SlideShare a Scribd company logo
1 of 29
Amity School of Business

          Jitendra Tomar

                 09650512300
   jitendratomar@hotmail.com
jitendratomar@rediffmail.com




                     Orator
Amity School of Business




• Part 6:


            SeCuRiTy ThReAtS WiTh
                E-CoMmErCe
Amity School of Business




• Security In Cyberspace
Amity School of Business

• The electronic system that supports e-commerce                         is
  susceptible to abuse and failure in many ways:
   • Fraud
    The act that results in direct financial loss.
    Funds might be transferred from one account to another, or
       financial records might simply be destroyed.
 
    • Theft
    Theft of confidential, proprietary, technological, or marketing
       information belonging to the firm or to the customer.
    An intruder may disclose such information to a third party, resulting
      in damage to the key customer, a client, or the firm itself.




                                            Security in Cyberspace
Amity School of Business

• The electronic system that supports e-commerce                     is
  susceptible to abuse and failure in many ways:
   • Disruption of service
  It may result in major losses of the business or inconvenience to the
      customer.


  • Illegal intrusion in customer data
  The act leads to loss of customer confidence stemming from illegal
     intrusions into customer files or company business, dishonesty,
     human mistakes, or network failures.




                                      Security in Cyberspace
Amity School of Business




• Nature of Cyber Business
Amity School of Business

Why the Business on Internet is Different?
• The nature of E-Commerce and Bricks & Mortar Models of
  doing business is quite different.
   • The difference in the physical payment systems
     (electronic money and real money)
   • Practical and legal differences exist between traditional
     store (paper based commerce) and computer based
     commerce.
   • 24x7x365 availability of electronic medium compared to
     limited time processing at physical business house.
   • Electronic business works on the concept of anyone,
     anywhere, anytime which is quite different from the
     business culture of physical houses.


                                      Online Business Nature
Amity School of Business

Why the Business on Internet is Different?

  Paper-Based Commerce                     Electronic Commerce

  •Signed paper document.           •Digital Signature.
  •Physical Interaction.            •Electronic Via Website.
  •Physical payment system.         •Electronic Payment System.
  •Merchant & customer are face •No Face to Face contact.
  to face.                       •Detection is difficult.
  •Easy        detection      of •Negotiable       documents        require
  modifications.                 special security.
  •Easy      negotiability     of
  documents.




                                         Online Business Nature
Amity School of Business




• Conceptualizing Security
Amity School of Business

Security Concerns
• The nature of E-Commerce and Bricks & Mortar Models of
  doing business is quite different.
   • The difference in the physical payment systems
     (electronic money and real money)
• The first issue in security is identifying the principals. They are
  the people, processes, machines, and keys that transact
  (send, receive, access, update, delete) information via
  databases, computers, and networks.
 
• Security concerns generally involve the following issues:
   • Confidentiality
    Knowing who can read data and ensuring that information in the
      network remains private. This is done via encryption

                                   Conceptualizing Security
Amity School of Business

Security Concerns
   • Authentication
   Making sure that message senders or principals are who they say
     they are.
   • Integrity
   Making sure that information is not accidentally or maliciously
     altered or corrupted in transit.
   • Access Control
   Restricting the use of a resource to authorized principals.
   • Non-repudiation
   Ensuring that principals cannot deny that they sent the message
   • Firewalls
   A filter between corporate networks and the Internet to secure
      corporate information and files from intruders, but that allows
      access to authorized principals.
                                      Conceptualizing Security
Amity School of Business

The Privacy Factor
• In the absence of regulatory protection experts urge privacy-
  sensitive surfers to take basic steps to protect their privacy
  while online.
   • Send e-mail through remailers.
   • Improve security through Web browsers.
   • Use a secondary free e-mail service to prevent your main
      business e-mail account.
   • Stay away from filling out any form or questionnaire online.
   • Use a privacy application/software/utility to give your files
      or PC contents some privacy.
   • Install a firewall program to protect your computer from
      hackers.


                                  Conceptualizing Security
Amity School of Business

The Woes of a Password
• One can see that there is no silver bullet solution to user
  authentication. There are ideas, however, to improve security
  systems:
   • Limit the number of times a password can be repeated in
      accessing a sensitive system
   • Train employees, customers, and the general public in
      more advanced methods like biometrics, PKE, and smart
      cards and be prepared to use such technology when it
      becomes available.
   • Ensure that systems designers and systems analysts are
      well versed in security issues and security procedures as
      part of every future application.
   • Review and evaluate the strength of the current password
      schemes used by customers and employees alike.
                                Conceptualizing Security
Amity School of Business

The Ph-ear of Phishing
• Phishing is a relatively recent phenomenon, having appeared
  within the past few years. It is becoming an effective tool with
  online criminals.
 
• Phishing has several characteristics:
   • Trojan horses are installed on vulnerable machines to
      gather data.
   • They “harvest” user names and passwords to distribute to
      attackers.
   • Users’ PCs are compromised without their knowledge.
   • Software vulnerabilities force PCs to download code.


                                  Conceptualizing Security
Amity School of Business

Identity Theft
• Victims of ID theft have been known to find no quick fix to
  clearing their names. Nearly one third said they have been
  unable to repair their wrecked credit or restore their identities
  to good standing a year after their personal information was
  stolen.
• Here are some basic guidelines for the users to protect
  themselves from identity theft:
   • Protect your identification no/SSN no/ Licence No/ by
     supplying it when absolutely necessary.
   • Check your credit reports as least once a year. Check
     your statements for unexplained charges or unusual
     withdrawals from your bank accounts.


                                  Conceptualizing Security
Amity School of Business

Identity Theft
   • Be careful whom you talk to on the telephone –
       telemarketers, ISP employees, or even members of
       government agencies could all be disguised criminals.
   • Use shredders to get rid of your statements of receipts.
       When using ATMs, never leave your receipts behind.
   • Use strong passwords. Don’t use the information related
       about you and could be guessed easily, like telephone
       no, vehicle registration, own name, close relative name,
       house no, and the like.
   • Remove your mail from your mailbox promptly. Use offline
       applications like outlook.
 




• Also make sure, in case of any theft of your personal
  information, file a report with local police and keep a copy for
  dealing with creditors later.
                                  Conceptualizing Security
Amity School of Business




• Designing the Security
Amity School of Business

Designing Security
• Hacking, net-spionage, cracking viruses, global worms,
  employees with malicious intent, cyber terrorism, internal theft
  – these are just some of the security challenges today’s
  organizations face.
• Hackers and malicious code writers are automating the
  Internet Shell that ensures they stay one step ahead of the
  laws and security officers. Technology without strategy can
  actually leave the organization more vulnerable.
• For information security design, the key question is: How do
  you know that the design will be secure? The answer lies in an
  effective design that should be part of the business-to-
  consumer installations from the beginning. Adding security
  mechanisms as an afterthought can be costly and
  ineffective. The design process begins with a chief security
  officer and involves five major steps:  Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
   • Accessing the security needs of the firm
   The chief security officer should be able to pinpoint the security
      breaches that threaten the company’s business and how well
      the company is in compliance with various laws and regulations.
   It is prudent to look for security vulnerability before it is too late. The
        cheapest and most effective way to fix problems is while they
        are in development.
   A system assessment life cycle begins with development of a new
      system using security best practices. Then the system should be
      tested to detect unforeseen security flaws before it is released for
      implementation. Finally, a running system should be monitored
      and maintained at all times.

                                                   Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
   • Adopt a security policy that makes sense.
   Security policies should cover the entire e-commerce system
      including the merchant’s LAN, H/W, S/W, firewalls, protocols,
      standards, databases, and the staff directly involved in the e-
      commerce process.
   The policies should spell out Internet security practices, the nature
      and level of risks, the level of protection, and the procedure to
      follow to react to threats and recover from failure.
   Above all, policies must have the blessing of top management if
     they are to have a chance of succeeding.




                                               Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
   • Considering Web Security Needs.
   Here the companies lists top vulnerabilities and take a close look at
      critical applications to decide risk levels.
   The amount of security a Web merchant needs depends on the
      sensitivity of its data and the demand for it. If the site collects
      credit card numbers for access, the company would require the
      highest security possible for Web server, the network, and the
      Website.
   The company also consult a security consultant to see what options
      are available and how to put them to good use.




                                               Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
   • Design the security environment.
   The design begins with sketching out the stepping stones – the
      sequence and parameters in the security network based on the
      security policy and requirements of the e-commerce system.
   Physical security design looks at PCs, LAN, OS, Firewalls, Security
      Protocols, other Network Infrastructure, Physical location and
      layout, Bandwidth, Security Protocols of the ISP, and the
      communication medium that connect the merchant to the ISP.
   How much security goes into a system depends on how much risk
     the company is willing to take, the security policy it is willing to
     adopt, and the present state of security practices in the
     workplace.

                                               Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
      This phase generally deals with designing of Security Perimeter
      that generally includes firewalls, authentication, VPNs, and
      intrusion detection devices. Installing such software and devices
      is part of physical design. The challenge is to police the entire
      perimeter.
      •Authorize and Monitor the Security System.
      Only authorized users are allowed access to the e-commerce
      site and other IT systems. This involves installing a system that
      generates authorization to different users to handle different jobs.
      Most companies adopt a policy that denies access to all except
      those who are explicitly allowed. This policy, along with good
      security design, should keep a site reasonably secure.


                                                Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
      Monitoring means capturing processing details for evidence,
      verifying that e-commerce is operating within the security policy,
      and verifying that attacks have been unsuccessful.
      •Raise Awareness of Possible Intrusions.
      With today’s firms relying more and more on the Internet, they
      face an ever-growing spectrum of threats, which means an
      increase in protection against cyber-risks.
      This is noticed that the risks are more not because there is breach
      in security policy of a company, but more because of improper
      use of the internet technologies. Users should be made aware of
      the potential risk factors and how to elope from them with simple
      but cautious use of Internet Technologies.

                                               Designing Security
Amity School of Business

How Much Risk Can One Afford
• The top officials of the company generally ask two questions
  regarding their company’s security and how it relates to e-
  commerce
   • How secure we are?
   • How much will it cost to secure our e-system?
 
• Few other questions arise as well:
   • How secure do we need to be?
   • What are we doing to monitor and improve security?
   • What monitors do we have that tell us whether we have
     been hit and how hard?



                                     Security Risk Analysis
Amity School of Business

How Much Risk Can One Afford
• The level of security can be determined by the specific
  threats inherent in the system’s design. The way of addressing
  the risk factor is to estimate the pain threshold a company
  and the attacker are willing to tolerate.


• In this case, the network administrator needs to know what is
  being protected, its value to the company, and its value to
  outsiders. The statements “when you have nothing, you have
  nothing to lose” and “there is not much that they can steal”
  do not apply in network and Internet security. The goal of
  security strategies, methods, and procedures is to raise the
  threshold of pain an attacker must endure to access and
  cause damage to a system.

                                      Security Risk Analysis
Amity School of Business

Thefts and Underground Economy
• Organized electronic crime and work-writing activity has been
  surging in the open, with nothing to slow it down. It is powering
  an underground economy specializing in ID theft and spam.
  Signs of the underground economy include:
   • Credit card databases bought and sold.
   • Hacked servers bought and sold.
   • Distributed Denial-of-Service attack networks bought and
      sold.
   • Machines infected with viruses, then turned into proxies or
      attack networks.




                                             Thefts & Economy
Amity School of Business

Kinds of Theft or Crime
• Before promoting security, one must know what they are
  trying to prevent. Web merchants must consider three kinds of
  threats or crimes.
   • Those that are physically related:
   A hacker might attempt to steal or damage inventory. Other
     examples include credit card records, stolen computer hardware
     or software, and sheer vandalism. An attacker, often by guessing
     passwords, might succeed in gaining access to another user’s
     account. The attacker might even be capable of drumming up
     unauthorized features such as discount coupons or specials in an
     effort to get merchandise free of charge.




                                             Designing Security
Amity School of Business

Kinds of Theft or Crime
    • Those that are order related:
    A customer might attempt to use an invalid or a stolen credit card
       or claim no merchandise was received on a good credit card.
       Children might use their parents’ credit card without permission.
       Insiders can do a lot to infect an order because they have
       access to sensitive systems and information. All it takes is a
       disgruntled or greedy employee to disrupt or divert an order to
       his or her advantage.
 
    • Those that are electronically related:
    A hacker might try to sniff e-mail information or attempt to steal
      credit card numbers and use them illegally at a later stage.




                                               Designing Security

More Related Content

What's hot

Electronic payment System
Electronic payment SystemElectronic payment System
Electronic payment SystemMohammad Waqas
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
E business applications
E business applicationsE business applications
E business applicationsRaj vardhan
 
1. introduction e business management
1. introduction e business management1. introduction e business management
1. introduction e business managementJitendra Tomar
 
Power point presentation e commerce
Power point presentation e commercePower point presentation e commerce
Power point presentation e commerceCustomEssayOrder
 
Electronic clearing service (ecs)
Electronic clearing service (ecs)Electronic clearing service (ecs)
Electronic clearing service (ecs)kumawatji
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and developmentAnubha Rastogi
 
Advantages and disadvantages of e commerce
Advantages and disadvantages of e commerceAdvantages and disadvantages of e commerce
Advantages and disadvantages of e commerceShubha Sharma
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 

What's hot (20)

Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
E payment
E paymentE payment
E payment
 
Electronic payment System
Electronic payment SystemElectronic payment System
Electronic payment System
 
e-Commerce the future
e-Commerce the futuree-Commerce the future
e-Commerce the future
 
E commerce
E commerceE commerce
E commerce
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
 
E banking & security concern
E banking & security concernE banking & security concern
E banking & security concern
 
E business
E businessE business
E business
 
E-Commerce PPT
E-Commerce PPTE-Commerce PPT
E-Commerce PPT
 
E business applications
E business applicationsE business applications
E business applications
 
E commerce impacts
E commerce impactsE commerce impacts
E commerce impacts
 
1. introduction e business management
1. introduction e business management1. introduction e business management
1. introduction e business management
 
E business & e-commerce
E business & e-commerceE business & e-commerce
E business & e-commerce
 
E banking
E bankingE banking
E banking
 
Power point presentation e commerce
Power point presentation e commercePower point presentation e commerce
Power point presentation e commerce
 
Electronic clearing service (ecs)
Electronic clearing service (ecs)Electronic clearing service (ecs)
Electronic clearing service (ecs)
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and development
 
Advantages and disadvantages of e commerce
Advantages and disadvantages of e commerceAdvantages and disadvantages of e commerce
Advantages and disadvantages of e commerce
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
 

Viewers also liked

E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic CommerceDarlene Enderez
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesInderjeet Singh
 

Viewers also liked (6)

E commerce security
E commerce securityE commerce security
E commerce security
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
 
E commerce
E commerceE commerce
E commerce
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and Challenges
 
Cryptography
CryptographyCryptography
Cryptography
 
E commerce ppt
E commerce pptE commerce ppt
E commerce ppt
 

Similar to 6. Security Threats with E-Commerce

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeNet at Work
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Introduction to E commerce
Introduction to E commerceIntroduction to E commerce
Introduction to E commerceHimanshu Pathak
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationNick Chandi
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraudRadiant Minds
 
E commerce security
E commerce securityE commerce security
E commerce securityRoha1234567
 
Phishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxPhishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxStephen Jesukanth Martin
 
What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?Entrance Exam Info
 
IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW 2000: Trusted e-Commerce: What Does it Mean?IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW 2000: Trusted e-Commerce: What Does it Mean?IWMW
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxKevinRiley83
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerZitaAdlTrk
 
How To Prevent Cyber crime|E-Commerce
How To Prevent Cyber crime|E-Commerce How To Prevent Cyber crime|E-Commerce
How To Prevent Cyber crime|E-Commerce Chargeback Expertz
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techiesBrenton Johnson
 

Similar to 6. Security Threats with E-Commerce (20)

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
E-commerce.pptx
E-commerce.pptxE-commerce.pptx
E-commerce.pptx
 
Introduction to E commerce
Introduction to E commerceIntroduction to E commerce
Introduction to E commerce
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigation
 
E commerce(report)
E commerce(report)E commerce(report)
E commerce(report)
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Phishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxPhishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptx
 
What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?
 
IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW 2000: Trusted e-Commerce: What Does it Mean?IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW 2000: Trusted e-Commerce: What Does it Mean?
 
Data security
Data securityData security
Data security
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 
How To Prevent Cyber crime|E-Commerce
How To Prevent Cyber crime|E-Commerce How To Prevent Cyber crime|E-Commerce
How To Prevent Cyber crime|E-Commerce
 
Computer and internet fraud
Computer and internet fraudComputer and internet fraud
Computer and internet fraud
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techies
 

More from Jitendra Tomar

Industrial IIOT and Physical Internet
Industrial IIOT and Physical InternetIndustrial IIOT and Physical Internet
Industrial IIOT and Physical InternetJitendra Tomar
 
Artificial Intelligence and Internet of Things.pptx
Artificial Intelligence and Internet of Things.pptxArtificial Intelligence and Internet of Things.pptx
Artificial Intelligence and Internet of Things.pptxJitendra Tomar
 
AI, Business Intelligence and MIS
AI, Business Intelligence and MISAI, Business Intelligence and MIS
AI, Business Intelligence and MISJitendra Tomar
 
Reshaping Business with Artificial Intelligence
Reshaping Business with Artificial IntelligenceReshaping Business with Artificial Intelligence
Reshaping Business with Artificial IntelligenceJitendra Tomar
 
Redefining Management using AI
Redefining Management using AIRedefining Management using AI
Redefining Management using AIJitendra Tomar
 
AI - Rise of Big Data in Business Planning
AI - Rise of Big Data in Business PlanningAI - Rise of Big Data in Business Planning
AI - Rise of Big Data in Business PlanningJitendra Tomar
 
AI in economics and business management.
AI in economics and business management.AI in economics and business management.
AI in economics and business management.Jitendra Tomar
 
4. Internet of Things - Reference Model and Architecture
4. Internet of Things - Reference Model and Architecture4. Internet of Things - Reference Model and Architecture
4. Internet of Things - Reference Model and ArchitectureJitendra Tomar
 
3. M2M and IoT - Technology Fundamentals
3. M2M and IoT - Technology Fundamentals3. M2M and IoT - Technology Fundamentals
3. M2M and IoT - Technology FundamentalsJitendra Tomar
 
2. Internet of Things - A Market Perspective
2. Internet of Things - A Market Perspective2. Internet of Things - A Market Perspective
2. Internet of Things - A Market PerspectiveJitendra Tomar
 
1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoTJitendra Tomar
 
Module 3: Code of Ethics
Module 3: Code of EthicsModule 3: Code of Ethics
Module 3: Code of EthicsJitendra Tomar
 
PFE5.2 Research Ethics and Academic Integrity - Publication Ethics
PFE5.2 Research Ethics and Academic Integrity - Publication EthicsPFE5.2 Research Ethics and Academic Integrity - Publication Ethics
PFE5.2 Research Ethics and Academic Integrity - Publication EthicsJitendra Tomar
 
PFE5.1 Research Ethics and Academic Integrity - Research Ethics
PFE5.1 Research Ethics and Academic Integrity - Research EthicsPFE5.1 Research Ethics and Academic Integrity - Research Ethics
PFE5.1 Research Ethics and Academic Integrity - Research EthicsJitendra Tomar
 
PFE4.4 Global Issues - Sustainable Development Goals
PFE4.4 Global Issues - Sustainable Development GoalsPFE4.4 Global Issues - Sustainable Development Goals
PFE4.4 Global Issues - Sustainable Development GoalsJitendra Tomar
 
PFE4.3 Global Issues - Environmental Ethics
PFE4.3 Global Issues - Environmental EthicsPFE4.3 Global Issues - Environmental Ethics
PFE4.3 Global Issues - Environmental EthicsJitendra Tomar
 
PFE4.2 Global Issues - Business Ethics and Corporate Governance
PFE4.2 Global Issues - Business Ethics and Corporate GovernancePFE4.2 Global Issues - Business Ethics and Corporate Governance
PFE4.2 Global Issues - Business Ethics and Corporate GovernanceJitendra Tomar
 
PFE4.1 Global Issues - Globalization of MNCs
PFE4.1 Global Issues - Globalization of MNCsPFE4.1 Global Issues - Globalization of MNCs
PFE4.1 Global Issues - Globalization of MNCsJitendra Tomar
 
PFE3.5 Ethical Considerations - Employee Grievance
PFE3.5 Ethical Considerations - Employee GrievancePFE3.5 Ethical Considerations - Employee Grievance
PFE3.5 Ethical Considerations - Employee GrievanceJitendra Tomar
 
PFE3.4 Ethical Considerations - Working with Minors
PFE3.4 Ethical Considerations - Working with MinorsPFE3.4 Ethical Considerations - Working with Minors
PFE3.4 Ethical Considerations - Working with MinorsJitendra Tomar
 

More from Jitendra Tomar (20)

Industrial IIOT and Physical Internet
Industrial IIOT and Physical InternetIndustrial IIOT and Physical Internet
Industrial IIOT and Physical Internet
 
Artificial Intelligence and Internet of Things.pptx
Artificial Intelligence and Internet of Things.pptxArtificial Intelligence and Internet of Things.pptx
Artificial Intelligence and Internet of Things.pptx
 
AI, Business Intelligence and MIS
AI, Business Intelligence and MISAI, Business Intelligence and MIS
AI, Business Intelligence and MIS
 
Reshaping Business with Artificial Intelligence
Reshaping Business with Artificial IntelligenceReshaping Business with Artificial Intelligence
Reshaping Business with Artificial Intelligence
 
Redefining Management using AI
Redefining Management using AIRedefining Management using AI
Redefining Management using AI
 
AI - Rise of Big Data in Business Planning
AI - Rise of Big Data in Business PlanningAI - Rise of Big Data in Business Planning
AI - Rise of Big Data in Business Planning
 
AI in economics and business management.
AI in economics and business management.AI in economics and business management.
AI in economics and business management.
 
4. Internet of Things - Reference Model and Architecture
4. Internet of Things - Reference Model and Architecture4. Internet of Things - Reference Model and Architecture
4. Internet of Things - Reference Model and Architecture
 
3. M2M and IoT - Technology Fundamentals
3. M2M and IoT - Technology Fundamentals3. M2M and IoT - Technology Fundamentals
3. M2M and IoT - Technology Fundamentals
 
2. Internet of Things - A Market Perspective
2. Internet of Things - A Market Perspective2. Internet of Things - A Market Perspective
2. Internet of Things - A Market Perspective
 
1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT
 
Module 3: Code of Ethics
Module 3: Code of EthicsModule 3: Code of Ethics
Module 3: Code of Ethics
 
PFE5.2 Research Ethics and Academic Integrity - Publication Ethics
PFE5.2 Research Ethics and Academic Integrity - Publication EthicsPFE5.2 Research Ethics and Academic Integrity - Publication Ethics
PFE5.2 Research Ethics and Academic Integrity - Publication Ethics
 
PFE5.1 Research Ethics and Academic Integrity - Research Ethics
PFE5.1 Research Ethics and Academic Integrity - Research EthicsPFE5.1 Research Ethics and Academic Integrity - Research Ethics
PFE5.1 Research Ethics and Academic Integrity - Research Ethics
 
PFE4.4 Global Issues - Sustainable Development Goals
PFE4.4 Global Issues - Sustainable Development GoalsPFE4.4 Global Issues - Sustainable Development Goals
PFE4.4 Global Issues - Sustainable Development Goals
 
PFE4.3 Global Issues - Environmental Ethics
PFE4.3 Global Issues - Environmental EthicsPFE4.3 Global Issues - Environmental Ethics
PFE4.3 Global Issues - Environmental Ethics
 
PFE4.2 Global Issues - Business Ethics and Corporate Governance
PFE4.2 Global Issues - Business Ethics and Corporate GovernancePFE4.2 Global Issues - Business Ethics and Corporate Governance
PFE4.2 Global Issues - Business Ethics and Corporate Governance
 
PFE4.1 Global Issues - Globalization of MNCs
PFE4.1 Global Issues - Globalization of MNCsPFE4.1 Global Issues - Globalization of MNCs
PFE4.1 Global Issues - Globalization of MNCs
 
PFE3.5 Ethical Considerations - Employee Grievance
PFE3.5 Ethical Considerations - Employee GrievancePFE3.5 Ethical Considerations - Employee Grievance
PFE3.5 Ethical Considerations - Employee Grievance
 
PFE3.4 Ethical Considerations - Working with Minors
PFE3.4 Ethical Considerations - Working with MinorsPFE3.4 Ethical Considerations - Working with Minors
PFE3.4 Ethical Considerations - Working with Minors
 

Recently uploaded

Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Developmentchesterberbo7
 
Mental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young mindsMental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young mindsPooky Knightsmith
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptxmary850239
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
IPCRF/RPMS 2024 Classroom Observation tool is your access to the new performa...
IPCRF/RPMS 2024 Classroom Observation tool is your access to the new performa...IPCRF/RPMS 2024 Classroom Observation tool is your access to the new performa...
IPCRF/RPMS 2024 Classroom Observation tool is your access to the new performa...MerlizValdezGeronimo
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 

Recently uploaded (20)

Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
 
Mental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young mindsMental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young minds
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
IPCRF/RPMS 2024 Classroom Observation tool is your access to the new performa...
IPCRF/RPMS 2024 Classroom Observation tool is your access to the new performa...IPCRF/RPMS 2024 Classroom Observation tool is your access to the new performa...
IPCRF/RPMS 2024 Classroom Observation tool is your access to the new performa...
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 

6. Security Threats with E-Commerce

  • 1. Amity School of Business Jitendra Tomar 09650512300 jitendratomar@hotmail.com jitendratomar@rediffmail.com Orator
  • 2. Amity School of Business • Part 6: SeCuRiTy ThReAtS WiTh E-CoMmErCe
  • 3. Amity School of Business • Security In Cyberspace
  • 4. Amity School of Business • The electronic system that supports e-commerce is susceptible to abuse and failure in many ways: • Fraud The act that results in direct financial loss. Funds might be transferred from one account to another, or financial records might simply be destroyed.   • Theft Theft of confidential, proprietary, technological, or marketing information belonging to the firm or to the customer. An intruder may disclose such information to a third party, resulting in damage to the key customer, a client, or the firm itself. Security in Cyberspace
  • 5. Amity School of Business • The electronic system that supports e-commerce is susceptible to abuse and failure in many ways: • Disruption of service It may result in major losses of the business or inconvenience to the customer. • Illegal intrusion in customer data The act leads to loss of customer confidence stemming from illegal intrusions into customer files or company business, dishonesty, human mistakes, or network failures. Security in Cyberspace
  • 6. Amity School of Business • Nature of Cyber Business
  • 7. Amity School of Business Why the Business on Internet is Different? • The nature of E-Commerce and Bricks & Mortar Models of doing business is quite different. • The difference in the physical payment systems (electronic money and real money) • Practical and legal differences exist between traditional store (paper based commerce) and computer based commerce. • 24x7x365 availability of electronic medium compared to limited time processing at physical business house. • Electronic business works on the concept of anyone, anywhere, anytime which is quite different from the business culture of physical houses. Online Business Nature
  • 8. Amity School of Business Why the Business on Internet is Different? Paper-Based Commerce Electronic Commerce •Signed paper document. •Digital Signature. •Physical Interaction. •Electronic Via Website. •Physical payment system. •Electronic Payment System. •Merchant & customer are face •No Face to Face contact. to face. •Detection is difficult. •Easy detection of •Negotiable documents require modifications. special security. •Easy negotiability of documents. Online Business Nature
  • 9. Amity School of Business • Conceptualizing Security
  • 10. Amity School of Business Security Concerns • The nature of E-Commerce and Bricks & Mortar Models of doing business is quite different. • The difference in the physical payment systems (electronic money and real money) • The first issue in security is identifying the principals. They are the people, processes, machines, and keys that transact (send, receive, access, update, delete) information via databases, computers, and networks.   • Security concerns generally involve the following issues: • Confidentiality Knowing who can read data and ensuring that information in the network remains private. This is done via encryption Conceptualizing Security
  • 11. Amity School of Business Security Concerns • Authentication Making sure that message senders or principals are who they say they are. • Integrity Making sure that information is not accidentally or maliciously altered or corrupted in transit. • Access Control Restricting the use of a resource to authorized principals. • Non-repudiation Ensuring that principals cannot deny that they sent the message • Firewalls A filter between corporate networks and the Internet to secure corporate information and files from intruders, but that allows access to authorized principals. Conceptualizing Security
  • 12. Amity School of Business The Privacy Factor • In the absence of regulatory protection experts urge privacy- sensitive surfers to take basic steps to protect their privacy while online. • Send e-mail through remailers. • Improve security through Web browsers. • Use a secondary free e-mail service to prevent your main business e-mail account. • Stay away from filling out any form or questionnaire online. • Use a privacy application/software/utility to give your files or PC contents some privacy. • Install a firewall program to protect your computer from hackers. Conceptualizing Security
  • 13. Amity School of Business The Woes of a Password • One can see that there is no silver bullet solution to user authentication. There are ideas, however, to improve security systems: • Limit the number of times a password can be repeated in accessing a sensitive system • Train employees, customers, and the general public in more advanced methods like biometrics, PKE, and smart cards and be prepared to use such technology when it becomes available. • Ensure that systems designers and systems analysts are well versed in security issues and security procedures as part of every future application. • Review and evaluate the strength of the current password schemes used by customers and employees alike. Conceptualizing Security
  • 14. Amity School of Business The Ph-ear of Phishing • Phishing is a relatively recent phenomenon, having appeared within the past few years. It is becoming an effective tool with online criminals.   • Phishing has several characteristics: • Trojan horses are installed on vulnerable machines to gather data. • They “harvest” user names and passwords to distribute to attackers. • Users’ PCs are compromised without their knowledge. • Software vulnerabilities force PCs to download code. Conceptualizing Security
  • 15. Amity School of Business Identity Theft • Victims of ID theft have been known to find no quick fix to clearing their names. Nearly one third said they have been unable to repair their wrecked credit or restore their identities to good standing a year after their personal information was stolen. • Here are some basic guidelines for the users to protect themselves from identity theft: • Protect your identification no/SSN no/ Licence No/ by supplying it when absolutely necessary. • Check your credit reports as least once a year. Check your statements for unexplained charges or unusual withdrawals from your bank accounts. Conceptualizing Security
  • 16. Amity School of Business Identity Theft • Be careful whom you talk to on the telephone – telemarketers, ISP employees, or even members of government agencies could all be disguised criminals. • Use shredders to get rid of your statements of receipts. When using ATMs, never leave your receipts behind. • Use strong passwords. Don’t use the information related about you and could be guessed easily, like telephone no, vehicle registration, own name, close relative name, house no, and the like. • Remove your mail from your mailbox promptly. Use offline applications like outlook.   • Also make sure, in case of any theft of your personal information, file a report with local police and keep a copy for dealing with creditors later. Conceptualizing Security
  • 17. Amity School of Business • Designing the Security
  • 18. Amity School of Business Designing Security • Hacking, net-spionage, cracking viruses, global worms, employees with malicious intent, cyber terrorism, internal theft – these are just some of the security challenges today’s organizations face. • Hackers and malicious code writers are automating the Internet Shell that ensures they stay one step ahead of the laws and security officers. Technology without strategy can actually leave the organization more vulnerable. • For information security design, the key question is: How do you know that the design will be secure? The answer lies in an effective design that should be part of the business-to- consumer installations from the beginning. Adding security mechanisms as an afterthought can be costly and ineffective. The design process begins with a chief security officer and involves five major steps: Designing Security
  • 19. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: • Accessing the security needs of the firm The chief security officer should be able to pinpoint the security breaches that threaten the company’s business and how well the company is in compliance with various laws and regulations. It is prudent to look for security vulnerability before it is too late. The cheapest and most effective way to fix problems is while they are in development. A system assessment life cycle begins with development of a new system using security best practices. Then the system should be tested to detect unforeseen security flaws before it is released for implementation. Finally, a running system should be monitored and maintained at all times. Designing Security
  • 20. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: • Adopt a security policy that makes sense. Security policies should cover the entire e-commerce system including the merchant’s LAN, H/W, S/W, firewalls, protocols, standards, databases, and the staff directly involved in the e- commerce process. The policies should spell out Internet security practices, the nature and level of risks, the level of protection, and the procedure to follow to react to threats and recover from failure. Above all, policies must have the blessing of top management if they are to have a chance of succeeding. Designing Security
  • 21. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: • Considering Web Security Needs. Here the companies lists top vulnerabilities and take a close look at critical applications to decide risk levels. The amount of security a Web merchant needs depends on the sensitivity of its data and the demand for it. If the site collects credit card numbers for access, the company would require the highest security possible for Web server, the network, and the Website. The company also consult a security consultant to see what options are available and how to put them to good use. Designing Security
  • 22. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: • Design the security environment. The design begins with sketching out the stepping stones – the sequence and parameters in the security network based on the security policy and requirements of the e-commerce system. Physical security design looks at PCs, LAN, OS, Firewalls, Security Protocols, other Network Infrastructure, Physical location and layout, Bandwidth, Security Protocols of the ISP, and the communication medium that connect the merchant to the ISP. How much security goes into a system depends on how much risk the company is willing to take, the security policy it is willing to adopt, and the present state of security practices in the workplace. Designing Security
  • 23. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: This phase generally deals with designing of Security Perimeter that generally includes firewalls, authentication, VPNs, and intrusion detection devices. Installing such software and devices is part of physical design. The challenge is to police the entire perimeter. •Authorize and Monitor the Security System. Only authorized users are allowed access to the e-commerce site and other IT systems. This involves installing a system that generates authorization to different users to handle different jobs. Most companies adopt a policy that denies access to all except those who are explicitly allowed. This policy, along with good security design, should keep a site reasonably secure. Designing Security
  • 24. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: Monitoring means capturing processing details for evidence, verifying that e-commerce is operating within the security policy, and verifying that attacks have been unsuccessful. •Raise Awareness of Possible Intrusions. With today’s firms relying more and more on the Internet, they face an ever-growing spectrum of threats, which means an increase in protection against cyber-risks. This is noticed that the risks are more not because there is breach in security policy of a company, but more because of improper use of the internet technologies. Users should be made aware of the potential risk factors and how to elope from them with simple but cautious use of Internet Technologies. Designing Security
  • 25. Amity School of Business How Much Risk Can One Afford • The top officials of the company generally ask two questions regarding their company’s security and how it relates to e- commerce • How secure we are? • How much will it cost to secure our e-system?   • Few other questions arise as well: • How secure do we need to be? • What are we doing to monitor and improve security? • What monitors do we have that tell us whether we have been hit and how hard? Security Risk Analysis
  • 26. Amity School of Business How Much Risk Can One Afford • The level of security can be determined by the specific threats inherent in the system’s design. The way of addressing the risk factor is to estimate the pain threshold a company and the attacker are willing to tolerate. • In this case, the network administrator needs to know what is being protected, its value to the company, and its value to outsiders. The statements “when you have nothing, you have nothing to lose” and “there is not much that they can steal” do not apply in network and Internet security. The goal of security strategies, methods, and procedures is to raise the threshold of pain an attacker must endure to access and cause damage to a system. Security Risk Analysis
  • 27. Amity School of Business Thefts and Underground Economy • Organized electronic crime and work-writing activity has been surging in the open, with nothing to slow it down. It is powering an underground economy specializing in ID theft and spam. Signs of the underground economy include: • Credit card databases bought and sold. • Hacked servers bought and sold. • Distributed Denial-of-Service attack networks bought and sold. • Machines infected with viruses, then turned into proxies or attack networks. Thefts & Economy
  • 28. Amity School of Business Kinds of Theft or Crime • Before promoting security, one must know what they are trying to prevent. Web merchants must consider three kinds of threats or crimes. • Those that are physically related: A hacker might attempt to steal or damage inventory. Other examples include credit card records, stolen computer hardware or software, and sheer vandalism. An attacker, often by guessing passwords, might succeed in gaining access to another user’s account. The attacker might even be capable of drumming up unauthorized features such as discount coupons or specials in an effort to get merchandise free of charge. Designing Security
  • 29. Amity School of Business Kinds of Theft or Crime • Those that are order related: A customer might attempt to use an invalid or a stolen credit card or claim no merchandise was received on a good credit card. Children might use their parents’ credit card without permission. Insiders can do a lot to infect an order because they have access to sensitive systems and information. All it takes is a disgruntled or greedy employee to disrupt or divert an order to his or her advantage.   • Those that are electronically related: A hacker might try to sniff e-mail information or attempt to steal credit card numbers and use them illegally at a later stage. Designing Security