1 / 38

E-Commerce

E-Business Level 2. Instructor: Safaa S.Y. Dalloul. Try to be the Best. 2013-2014. E-Commerce. E-Commerce Security??. Elements of Lecture. Introduction.

patty
Télécharger la présentation

E-Commerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-Business Level 2 Instructor: Safaa S.Y. Dalloul Try to be the Best 2013-2014 E-Commerce E-Commerce Security??

  2. Elements of Lecture

  3. Introduction

  4. With the rapid growth of EC, things have changed, consumers use their credit cards to purchase goods and services online, they also use their email account to conduct business. “This needs a serious protection of the data being transferred over the internet, so security needed.” Introduction Why Security

  5. Basic Security Issues

  6. Basic Security Issues

  7. Authentication Basic Security Issues

  8. Authentication • The Process to verify (assure) the real identity of an individual, computer, computer program, or EC Web site • Authentication requires evidence in the form of identifications, which can take a variety of forms including something known; something possessed or something unique such as passwords, smartcards and signatures. Basic Security Issues

  9. Authorization Not Allow Allow Basic Security Issues

  10. Authorization • Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform Basic Security Issues

  11. Auditing Basic Security Issues

  12. Auditing • If a person or program accesses a web site, various pieces of information are noted in a log file. If a person or program queries a database, the action is also noted in a log file. • Process of recording information about what Web site, data, file, or network was accessed, when, and by whom or what. Basic Security Issues

  13. Auditing • It’s the collection of information about accessing particular resources, using particular privileges, or performing other security actions is known as auditing. Basic Security Issues

  14. Privacy Basic Security Issues

  15. Privacy • Privacy: information that is private or sensitive should not be disclosed to unauthorized individuals, some examples are business plans, credit card numbers and even fact that a person visited a particular web site. • This information is confidential and private. Basic Security Issues

  16. Integrity Basic Security Issues

  17. Integrity • Integrity: the ability to protect data from being altered or destroyed in an unauthorized or accidental manner is called integrity. Data can be altered or destroyed while it's in transit of after it is stored. Basic Security Issues

  18. Security Risk Management

  19. Risk Management consists of four phases, assessment, planning, implementation and monitoring phases. • To understand these phases a few definitions are in order. Security Risk Management

  20. Assets: Anything of value that is worth securing. They can include tangible goods and intangible. • Threat: Any eventuality that represents a danger to an asset. • Vulnerability: Weakness in software or other mechanism that threatens the confidentiality, integrity, or availability of an asset. It can be directly used by a hacker to gain access to a system or network Security Risk Management

  21. Assessment Risk Management • In this phase, organizations evaluate their security risks by determining their assets, threats, and vulnerabilities. Security Risk Management

  22. Assessment Risk Management HOW Security Risk Management

  23. Assessment Risk Management • Determine organizational objective: it's possible to safeguard against every eventuality, safeguards should be selected on the basis of an organization's objectives and requirements. • Inventory Assets: should be itemize all of the critical tangible and intangible assets on the network. The relative value and criticality of these assets also needs to be determined. Security Risk Management

  24. Assessment Risk Management • Delineate threats: potential risks can come from any person or thing that can use the network to harm an organization's assets, including hackers, viruses, human errors • Identify Vulnerabilities Security Risk Management

  25. Assessment Risk Management • Quantify the value for each risk: this is what is meant by quantitative risk analysis, in which equations used to assign a numerical value to a risk. The calculated values of the various risks are used to prioritize those risks that need safeguarding. Risk= Assets X Threat X Vulnerability. Security Risk Management

  26. Planning Risk Management • In this phase, the primary goal of this phase is to arrive at a set of security policies defining which threats are tolerable and which are not. Security Risk Management

  27. Planning Risk Management HOW Security Risk Management

  28. Planning Risk Management • Define Specific Policies: each policy needs to detail how a particular safeguard will be instituted, why the safeguard is being implemented, when it will be responsible for the safeguard. Security Risk Management

  29. Planning Risk Management • Establish processes for audit and review: security is an ongoing activity that needs to be adapted to changes in an organization's objectives, assets, threats and vulnerabilities. This requires regular reviews in order to determine the effectiveness of particular policies . Security Risk Management

  30. Planning Risk Management • Establish an incident response team and contingency plan. Security Risk Management

  31. Implementation Risk Management • In this phase, particular technologies are chosen to counter high-priority threats. The selection of particular technologies is based on the general guidelines established in the planning phase. • A first step of this phase is selecting generic types of technology for each of the high priority threats. Given the generic types, particular software from particular vendors can then be selected. Security Risk Management

  32. Monitoring Risk Management • It's ongoing process that is used to determine which measures are successful. • Which measures are unsuccessful and need modification, whether there are any new types of threat, whether there have been advances or changes in technology and whether there are any new business requirements that need securing. Security Risk Management

  33. Types of Threats and Attacks

  34. Types of threats and attacks

  35. Types of threats and attacks

  36. Security Technologies

  37. Security Tehcnologies

  38. Any Question

More Related