2. Classifications of Security Control:
Controls to protect client computer.
Controls to protect e-commerce channel.
Controls to protect e-commerce server.
Other controls.
3. Controls to protect Client Computers.
• It is necessary to protect client computer in
order to develop trust among customers and
to maintain business continuity.
• Primarily there are 3 objectives of control
for protecting client computer:
i. Virus Control
ii. Integrity Control
iii. Control for surfing illegitimate web-site
4. Virus Control :
• Virus is a destructive program which disrupts the normal
functioning of computer systems. The virus may erase/corrupt
files.
• Virus spreads because every time an infected program is
executed, it tries to infect other programs.
• The Leakage of Privacy/personal information of
customers/business firm from client computers of big business
companies may result to loss of business.
• In order to detect and eliminate virus on client computer anti
virus software must be installed.
5. Integrity & Illegitimate web-site
control:
Client computer needs to be protected against possible
threat of violation of integrity of information by checking
the sum operations that can be performed on
downloaded files from a vendor.
Client computers should also be protected against the
threats originating from illegitimate website in order to
control authenticity of the user.
The uniqueness of the user can be found by Digital ID
that verifies that a user of website is that who they claim
to be.
6. Controls to protect E-Commerce
Channel:
Attackers gain access to a computer system by
way of insecure communication channel such as
intranets, extranets or the internet.
Providing security to commerce channel means
ensuring :-
Privacy of the transaction information.
Guaranteeing message integrity and ensuring
channel availability.
7. Privacy of the transaction
information :
Encryption of the Transaction Information
before communicating it to make it
unintelligible to all but the intended
recipient makes it secured.
Encryption employs mathematical
formulas called cryptographic algorithms or
ciphers and numbers called keys to encrypt
or decrypt information.
8. Integrity Of Transactional Information
o Integrity Violation : The Process in which if the Internet
interloper alters any of the order information in transmission,
there can be harmful consequences which occurs whenever a
message is altered while in transit between sender and receiver.
o The Authenticity of Digital Signature in Business provides
uniqueness and positive identification of the sender assures the
merchant that the message was not altered.
o This method of encryption & decryption through
public/private key also reduces the risk of threat and cyber
crimes.