryption algorithm*Key (key value)*Key space*Symmetric (Private) Key Encryption
33 The Defense III: General Controls, Spam, Pop Ups, Fraud, And Social Engineering Controls *Application controlsGeneral, Administrative, and Other ControlsPhysical ControlsAdministrative ControlsProtecting Against Spam*CAN-SPAM Act
35 The Defense III: General Controls, Spam, Pop Ups, Fraud, And Social Engineering Controls Protecting Your Computer from Pop-Up AdsTools for Stopping or at Least Minimizing Pop-UpsProtecting against Other Social Engineering AttacksProtecting against PhishingProtecting against MalvertisingProtecting Against SpywareProtecting Against Cyberwars
36 The Defense III: General Controls, Spam, Pop Ups, Fraud, And Social Engineering Controls Fraud ProtectionBusiness Continuity, Disaster Recovery, and Risk ManagementRisk-Management and Cost-Benefit Analysis
37 Business Continuity Services and IT Recovery Process
38 Implementing Enterprisewide E-Commerce Security The Drivers of EC Security ManagementSenior Management Commitment and SupportEC Security Policies and TrainingCyber Threat Intelligence (CTI)EC Risk Analysis and Ethical Issues*Business impact analysis (BIA)Ethical Issues
40 Implementing Enterprisewide E-Commerce Security Why Is It Difficult to Stop Internet Crime?Making Shopping InconvenientLack of Cooperation by Business PartnersShoppers’ NegligenceIgnoring EC Security Best PracticesDesign and Architecture IssuesLack of Due Care in Business Practices*Standard of due careProtecting Mobile Devices, Networks, and ApplicationsMobile Security IssuesThe Defense
41 Managerial IssuesWhat steps should businesses follow in establishing a security plan?Should organizations be concerned with internal security threats?What is the key to establishing strong e-commerce security?
42 Summary The importance and scope of EC information security. Basic EC security issues.Threats, vulnerabilities, and technical attacks.Internet fraud, phishing, and spam.Information assurance.Securing EC access control and communications.
43 Summary Technologies for protecting networks. The different controls and special defense mechanisms.Protecting against fraud.Enterprisewide EC security.Why is it so difficult to stop computer crimes?