We live in a digital world in which our happiness, health, and even our lives can depend on the performance of technology. From medical equipment to cars, and home security systems to smartphones, computerized equipment plays a greater role in the human experience with each passing year.
As more business activities are being automated and an increasing number of computers are being used to store sensitive information, the need for secure computer systems becomes more apparent. This need is even more apparent as systems and applications are being distributed and accessed via an insecure network, such as the internet. The internet itself has become critical for governments, companies, financial institutions, and millions of everyday users. Networks of computers support a multitude of activities whose loss would all cripple these organizations. As a consequences Cyber Security issues have become national security issues. Protecting the internet is a very difficult task. Cyber Security can be obtained only through systematic development. P. H. Gopi Kannan | A. Karthik | M. Karthikeyan "Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33483.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33483/cyber-security/p-h-gopi-kannan
• Introduction to information security.
What is information security, threat, risks, vulnerabilities, basic terms and definition?
• Building blocks of information security strategy, policies and standards.
Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x).
• Actions, roles and responsibilities.
What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals.
By Vasil Tsvimitidze
Information Security is becoming a focus for the entire enterprise, not just IT. This need to align both business and technology is forcing IT to move Information Security from afterthought to forethought. Architects now ponder how Information Security can be integrated into the broader topic of Enterprise Architecture. This session shows how to make the integration happen. You will learn how to integrate assets and define trusts and threat models as a part of your overall EA plan. You will also understand how Information Security is traced all the way from business architecture to the technology implementation. Participants will understand the components of an Integrated EA and Information Security framework and ensuring the traceability between business goals and IT security solutions delivered from the framework.
Key Issues:
-Understand the need to think early about Information Security
-Learn to incorporate Information Security into your EA blueprint and roadmap
-Integrate Informatoin Security Goals, objectives and capabilities with your EA view of strategy
-Integrate security policies, services and mechanisms with your EA view of solutions
-Integrate security mechanisms, standards, and guidelines into your implementations
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
Cyber Security has developed one of the biggest challenges of information technology in the present day. Cyber security consists of controlling physical access of the hardware, application, networks and protecting against harm that may come via networks. It is a mixture of processes, technologies and practices. The objective of cyber Security is to protect programs, application, networks, computers and data from attack. Moreover, various measures of cyber security is quite a very huge concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies. It also focuses on the latest about cyber security techniques, ethics and the trends changing the face of cyber security. This paper mainly focuses on cyber Security and its fundamental elements on latest technologies. Aye Mya Sandar | Ya Min | Khin Myat Nwe Win "Fundamental Areas of Cyber Security on Latest Technology" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26550.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26550/fundamental-areas-of-cyber-security-on-latest-technology/aye-mya-sandar
We live in a digital world in which our happiness, health, and even our lives can depend on the performance of technology. From medical equipment to cars, and home security systems to smartphones, computerized equipment plays a greater role in the human experience with each passing year.
As more business activities are being automated and an increasing number of computers are being used to store sensitive information, the need for secure computer systems becomes more apparent. This need is even more apparent as systems and applications are being distributed and accessed via an insecure network, such as the internet. The internet itself has become critical for governments, companies, financial institutions, and millions of everyday users. Networks of computers support a multitude of activities whose loss would all cripple these organizations. As a consequences Cyber Security issues have become national security issues. Protecting the internet is a very difficult task. Cyber Security can be obtained only through systematic development. P. H. Gopi Kannan | A. Karthik | M. Karthikeyan "Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33483.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33483/cyber-security/p-h-gopi-kannan
• Introduction to information security.
What is information security, threat, risks, vulnerabilities, basic terms and definition?
• Building blocks of information security strategy, policies and standards.
Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x).
• Actions, roles and responsibilities.
What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals.
By Vasil Tsvimitidze
Information Security is becoming a focus for the entire enterprise, not just IT. This need to align both business and technology is forcing IT to move Information Security from afterthought to forethought. Architects now ponder how Information Security can be integrated into the broader topic of Enterprise Architecture. This session shows how to make the integration happen. You will learn how to integrate assets and define trusts and threat models as a part of your overall EA plan. You will also understand how Information Security is traced all the way from business architecture to the technology implementation. Participants will understand the components of an Integrated EA and Information Security framework and ensuring the traceability between business goals and IT security solutions delivered from the framework.
Key Issues:
-Understand the need to think early about Information Security
-Learn to incorporate Information Security into your EA blueprint and roadmap
-Integrate Informatoin Security Goals, objectives and capabilities with your EA view of strategy
-Integrate security policies, services and mechanisms with your EA view of solutions
-Integrate security mechanisms, standards, and guidelines into your implementations
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
Cyber Security has developed one of the biggest challenges of information technology in the present day. Cyber security consists of controlling physical access of the hardware, application, networks and protecting against harm that may come via networks. It is a mixture of processes, technologies and practices. The objective of cyber Security is to protect programs, application, networks, computers and data from attack. Moreover, various measures of cyber security is quite a very huge concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies. It also focuses on the latest about cyber security techniques, ethics and the trends changing the face of cyber security. This paper mainly focuses on cyber Security and its fundamental elements on latest technologies. Aye Mya Sandar | Ya Min | Khin Myat Nwe Win "Fundamental Areas of Cyber Security on Latest Technology" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26550.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26550/fundamental-areas-of-cyber-security-on-latest-technology/aye-mya-sandar
Watch this previously recorded webinar event with special guest Karthik Sundaram of Frost & Sullivan as he expands on his recently published research, “Cybersecurity in the Era of Industrial IoT". Leveraging insights from actual use cases, new policy initiatives, and available solutions, the research explores cybersecurity approaches, including a deep dive into the concept of “defense-in-depth” and its implications for a converged IT-OT environment in the future.
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyAndris Soroka
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
Watch this previously recorded webinar event with special guest Karthik Sundaram of Frost & Sullivan as he expands on his recently published research, “Cybersecurity in the Era of Industrial IoT". Leveraging insights from actual use cases, new policy initiatives, and available solutions, the research explores cybersecurity approaches, including a deep dive into the concept of “defense-in-depth” and its implications for a converged IT-OT environment in the future.
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyAndris Soroka
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
Cyber crimes are on the rise and especially prevalent during the global pandemic where hackers leverage the vulnerabilities of organisations for new opportunities through technology.
Hospitals, for instance, are more likely to pay ransoms to restore access to their servers. Similarly, criminals may believe that corporations grappling with economic turmoil or logistical crises will be similarly easy to manipulate.
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
How to design secure software products for IoT, embedded application, smart metering, smart lighting, medical application with the help of Common Criteria
We Are Instructor Led Online Training Hub.Get access to the world’s best learning experience at our online learning community where millions of learners learn cutting-edge skills to advance their careers, improve their lives, and pursue the work they love. We provide a diverse range of courses, tutorials, resume formats, projects based on real business challenges, and job support to help individuals get started with their professional career.
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
Cyber security positions have considerably taken the top list in the job market. Candidates vying for elite positions in the field of cyber security certainly need a clear-cut and detailed guide to channeling their preparation for smooth career growth, beginning with getting a job. We have curated the top cyber security interview questions that will help candidates focus on the key areas. We have classified the regularly asked cyber security interview questions here, in this article into different levels starting from basic general questions to advanced technical ones.
Before we move on to the top cyber security interview questions, it is critical to reflect on the vitality of cyber security in our modern times and how cyber security professionals are catering to the needs of securing a safe cyber ecosystem.
The times we live in is defined by the digital transition, in which the internet, electronic devices, and computers have become an integral part of our daily life. Institutions that serve our daily needs, such as banks and hospitals, now rely on internet-connected equipment to give the best possible service. A portion of their data, such as financial and personal information, has become vulnerable to illegal access, posing serious risks. Intruders utilize this information to carry out immoral and criminal goals.
Cyber-attacks have jeopardized the computer system and its arrangements, which has now become a global concern. To safeguard data from security breaches, a comprehensive cyber security policy is needed now more than ever. The rising frequency of cyber-attacks has compelled corporations and organizations working with national security and sensitive data to implement stringent security procedures and restrictions.
Computers, mobile devices, servers, data, electronic systems, networks, and other systems connected to the internet must be protected from harmful attacks. Cybersecurity, which is a combination of the words "cyber" and "security," provides this protection. 'Cyber' imbibes the vast-ranging technology with systems, networks, programs, and data in the aforementioned procedure. The phrase "security" refers to the process of protecting data, networks, applications, and systems. In a nutshell,
cyber security is a combination of principles and approaches that assist prevent unwanted access to data, networks, programs, and devices by meeting the security needs of technological resources (computer-based) and online databases.
If you rely on your IT infrastructure to maintain data integrity and protect your business from financial losses, it’s a good idea to invest in network monitoring and maintenance, and achieve compliance with legislated standards.
Cybersecurity stands as the bedrock of our digital world, safeguarding systems, networks, and data from a rising tide of cyber threats. In the era of the Internet of Things (IoT), wherean ever-expanding array of devices and objects are seamlessly interconnected, the importance of cybersecurity has escalated to unprecedented levels.
Cyber Security: A Hands on review on what is cyber security and how to prevent your devices from hacking and data breach. In today's era almost all devices are connected to internet are available for hackers to breach into and do their work. The data breach can be very dangerous and sometimes even more that it can demolish a company or a person.
In this presentation we will discuss about the ways and short description on Cyber Securty and Techniques.
WoMaster's new White Paper introduces Cyber Security features according to IEC62443 standard and proposes solutions for new cyber risks of industry 4.0.
Securing the IoT is complex given that the the devices are constrained and applications are deployed to work with the physical world. In this, presentation, I have proposed a set of design guidelines for securing the IoT Applications
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
In this presentation with Chris Poulin, you'll gain the insight you need to stay ahead of the threats and to be prepared to respond before, during and after an attempted breach. Chris Poulin is Industry Security Systems Strategist and former CISO for Q1 Labs.
CONTENT:
• What is Security Intelligence?
• Why do we need Security Intelligence?
• What are the benefits of Security Intelligence in the enterprise?
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Maloney slides
1. Security and
International E-Commerce
Jim Maloney
jmaloney@SecurityPortal.com
November 2000
SecurityPortal
The focal point for security on the Net™
2. Agenda
Security and e-commerce
Security defined
General security threats to e-commerce
International security issues
Key elements of a security solution
Recommended security approach
Summary
2 Copyright 2000 Security Portal, Inc. All rights reserved.
3. Why is security important for E-Commerce?
Increased E-Business Opportunities
Increased Exposure, Threats, Vulnerabilities, Privacy Concerns
Ubiquitous Customer- Sophisticated
Internet Centric Business Applications
Models
Increased Expanded ASP Tech- Mobile
Bandwidth Access Delivery Savvy Society
Model Culture
3 Copyright 2000 Security Portal, Inc. All rights reserved.
4. Old economy view of security
In the “Old Economy” computing
security was often viewed as a
discretionary element of the business
The focus was on protection of
information systems and data
4 Copyright 2000 Security Portal, Inc. All rights reserved.
5. New economy view of security
In the “New Economy” computing
security is viewed as a strategic
element of the business
The focus is on enabling new ways of
doing business and value creation
And from a protection perspective,
security is now protecting the entire
business, not just its information
systems
5 Copyright 2000 Security Portal, Inc. All rights reserved.
6. A working definition of security
Confidentiality – the protection of private data on
hosts or in transit
Integrity - the system does not corrupt information
or allow unauthorized malicious or accidental
changes to information
Availability - the computer system’s hardware and
software keeps working efficiently and the system
is able to recover quickly and completely if a
disaster occurs
Accountability - the ability to determine who is
responsible for the result of an action
6 Copyright 2000 Security Portal, Inc. All rights reserved.
7. General security threats to e-commerce
Web site defacement
Denial of service
Theft of customer data
Theft of intellectual property
Sabotage of data or networks
Financial fraud
7 Copyright 2000 Security Portal, Inc. All rights reserved.
8. Resulting business impact
Lack of consumer confidence if there are
any real or perceived security issues
Loss of profits due to last minute security
implementations
Damage to image and reputation if you
have a visible security incident
Bankruptcy if the majority of your business
transactions occur online
Benefits to competitors if your level of
security is perceived to be inadequate
8 Copyright 2000 Security Portal, Inc. All rights reserved.
9. International security issues
Regulations and policies
Education and awareness
Cultural norms
Access modes
Local government stance on cyber
crime
9 Copyright 2000 Security Portal, Inc. All rights reserved.
10. Regulations and policies
Encryption laws vary greatly from country to
country. This can impact both the availability and
use of the appropriate technology.
http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
Privacy and consumer protection laws also vary
greatly from country to country. These laws control
how personal data can be used and shared. Can
lead to substantial fines if violations occur.
http://www.gilc.org/privacy/survey
10 Copyright 2000 Security Portal, Inc. All rights reserved.
11. Education and awareness
While malicious, external security attacks get most
of the publicity, it is often employee mistakes and
oversights that cause security issues
Security awareness education for all employees,
and specific training for your IT team, can be an
excellent defense for both internal and external
incidents
A recent survey showed that 86% of Shanghai’s
networks had security products installed, but less
that 2% of the network professionals actually knew
how to protect their networks from intruders
11 Copyright 2000 Security Portal, Inc. All rights reserved.
12. Cultural norms
Limited work hours for support and
emergency response services
Being “on-call”
Multi-shift operations (24/7)
History of not protecting intellectual
property
Electronic documents
Software
CDs and DVDs
12 Copyright 2000 Security Portal, Inc. All rights reserved.
13. Access modes
There is a rapid increase in the number of
users accessing the internet via wireless
devices such as cell phones
In addition to their small size, portable
wireless devices have limited processing
power, limited memory and a limited power
supply
These characteristics lead to several
security challenges
13 Copyright 2000 Security Portal, Inc. All rights reserved.
14. Access modes – continued
With very limited keyboards and screens,
cell phones and handhelds will require new
authentication schemes to replace user
names and passwords
New schemes may include screen-based
biometrics, embedded certificates, hardware
tokens, web cookies and PINs
These devices are viewed as likely platforms
for viruses that can be carried from network
to network without detection
14 Copyright 2000 Security Portal, Inc. All rights reserved.
15. Access modes - continued
Data moving through air is vulnerable to
interception using relatively inexpensive
equipment
The portability of these devices increases
the need for physical security and
authentication
15 Copyright 2000 Security Portal, Inc. All rights reserved.
16. Local government stance on cyber crime
Singapore – Very detailed statutes
regarding penalties for criminal hacking
Brazil – No special laws against cyber crime
(and a very active hacking community)
The Philippines had no anti-hacking laws
until the “Lovebug” virus was traced back to
their country
Interpol is working to establish international
standards for cyber crime legislation
http://www.mossbyrett.of.no/info/legal.html
16 Copyright 2000 Security Portal, Inc. All rights reserved.
17. Asia/Pacific perspective
Factors accelerating adoption of
security
Growth of e-commerce in this region
Government initiatives supporting
security
Recognition of the need for security
guidelines, regulations and products that
enable interoperability
17 Copyright 2000 Security Portal, Inc. All rights reserved.
18. Asia/Pacific perspective - continued
Factors inhibiting the adoption of
security
Lack of integrated security solutions that
can span systems and regions
Lack of awareness of security issues and
solutions
18 Copyright 2000 Security Portal, Inc. All rights reserved.
19. Security is more than technology
Anticipate
People Process
Respond Monitor
Technology
Defend
19 Copyright 2000 Security Portal, Inc. All rights reserved.
20. Security is an attribute, not a component
User Interface
App App App App
Application
Development
Environment Information Management System
Management
and Security
Distribution Services
Network & Networking Services
Hardware & Operating System
20 Copyright 2000 Security Portal, Inc. All rights reserved.
21. General security approach
Develop accurate and complete policies that
span the supply chain
Make sure that all employees understand
the importance of computing security
Define clear roles and responsibilities for e-
commerce security
Perform regular audits, reviews and
assessments of security
Don’t ignore the physical security of your
systems
21 Copyright 2000 Security Portal, Inc. All rights reserved.
22. General security approach - continued
Implement and maintain a set of baseline
controls for your e-commerce system
Implement user ID and authentication via
strong passwords, secure tokens or
biometrics
Have backup and recovery plans in place
22 Copyright 2000 Security Portal, Inc. All rights reserved.
23. Secure web site development tips
Include security as part of requirements gathering
Include security as part of the architecture
Be careful with embedded components
Never trust incoming data
Provide help to users
Use code reviews
Be aware of privacy and encryption laws
Stay up-to-date on new risks, threat and
vulnerabilities
Document your security solution
23 Copyright 2000 Security Portal, Inc. All rights reserved.
24. Secure web site development references
Recent articles on SecurityPortal: Best
Practices for Secure Web Development
(parts I and II)
Web Security & Commerce (O'Reilly
Nutshell) by Simson Garfinkel, Gene
Spafford
Web Security: A Step-by-Step Reference
Guide by Lincoln D. Stein
24 Copyright 2000 Security Portal, Inc. All rights reserved.
25. Summary
Security is a critical enabler for e-commerce
The negative impact of poor security can be
substantial
Many of the issues and solutions regarding
secure international e-commerce are people
and process related, not technical
Security is a key attribute of a system that
must be designed in, not added on later
Maintaining a secure web site requires
continuous vigilance
25 Copyright 2000 Security Portal, Inc. All rights reserved.
26. Bibliography
E-Business Security: An Essential Element in the Post-Year
2000 World. Gartner Group Research Report, April 17, 2000.
The Net Present Value of Security. AtomicTangerine Special
Report, October 11, 2000.
International Ecommerce. SecurityPortal cover story,
November 5, 2000.
Information Security: The E-Commerce Driver. Dataquest
Market Analysis, January 10, 2000.
E-Business Impact on Security Technology and Practices.
Gartner Group Research Note, November 11, 1999.
Security Services in the Connected Age: From the basement
to the boardroom. Gartner Group Market Analysis, July 4,
2000.
26 Copyright 2000 Security Portal, Inc. All rights reserved.
27. Bibliography - Continued
Shanghai to Enhance Information Security.
http://www.nikkeibp.asiabiztech.com, February 15, 2000.
Wireless Security: Locking Down the Wavelengths.
Information Security Magazine, October 2000.
Do Handhelds Need Virus Protection? PCWorld.com, June 29,
2000.
Best Practices for Secure Web Development.
http://securityportal.com/cover/coverstory20001030.html,
October 30, 2000.
Best Practices for Secure Web Development: Technical
Details.
http://securityportal.com/articles/webdev20001103.html,
November 10, 2000.
27 Copyright 2000 Security Portal, Inc. All rights reserved.