Transcript ECommerce Security

Internet Security
Michael O’Farrell
Ernst & Young
23-November-1999
Background
 The
Internet is increasingly used for
commercial activities
e.g. Information, Ordering, Payment...
 The
best known of these are the companies
who sell directly to customers known as
Business to Customer (B2C).
e.g. Amazon and eBay ...
The biggest Internet growth area is Business to
Business (B2B). 2
B2B - is happening already
 Greater
level of electronic communication (e-mail)
 Companies use the web for various purposes;
Catalogues
(pictures, sound, text and prices)
Form filling (e.g. surveys, applications)
Account information (balances, transactions)

Many Companies are replacing EDI systems with
simpler Internet-based inter-company
communication.
These inter-company links are direct connections
between the computers of partner firms.
3
Whats the big deal with Internet
Security
 Ability
to trust the other party is more
difficult over the Internet alone.
 Any security weaknesses can impact
customer confidence.
 Insecure trading partners can be a threat to
an organisation, because of the risk of ...
virus
infection
disclosure of information they trusted you with
as an avenue to try and ‘hack’ their organisation.
4
Common vulnerabilities
- the scare stories
 Viruses
 they
can cause disruption and nobody will want to talk to you
(electronically) if you are infected.
 Poor
security controls on computers.
 The
most basic is proper use of passwords.
The e-mail you send and files you store are protected by password
This is the key to your electronic filecabinet.
Having no control allows anybody to write a document or send an
e-mail in your name.
5
Other Concerns
 Backup

What is the effect of your computer failing - a ‘crash’.
Do you have a backup copy of your general ledger ?
 Hacking

 Are
If you connect full time to the Internet consider that others on
the network will find you and may want to explore your
computer.
you what your email says ?

It is possible to ‘forge’ messages on the Internet. A Company
getting an email from ‘you’ needs assurance that the message
came from you and that the information was not tampered
with.
Some answers ...
 Do
the basics ...
Up
to date anti-virus software on ALL your computers
A good, secret password that is changed regularly
Up to date software that has all the recommended security
features turned on.
Backup
software and data stored securely.
 Follow
the Law on protection of personal information.
 If your system is more complex take the time to review
the risks and address them.
 Use digital signatures to prove your identity.
7
Summary
 Trading
partners will use more Internet
technology for their transactions.
 This technology increases the risks to your
organisation which must be balanced
against the benefits of using it.
 Good controls, up to date software and, in
some cases, hardware can significantly
reduce the risks.
Would you be comfortable if your bank and
insurance broker habitually kept their
premises unlocked overnight ?
You have a responsibility to your customers
and trading partners to ensure your systems
(especially Internet) are secure.
References - on the web.
Irish and EU legislation on the Internet
http://www.echo.lu/
http://www.odtr.ie/html/legislation.html
http://www.irlgov.ie/taoiseach/publication/infosocactionplan/inf
osocframework.htm
http://www.irlgov.ie/tec/communications/commsleg.htm
Information Society Commission
http://www.infosocomm.ie/background.htm
Information Security organisations
http://www.ciac.org/
http://www.sans.org/newlook/home.htm
10