E commerce Ch10

Electronic Commerce, Tenth Edition
© Cengage Learning 2013
8

Crackers or hackers (people) who
◦ Write programs or manipulate technologies to
Obtain unauthorized access to computers and networks
Electronic Commerce, Tenth Edition
14

Good security policy should address at least the following points:
◦ Authentication: Who is trying to access the site? ◦ Access control: Who is allowed to log on to and access the site? ◦ Secrecy: Who is permitted to view selected information? ◦ Data integrity: Who is allowed to change data?
◦ The protection of asset using nonphysical means
Electronic Commerce, Tenth Edition
5

Threat
◦ Any act or object that poses a danger to computer assets

Countermeasure
◦ Procedure (physical or logical) that recognizes, reduces, or eliminates a threat ◦ The extent and expense of countermeasures can vary depending on the importance of the asset at risk
4

Computer security
◦ The protection of assets from unauthorized access, use, alteration, and destruction ◦ There are 2 general types of security:

Physical security

Security policies primarily address physical security, network security, access authorizations, virus protection, and disaster recovery
Electronic Commerce, Tenth Edition
Electronic Commerce, Tenth Edition
3

Today, online security is a concern for all users

Common worry of Web shoppers
◦ In addition to e-mail, people use the Internet for shopping and conducting all types of financial transactions ◦ Credit card numbers might be stolen as they travel across the Internet ◦ Although online wiretapping does occur

Eavesdropper (person or device) that can
◦ Listen in on and copy Internet transmissions
Electronic Commerce, Tenth Edition
7
FIGURE 10-1 Risk management model
Electronic Commerce, Tenth Edition
6

Risk management model (Fig. 10-1) illustrates
◦ Four general actions that an organization can take
Depending on the impact (cost) and probability of the threat

Information sources about security policies
◦ WindowSecurity.com site ◦ Information Security Policy World site

Although absolute security is difficult to achieve, companies can
◦ Includes tangible protection devices, such as
Alarms, guards, fireproof doors, security fences, safes or vaults, and bombproof buildings

Logical security

To implement a good security scheme, organization must
◦ Identify the risks ◦ Determine how to protect the threatened assets ◦ Calculate the costs to protect those assets


Necessity
Electronic Commerce, Tenth Edition
10

Security policy is a written statement describing
◦ which assets to protect and why they are being protected ◦ who is responsible for that protection, and which behaviors are acceptable and which are not
◦ Preventing unauthorized data modification ◦ Example: E-mail message is intercepted and its contents are changed before being forwarded to its original destination (“man-in-the-middle exploit”) ◦ Preventing data delays or denials (removal) ◦ Necessity violations involve delaying a message or completely destroying it
Electronic Commerce, Tenth Edition
9

Three main elements of computer security: Secrecy Integrity
◦ Protecting against unauthorized data disclosure and ◦ Ensuring the authenticity of the data source
11

5-Step process to create a security policy:
1. Determine which assets must be protected from which threats 2. Determine who should have access to various parts of the system or specific assets 3. Identify resources needed to protect the assets 4. Develop a written security policy 5. Commit resources to implement the security policy (e.g., building or buying software, hardware, and physical barriers, etc.)
Electronic Commerce, Tenth Edition
12
FIGURE 10-2 Requirements for secure electronic commerce
Electronic Commerce, Tenth Edition
© Cengage Learning 2013
13
Chapter 10 Electronic Commerce Security
In this chapter, you will learn: What security risks arise in online business and how to manage them How to create a security policy How to implement security on Web client computers How to implement security in the communication channels between computers


Active content delivered in dynamic Web pages can be harmful Threats can also arise when
◦ Malicious server site pretends as legitimate Web site
Electronic Commerce, Tenth Edition
15

Client computers
◦ Must be protected from threats that originate in software and data downloaded from the Internet
◦ Also applicable for protecting Internet and ecommerce assets from physical and electronic threats

Examples of electronic threats include:
◦ Impostors, eavesdroppers, and thieves
Electronic Commerce, Tenth Edition
2


How to implement security on Web server computers What organizations promote computer, network, ຫໍສະໝຸດ Baidund Internet security
It is more likely that a credit card number may be stolen from computer where it is stored after being transmitted over the Internet
Electronic Commerce, Tenth Edition
◦ Create enough barriers to deter intentional violators

Integrated security refers to
◦ Having all security measures work together to
Prevent unauthorized disclosure, destruction, or modification of assets