SlideShare a Scribd company logo

Important Notes

Download as PPTX, PDF
Usman Abdullah
Usman Abdullah
EducationTechnology
1 of 17
Lecture # 19 SECURITY
THE E-COMMERCE SECURITY ENVIRONMENT: THE SCOPE OF THE PROBLEM Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses – Symantec: Cybercrime on the rise from 2006 – Internet Crime Complaint Center (IC3): Logged 1 000 000+ consumer complaints about alleged online fraud or cyber crime and referred 460,000+ complaints to law enforcement agencies – 2007 Computer Security Institute (CSI) survey: 46% detected security breach; 91% suffered financial loss as a result. The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. – Underground economy marketplace that offers sales of stolen information growing.
THE DIFFERENT DIMENSIONS OF E-COMMERCE SECURITY • Integrity – The ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorized party • Non repudiation – The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions • Authenticity – The ability to identify the identity of a person or entity with whom you are dealing in the internet • Confidentiality – The ability to ensure that messages and data are available only to those who are authorized to view them • Privacy – The ability to control the use of information about oneself • Availability – The ability to ensure that an e-commerce site continues top function as intended
SECURITY THREATS IN THE E-COMMERCE ENVIRONMENT Three key points of vulnerability: – Client – Server – Communications channel
A TYPICAL E-COMMERCE TRANSACTION
MALICIOUS CODE • Viruses: – Have ability to replicate and spread to other files; most also deliver a “payload” of some sort (destructive or benign); include macro viruses, file-infecting viruses, and script viruses • Worms: – Designed to spread from computer to computer • Trojan horse: – Appears to be benign, but then does something other than expected • Bots: – Can be covertly installed on computer; responds to external commands sent by the attacker
UNWANTED PROGRAMS Installed without the user’s informed consent – Browser parasites: Can monitor and change settings of a user’s browser. – Adware: Calls for unwanted pop-up ads – Spyware: Can be used to obtain information, such as a user’s keystrokes, e- mail, IMs, etc.
PHISHING AND IDENTITY THEFT Any deceptive, online attempt by a third party to obtain confidential information for financial gain – Most popular type: e-mail scam letter – One of fastest growing forms of e-commerce crime
HACKING AND CYBERVANDALISM • Hacker: Individual who intends to gain unauthorized access to computer systems • Cracker: Hacker with criminal intent (two terms often used interchangeably) • Cyber vandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include: – White hats – Black hats – Grey hats
CREDIT CARD FRAUD Fear that credit card information will be stolen deters online purchases • Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity • One solution: New identity verification mechanisms
SPOOFING (PHARMING) AND SPAM (JUNK) WEB SITES Spoofing (Pharming) – Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else – Threatens integrity of site; authenticity Spam (Junk) Web sites – Use domain names similar to legitimate one, redirect traffic to spammer redirection domains
DOS AND DDOS ATTACKS Denial of service (DoS) attack – Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (DDoS) attack – Hackers use numerous computers to attack target network from numerous launch points
OTHER SECURITY THREATS Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: Single largest financial threat • Poorly designed server and client software: Increase in complexity of software programs has contributed to increase is vulnerabilities that hackers can exploit
TECHNOLOGY SOLUTIONS • Protecting Internet communications (encryption) • Securing channels of communication (SSL, S-HTTP, VPNs) • Protecting networks (firewalls) • Protecting servers and clients
PROTECTING INTERNET COMMUNICATIONS: ENCRYPTION Encryption: – Process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver • Purpose: – Secure stored information and information transmission • Provides: – Message integrity – Nonrepudiation – Authentication – Confidentiality

Recommended

Dyre Malware infographic
Dyre Malware infographicDyre Malware infographic
Dyre Malware infographic
IBM Security
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
Kevin Lim
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats
mohamad Hamizi
 
Ransomware
RansomwareRansomware
Ransomware
DeepakKumar4980
 
INTERNET THREAT
INTERNET THREATINTERNET THREAT
INTERNET THREAT
Ladyleyladyley
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challenges
Martins Chibuike Onuoha
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
Souman Guha
 
What is threat intelligence ?
What is threat intelligence ?What is threat intelligence ?
What is threat intelligence ?
AariyaRathi
 

Recommended

Dyre Malware infographic
Dyre Malware infographicDyre Malware infographic
Dyre Malware infographic
IBM Security
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
Kevin Lim
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats
mohamad Hamizi
 
Ransomware
RansomwareRansomware
Ransomware
DeepakKumar4980
 
INTERNET THREAT
INTERNET THREATINTERNET THREAT
INTERNET THREAT
Ladyleyladyley
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challenges
Martins Chibuike Onuoha
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
Souman Guha
 
What is threat intelligence ?
What is threat intelligence ?What is threat intelligence ?
What is threat intelligence ?
AariyaRathi
 
HCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiHCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbi
Matthew J McMahon
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
Symptai Consulting Limited
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?
AariyaRathi
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the Internet
Bretz Harllynne Moltio
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
rahul kundu
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attacks
kanika sharma
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
EC-Council
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attacks
techexpert2345
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
EC-Council
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
Amna
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScan
MicroWorld Software Services Pvt Ltd
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N G
Hafizra Mas
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attack
Karthik
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Malicion software
Malicion softwareMalicion software
Malicion software
A. Shamel
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID System
Gayathridevi120
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 
5 Stages Of Greece
5 Stages Of Greece5 Stages Of Greece
5 Stages Of Greece
conradrbeeler
 
Clinical materials for medicine I
Clinical materials for medicine IClinical materials for medicine I
Clinical materials for medicine I
Dr Ajith Karawita
 

More Related Content

What's hot

Client server security threats
Client server security threatsClient server security threats
Client server security threats
rahul kundu
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N G
Hafizra Mas
 

What's hot (20)

HCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiHCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbi
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the Internet
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attacks
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attacks
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScan
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N G
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attack
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Malicion software
Malicion softwareMalicion software
Malicion software
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID System
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 

Viewers also liked

типология исследовательских работ
типология исследовательских работтипология исследовательских работ
типология исследовательских работ
Demanessa
 
ElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising EmailElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising Email
campaigncloudos
 
умп э мдк ск мартынова
умп э мдк ск мартыноваумп э мдк ск мартынова
умп э мдк ск мартынова
Demanessa
 
коучинг
коучингкоучинг
коучинг
Demanessa
 
нормы времени
нормы временинормы времени
нормы времени
Demanessa
 
Презентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послугПрезентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послуг
Olena Ursu
 
кислицын максим
кислицын максимкислицын максим
кислицын максим
Demanessa
 
Evaluation
EvaluationEvaluation
Evaluation
harps123
 
Ecological problems in estonia
Ecological problems in estoniaEcological problems in estonia
Ecological problems in estonia
Carl Custav
 

Viewers also liked (20)

5 Stages Of Greece
5 Stages Of Greece5 Stages Of Greece
5 Stages Of Greece
 
Clinical materials for medicine I
Clinical materials for medicine IClinical materials for medicine I
Clinical materials for medicine I
 
Quantum Meruit
Quantum MeruitQuantum Meruit
Quantum Meruit
 
типология исследовательских работ
типология исследовательских работтипология исследовательских работ
типология исследовательских работ
 
110006677914
110006677914110006677914
110006677914
 
Cillian
CillianCillian
Cillian
 
Why NextCMS: Layout Editor
Why NextCMS: Layout EditorWhy NextCMS: Layout Editor
Why NextCMS: Layout Editor
 
Pissarro's peers
Pissarro's peersPissarro's peers
Pissarro's peers
 
Social media networking
Social media networkingSocial media networking
Social media networking
 
ElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising EmailElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising Email
 
умп э мдк ск мартынова
умп э мдк ск мартыноваумп э мдк ск мартынова
умп э мдк ск мартынова
 
That syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloudThat syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloud
 
коучинг
коучингкоучинг
коучинг
 
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
 
нормы времени
нормы временинормы времени
нормы времени
 
Презентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послугПрезентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послуг
 
кислицын максим
кислицын максимкислицын максим
кислицын максим
 
6. tymchuk
6. tymchuk6. tymchuk
6. tymchuk
 
Evaluation
EvaluationEvaluation
Evaluation
 
Ecological problems in estonia
Ecological problems in estoniaEcological problems in estonia
Ecological problems in estonia
 

Similar to Important Notes

Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
Marya Sholevar
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
jainutkarsh078
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
JatinRajput67
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Symantec
 

Similar to Important Notes (20)

Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptx
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
 
Cyber security By rajeev.pptx
Cyber security By rajeev.pptxCyber security By rajeev.pptx
Cyber security By rajeev.pptx
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanism
 
CYBER.pptx
CYBER.pptxCYBER.pptx
CYBER.pptx
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 

More from Usman Abdullah

More from Usman Abdullah (6)

Assignment............
Assignment............Assignment............
Assignment............
 
Oedogonium
OedogoniumOedogonium
Oedogonium
 
Window xp slides
Window xp slidesWindow xp slides
Window xp slides
 
Festivals Of Pakistan
Festivals Of PakistanFestivals Of Pakistan
Festivals Of Pakistan
 
Final presentation
Final presentationFinal presentation
Final presentation
 
Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1
 

Recently uploaded

Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdfContoh Aksi Nyata Refleksi Diri ( NUR ).pdf
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf
cupulin
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
expandedwebsite
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
CaitlinCummins3
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MysoreMuleSoftMeetup
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
httgc7rh9c
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
EADTU
 

Recently uploaded (20)

VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdfContoh Aksi Nyata Refleksi Diri ( NUR ).pdf
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptx
 
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdfRich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptx
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 

Important Notes

  • 2. THE E-COMMERCE SECURITY ENVIRONMENT: THE SCOPE OF THE PROBLEM Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses – Symantec: Cybercrime on the rise from 2006 – Internet Crime Complaint Center (IC3): Logged 1 000 000+ consumer complaints about alleged online fraud or cyber crime and referred 460,000+ complaints to law enforcement agencies – 2007 Computer Security Institute (CSI) survey: 46% detected security breach; 91% suffered financial loss as a result. The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. – Underground economy marketplace that offers sales of stolen information growing.
  • 3.
  • 4.
  • 5. THE DIFFERENT DIMENSIONS OF E-COMMERCE SECURITY • Integrity – The ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorized party • Non repudiation – The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions • Authenticity – The ability to identify the identity of a person or entity with whom you are dealing in the internet • Confidentiality – The ability to ensure that messages and data are available only to those who are authorized to view them • Privacy – The ability to control the use of information about oneself • Availability – The ability to ensure that an e-commerce site continues top function as intended
  • 6. SECURITY THREATS IN THE E-COMMERCE ENVIRONMENT Three key points of vulnerability: – Client – Server – Communications channel
  • 7. A TYPICAL E-COMMERCE TRANSACTION
  • 8. MALICIOUS CODE • Viruses: – Have ability to replicate and spread to other files; most also deliver a “payload” of some sort (destructive or benign); include macro viruses, file-infecting viruses, and script viruses • Worms: – Designed to spread from computer to computer • Trojan horse: – Appears to be benign, but then does something other than expected • Bots: – Can be covertly installed on computer; responds to external commands sent by the attacker
  • 9. UNWANTED PROGRAMS Installed without the user’s informed consent – Browser parasites: Can monitor and change settings of a user’s browser. – Adware: Calls for unwanted pop-up ads – Spyware: Can be used to obtain information, such as a user’s keystrokes, e- mail, IMs, etc.
  • 10. PHISHING AND IDENTITY THEFT Any deceptive, online attempt by a third party to obtain confidential information for financial gain – Most popular type: e-mail scam letter – One of fastest growing forms of e-commerce crime
  • 11. HACKING AND CYBERVANDALISM • Hacker: Individual who intends to gain unauthorized access to computer systems • Cracker: Hacker with criminal intent (two terms often used interchangeably) • Cyber vandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include: – White hats – Black hats – Grey hats
  • 12. CREDIT CARD FRAUD Fear that credit card information will be stolen deters online purchases • Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity • One solution: New identity verification mechanisms
  • 13. SPOOFING (PHARMING) AND SPAM (JUNK) WEB SITES Spoofing (Pharming) – Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else – Threatens integrity of site; authenticity Spam (Junk) Web sites – Use domain names similar to legitimate one, redirect traffic to spammer redirection domains
  • 14. DOS AND DDOS ATTACKS Denial of service (DoS) attack – Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (DDoS) attack – Hackers use numerous computers to attack target network from numerous launch points
  • 15. OTHER SECURITY THREATS Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: Single largest financial threat • Poorly designed server and client software: Increase in complexity of software programs has contributed to increase is vulnerabilities that hackers can exploit
  • 16. TECHNOLOGY SOLUTIONS • Protecting Internet communications (encryption) • Securing channels of communication (SSL, S-HTTP, VPNs) • Protecting networks (firewalls) • Protecting servers and clients
  • 17. PROTECTING INTERNET COMMUNICATIONS: ENCRYPTION Encryption: – Process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver • Purpose: – Secure stored information and information transmission • Provides: – Message integrity – Nonrepudiation – Authentication – Confidentiality