SlideShare a Scribd company logo

Ecommerce_Ch4.pptx

Download as PPTX, PDF
A
AYNETUTEREFE1

This document discusses e-commerce security and cryptography. It defines security as protection from attacks, interference, and espionage. The main aspects of security are confidentiality, integrity, and availability. Cryptography uses codes to protect information and ensure it is only readable by intended parties. Common security threats include information theft, fraud, and hacking. Methods to improve security involve access controls, encryption, firewalls, and digital signatures.

Business
1 of 24
ECOMMERCE SECURITY AND CRYPTOGRAPHY
E-commerce Security 1/7/2007 CS 483 2 Concerns about security Client security issues Server security issues Security policy, risk assessment
Ecommerce Security and Cryptography: • What is Security? • Dictionary Definition: protection or defense against attack, interference, espionage (spying), etc. ComputerSecurityClassification: • Confidentiality(or Secrecy) Protecting against unauthorized (illegal) data disclosure and ensuring the authenticity of the data’s source • Integrity Preventing unauthorized data modification • Availability(or Necessity) Preventing data delays or denials (removal) CRYPTOGRAPHY: is a method of protecting information and communication through the use of codes, so that only those for whom the information is intended can read and process it.
E-commercecrime andsecurityproblems(StoppingE-CommerceCrimes) • Information assurance (IA) • The protection of information systems against unauthorized access to or modification of information whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats • Human firewalls : Methods that filter or limit people’s access to critical business documents
Security, Encryption, & Web Ethics • Whois affected? – In past it use to be only large companies with proprietary(branded, patented) issues – Today, stock exchange and other related commercial transactions can also be affected. – Bank accounts, medical records, credit history are a few arenas that must be concernedwithsecurity • Encryption is the process that transforms information into some secret form to prevent unauthorized individuals from using the data shouldtheyacquire it.
Security, Encryption, & Web Ethics • Object of IT Security – Confidentiality – Integrity • Confidentiality – strict controls implemented to ensure only certain person who need access to database will have access – protecting and using passwords
Security, Encryption, & Web Ethics • Integrity – loss of integrity can result from human error, intentional tampering, or even disastrous events – Efforts must be taken to ensure the accuracyand soundness of data at all time – Internet Fraud • onlinecredit cards • customer trusting the companytheydo business with • onlineauctions, sweepstakes (lotteries) & price offers • travel offers, scholarship scams etc.
Security, Encryption, & Web Ethics • Security Methods that are used whenever the Internet & Corporate Networks intersect: –Routers –Firewalls –Intrusion Detection Systems (IDSs)
Security, Encryption, & Web Ethics • Routers – are network traffic-managing devices that routes traffic intended for the servers or networks theyare attached • Firewalls – insulates a private network from a public network using carefully established controls on the types of request they will route through to the privatenetwork for processing andfulfillment
Security, Encryption, & Web Ethics • Intrusion Detection System(IDSs) –Attempts to detect an intruder breaking into your systemor legitimate user misusing systemresources. – Operates constantly, working in the background and only notifies you when it detects suspicious or illegal activity
INFORMATIONASSURANCE • CIA securitytriad (CIAtriad) Three security concepts important to information on the Internet: confidentiality, integrity, and availability Confidentiality • Assurance of data privacyand accuracy. • Keeping private or sensitive information from being revealed to unauthorized individuals, entities, or processes integrity Assurance that stored data has not been modified without authorization; anda message that was sent is the same message that was received availability • Assurance that access to data, the Web site, or other EC data service is timely, available, reliable,and restrictedto authorized users
Authentication • Process to verify (assure) the real identity of an individual, computer, computer program, or EC Web site authorization Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform no repudiation • Assurance that online customers or trading partners cannot falsely deny (repudiate) their purchaseor transactiondigital signature or digital certificate • Validates the sender and time stamp of a transaction so it cannot be later claimedthatthetransactionwas unauthorizedor invalid.
Cont… • applicationfirewalls Specialized tools designed to increase the security of Web applications • common(security) vulnerabilities and exposures (CVE) • Publicly known computer security risks, which are collected, listed, and shared by a board of security-related organizations (cve.mitre.org)
Cont…. vulnerability (weakness) Weakness in software or other mechanism that threatens the confidentiality, integrity, or availability of an asset (recall the CIA model). It can be directly used by a hacker to gain access to a system or network risk • The probability that a vulnerability will be known and used
Hacker and cracker • Hacker A programmer who breaks into computer systems in order to steal, changeor destroyinformation as a formof cyber-terrorism. • Cracker A programmer who cracks (gains unauthorized access to) computers, typicallyto do malicious things.
Threats and Attacks nontechnical attack • An attack that uses chicanery (nonsense) to trick (fake, false) people into revealing sensitive information or performing actions that compromise the security of a network social engineering • A type of nontechnical attack that uses some ruse to trick(fake) users into revealing information or performing an action that compromises a computer or network
Threats and Attacks technical attack • An attack perpetrated (done) using software and systems knowledge or expertise time-to-exploitation • The elapsed time between when a vulnerability (weakness) is discovered and the time it is exploited (misused) • Spyware Guide spyware:- Computer software that obtains information from a user's computer without the user's knowledge or consent
Threats and Attacks zero-day incidents • Attacks through previously unknown weaknesses in their computer networks • denial of service (DOS) attack An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources
Threats and Attacks worm • A software program that runs independently, consuming the resources of its host in order to maintain itself, that is capable of propagating a complete working version of itself onto another machine macro virus (macro worm) • A virus or worm that executes when the application object that contains the macro is opened or a particular procedure is executed Trojan horse • A program that appears to have a useful function but that contains a hidden function that presents a security risk
Securing E-Commerce Communications • access control Mechanism that determines who can legitimately use a network resource • passive token Storage device (e.g., magnetic strip) that contains a secret code used in a two-factor authentication system • active token Small, stand-alone electronic device that generates one-time passwords used in a two-factor authentication system
Cont… • biometric systems Authentication systems that identify a person by measurement of a biological characteristic, such as fingerprints, iris (eye) patterns, facial features, or voice • public key infrastructure (PKI) A scheme for securing e-payments using public key encryption and various technical components
• encryption The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it • plaintext An unencrypted message in human-readable form • cipher text A plaintext message after it has been encrypted into a machine- readable form
• encryption algorithm The mathematical formula used to encrypt the plaintext into the cipher text, and vice versa • Key (key value) The secret code used to encrypt and decrypt a message • key space The large number of possible key values (keys) created by the algorithm to use when transforming the message
• symmetric (private) key system An encryption system that uses the same key to encrypt and decrypt the message • Data Encryption Standard (DES) The standard symmetric encryption algorithm supported by the NIST and used by U.S. government agencies until October 2000 • Rijndael An advanced encryption standard (AES) used to secure U.S. government communications since October 2, 2000

Recommended

Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.pptAfricaRealInformatic
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdfDhananjaySingh23178
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdfKIYALIBAN1
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cyber Crime And Cyber Security
Cyber Crime And Cyber SecurityCyber Crime And Cyber Security
Cyber Crime And Cyber SecurityPrashant Sharma
 

Recommended

Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.pptAfricaRealInformatic
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdfDhananjaySingh23178
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdfKIYALIBAN1
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cyber Crime And Cyber Security
Cyber Crime And Cyber SecurityCyber Crime And Cyber Security
Cyber Crime And Cyber SecurityPrashant Sharma
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy controlSifat Hossain
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Јаѓќеѕн Јажѕшаф
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptxMsVaishaliKumar
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security Requirements in eBusiness
Security Requirements in eBusinessSecurity Requirements in eBusiness
Security Requirements in eBusinessWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Cyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityCyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityperweeng31
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 
Entrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoEntrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoAYNETUTEREFE1
 
Operations Management power point Chapter Five
Operations Management power point Chapter FiveOperations Management power point Chapter Five
Operations Management power point Chapter FiveAYNETUTEREFE1
 

More Related Content

Similar to Ecommerce_Ch4.pptx

Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy controlSifat Hossain
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Cyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityCyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityperweeng31
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 

Similar to Ecommerce_Ch4.pptx (20)

Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Security Requirements in eBusiness
Security Requirements in eBusinessSecurity Requirements in eBusiness
Security Requirements in eBusiness
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityCyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 

More from AYNETUTEREFE1

Entrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoEntrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoAYNETUTEREFE1
 
Operations Management power point Chapter Five
Operations Management power point Chapter FiveOperations Management power point Chapter Five
Operations Management power point Chapter FiveAYNETUTEREFE1
 
Mathematics For Management CHAPTER THREE PART I.PPT
Mathematics For Management CHAPTER THREE PART I.PPTMathematics For Management CHAPTER THREE PART I.PPT
Mathematics For Management CHAPTER THREE PART I.PPTAYNETUTEREFE1
 
Introduction to Management.pptx
Introduction to Management.pptxIntroduction to Management.pptx
Introduction to Management.pptxAYNETUTEREFE1
 
MIS CHAPTER THREE.ppt
MIS CHAPTER THREE.pptMIS CHAPTER THREE.ppt
MIS CHAPTER THREE.pptAYNETUTEREFE1
 
chap4-strategic.pptx
chap4-strategic.pptxchap4-strategic.pptx
chap4-strategic.pptxAYNETUTEREFE1
 

More from AYNETUTEREFE1 (16)

Entrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoEntrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter Two
 
Operations Management power point Chapter Five
Operations Management power point Chapter FiveOperations Management power point Chapter Five
Operations Management power point Chapter Five
 
Mathematics For Management CHAPTER THREE PART I.PPT
Mathematics For Management CHAPTER THREE PART I.PPTMathematics For Management CHAPTER THREE PART I.PPT
Mathematics For Management CHAPTER THREE PART I.PPT
 
OM CHAPTER SIX.PPT
OM CHAPTER SIX.PPTOM CHAPTER SIX.PPT
OM CHAPTER SIX.PPT
 
Introduction to Management.pptx
Introduction to Management.pptxIntroduction to Management.pptx
Introduction to Management.pptx
 
MIS CHAPTER THREE.ppt
MIS CHAPTER THREE.pptMIS CHAPTER THREE.ppt
MIS CHAPTER THREE.ppt
 
Ecommerce_Ch1.ppt
Ecommerce_Ch1.pptEcommerce_Ch1.ppt
Ecommerce_Ch1.ppt
 
Ecommerce_Ch3.ppt
Ecommerce_Ch3.pptEcommerce_Ch3.ppt
Ecommerce_Ch3.ppt
 
E-commerce CH-3.ppt
E-commerce CH-3.pptE-commerce CH-3.ppt
E-commerce CH-3.ppt
 
chap4-strategic.pptx
chap4-strategic.pptxchap4-strategic.pptx
chap4-strategic.pptx
 
chap3-strategic.ppt
chap3-strategic.pptchap3-strategic.ppt
chap3-strategic.ppt
 
Network.ppt
Network.pptNetwork.ppt
Network.ppt
 
Ecommerce_Ch3.ppt
Ecommerce_Ch3.pptEcommerce_Ch3.ppt
Ecommerce_Ch3.ppt
 
Ecommerce_Ch1.ppt
Ecommerce_Ch1.pptEcommerce_Ch1.ppt
Ecommerce_Ch1.ppt
 
Ecommerce_Ch2.ppt
Ecommerce_Ch2.pptEcommerce_Ch2.ppt
Ecommerce_Ch2.ppt
 
Ecommerce_Ch5.ppt
Ecommerce_Ch5.pptEcommerce_Ch5.ppt
Ecommerce_Ch5.ppt
 

Recently uploaded

Team-Spandex-Northern University-CS1035.
Team-Spandex-Northern University-CS1035.Team-Spandex-Northern University-CS1035.
Team-Spandex-Northern University-CS1035.smalmahmud11
 
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deckPitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deckHajeJanKamps
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small businessBen Wann
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
 
Understanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and EmployeesUnderstanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and EmployeesDragon Dream Bar
 
Easy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your ComputerEasy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your ComputerSAG Infotech
 
Special Purpose Vehicle (Purpose, Formation & examples)
Special Purpose Vehicle (Purpose, Formation & examples)Special Purpose Vehicle (Purpose, Formation & examples)
Special Purpose Vehicle (Purpose, Formation & examples)linciy03
 
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case StudyTransforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case StudyPMaps Assessments
 
State of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateState of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateRedSeer
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanasabutalha2013
 
Event Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybridEvent Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybridHolger Mueller
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
 
Evolution and Growth of Supply chain.pdf
Evolution and Growth of Supply chain.pdfEvolution and Growth of Supply chain.pdf
Evolution and Growth of Supply chain.pdfGutaMengesha1
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxWorkforce Group
 
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptx
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptxTaurus Zodiac Sign_ Personality Traits and Sign Dates.pptx
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptxmy Pandit
 
How to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxHow to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxrdishurana
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfDerekIwanaka1
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographerofm712785
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiaFalcon Invoice Discounting
 

Recently uploaded (20)

Team-Spandex-Northern University-CS1035.
Team-Spandex-Northern University-CS1035.Team-Spandex-Northern University-CS1035.
Team-Spandex-Northern University-CS1035.
 
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deckPitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
Understanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and EmployeesUnderstanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and Employees
 
Easy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your ComputerEasy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your Computer
 
Special Purpose Vehicle (Purpose, Formation & examples)
Special Purpose Vehicle (Purpose, Formation & examples)Special Purpose Vehicle (Purpose, Formation & examples)
Special Purpose Vehicle (Purpose, Formation & examples)
 
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case StudyTransforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
 
State of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateState of D2C in India: A Logistics Update
State of D2C in India: A Logistics Update
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
Event Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybridEvent Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybrid
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
 
Evolution and Growth of Supply chain.pdf
Evolution and Growth of Supply chain.pdfEvolution and Growth of Supply chain.pdf
Evolution and Growth of Supply chain.pdf
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
 
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptx
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptxTaurus Zodiac Sign_ Personality Traits and Sign Dates.pptx
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptx
 
How to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxHow to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptx
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 

Ecommerce_Ch4.pptx

  • 2. E-commerce Security 1/7/2007 CS 483 2 Concerns about security Client security issues Server security issues Security policy, risk assessment
  • 3. Ecommerce Security and Cryptography: • What is Security? • Dictionary Definition: protection or defense against attack, interference, espionage (spying), etc. ComputerSecurityClassification: • Confidentiality(or Secrecy) Protecting against unauthorized (illegal) data disclosure and ensuring the authenticity of the data’s source • Integrity Preventing unauthorized data modification • Availability(or Necessity) Preventing data delays or denials (removal) CRYPTOGRAPHY: is a method of protecting information and communication through the use of codes, so that only those for whom the information is intended can read and process it.
  • 4. E-commercecrime andsecurityproblems(StoppingE-CommerceCrimes) • Information assurance (IA) • The protection of information systems against unauthorized access to or modification of information whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats • Human firewalls : Methods that filter or limit people’s access to critical business documents
  • 5. Security, Encryption, & Web Ethics • Whois affected? – In past it use to be only large companies with proprietary(branded, patented) issues – Today, stock exchange and other related commercial transactions can also be affected. – Bank accounts, medical records, credit history are a few arenas that must be concernedwithsecurity • Encryption is the process that transforms information into some secret form to prevent unauthorized individuals from using the data shouldtheyacquire it.
  • 6. Security, Encryption, & Web Ethics • Object of IT Security – Confidentiality – Integrity • Confidentiality – strict controls implemented to ensure only certain person who need access to database will have access – protecting and using passwords
  • 7. Security, Encryption, & Web Ethics • Integrity – loss of integrity can result from human error, intentional tampering, or even disastrous events – Efforts must be taken to ensure the accuracyand soundness of data at all time – Internet Fraud • onlinecredit cards • customer trusting the companytheydo business with • onlineauctions, sweepstakes (lotteries) & price offers • travel offers, scholarship scams etc.
  • 8. Security, Encryption, & Web Ethics • Security Methods that are used whenever the Internet & Corporate Networks intersect: –Routers –Firewalls –Intrusion Detection Systems (IDSs)
  • 9. Security, Encryption, & Web Ethics • Routers – are network traffic-managing devices that routes traffic intended for the servers or networks theyare attached • Firewalls – insulates a private network from a public network using carefully established controls on the types of request they will route through to the privatenetwork for processing andfulfillment
  • 10. Security, Encryption, & Web Ethics • Intrusion Detection System(IDSs) –Attempts to detect an intruder breaking into your systemor legitimate user misusing systemresources. – Operates constantly, working in the background and only notifies you when it detects suspicious or illegal activity
  • 11. INFORMATIONASSURANCE • CIA securitytriad (CIAtriad) Three security concepts important to information on the Internet: confidentiality, integrity, and availability Confidentiality • Assurance of data privacyand accuracy. • Keeping private or sensitive information from being revealed to unauthorized individuals, entities, or processes integrity Assurance that stored data has not been modified without authorization; anda message that was sent is the same message that was received availability • Assurance that access to data, the Web site, or other EC data service is timely, available, reliable,and restrictedto authorized users
  • 12. Authentication • Process to verify (assure) the real identity of an individual, computer, computer program, or EC Web site authorization Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform no repudiation • Assurance that online customers or trading partners cannot falsely deny (repudiate) their purchaseor transactiondigital signature or digital certificate • Validates the sender and time stamp of a transaction so it cannot be later claimedthatthetransactionwas unauthorizedor invalid.
  • 13. Cont… • applicationfirewalls Specialized tools designed to increase the security of Web applications • common(security) vulnerabilities and exposures (CVE) • Publicly known computer security risks, which are collected, listed, and shared by a board of security-related organizations (cve.mitre.org)
  • 14. Cont…. vulnerability (weakness) Weakness in software or other mechanism that threatens the confidentiality, integrity, or availability of an asset (recall the CIA model). It can be directly used by a hacker to gain access to a system or network risk • The probability that a vulnerability will be known and used
  • 15. Hacker and cracker • Hacker A programmer who breaks into computer systems in order to steal, changeor destroyinformation as a formof cyber-terrorism. • Cracker A programmer who cracks (gains unauthorized access to) computers, typicallyto do malicious things.
  • 16. Threats and Attacks nontechnical attack • An attack that uses chicanery (nonsense) to trick (fake, false) people into revealing sensitive information or performing actions that compromise the security of a network social engineering • A type of nontechnical attack that uses some ruse to trick(fake) users into revealing information or performing an action that compromises a computer or network
  • 17. Threats and Attacks technical attack • An attack perpetrated (done) using software and systems knowledge or expertise time-to-exploitation • The elapsed time between when a vulnerability (weakness) is discovered and the time it is exploited (misused) • Spyware Guide spyware:- Computer software that obtains information from a user's computer without the user's knowledge or consent
  • 18. Threats and Attacks zero-day incidents • Attacks through previously unknown weaknesses in their computer networks • denial of service (DOS) attack An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources
  • 19. Threats and Attacks worm • A software program that runs independently, consuming the resources of its host in order to maintain itself, that is capable of propagating a complete working version of itself onto another machine macro virus (macro worm) • A virus or worm that executes when the application object that contains the macro is opened or a particular procedure is executed Trojan horse • A program that appears to have a useful function but that contains a hidden function that presents a security risk
  • 20. Securing E-Commerce Communications • access control Mechanism that determines who can legitimately use a network resource • passive token Storage device (e.g., magnetic strip) that contains a secret code used in a two-factor authentication system • active token Small, stand-alone electronic device that generates one-time passwords used in a two-factor authentication system
  • 21. Cont… • biometric systems Authentication systems that identify a person by measurement of a biological characteristic, such as fingerprints, iris (eye) patterns, facial features, or voice • public key infrastructure (PKI) A scheme for securing e-payments using public key encryption and various technical components
  • 22. • encryption The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it • plaintext An unencrypted message in human-readable form • cipher text A plaintext message after it has been encrypted into a machine- readable form
  • 23. • encryption algorithm The mathematical formula used to encrypt the plaintext into the cipher text, and vice versa • Key (key value) The secret code used to encrypt and decrypt a message • key space The large number of possible key values (keys) created by the algorithm to use when transforming the message
  • 24. • symmetric (private) key system An encryption system that uses the same key to encrypt and decrypt the message • Data Encryption Standard (DES) The standard symmetric encryption algorithm supported by the NIST and used by U.S. government agencies until October 2000 • Rijndael An advanced encryption standard (AES) used to secure U.S. government communications since October 2, 2000