SlideShare uma empresa Scribd logo
1 de 29
Amity School of Business

          Jitendra Tomar

                 09650512300
   jitendratomar@hotmail.com
jitendratomar@rediffmail.com




                     Orator
Amity School of Business




• Part 6:


            SeCuRiTy ThReAtS WiTh
                E-CoMmErCe
Amity School of Business




• Security In Cyberspace
Amity School of Business

• The electronic system that supports e-commerce                         is
  susceptible to abuse and failure in many ways:
   • Fraud
    The act that results in direct financial loss.
    Funds might be transferred from one account to another, or
       financial records might simply be destroyed.
 
    • Theft
    Theft of confidential, proprietary, technological, or marketing
       information belonging to the firm or to the customer.
    An intruder may disclose such information to a third party, resulting
      in damage to the key customer, a client, or the firm itself.




                                            Security in Cyberspace
Amity School of Business

• The electronic system that supports e-commerce                     is
  susceptible to abuse and failure in many ways:
   • Disruption of service
  It may result in major losses of the business or inconvenience to the
      customer.


  • Illegal intrusion in customer data
  The act leads to loss of customer confidence stemming from illegal
     intrusions into customer files or company business, dishonesty,
     human mistakes, or network failures.




                                      Security in Cyberspace
Amity School of Business




• Nature of Cyber Business
Amity School of Business

Why the Business on Internet is Different?
• The nature of E-Commerce and Bricks & Mortar Models of
  doing business is quite different.
   • The difference in the physical payment systems
     (electronic money and real money)
   • Practical and legal differences exist between traditional
     store (paper based commerce) and computer based
     commerce.
   • 24x7x365 availability of electronic medium compared to
     limited time processing at physical business house.
   • Electronic business works on the concept of anyone,
     anywhere, anytime which is quite different from the
     business culture of physical houses.


                                      Online Business Nature
Amity School of Business

Why the Business on Internet is Different?

  Paper-Based Commerce                     Electronic Commerce

  •Signed paper document.           •Digital Signature.
  •Physical Interaction.            •Electronic Via Website.
  •Physical payment system.         •Electronic Payment System.
  •Merchant & customer are face •No Face to Face contact.
  to face.                       •Detection is difficult.
  •Easy        detection      of •Negotiable       documents        require
  modifications.                 special security.
  •Easy      negotiability     of
  documents.




                                         Online Business Nature
Amity School of Business




• Conceptualizing Security
Amity School of Business

Security Concerns
• The nature of E-Commerce and Bricks & Mortar Models of
  doing business is quite different.
   • The difference in the physical payment systems
     (electronic money and real money)
• The first issue in security is identifying the principals. They are
  the people, processes, machines, and keys that transact
  (send, receive, access, update, delete) information via
  databases, computers, and networks.
 
• Security concerns generally involve the following issues:
   • Confidentiality
    Knowing who can read data and ensuring that information in the
      network remains private. This is done via encryption

                                   Conceptualizing Security
Amity School of Business

Security Concerns
   • Authentication
   Making sure that message senders or principals are who they say
     they are.
   • Integrity
   Making sure that information is not accidentally or maliciously
     altered or corrupted in transit.
   • Access Control
   Restricting the use of a resource to authorized principals.
   • Non-repudiation
   Ensuring that principals cannot deny that they sent the message
   • Firewalls
   A filter between corporate networks and the Internet to secure
      corporate information and files from intruders, but that allows
      access to authorized principals.
                                      Conceptualizing Security
Amity School of Business

The Privacy Factor
• In the absence of regulatory protection experts urge privacy-
  sensitive surfers to take basic steps to protect their privacy
  while online.
   • Send e-mail through remailers.
   • Improve security through Web browsers.
   • Use a secondary free e-mail service to prevent your main
      business e-mail account.
   • Stay away from filling out any form or questionnaire online.
   • Use a privacy application/software/utility to give your files
      or PC contents some privacy.
   • Install a firewall program to protect your computer from
      hackers.


                                  Conceptualizing Security
Amity School of Business

The Woes of a Password
• One can see that there is no silver bullet solution to user
  authentication. There are ideas, however, to improve security
  systems:
   • Limit the number of times a password can be repeated in
      accessing a sensitive system
   • Train employees, customers, and the general public in
      more advanced methods like biometrics, PKE, and smart
      cards and be prepared to use such technology when it
      becomes available.
   • Ensure that systems designers and systems analysts are
      well versed in security issues and security procedures as
      part of every future application.
   • Review and evaluate the strength of the current password
      schemes used by customers and employees alike.
                                Conceptualizing Security
Amity School of Business

The Ph-ear of Phishing
• Phishing is a relatively recent phenomenon, having appeared
  within the past few years. It is becoming an effective tool with
  online criminals.
 
• Phishing has several characteristics:
   • Trojan horses are installed on vulnerable machines to
      gather data.
   • They “harvest” user names and passwords to distribute to
      attackers.
   • Users’ PCs are compromised without their knowledge.
   • Software vulnerabilities force PCs to download code.


                                  Conceptualizing Security
Amity School of Business

Identity Theft
• Victims of ID theft have been known to find no quick fix to
  clearing their names. Nearly one third said they have been
  unable to repair their wrecked credit or restore their identities
  to good standing a year after their personal information was
  stolen.
• Here are some basic guidelines for the users to protect
  themselves from identity theft:
   • Protect your identification no/SSN no/ Licence No/ by
     supplying it when absolutely necessary.
   • Check your credit reports as least once a year. Check
     your statements for unexplained charges or unusual
     withdrawals from your bank accounts.


                                  Conceptualizing Security
Amity School of Business

Identity Theft
   • Be careful whom you talk to on the telephone –
       telemarketers, ISP employees, or even members of
       government agencies could all be disguised criminals.
   • Use shredders to get rid of your statements of receipts.
       When using ATMs, never leave your receipts behind.
   • Use strong passwords. Don’t use the information related
       about you and could be guessed easily, like telephone
       no, vehicle registration, own name, close relative name,
       house no, and the like.
   • Remove your mail from your mailbox promptly. Use offline
       applications like outlook.
 




• Also make sure, in case of any theft of your personal
  information, file a report with local police and keep a copy for
  dealing with creditors later.
                                  Conceptualizing Security
Amity School of Business




• Designing the Security
Amity School of Business

Designing Security
• Hacking, net-spionage, cracking viruses, global worms,
  employees with malicious intent, cyber terrorism, internal theft
  – these are just some of the security challenges today’s
  organizations face.
• Hackers and malicious code writers are automating the
  Internet Shell that ensures they stay one step ahead of the
  laws and security officers. Technology without strategy can
  actually leave the organization more vulnerable.
• For information security design, the key question is: How do
  you know that the design will be secure? The answer lies in an
  effective design that should be part of the business-to-
  consumer installations from the beginning. Adding security
  mechanisms as an afterthought can be costly and
  ineffective. The design process begins with a chief security
  officer and involves five major steps:  Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
   • Accessing the security needs of the firm
   The chief security officer should be able to pinpoint the security
      breaches that threaten the company’s business and how well
      the company is in compliance with various laws and regulations.
   It is prudent to look for security vulnerability before it is too late. The
        cheapest and most effective way to fix problems is while they
        are in development.
   A system assessment life cycle begins with development of a new
      system using security best practices. Then the system should be
      tested to detect unforeseen security flaws before it is released for
      implementation. Finally, a running system should be monitored
      and maintained at all times.

                                                   Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
   • Adopt a security policy that makes sense.
   Security policies should cover the entire e-commerce system
      including the merchant’s LAN, H/W, S/W, firewalls, protocols,
      standards, databases, and the staff directly involved in the e-
      commerce process.
   The policies should spell out Internet security practices, the nature
      and level of risks, the level of protection, and the procedure to
      follow to react to threats and recover from failure.
   Above all, policies must have the blessing of top management if
     they are to have a chance of succeeding.




                                               Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
   • Considering Web Security Needs.
   Here the companies lists top vulnerabilities and take a close look at
      critical applications to decide risk levels.
   The amount of security a Web merchant needs depends on the
      sensitivity of its data and the demand for it. If the site collects
      credit card numbers for access, the company would require the
      highest security possible for Web server, the network, and the
      Website.
   The company also consult a security consultant to see what options
      are available and how to put them to good use.




                                               Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
   • Design the security environment.
   The design begins with sketching out the stepping stones – the
      sequence and parameters in the security network based on the
      security policy and requirements of the e-commerce system.
   Physical security design looks at PCs, LAN, OS, Firewalls, Security
      Protocols, other Network Infrastructure, Physical location and
      layout, Bandwidth, Security Protocols of the ISP, and the
      communication medium that connect the merchant to the ISP.
   How much security goes into a system depends on how much risk
     the company is willing to take, the security policy it is willing to
     adopt, and the present state of security practices in the
     workplace.

                                               Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
      This phase generally deals with designing of Security Perimeter
      that generally includes firewalls, authentication, VPNs, and
      intrusion detection devices. Installing such software and devices
      is part of physical design. The challenge is to police the entire
      perimeter.
      •Authorize and Monitor the Security System.
      Only authorized users are allowed access to the e-commerce
      site and other IT systems. This involves installing a system that
      generates authorization to different users to handle different jobs.
      Most companies adopt a policy that denies access to all except
      those who are explicitly allowed. This policy, along with good
      security design, should keep a site reasonably secure.


                                                Designing Security
Amity School of Business

Designing Security
• The design process begins with a chief security officer and
  involves five major steps:
      Monitoring means capturing processing details for evidence,
      verifying that e-commerce is operating within the security policy,
      and verifying that attacks have been unsuccessful.
      •Raise Awareness of Possible Intrusions.
      With today’s firms relying more and more on the Internet, they
      face an ever-growing spectrum of threats, which means an
      increase in protection against cyber-risks.
      This is noticed that the risks are more not because there is breach
      in security policy of a company, but more because of improper
      use of the internet technologies. Users should be made aware of
      the potential risk factors and how to elope from them with simple
      but cautious use of Internet Technologies.

                                               Designing Security
Amity School of Business

How Much Risk Can One Afford
• The top officials of the company generally ask two questions
  regarding their company’s security and how it relates to e-
  commerce
   • How secure we are?
   • How much will it cost to secure our e-system?
 
• Few other questions arise as well:
   • How secure do we need to be?
   • What are we doing to monitor and improve security?
   • What monitors do we have that tell us whether we have
     been hit and how hard?



                                     Security Risk Analysis
Amity School of Business

How Much Risk Can One Afford
• The level of security can be determined by the specific
  threats inherent in the system’s design. The way of addressing
  the risk factor is to estimate the pain threshold a company
  and the attacker are willing to tolerate.


• In this case, the network administrator needs to know what is
  being protected, its value to the company, and its value to
  outsiders. The statements “when you have nothing, you have
  nothing to lose” and “there is not much that they can steal”
  do not apply in network and Internet security. The goal of
  security strategies, methods, and procedures is to raise the
  threshold of pain an attacker must endure to access and
  cause damage to a system.

                                      Security Risk Analysis
Amity School of Business

Thefts and Underground Economy
• Organized electronic crime and work-writing activity has been
  surging in the open, with nothing to slow it down. It is powering
  an underground economy specializing in ID theft and spam.
  Signs of the underground economy include:
   • Credit card databases bought and sold.
   • Hacked servers bought and sold.
   • Distributed Denial-of-Service attack networks bought and
      sold.
   • Machines infected with viruses, then turned into proxies or
      attack networks.




                                             Thefts & Economy
Amity School of Business

Kinds of Theft or Crime
• Before promoting security, one must know what they are
  trying to prevent. Web merchants must consider three kinds of
  threats or crimes.
   • Those that are physically related:
   A hacker might attempt to steal or damage inventory. Other
     examples include credit card records, stolen computer hardware
     or software, and sheer vandalism. An attacker, often by guessing
     passwords, might succeed in gaining access to another user’s
     account. The attacker might even be capable of drumming up
     unauthorized features such as discount coupons or specials in an
     effort to get merchandise free of charge.




                                             Designing Security
Amity School of Business

Kinds of Theft or Crime
    • Those that are order related:
    A customer might attempt to use an invalid or a stolen credit card
       or claim no merchandise was received on a good credit card.
       Children might use their parents’ credit card without permission.
       Insiders can do a lot to infect an order because they have
       access to sensitive systems and information. All it takes is a
       disgruntled or greedy employee to disrupt or divert an order to
       his or her advantage.
 
    • Those that are electronically related:
    A hacker might try to sniff e-mail information or attempt to steal
      credit card numbers and use them illegally at a later stage.




                                               Designing Security

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

E Commerce Basics
E Commerce BasicsE Commerce Basics
E Commerce Basics
 
E business
E businessE business
E business
 
E commerce terminology and definitions
E commerce terminology and definitionsE commerce terminology and definitions
E commerce terminology and definitions
 
Industry framework of e commerce
Industry framework of e commerceIndustry framework of e commerce
Industry framework of e commerce
 
Problems in ecommerce
Problems in ecommerceProblems in ecommerce
Problems in ecommerce
 
E commerce
E commerceE commerce
E commerce
 
Lecture 01-e-commerce-khalid khan
Lecture 01-e-commerce-khalid khanLecture 01-e-commerce-khalid khan
Lecture 01-e-commerce-khalid khan
 
E tailing
E tailingE tailing
E tailing
 
e commerce
e commercee commerce
e commerce
 
E business applications
E business applicationsE business applications
E business applications
 
Lecture 1 ECommerce an Introduction for Master classes UOS
Lecture 1 ECommerce an Introduction for Master classes UOSLecture 1 ECommerce an Introduction for Master classes UOS
Lecture 1 ECommerce an Introduction for Master classes UOS
 
TYPES OF E-COMMERCE
TYPES OF E-COMMERCETYPES OF E-COMMERCE
TYPES OF E-COMMERCE
 
1 introduction to e commerce
1 introduction to e commerce1 introduction to e commerce
1 introduction to e commerce
 
B2C Business models
B2C Business modelsB2C Business models
B2C Business models
 
Ecommerce
EcommerceEcommerce
Ecommerce
 
Report on e commerce
Report on e commerceReport on e commerce
Report on e commerce
 
E commerce
E commerceE commerce
E commerce
 
Electronic payments ystem
Electronic payments ystem Electronic payments ystem
Electronic payments ystem
 
E - Business Introduction
E - Business IntroductionE - Business Introduction
E - Business Introduction
 
E business models
E business modelsE business models
E business models
 

Destaque

E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic CommerceDarlene Enderez
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesInderjeet Singh
 

Destaque (7)

E commerce security
E commerce securityE commerce security
E commerce security
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
 
E commerce
E commerceE commerce
E commerce
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and Challenges
 
Cryptography
CryptographyCryptography
Cryptography
 
E commerce ppt
E commerce pptE commerce ppt
E commerce ppt
 

Semelhante a 6. Security Threats with E-Commerce

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeNet at Work
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Introduction to E commerce
Introduction to E commerceIntroduction to E commerce
Introduction to E commerceHimanshu Pathak
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationNick Chandi
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraudRadiant Minds
 
E commerce security
E commerce securityE commerce security
E commerce securityRoha1234567
 
Phishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxPhishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxStephen Jesukanth Martin
 
What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?Entrance Exam Info
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW 2000: Trusted e-Commerce: What Does it Mean?IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW 2000: Trusted e-Commerce: What Does it Mean?IWMW
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxKevinRiley83
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerZitaAdlTrk
 
How To Prevent Cyber crime|E-Commerce
How To Prevent Cyber crime|E-Commerce How To Prevent Cyber crime|E-Commerce
How To Prevent Cyber crime|E-Commerce Chargeback Expertz
 

Semelhante a 6. Security Threats with E-Commerce (20)

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
E-commerce.pptx
E-commerce.pptxE-commerce.pptx
E-commerce.pptx
 
Introduction to E commerce
Introduction to E commerceIntroduction to E commerce
Introduction to E commerce
 
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigationData security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigation
 
E commerce(report)
E commerce(report)E commerce(report)
E commerce(report)
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Phishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxPhishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptx
 
What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
 
IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW 2000: Trusted e-Commerce: What Does it Mean?IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW 2000: Trusted e-Commerce: What Does it Mean?
 
Data security
Data securityData security
Data security
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 
How To Prevent Cyber crime|E-Commerce
How To Prevent Cyber crime|E-Commerce How To Prevent Cyber crime|E-Commerce
How To Prevent Cyber crime|E-Commerce
 
Computer and internet fraud
Computer and internet fraudComputer and internet fraud
Computer and internet fraud
 

Mais de Jitendra Tomar

Industrial IIOT and Physical Internet
Industrial IIOT and Physical InternetIndustrial IIOT and Physical Internet
Industrial IIOT and Physical InternetJitendra Tomar
 
Artificial Intelligence and Internet of Things.pptx
Artificial Intelligence and Internet of Things.pptxArtificial Intelligence and Internet of Things.pptx
Artificial Intelligence and Internet of Things.pptxJitendra Tomar
 
AI, Business Intelligence and MIS
AI, Business Intelligence and MISAI, Business Intelligence and MIS
AI, Business Intelligence and MISJitendra Tomar
 
Reshaping Business with Artificial Intelligence
Reshaping Business with Artificial IntelligenceReshaping Business with Artificial Intelligence
Reshaping Business with Artificial IntelligenceJitendra Tomar
 
Redefining Management using AI
Redefining Management using AIRedefining Management using AI
Redefining Management using AIJitendra Tomar
 
AI - Rise of Big Data in Business Planning
AI - Rise of Big Data in Business PlanningAI - Rise of Big Data in Business Planning
AI - Rise of Big Data in Business PlanningJitendra Tomar
 
AI in economics and business management.
AI in economics and business management.AI in economics and business management.
AI in economics and business management.Jitendra Tomar
 
4. Internet of Things - Reference Model and Architecture
4. Internet of Things - Reference Model and Architecture4. Internet of Things - Reference Model and Architecture
4. Internet of Things - Reference Model and ArchitectureJitendra Tomar
 
3. M2M and IoT - Technology Fundamentals
3. M2M and IoT - Technology Fundamentals3. M2M and IoT - Technology Fundamentals
3. M2M and IoT - Technology FundamentalsJitendra Tomar
 
2. Internet of Things - A Market Perspective
2. Internet of Things - A Market Perspective2. Internet of Things - A Market Perspective
2. Internet of Things - A Market PerspectiveJitendra Tomar
 
1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoTJitendra Tomar
 
Module 3: Code of Ethics
Module 3: Code of EthicsModule 3: Code of Ethics
Module 3: Code of EthicsJitendra Tomar
 
PFE5.2 Research Ethics and Academic Integrity - Publication Ethics
PFE5.2 Research Ethics and Academic Integrity - Publication EthicsPFE5.2 Research Ethics and Academic Integrity - Publication Ethics
PFE5.2 Research Ethics and Academic Integrity - Publication EthicsJitendra Tomar
 
PFE5.1 Research Ethics and Academic Integrity - Research Ethics
PFE5.1 Research Ethics and Academic Integrity - Research EthicsPFE5.1 Research Ethics and Academic Integrity - Research Ethics
PFE5.1 Research Ethics and Academic Integrity - Research EthicsJitendra Tomar
 
PFE4.4 Global Issues - Sustainable Development Goals
PFE4.4 Global Issues - Sustainable Development GoalsPFE4.4 Global Issues - Sustainable Development Goals
PFE4.4 Global Issues - Sustainable Development GoalsJitendra Tomar
 
PFE4.3 Global Issues - Environmental Ethics
PFE4.3 Global Issues - Environmental EthicsPFE4.3 Global Issues - Environmental Ethics
PFE4.3 Global Issues - Environmental EthicsJitendra Tomar
 
PFE4.2 Global Issues - Business Ethics and Corporate Governance
PFE4.2 Global Issues - Business Ethics and Corporate GovernancePFE4.2 Global Issues - Business Ethics and Corporate Governance
PFE4.2 Global Issues - Business Ethics and Corporate GovernanceJitendra Tomar
 
PFE4.1 Global Issues - Globalization of MNCs
PFE4.1 Global Issues - Globalization of MNCsPFE4.1 Global Issues - Globalization of MNCs
PFE4.1 Global Issues - Globalization of MNCsJitendra Tomar
 
PFE3.5 Ethical Considerations - Employee Grievance
PFE3.5 Ethical Considerations - Employee GrievancePFE3.5 Ethical Considerations - Employee Grievance
PFE3.5 Ethical Considerations - Employee GrievanceJitendra Tomar
 
PFE3.4 Ethical Considerations - Working with Minors
PFE3.4 Ethical Considerations - Working with MinorsPFE3.4 Ethical Considerations - Working with Minors
PFE3.4 Ethical Considerations - Working with MinorsJitendra Tomar
 

Mais de Jitendra Tomar (20)

Industrial IIOT and Physical Internet
Industrial IIOT and Physical InternetIndustrial IIOT and Physical Internet
Industrial IIOT and Physical Internet
 
Artificial Intelligence and Internet of Things.pptx
Artificial Intelligence and Internet of Things.pptxArtificial Intelligence and Internet of Things.pptx
Artificial Intelligence and Internet of Things.pptx
 
AI, Business Intelligence and MIS
AI, Business Intelligence and MISAI, Business Intelligence and MIS
AI, Business Intelligence and MIS
 
Reshaping Business with Artificial Intelligence
Reshaping Business with Artificial IntelligenceReshaping Business with Artificial Intelligence
Reshaping Business with Artificial Intelligence
 
Redefining Management using AI
Redefining Management using AIRedefining Management using AI
Redefining Management using AI
 
AI - Rise of Big Data in Business Planning
AI - Rise of Big Data in Business PlanningAI - Rise of Big Data in Business Planning
AI - Rise of Big Data in Business Planning
 
AI in economics and business management.
AI in economics and business management.AI in economics and business management.
AI in economics and business management.
 
4. Internet of Things - Reference Model and Architecture
4. Internet of Things - Reference Model and Architecture4. Internet of Things - Reference Model and Architecture
4. Internet of Things - Reference Model and Architecture
 
3. M2M and IoT - Technology Fundamentals
3. M2M and IoT - Technology Fundamentals3. M2M and IoT - Technology Fundamentals
3. M2M and IoT - Technology Fundamentals
 
2. Internet of Things - A Market Perspective
2. Internet of Things - A Market Perspective2. Internet of Things - A Market Perspective
2. Internet of Things - A Market Perspective
 
1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT
 
Module 3: Code of Ethics
Module 3: Code of EthicsModule 3: Code of Ethics
Module 3: Code of Ethics
 
PFE5.2 Research Ethics and Academic Integrity - Publication Ethics
PFE5.2 Research Ethics and Academic Integrity - Publication EthicsPFE5.2 Research Ethics and Academic Integrity - Publication Ethics
PFE5.2 Research Ethics and Academic Integrity - Publication Ethics
 
PFE5.1 Research Ethics and Academic Integrity - Research Ethics
PFE5.1 Research Ethics and Academic Integrity - Research EthicsPFE5.1 Research Ethics and Academic Integrity - Research Ethics
PFE5.1 Research Ethics and Academic Integrity - Research Ethics
 
PFE4.4 Global Issues - Sustainable Development Goals
PFE4.4 Global Issues - Sustainable Development GoalsPFE4.4 Global Issues - Sustainable Development Goals
PFE4.4 Global Issues - Sustainable Development Goals
 
PFE4.3 Global Issues - Environmental Ethics
PFE4.3 Global Issues - Environmental EthicsPFE4.3 Global Issues - Environmental Ethics
PFE4.3 Global Issues - Environmental Ethics
 
PFE4.2 Global Issues - Business Ethics and Corporate Governance
PFE4.2 Global Issues - Business Ethics and Corporate GovernancePFE4.2 Global Issues - Business Ethics and Corporate Governance
PFE4.2 Global Issues - Business Ethics and Corporate Governance
 
PFE4.1 Global Issues - Globalization of MNCs
PFE4.1 Global Issues - Globalization of MNCsPFE4.1 Global Issues - Globalization of MNCs
PFE4.1 Global Issues - Globalization of MNCs
 
PFE3.5 Ethical Considerations - Employee Grievance
PFE3.5 Ethical Considerations - Employee GrievancePFE3.5 Ethical Considerations - Employee Grievance
PFE3.5 Ethical Considerations - Employee Grievance
 
PFE3.4 Ethical Considerations - Working with Minors
PFE3.4 Ethical Considerations - Working with MinorsPFE3.4 Ethical Considerations - Working with Minors
PFE3.4 Ethical Considerations - Working with Minors
 

Último

Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Dr. Asif Anas
 
How to Create a Toggle Button in Odoo 17
How to Create a Toggle Button in Odoo 17How to Create a Toggle Button in Odoo 17
How to Create a Toggle Button in Odoo 17Celine George
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17Celine George
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.raviapr7
 
A gentle introduction to Artificial Intelligence
A gentle introduction to Artificial IntelligenceA gentle introduction to Artificial Intelligence
A gentle introduction to Artificial IntelligenceApostolos Syropoulos
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxheathfieldcps1
 
Protein Structure - threading Protein modelling pptx
Protein Structure - threading Protein modelling pptxProtein Structure - threading Protein modelling pptx
Protein Structure - threading Protein modelling pptxvidhisharma994099
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17Celine George
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxAditiChauhan701637
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptxraviapr7
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxiammrhaywood
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTDR. SNEHA NAIR
 
Department of Health Compounder Question ‍Solution 2022.pdf
Department of Health Compounder Question ‍Solution 2022.pdfDepartment of Health Compounder Question ‍Solution 2022.pdf
Department of Health Compounder Question ‍Solution 2022.pdfMohonDas
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptxSandy Millin
 
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptxSOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptxSyedNadeemGillANi
 

Último (20)

Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
 
How to Create a Toggle Button in Odoo 17
How to Create a Toggle Button in Odoo 17How to Create a Toggle Button in Odoo 17
How to Create a Toggle Button in Odoo 17
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.
 
A gentle introduction to Artificial Intelligence
A gentle introduction to Artificial IntelligenceA gentle introduction to Artificial Intelligence
A gentle introduction to Artificial Intelligence
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptx
 
Protein Structure - threading Protein modelling pptx
Protein Structure - threading Protein modelling pptxProtein Structure - threading Protein modelling pptx
Protein Structure - threading Protein modelling pptx
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptx
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
 
Department of Health Compounder Question ‍Solution 2022.pdf
Department of Health Compounder Question ‍Solution 2022.pdfDepartment of Health Compounder Question ‍Solution 2022.pdf
Department of Health Compounder Question ‍Solution 2022.pdf
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptxSOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
SOLIDE WASTE in Cameroon,,,,,,,,,,,,,,,,,,,,,,,,,,,.pptx
 
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdfPersonal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
 

6. Security Threats with E-Commerce

  • 1. Amity School of Business Jitendra Tomar 09650512300 jitendratomar@hotmail.com jitendratomar@rediffmail.com Orator
  • 2. Amity School of Business • Part 6: SeCuRiTy ThReAtS WiTh E-CoMmErCe
  • 3. Amity School of Business • Security In Cyberspace
  • 4. Amity School of Business • The electronic system that supports e-commerce is susceptible to abuse and failure in many ways: • Fraud The act that results in direct financial loss. Funds might be transferred from one account to another, or financial records might simply be destroyed.   • Theft Theft of confidential, proprietary, technological, or marketing information belonging to the firm or to the customer. An intruder may disclose such information to a third party, resulting in damage to the key customer, a client, or the firm itself. Security in Cyberspace
  • 5. Amity School of Business • The electronic system that supports e-commerce is susceptible to abuse and failure in many ways: • Disruption of service It may result in major losses of the business or inconvenience to the customer. • Illegal intrusion in customer data The act leads to loss of customer confidence stemming from illegal intrusions into customer files or company business, dishonesty, human mistakes, or network failures. Security in Cyberspace
  • 6. Amity School of Business • Nature of Cyber Business
  • 7. Amity School of Business Why the Business on Internet is Different? • The nature of E-Commerce and Bricks & Mortar Models of doing business is quite different. • The difference in the physical payment systems (electronic money and real money) • Practical and legal differences exist between traditional store (paper based commerce) and computer based commerce. • 24x7x365 availability of electronic medium compared to limited time processing at physical business house. • Electronic business works on the concept of anyone, anywhere, anytime which is quite different from the business culture of physical houses. Online Business Nature
  • 8. Amity School of Business Why the Business on Internet is Different? Paper-Based Commerce Electronic Commerce •Signed paper document. •Digital Signature. •Physical Interaction. •Electronic Via Website. •Physical payment system. •Electronic Payment System. •Merchant & customer are face •No Face to Face contact. to face. •Detection is difficult. •Easy detection of •Negotiable documents require modifications. special security. •Easy negotiability of documents. Online Business Nature
  • 9. Amity School of Business • Conceptualizing Security
  • 10. Amity School of Business Security Concerns • The nature of E-Commerce and Bricks & Mortar Models of doing business is quite different. • The difference in the physical payment systems (electronic money and real money) • The first issue in security is identifying the principals. They are the people, processes, machines, and keys that transact (send, receive, access, update, delete) information via databases, computers, and networks.   • Security concerns generally involve the following issues: • Confidentiality Knowing who can read data and ensuring that information in the network remains private. This is done via encryption Conceptualizing Security
  • 11. Amity School of Business Security Concerns • Authentication Making sure that message senders or principals are who they say they are. • Integrity Making sure that information is not accidentally or maliciously altered or corrupted in transit. • Access Control Restricting the use of a resource to authorized principals. • Non-repudiation Ensuring that principals cannot deny that they sent the message • Firewalls A filter between corporate networks and the Internet to secure corporate information and files from intruders, but that allows access to authorized principals. Conceptualizing Security
  • 12. Amity School of Business The Privacy Factor • In the absence of regulatory protection experts urge privacy- sensitive surfers to take basic steps to protect their privacy while online. • Send e-mail through remailers. • Improve security through Web browsers. • Use a secondary free e-mail service to prevent your main business e-mail account. • Stay away from filling out any form or questionnaire online. • Use a privacy application/software/utility to give your files or PC contents some privacy. • Install a firewall program to protect your computer from hackers. Conceptualizing Security
  • 13. Amity School of Business The Woes of a Password • One can see that there is no silver bullet solution to user authentication. There are ideas, however, to improve security systems: • Limit the number of times a password can be repeated in accessing a sensitive system • Train employees, customers, and the general public in more advanced methods like biometrics, PKE, and smart cards and be prepared to use such technology when it becomes available. • Ensure that systems designers and systems analysts are well versed in security issues and security procedures as part of every future application. • Review and evaluate the strength of the current password schemes used by customers and employees alike. Conceptualizing Security
  • 14. Amity School of Business The Ph-ear of Phishing • Phishing is a relatively recent phenomenon, having appeared within the past few years. It is becoming an effective tool with online criminals.   • Phishing has several characteristics: • Trojan horses are installed on vulnerable machines to gather data. • They “harvest” user names and passwords to distribute to attackers. • Users’ PCs are compromised without their knowledge. • Software vulnerabilities force PCs to download code. Conceptualizing Security
  • 15. Amity School of Business Identity Theft • Victims of ID theft have been known to find no quick fix to clearing their names. Nearly one third said they have been unable to repair their wrecked credit or restore their identities to good standing a year after their personal information was stolen. • Here are some basic guidelines for the users to protect themselves from identity theft: • Protect your identification no/SSN no/ Licence No/ by supplying it when absolutely necessary. • Check your credit reports as least once a year. Check your statements for unexplained charges or unusual withdrawals from your bank accounts. Conceptualizing Security
  • 16. Amity School of Business Identity Theft • Be careful whom you talk to on the telephone – telemarketers, ISP employees, or even members of government agencies could all be disguised criminals. • Use shredders to get rid of your statements of receipts. When using ATMs, never leave your receipts behind. • Use strong passwords. Don’t use the information related about you and could be guessed easily, like telephone no, vehicle registration, own name, close relative name, house no, and the like. • Remove your mail from your mailbox promptly. Use offline applications like outlook.   • Also make sure, in case of any theft of your personal information, file a report with local police and keep a copy for dealing with creditors later. Conceptualizing Security
  • 17. Amity School of Business • Designing the Security
  • 18. Amity School of Business Designing Security • Hacking, net-spionage, cracking viruses, global worms, employees with malicious intent, cyber terrorism, internal theft – these are just some of the security challenges today’s organizations face. • Hackers and malicious code writers are automating the Internet Shell that ensures they stay one step ahead of the laws and security officers. Technology without strategy can actually leave the organization more vulnerable. • For information security design, the key question is: How do you know that the design will be secure? The answer lies in an effective design that should be part of the business-to- consumer installations from the beginning. Adding security mechanisms as an afterthought can be costly and ineffective. The design process begins with a chief security officer and involves five major steps: Designing Security
  • 19. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: • Accessing the security needs of the firm The chief security officer should be able to pinpoint the security breaches that threaten the company’s business and how well the company is in compliance with various laws and regulations. It is prudent to look for security vulnerability before it is too late. The cheapest and most effective way to fix problems is while they are in development. A system assessment life cycle begins with development of a new system using security best practices. Then the system should be tested to detect unforeseen security flaws before it is released for implementation. Finally, a running system should be monitored and maintained at all times. Designing Security
  • 20. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: • Adopt a security policy that makes sense. Security policies should cover the entire e-commerce system including the merchant’s LAN, H/W, S/W, firewalls, protocols, standards, databases, and the staff directly involved in the e- commerce process. The policies should spell out Internet security practices, the nature and level of risks, the level of protection, and the procedure to follow to react to threats and recover from failure. Above all, policies must have the blessing of top management if they are to have a chance of succeeding. Designing Security
  • 21. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: • Considering Web Security Needs. Here the companies lists top vulnerabilities and take a close look at critical applications to decide risk levels. The amount of security a Web merchant needs depends on the sensitivity of its data and the demand for it. If the site collects credit card numbers for access, the company would require the highest security possible for Web server, the network, and the Website. The company also consult a security consultant to see what options are available and how to put them to good use. Designing Security
  • 22. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: • Design the security environment. The design begins with sketching out the stepping stones – the sequence and parameters in the security network based on the security policy and requirements of the e-commerce system. Physical security design looks at PCs, LAN, OS, Firewalls, Security Protocols, other Network Infrastructure, Physical location and layout, Bandwidth, Security Protocols of the ISP, and the communication medium that connect the merchant to the ISP. How much security goes into a system depends on how much risk the company is willing to take, the security policy it is willing to adopt, and the present state of security practices in the workplace. Designing Security
  • 23. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: This phase generally deals with designing of Security Perimeter that generally includes firewalls, authentication, VPNs, and intrusion detection devices. Installing such software and devices is part of physical design. The challenge is to police the entire perimeter. •Authorize and Monitor the Security System. Only authorized users are allowed access to the e-commerce site and other IT systems. This involves installing a system that generates authorization to different users to handle different jobs. Most companies adopt a policy that denies access to all except those who are explicitly allowed. This policy, along with good security design, should keep a site reasonably secure. Designing Security
  • 24. Amity School of Business Designing Security • The design process begins with a chief security officer and involves five major steps: Monitoring means capturing processing details for evidence, verifying that e-commerce is operating within the security policy, and verifying that attacks have been unsuccessful. •Raise Awareness of Possible Intrusions. With today’s firms relying more and more on the Internet, they face an ever-growing spectrum of threats, which means an increase in protection against cyber-risks. This is noticed that the risks are more not because there is breach in security policy of a company, but more because of improper use of the internet technologies. Users should be made aware of the potential risk factors and how to elope from them with simple but cautious use of Internet Technologies. Designing Security
  • 25. Amity School of Business How Much Risk Can One Afford • The top officials of the company generally ask two questions regarding their company’s security and how it relates to e- commerce • How secure we are? • How much will it cost to secure our e-system?   • Few other questions arise as well: • How secure do we need to be? • What are we doing to monitor and improve security? • What monitors do we have that tell us whether we have been hit and how hard? Security Risk Analysis
  • 26. Amity School of Business How Much Risk Can One Afford • The level of security can be determined by the specific threats inherent in the system’s design. The way of addressing the risk factor is to estimate the pain threshold a company and the attacker are willing to tolerate. • In this case, the network administrator needs to know what is being protected, its value to the company, and its value to outsiders. The statements “when you have nothing, you have nothing to lose” and “there is not much that they can steal” do not apply in network and Internet security. The goal of security strategies, methods, and procedures is to raise the threshold of pain an attacker must endure to access and cause damage to a system. Security Risk Analysis
  • 27. Amity School of Business Thefts and Underground Economy • Organized electronic crime and work-writing activity has been surging in the open, with nothing to slow it down. It is powering an underground economy specializing in ID theft and spam. Signs of the underground economy include: • Credit card databases bought and sold. • Hacked servers bought and sold. • Distributed Denial-of-Service attack networks bought and sold. • Machines infected with viruses, then turned into proxies or attack networks. Thefts & Economy
  • 28. Amity School of Business Kinds of Theft or Crime • Before promoting security, one must know what they are trying to prevent. Web merchants must consider three kinds of threats or crimes. • Those that are physically related: A hacker might attempt to steal or damage inventory. Other examples include credit card records, stolen computer hardware or software, and sheer vandalism. An attacker, often by guessing passwords, might succeed in gaining access to another user’s account. The attacker might even be capable of drumming up unauthorized features such as discount coupons or specials in an effort to get merchandise free of charge. Designing Security
  • 29. Amity School of Business Kinds of Theft or Crime • Those that are order related: A customer might attempt to use an invalid or a stolen credit card or claim no merchandise was received on a good credit card. Children might use their parents’ credit card without permission. Insiders can do a lot to infect an order because they have access to sensitive systems and information. All it takes is a disgruntled or greedy employee to disrupt or divert an order to his or her advantage.   • Those that are electronically related: A hacker might try to sniff e-mail information or attempt to steal credit card numbers and use them illegally at a later stage. Designing Security