Transcript The key dimensions of e-commerce security (Cont.)

PART THREE
E-commerce in Action
Norton University
E-commerce in Action
1
Chapter 7:
Online Security and Payment
Systems
Norton University
E-commerce in Action
2
Learning Objectives
- Understand
the scope of e-commerce crime and security
problems.
- Describe the key dimensions of e-commerce security.
- Understand the tension between security and other values.
- Identify the key security threats in the e-commerce environment.
- Describe how technology helps protect the security of messages
sent over the Internet.
Norton University
E-commerce in Action
3
Understand the scope of e-commerce
crime and security problems
While the overall size of cyber-crime is unclear at
this time, cyber-crime against e-commerce sites
is growing rapidly, the amount of losses is
growing, and the management of e-commerce
sites must prepare for a variety of criminal
assaults.
Norton University
E-commerce in Action
4
The key dimensions of
e-commerce security
There are six key dimensions to e-commerce security:
- Integrity
- Non-repudiation
- Authenticity
- Confidentiality
- Privacy
- Availability
Norton University
E-commerce in Action
5
The key dimensions of
e-commerce security (Cont.)
Integrity: Ensures that information displayed on a Web
site or sent or received via the Internet has not been
altered in any way by an unauthorized party.
Non-repudiation: Ensure that e-commerce
participants do not deny (repudiate) their online actions.
Norton University
E-commerce in Action
6
The key dimensions of
e-commerce security (Cont.)
Authenticity: Verifies an individual’s or business’s
identity.
Confidentiality: Determines whether information
shared online, such as through e-mail communication or
an order process, can be viewed by anyone other than
the intended recipient.
Norton University
E-commerce in Action
7
The key dimensions of
e-commerce security (Cont.)
Privacy: Deals with the use of information shared
during an online transaction consumers want to limit the
extent to which their personal information can be
divulged to other organizations, while, merchants want
to protect such information from falling into the wrong
hand.
Availability: Determines whether a Web site is
accessible and operational at any given moment.
Norton University
E-commerce in Action
8
The tension between security
and other values
Although computer security is considered
necessary to protect e-commerce activities,
it is not without a downside. Two major
areas where there are tensions between
security and Web site operations include:
Ease of use and Public safety.
Norton University
E-commerce in Action
9
The tension between security
and other values (Cont.)
Ease of use: The more security measures that are
added to an e-commerce site, the more difficult it is to
use and the slower the site becomes, hampering ease of
use. Security is purchased at the price of slowing down
processors and adding significantly to data storage
demands. Too much security can harm profitability, while
not enough can potentially put a company out of
business.
Norton University
E-commerce in Action
10
The tension between security
and other values (Cont.)
Public safety: There is a tension between the claims
of individuals to act anonymously and the needs of
public officials to maintain public safety that can be
threatened by criminals or terrorists.
Norton University
E-commerce in Action
11
The security threats in the e-commerce
environment
The nine most common and most damaging forms of security
threats to e-commerce sites include:
- Malicious code
- Unwanted programs (adware, spyware, etc.)
- Phishing
- Hacking and cyber-vandalism
- Spoofing
- Denial of Service attacks
- Sniffing
- Insider jobs
- Poorly designed server and client software
Norton University
E-commerce in Action
12
The security threats in the e-commerce
environment (Cont.)
Malicious code: Viruses, worms, Trojan horses, and
bot networks are a threat to a system’s integrity and
continued operation, often changing how a system
functions or altering documents created on the system.
Unwanted programs (adware, spyware, etc.):
A kind of security threat that arises when programs are
surreptitiously installed on your computer or computer
network with.
Norton University
E-commerce in Action
13
The security threats in the e-commerce
environment (Cont.)
Phishing: Any deceptive, online attempt by a third
party to obtain confidential information for financial gain.
Hacking and cyber-vandalism: Intentionally
disrupting, defacing, or even destroying a site.
Norton University
E-commerce in Action
14
The security threats in the e-commerce
environment (Cont.)
Credit card fraud/theft: One of the most feared
occurrences and one the main reasons more consumers
do not participate in e-commerce. The most common
cause of credit card fraud is a lost or stolen card that is
used by someone else, followed by employee theft of
customer numbers and stolen identities (criminals
applying for credit card using false identities).
Norton University
E-commerce in Action
15
The security threats in the e-commerce
environment (Cont.)
Spoofing: Occurs when hackers attempt to hide their
true identities or misrepresent themselves by using fake
e-mail addresses or masquerading as someone else.
Spoofing also can involve redirecting a Web link to an
address different from the intended one, with the site
masquerading as the intended destination.
Norton University
E-commerce in Action
16
The security threats in the e-commerce
environment (Cont.)
Denial of Service attacks: Hackers flood a Web
site with useless traffic to inundate and overwhelm the
network, frequently causing it to shut down and
damaging a site’s reputation and customer relationships.
Sniffing: A type of eavesdropping program that
monitors information traveling over a network, enabling
hackers to steal proprietary information from anywhere
on a network, including e-mail messages, company files,
and confidential report. The threat of sniffing is that
confidential or personal information will be made public.
Norton University
E-commerce in Action
17
The security threats in the e-commerce
environment (Cont.)
Insider jobs: Although the bulk of Internet security
efforts are focused on keeping outsiders out, the biggest
threat is from employees who have access to sensitive
information and procedures.
Poorly designed server and client software:
The increase in complexity and size of software
programs has contributed to an increase in software
flaws or vulnerabilities that hackers can exploit
weaknesses.
Norton University
E-commerce in Action
18
How technology helps protect the
security of messages sent over the
Internet ?
Encryption is the process of transforming plain
text or data into cipher text that cannot be read by
anyone other than the sender and the receiver.
Encryption can provide four of the six key
dimensions of e-commerce security.
Message integrity, Non-repudiation,
Authentication and Confidentiality.
Norton University
E-commerce in Action
19
How technology helps protect the security of
messages sent over the Internet ? (Cont.)
Message integrity: Provides assurance that the sent
message has not been altered.
Non-repudiation: Prevents the user from denying
that he or she sent a message.
Authentication: Provides verification of the identity of
the person (or computer) sending the message.
Confidentiality: Gives assurance that the message
was not read by others.
Norton University
E-commerce in Action
20