how the computer records data and shares it with others

Data Security
Data security is commonly referred to as the confidentiality, availability,
and integrity of data. In other words, it is all of the practices and
processes that are in place to ensure data isn't being used or accessed by
unauthorized individuals or parties. Data security ensures that the data is
accurate and reliable and is available when those with authorized access
need it. A data security plan includes facets such as collecting only the
required information, keeping it safe, and destroying any information
that is no longer needed. These steps will help any business meet the
legal obligations of possessing sensitive data.
Data Privacy

Data privacy is suitably defined as the appropriate use of data. When

companies and merchants use data or information that is provided or
entrusted to them, the data should be used according to the agreed
purposes. The Federal Trade Commission enforces penalties
against companies that have negated to ensure the privacy of a
customer's data. In some cases, companies have sold, disclosed, or
rented volumes of the consumer information that was entrusted to them
to other parties without getting prior approval.
The Relationship Between Data Security and Data Privacy

Companies need to enact a data security policy for the sole purpose of
ensuring data privacy or the privacy of their consumers' information.
More so, companies must ensure data privacy because the information is
an asset to the company. A data security policy is simply the means to
the desired end, which is data privacy. However, no data security policy
can overcome the willing sell or soliciting of the consumer data that was
entrusted to an organization.
How Companies Ensure Data Privacy Through a Data Security
Policy

Making sure all company data is private and being used properly can be
a near-impossible task that involves multiple layers of security.
Fortunately, with the right people, process and technology, you can
support your company's data security policy through continual
monitoring and visibility into every access point. EIQ Networks
provides managed security services that can extend your team's
capabilities and help keep data privacy in tact for your company.
How You Can Gain Peace of Mind
EiQ offers two SOCVue® hybrid security-as-a-service solutions that can
help organizations of any size affordably and effectively improve their
cybersecurity and compliance posture:

 SOCVue Security Monitoring gives you visibility and control over

your IT environment. You’ll get best-of-breed Log Management
and SIEM that is managed around-the-clock for real-time threat
detection, analysis and notification, proactive remediation guidance,
and compliance auditing.
 SOCVue Vulnerability Management reduces your attack surface
and mitigates risk with unlimited managed scans, analysis, risk
prioritization, and remediation guidance. Focus on what matters
most: your core business.
EiQ’s SOCVue combine the best people, process, and technology to
build the enterprise-class IT security program your organization needs.
That’s because SOCVue gives you the flexibility and cost savings of a
security software-as-a-service offering, but also provides a world-class
team of security and technology experts to manage the technology and
help implement cybersecurity best practices.
With all the challenges you face today while trying to keep your
organization safe, having the best IT security solutions in your corner
should not be one of them. Download our whitepaper below and to see
how quickly and affordably you can improve your security and
compliance posture with EiQ.

Risk of E-commerce
There are several types of risks involving with e-commerce due to its
nature and the methodologies that involve with it. Parties who are
involving in e-commerce transaction are facing these risks.

Privacy
Privacy has become a major concern for consumers with the rise of
identity theft and impersonation, and any concern for consumers must be
treated as a major concern for e-Commerce providers. Both EU and US
legislation at both the federal and state levels mandates certain
organizations to inform customers about information uses and
disclosures. Such disclosures are typically accomplished through privacy
policies, both online and offline.
Trust in turn is linked to increased customer loyalty that can be
manifested through increased purchases, openness to trying new
products, and willingness to participate in programs that use additional
personal information. Privacy now forms an integral part of any e-
commerce strategy and investment in privacy protection has been shown
to increase consumer’s spend, trustworthiness and loyalty.

Data Integrity and Repudiation

Data integrity is the assurance that data transmitted is consistent and
correct, that is, it has not been tampered or altered in any way during
transmission. But without proper controls, electronic transactions and
documents can be easily changed, lost, duplicated and incorrectly
processed. These attributes may cause the integrity of electronic
transactions and documents to be questioned, causing disputes regarding
the terms of a transaction and the related billing. Potential consumers
involved in E-Commerce may seek assurance that the company has
effective transaction integrity controls and a history of processing its
transactions accurately, completely, and promptly, and of appropriately
billing its consumers.
Repudiation is the idea that one party can default the transaction once an
actual online transaction took place. Proof of data integrity is typically
the easiest way to eliminate these problems.

Business Practices
E-Commerce often involves transactions between strangers. However,
appearances can be deceiving and several questions arise: How can a
consumer know
Whether a company will really carry out its orders for products and
services as it claims?
Whether there are product guaranties, or whether the company will
allow the return of products?
How a company will use any information submitted by him/her?
With the anonymity of E-Commerce, the unscrupulous can establish
(and abandon) electronic identities with relative ease. This makes it
crucial that people know that those companies, with which they are
doing business, disclose and follow certain business practices. Without
such information, and the assurance that the company has a history of
following such practices, consumers could face an increased risk of loss,
fraud, inconvenience, or unsatisfied expectations.

Payment Systems Security Issues

Credit card is one of the primary means of electronic payment on the
WWW. Inspite of that a large percentage of users (20%) reported that
they had their credit card stolen, there is still a lot of consumer
confidence in credit card mode of payment. Again, this trust should not
be betrayed and arrangements should be made to assure those who are
reluctant.

Solutions for Threats and Risk of E-Commerce

Digital Signatures
One of the key developments in e-commerce security and one which has
led to the widespread growth of e-commerce is the introduction of
digital signatures as a means of verification of data integrity and
authentication. In 1995, Utah became the first jurisdiction in the world to
enact an electronic signature law. An electronic signature may be
defined as "any letters, characters, or symbols manifested by electronic
or similar means and executed or adopted by a party with the intent to
authenticate writing". In order for a digital signature to attain the same
legal status as an ink-on-paper signature, asymmetric key cryptology
must have been employed in its production. Such a system employs
double keys; one key is used to encrypt the message by the sender, and a
different, key is used by the recipient to decrypt the message. This is a
very good system for electronic transactions, since two stranger-parties,
perhaps living far apart, can confirm each other’s identity and thereby
reduce the likelihood of fraud in the transaction. Non-repudiation
techniques prevent the sender of a message from subsequently denying
that they sent the message. Digital Signatures using public-key
cryptography and hash functions are the generally accepted means of
providing non-repudiation of communications.

This essay is an example of a student's work

Disclaimer
This essay has been submitted to us by a student in order to help you
with your studies. This is not an example of the work written by our
professional essay writers.
Essay Writing ServiceDissertation Writing Service
Who wrote this essayPlace an Order

Server Logs
Most WWW servers log every access to them. The log usually includes
the IP/DNS address, the time of the download, the user's name (if known
by user authentication or obtained by the indented protocol), the URL
requested, the status of the request, and the size of the data transmitted.
Some browsers also provide the client used by the reader, the URL that
the client came from, and the user's e-mail address. Revealing any of
these data could be potentially damaging to a user. Therefore we can
prevent this privacy issue by logging only the type of information about
users that the users recommend being logged, the page and the time of
its request, and the browser being used. Many users seem to be
comfortable with providing demographic information if its intent and
application was made clear to them.

Transaction Security
Client/Server and Network Issues In many ways the transaction security
of a WWW site can be compromised. There are numerous means for an
unsavory individual to snoop into what you are sending or receiving
from the other end, including, but not limited to, the following:
Spoofing. The client can trick your server into believing that the request
or post that it's sending is from some other site. This is known as IP
and/or DNS spoofing. Your server may respond believing that the client
is "trusted", when it isn't.
Sniffing. In some cases, it is possible for an unsavory individual to
snatch packets as they are being communicated over the network,
especially with the newer cellular modems, unsecured phone lines, and
so on.
Traffic Analysis. Using sampling techniques on the packets or, more
commonly, the server log files, an individual can learn about the nature
of the transactions that your site processes. This may be used, for
instance, in analyzing the competitive level of your site by a site that
provides the same services or products.
In each of these cases, the risk can be alleviated (or greatly reduced). In
the cases of spoofing and sniffing, the preferred technique is to use data
encryption, or signed data for the transaction. When the receiving end
gets what your server sends them, they must have the appropriate key to
decrypt and make use of it. In the case of traffic analysis of the data
files, assigning the file permissions on the directory, logs, and the files
themselves is the preferred technique. The logs themselves can be
encrypted for permanent archival. Nowadays, most commercially
available servers and their respective clients implement encrypted
transactions via some, usually proprietary, means.
In order to gain consumer confidence, nowadays many companies have
joined programs to make their privacy administered by third parties and
their business practices explicit. Two particularly notable initiatives in
that direction are, the WebTrust E-Commerce seal of assurance from the
public accounting profession and the TRUSTe "trustmark" program that
takes users directly to the privacy statement of a company that has
joined a program..

WebTrust
In response to the concerns related to E-Commerce and to increase
consumer confidence, the public accounting profession has developed
and is promoting this set of principles and criteria for business-to-
consumer E-Commerce, referred to as the WebTrustTM Principles and
Criteria, and the related WebTrust seal of assurance. Independent and
objective certified public accountant (CPA) or chartered accountant
(CA), who are specifically licensed by the American Institute of
Certified Public Accountants (AICPA) or Canadian Institute of
Chartered Accountants (CICA), can provide assurance services to
evaluate and test whether a particular WWW site meets these principles
and criteria.
The WebTrust seal of assurance is a symbolic representation of a
practitioner's objective report. It also indicates to consumers that they
need to click to see practitioner's report. This seal can be displayed on
the company's WWW site together with links to the practitioner's report
and other relevant information. This seal was developed by AICPA,
CICA and VeriSign. VeriSign encryption and authentication technology
and practices help assure the consumer that the seal on a WWW site is
authentic and the site is entitled to display it:
http://atlas.kennesaw.edu/~tnguyen4/webtrust.gif

TRUSTe
TRUSTe offers a program that addresses the privacy concerns of
consumers and WWW sites. The TRUSTe program enables companies
to develop privacy statements that reflect the information gathering and
dissemination practices of their site. Its goal is to provide:
Online consumers with control over their personal information.
WWW publishers with a standardized, cost-effective solution for both
satisfying the business model of their site and addressing consumers'
anxiety over sharing personal information online.
U.S. Government regulators with demonstrable evidence that the
industry can successfully self-regulate.
A cornerstone of the program is the TRUSTe "trustmark," an online
branded seal that takes users directly to a company's privacy
statement:http://atlas.kennesaw.edu/~tnguyen4/truste.gif
The trustmark is awarded only to sites that adhere to TRUSTe's
established privacy principles and agree to comply with ongoing
TRUSTe oversight and resolution process. The privacy principles
embody fair information practices approved by the U.S. Department of
Commerce, Federal Trade Commission, and prominent industry-
represented organizations and associations.

P3P
W3C's Platform for Privacy Preferences Project (P3P) provides a
framework for informed Internet interactions. The goal of P3P is to
enable WWW sites to express their privacy practices and users to
exercise preferences over those practices. P3P is designed to help users
reach agreements with services, such as WWW sites that declare privacy
practices and make data requests