SlideShare uma empresa Scribd logo

Maloney slides

Transferir como PPTX, PDF
Onkar Sule
Onkar Sule
TecnologiaNegócios
1 de 27
Security and International E-Commerce Jim Maloney jmaloney@SecurityPortal.com November 2000 SecurityPortal The focal point for security on the Net™
Agenda  Security and e-commerce  Security defined  General security threats to e-commerce  International security issues  Key elements of a security solution  Recommended security approach  Summary 2 Copyright 2000 Security Portal, Inc. All rights reserved.
Why is security important for E-Commerce? Increased E-Business Opportunities Increased Exposure, Threats, Vulnerabilities, Privacy Concerns Ubiquitous Customer- Sophisticated Internet Centric Business Applications Models Increased Expanded ASP Tech- Mobile Bandwidth Access Delivery Savvy Society Model Culture 3 Copyright 2000 Security Portal, Inc. All rights reserved.
Old economy view of security  In the “Old Economy” computing security was often viewed as a discretionary element of the business  The focus was on protection of information systems and data 4 Copyright 2000 Security Portal, Inc. All rights reserved.
New economy view of security  In the “New Economy” computing security is viewed as a strategic element of the business  The focus is on enabling new ways of doing business and value creation  And from a protection perspective, security is now protecting the entire business, not just its information systems 5 Copyright 2000 Security Portal, Inc. All rights reserved.
A working definition of security  Confidentiality – the protection of private data on hosts or in transit  Integrity - the system does not corrupt information or allow unauthorized malicious or accidental changes to information  Availability - the computer system’s hardware and software keeps working efficiently and the system is able to recover quickly and completely if a disaster occurs  Accountability - the ability to determine who is responsible for the result of an action 6 Copyright 2000 Security Portal, Inc. All rights reserved.
General security threats to e-commerce  Web site defacement  Denial of service  Theft of customer data  Theft of intellectual property  Sabotage of data or networks  Financial fraud 7 Copyright 2000 Security Portal, Inc. All rights reserved.
Resulting business impact  Lack of consumer confidence if there are any real or perceived security issues  Loss of profits due to last minute security implementations  Damage to image and reputation if you have a visible security incident  Bankruptcy if the majority of your business transactions occur online  Benefits to competitors if your level of security is perceived to be inadequate 8 Copyright 2000 Security Portal, Inc. All rights reserved.
International security issues  Regulations and policies  Education and awareness  Cultural norms  Access modes  Local government stance on cyber crime 9 Copyright 2000 Security Portal, Inc. All rights reserved.
Regulations and policies  Encryption laws vary greatly from country to country. This can impact both the availability and use of the appropriate technology.  http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm  Privacy and consumer protection laws also vary greatly from country to country. These laws control how personal data can be used and shared. Can lead to substantial fines if violations occur.  http://www.gilc.org/privacy/survey 10 Copyright 2000 Security Portal, Inc. All rights reserved.
Education and awareness  While malicious, external security attacks get most of the publicity, it is often employee mistakes and oversights that cause security issues  Security awareness education for all employees, and specific training for your IT team, can be an excellent defense for both internal and external incidents  A recent survey showed that 86% of Shanghai’s networks had security products installed, but less that 2% of the network professionals actually knew how to protect their networks from intruders 11 Copyright 2000 Security Portal, Inc. All rights reserved.
Cultural norms  Limited work hours for support and emergency response services  Being “on-call”  Multi-shift operations (24/7)  History of not protecting intellectual property  Electronic documents  Software  CDs and DVDs 12 Copyright 2000 Security Portal, Inc. All rights reserved.
Access modes  There is a rapid increase in the number of users accessing the internet via wireless devices such as cell phones  In addition to their small size, portable wireless devices have limited processing power, limited memory and a limited power supply  These characteristics lead to several security challenges 13 Copyright 2000 Security Portal, Inc. All rights reserved.
Access modes – continued  With very limited keyboards and screens, cell phones and handhelds will require new authentication schemes to replace user names and passwords  New schemes may include screen-based biometrics, embedded certificates, hardware tokens, web cookies and PINs  These devices are viewed as likely platforms for viruses that can be carried from network to network without detection 14 Copyright 2000 Security Portal, Inc. All rights reserved.
Access modes - continued  Data moving through air is vulnerable to interception using relatively inexpensive equipment  The portability of these devices increases the need for physical security and authentication 15 Copyright 2000 Security Portal, Inc. All rights reserved.
Local government stance on cyber crime  Singapore – Very detailed statutes regarding penalties for criminal hacking  Brazil – No special laws against cyber crime (and a very active hacking community)  The Philippines had no anti-hacking laws until the “Lovebug” virus was traced back to their country  Interpol is working to establish international standards for cyber crime legislation  http://www.mossbyrett.of.no/info/legal.html 16 Copyright 2000 Security Portal, Inc. All rights reserved.
Asia/Pacific perspective  Factors accelerating adoption of security  Growth of e-commerce in this region  Government initiatives supporting security  Recognition of the need for security guidelines, regulations and products that enable interoperability 17 Copyright 2000 Security Portal, Inc. All rights reserved.
Asia/Pacific perspective - continued  Factors inhibiting the adoption of security  Lack of integrated security solutions that can span systems and regions  Lack of awareness of security issues and solutions 18 Copyright 2000 Security Portal, Inc. All rights reserved.
Security is more than technology Anticipate People Process Respond Monitor Technology Defend 19 Copyright 2000 Security Portal, Inc. All rights reserved.
Security is an attribute, not a component User Interface App App App App Application Development Environment Information Management System Management and Security Distribution Services Network & Networking Services Hardware & Operating System 20 Copyright 2000 Security Portal, Inc. All rights reserved.
General security approach  Develop accurate and complete policies that span the supply chain  Make sure that all employees understand the importance of computing security  Define clear roles and responsibilities for e- commerce security  Perform regular audits, reviews and assessments of security  Don’t ignore the physical security of your systems 21 Copyright 2000 Security Portal, Inc. All rights reserved.
General security approach - continued  Implement and maintain a set of baseline controls for your e-commerce system  Implement user ID and authentication via strong passwords, secure tokens or biometrics  Have backup and recovery plans in place 22 Copyright 2000 Security Portal, Inc. All rights reserved.
Secure web site development tips  Include security as part of requirements gathering  Include security as part of the architecture  Be careful with embedded components  Never trust incoming data  Provide help to users  Use code reviews  Be aware of privacy and encryption laws  Stay up-to-date on new risks, threat and vulnerabilities  Document your security solution 23 Copyright 2000 Security Portal, Inc. All rights reserved.
Secure web site development references  Recent articles on SecurityPortal: Best Practices for Secure Web Development (parts I and II)  Web Security & Commerce (O'Reilly Nutshell) by Simson Garfinkel, Gene Spafford  Web Security: A Step-by-Step Reference Guide by Lincoln D. Stein 24 Copyright 2000 Security Portal, Inc. All rights reserved.
Summary  Security is a critical enabler for e-commerce  The negative impact of poor security can be substantial  Many of the issues and solutions regarding secure international e-commerce are people and process related, not technical  Security is a key attribute of a system that must be designed in, not added on later  Maintaining a secure web site requires continuous vigilance 25 Copyright 2000 Security Portal, Inc. All rights reserved.
Bibliography  E-Business Security: An Essential Element in the Post-Year 2000 World. Gartner Group Research Report, April 17, 2000.  The Net Present Value of Security. AtomicTangerine Special Report, October 11, 2000.  International Ecommerce. SecurityPortal cover story, November 5, 2000.  Information Security: The E-Commerce Driver. Dataquest Market Analysis, January 10, 2000.  E-Business Impact on Security Technology and Practices. Gartner Group Research Note, November 11, 1999.  Security Services in the Connected Age: From the basement to the boardroom. Gartner Group Market Analysis, July 4, 2000. 26 Copyright 2000 Security Portal, Inc. All rights reserved.
Bibliography - Continued  Shanghai to Enhance Information Security. http://www.nikkeibp.asiabiztech.com, February 15, 2000.  Wireless Security: Locking Down the Wavelengths. Information Security Magazine, October 2000.  Do Handhelds Need Virus Protection? PCWorld.com, June 29, 2000.  Best Practices for Secure Web Development. http://securityportal.com/cover/coverstory20001030.html, October 30, 2000.  Best Practices for Secure Web Development: Technical Details. http://securityportal.com/articles/webdev20001103.html, November 10, 2000. 27 Copyright 2000 Security Portal, Inc. All rights reserved.

Recomendados

Information Security
Information SecurityInformation Security
Information Security
steffiann88
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
Nalneesh Gaur
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
ijtsrd
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance Awareness
Dinesh O Bareja
 

Recomendados

Information Security
Information SecurityInformation Security
Information Security
steffiann88
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
Nalneesh Gaur
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
ijtsrd
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance Awareness
Dinesh O Bareja
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
Oracle
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
Amy Daly
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
japijapi
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
Andris Soroka
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
SsendiSamuel
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
Julius Clark, CISSP, CISA
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
Narinrit Prem-apiwathanokul
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
TI Safe
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
Andris Soroka
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile world
WTHS
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
Julius Clark, CISSP, CISA
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
 
Internet of things
Internet of thingsInternet of things
Internet of things
varungoyal98
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
Southern Cross Group Services
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
IBMGovernmentCA
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
TI Safe
 
I walden
I waldenI walden
I walden
Onkar Sule
 
Ecommerce (2)
Ecommerce (2)Ecommerce (2)
Ecommerce (2)
Onkar Sule
 
Nordin malaysia
Nordin malaysiaNordin malaysia
Nordin malaysia
Onkar Sule
 
Ecommerce2
Ecommerce2Ecommerce2
Ecommerce2
Onkar Sule
 

Mais conteúdo relacionado

Mais procurados

Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
Oracle
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
Andris Soroka
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile world
WTHS
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
TI Safe
 

Mais procurados (18)

Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile world
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
 

Destaque

Nordin malaysia
Nordin malaysiaNordin malaysia
Nordin malaysia
Onkar Sule
 
Understanding e commerce
Understanding e commerceUnderstanding e commerce
Understanding e commerce
Onkar Sule
 
E commerce052503
E commerce052503E commerce052503
E commerce052503
Onkar Sule
 
Introduction to ecommerce
Introduction to ecommerceIntroduction to ecommerce
Introduction to ecommerce
Onkar Sule
 
E commerce (1)
E commerce (1)E commerce (1)
E commerce (1)
Onkar Sule
 
Ecommerce overview
Ecommerce overviewEcommerce overview
Ecommerce overview
Onkar Sule
 

Destaque (20)

I walden
I waldenI walden
I walden
 
Ecommerce (2)
Ecommerce (2)Ecommerce (2)
Ecommerce (2)
 
Nordin malaysia
Nordin malaysiaNordin malaysia
Nordin malaysia
 
Ecommerce2
Ecommerce2Ecommerce2
Ecommerce2
 
Conklin
ConklinConklin
Conklin
 
Understanding e commerce
Understanding e commerceUnderstanding e commerce
Understanding e commerce
 
Ecommerce (1)
Ecommerce (1)Ecommerce (1)
Ecommerce (1)
 
Conklin
ConklinConklin
Conklin
 
E commerce052503
E commerce052503E commerce052503
E commerce052503
 
Part i
Part iPart i
Part i
 
Introduction to ecommerce
Introduction to ecommerceIntroduction to ecommerce
Introduction to ecommerce
 
E commerce (1)
E commerce (1)E commerce (1)
E commerce (1)
 
Ecommerce overview
Ecommerce overviewEcommerce overview
Ecommerce overview
 
I walden
I waldenI walden
I walden
 
Tisc99keynote
Tisc99keynoteTisc99keynote
Tisc99keynote
 
Overview
OverviewOverview
Overview
 
E commerce
E commerceE commerce
E commerce
 
Hengesbaugh
HengesbaughHengesbaugh
Hengesbaugh
 
Ec elim purch
Ec elim purchEc elim purch
Ec elim purch
 
It act ppt ( 1111)
It act ppt ( 1111)It act ppt ( 1111)
It act ppt ( 1111)
 

Semelhante a Maloney slides

Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
ecommerce
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
Jyothi Satyanathan
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
Arrow ECS UK
 

Semelhante a Maloney slides (20)

Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
Cyber Security.pptx
Cyber Security.pptxCyber Security.pptx
Cyber Security.pptx
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protection
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 

Mais de Onkar Sule

Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004
Onkar Sule
 
A realistic look at e commerce
A realistic look at e commerceA realistic look at e commerce
A realistic look at e commerce
Onkar Sule
 
Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004
Onkar Sule
 
Security concerns-with-e-commerce
Security concerns-with-e-commerceSecurity concerns-with-e-commerce
Security concerns-with-e-commerce
Onkar Sule
 

Mais de Onkar Sule (11)

Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004
 
A realistic look at e commerce
A realistic look at e commerceA realistic look at e commerce
A realistic look at e commerce
 
Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004
 
Security concerns-with-e-commerce
Security concerns-with-e-commerceSecurity concerns-with-e-commerce
Security concerns-with-e-commerce
 
Information technology-act 2000
Information technology-act 2000Information technology-act 2000
Information technology-act 2000
 
Types of letters 8-11
Types of letters 8-11Types of letters 8-11
Types of letters 8-11
 
Oral communication
Oral communicationOral communication
Oral communication
 
Message 1
Message 1Message 1
Message 1
 
Memos and emails
Memos and emailsMemos and emails
Memos and emails
 
Management of oral and written communication
Management of oral and written communicationManagement of oral and written communication
Management of oral and written communication
 
Life
LifeLife
Life
 

Último

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Maloney slides

  • 1. Security and International E-Commerce Jim Maloney jmaloney@SecurityPortal.com November 2000 SecurityPortal The focal point for security on the Net™
  • 2. Agenda  Security and e-commerce  Security defined  General security threats to e-commerce  International security issues  Key elements of a security solution  Recommended security approach  Summary 2 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 3. Why is security important for E-Commerce? Increased E-Business Opportunities Increased Exposure, Threats, Vulnerabilities, Privacy Concerns Ubiquitous Customer- Sophisticated Internet Centric Business Applications Models Increased Expanded ASP Tech- Mobile Bandwidth Access Delivery Savvy Society Model Culture 3 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 4. Old economy view of security  In the “Old Economy” computing security was often viewed as a discretionary element of the business  The focus was on protection of information systems and data 4 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 5. New economy view of security  In the “New Economy” computing security is viewed as a strategic element of the business  The focus is on enabling new ways of doing business and value creation  And from a protection perspective, security is now protecting the entire business, not just its information systems 5 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 6. A working definition of security  Confidentiality – the protection of private data on hosts or in transit  Integrity - the system does not corrupt information or allow unauthorized malicious or accidental changes to information  Availability - the computer system’s hardware and software keeps working efficiently and the system is able to recover quickly and completely if a disaster occurs  Accountability - the ability to determine who is responsible for the result of an action 6 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 7. General security threats to e-commerce  Web site defacement  Denial of service  Theft of customer data  Theft of intellectual property  Sabotage of data or networks  Financial fraud 7 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 8. Resulting business impact  Lack of consumer confidence if there are any real or perceived security issues  Loss of profits due to last minute security implementations  Damage to image and reputation if you have a visible security incident  Bankruptcy if the majority of your business transactions occur online  Benefits to competitors if your level of security is perceived to be inadequate 8 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 9. International security issues  Regulations and policies  Education and awareness  Cultural norms  Access modes  Local government stance on cyber crime 9 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 10. Regulations and policies  Encryption laws vary greatly from country to country. This can impact both the availability and use of the appropriate technology.  http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm  Privacy and consumer protection laws also vary greatly from country to country. These laws control how personal data can be used and shared. Can lead to substantial fines if violations occur.  http://www.gilc.org/privacy/survey 10 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 11. Education and awareness  While malicious, external security attacks get most of the publicity, it is often employee mistakes and oversights that cause security issues  Security awareness education for all employees, and specific training for your IT team, can be an excellent defense for both internal and external incidents  A recent survey showed that 86% of Shanghai’s networks had security products installed, but less that 2% of the network professionals actually knew how to protect their networks from intruders 11 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 12. Cultural norms  Limited work hours for support and emergency response services  Being “on-call”  Multi-shift operations (24/7)  History of not protecting intellectual property  Electronic documents  Software  CDs and DVDs 12 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 13. Access modes  There is a rapid increase in the number of users accessing the internet via wireless devices such as cell phones  In addition to their small size, portable wireless devices have limited processing power, limited memory and a limited power supply  These characteristics lead to several security challenges 13 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 14. Access modes – continued  With very limited keyboards and screens, cell phones and handhelds will require new authentication schemes to replace user names and passwords  New schemes may include screen-based biometrics, embedded certificates, hardware tokens, web cookies and PINs  These devices are viewed as likely platforms for viruses that can be carried from network to network without detection 14 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 15. Access modes - continued  Data moving through air is vulnerable to interception using relatively inexpensive equipment  The portability of these devices increases the need for physical security and authentication 15 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 16. Local government stance on cyber crime  Singapore – Very detailed statutes regarding penalties for criminal hacking  Brazil – No special laws against cyber crime (and a very active hacking community)  The Philippines had no anti-hacking laws until the “Lovebug” virus was traced back to their country  Interpol is working to establish international standards for cyber crime legislation  http://www.mossbyrett.of.no/info/legal.html 16 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 17. Asia/Pacific perspective  Factors accelerating adoption of security  Growth of e-commerce in this region  Government initiatives supporting security  Recognition of the need for security guidelines, regulations and products that enable interoperability 17 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 18. Asia/Pacific perspective - continued  Factors inhibiting the adoption of security  Lack of integrated security solutions that can span systems and regions  Lack of awareness of security issues and solutions 18 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 19. Security is more than technology Anticipate People Process Respond Monitor Technology Defend 19 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 20. Security is an attribute, not a component User Interface App App App App Application Development Environment Information Management System Management and Security Distribution Services Network & Networking Services Hardware & Operating System 20 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 21. General security approach  Develop accurate and complete policies that span the supply chain  Make sure that all employees understand the importance of computing security  Define clear roles and responsibilities for e- commerce security  Perform regular audits, reviews and assessments of security  Don’t ignore the physical security of your systems 21 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 22. General security approach - continued  Implement and maintain a set of baseline controls for your e-commerce system  Implement user ID and authentication via strong passwords, secure tokens or biometrics  Have backup and recovery plans in place 22 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 23. Secure web site development tips  Include security as part of requirements gathering  Include security as part of the architecture  Be careful with embedded components  Never trust incoming data  Provide help to users  Use code reviews  Be aware of privacy and encryption laws  Stay up-to-date on new risks, threat and vulnerabilities  Document your security solution 23 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 24. Secure web site development references  Recent articles on SecurityPortal: Best Practices for Secure Web Development (parts I and II)  Web Security & Commerce (O'Reilly Nutshell) by Simson Garfinkel, Gene Spafford  Web Security: A Step-by-Step Reference Guide by Lincoln D. Stein 24 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 25. Summary  Security is a critical enabler for e-commerce  The negative impact of poor security can be substantial  Many of the issues and solutions regarding secure international e-commerce are people and process related, not technical  Security is a key attribute of a system that must be designed in, not added on later  Maintaining a secure web site requires continuous vigilance 25 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 26. Bibliography  E-Business Security: An Essential Element in the Post-Year 2000 World. Gartner Group Research Report, April 17, 2000.  The Net Present Value of Security. AtomicTangerine Special Report, October 11, 2000.  International Ecommerce. SecurityPortal cover story, November 5, 2000.  Information Security: The E-Commerce Driver. Dataquest Market Analysis, January 10, 2000.  E-Business Impact on Security Technology and Practices. Gartner Group Research Note, November 11, 1999.  Security Services in the Connected Age: From the basement to the boardroom. Gartner Group Market Analysis, July 4, 2000. 26 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 27. Bibliography - Continued  Shanghai to Enhance Information Security. http://www.nikkeibp.asiabiztech.com, February 15, 2000.  Wireless Security: Locking Down the Wavelengths. Information Security Magazine, October 2000.  Do Handhelds Need Virus Protection? PCWorld.com, June 29, 2000.  Best Practices for Secure Web Development. http://securityportal.com/cover/coverstory20001030.html, October 30, 2000.  Best Practices for Secure Web Development: Technical Details. http://securityportal.com/articles/webdev20001103.html, November 10, 2000. 27 Copyright 2000 Security Portal, Inc. All rights reserved.