Aladdin Dandis Speak 2011

1. AladdinT. Dandis
Jordan eGov Program

2.  Trust
 Security
 Confidentiality
 Integrity
 Availability
 Authentication
 Non-Repudiation
 Privacy
 Transparency
2AladdinT. Danids - E-Transactions Forum - Amman 2011

3.  E-Healthcare
 E-Learning
 E-Commerce
 E-Business
 E-Government
 E-Banking
 E-Procurement
 E-Voting
3AladdinT. Danids - E-Transactions Forum - Amman 2011

4.  Timing:
 Real-time
 Non-real-time
 Infrastructure
 Internet
 Mobile
4AladdinT. Danids - E-Transactions Forum - Amman 2011

5.  Client-Server
 E-Commerce
 Peer-to-Peer
 EDI
5AladdinT. Danids - E-Transactions Forum - Amman 2011

6. 6AladdinT. Danids - E-Transactions Forum - Amman 2011

7.  Security
 Identification and authentication
 Message confidentiality
 Message integrity
 Non-repudiation
 Traceability and accountability
 Privacy
 Transparency
 Transparent transaction process
7AladdinT. Danids - E-Transactions Forum - Amman 2011

9.  Definition
 The willingness of a party (Trustor) to be
vulnerable to the actions of another party
(Trustee) based on expectation that the Trustee
will perform a particular action important to the
Trustor, irrespective of the ability to monitor or
control the Trustee
9AladdinT. Danids - E-Transactions Forum - Amman 2011

10.  Product or Service
 Brand, Quality
 Financial Model
 Assurance
 Data Flow
 Confidence
10AladdinT. Danids - E-Transactions Forum - Amman 2011

11.  Data
 Source
 Accuracy
 Subjective
 Personal Responsibility
 Reasoning
 Usability
 Harm
 System
 AuditTrail
 Authorization
 Identification
 Availability
 Reliability
AladdinT. Danids - E-Transactions Forum - Amman 2011 11

12.  Trust = Fn(Security, Privacy,Transparency)
 Where
 Security = Fn(Security Parameters)
 Privacy = Fn(Privacy Parameters)
 Transparency = Fn(Transparency Parameters)
12AladdinT. Danids - E-Transactions Forum - Amman 2011

13. 13AladdinT. Danids - E-Transactions Forum - Amman 2011

14. Factor Role Methodology
Social Invoke and EstablishTrust Reputation, Familiarity
Legal System EnforceTrust Law Enforcement and Judicial System
Organizational
and Procedural
EnableTrust Banks andTheir Rules
Technology Enable and EnforceTrust Cryptography, Protocol Standards,
Tools
14AladdinT. Danids - E-Transactions Forum - Amman 2011

16.  Confidentiality
 Encryption, Data Classification
 Integrity
 Hashing, Checksum, ACID
 Availability
 Backup, Clustering, BC & DR
16AladdinT. Danids - E-Transactions Forum - Amman 2011

17.  Trustee
 Site Seal
 WS-X
 Trustor
 Digital Certificates
 Passwords over SSL
 Smart Cards or Payment Cards
17AladdinT. Danids - E-Transactions Forum - Amman 2011

18.  Digital Signature
 PGP
 PKI
 AuditTrails
 Rather thanTraceability and Auditability
18AladdinT. Danids - E-Transactions Forum - Amman 2011

20.  Definition
 The appropriate use of personal information
under the circumstances, depending on context,
law, and the individual’s expectations.
 The right of an individual to control the collection,
use, and disclosure of personal information.
20AladdinT. Danids - E-Transactions Forum - Amman 2011

21.  Opt-in,Opt-out
 User Profile Management
21AladdinT. Danids - E-Transactions Forum - Amman 2011

22.  Organization for Economic Cooperation and
Development (OECD)
1. Collection Limitation Principle
2. Data Quality Principle
3. Purpose Specification Principle
4. Use Limitation Principle
5. Security Safeguards Principle
6. Openness Principle
7. Individual Participation Principle
8. Accountability Principle
22AladdinT. Danids - E-Transactions Forum - Amman 2011

24.  Definition:
 The quality of being clear and transparent
 Easily understood or seen through
24AladdinT. Danids - E-Transactions Forum - Amman 2011

25.  Business Processes
 Governance
 Policies
 Standards
 Roles and Accountability
 Closed vs. Open Source
 Auditability
 Certification
 Full Disclosure
 Cryptography
25AladdinT. Danids - E-Transactions Forum - Amman 2011

27.  Target:
 Organizations that store, process, or transmit credit
card data.
 Requirements
 Building and maintaining a secure network
 Protecting cardholder data
 Maintaining a vulnerability management program
 Implementing strong access control measures
 Regularly monitoring and testing networks
 Maintaining an information security policy
27AladdinT. Danids - E-Transactions Forum - Amman 2011

28. 28AladdinT. Danids - E-Transactions Forum - Amman 2011

29. www.infosecacademy.blogspot.com