1

The protection of data from accidental or deliberate threats which might cause unauthorised modification, disclosure or destruction of data, and the protection of information system from the degradation or non-availability of services

DIMENSIONS OF E-COMMERCE SECURITY

Integrity- the ability to ensure that information on the

website has not been altered by an unauthorized party

Authenticity- ability to identify the person or entity

you are dealing with on the internet

Confidentiality- ability to ensure that data and

messages are available to only those authorized

DIMENSIONS OF E-COMMERCE SECURITY

Availability- ability to ensure that that an e-commerce

site continues to function as intended

Non-repudiation- ability to ensure that e-commerce

participants do not deny their online actions

THREATS TO E-BUSINESS SECURITY

Accidental Examples

Deliberate Examples

Natural hazard Human errors Failure of utilities Equipment failure

Sabotage Illegal access Espionage

Threats
Human errors unexpected things human beings do

unintended effects of technology. Procedural errors failures occurring because the procedure is not flowed. Software errors failures due to software glitches or software bugs & errors in a program that makes it not work properly.

 Electromechanical problems errors in systems

such as printer, and circuit boards.

They may be faultily constructed, get dirty or

overheated, wear out, or become damaged power surges can burn out equipment.

Dirty data problems entry of incomplete,

outdated, or otherwise inaccurate data

Natural and Other Hazards

Some disasters can wreck the entire system.. Included are natural hazards, and civil strife and terrorism.
Natural hazards: Include fires, floods, earthquakes, tornadoes, hurricanes, blizzards etc. They inflict damage over a wide area. Civil strife and terrorism: Included are wars, riots and terrorism damage that destroy systems.

Examples of Crime against computers

Theft of computer hardware What factors are encouraging this? What measures can to minimize this trend? What are the consequences of hardware theft? Theft of software What is it? Do you buy software or you just copy/steal? What are the consequences? How can we reverse the trend?
9

Examples of Crime against computers

Theft of time and service When do you do your assignments? Are you stealing employers time? Are you using your organizations computers to do unauthorized activities? Theft of information
Crime of malice and destruction

Use of computers to falsify documents

10

Worms and viruses

Worms

and viruses are form of high-tech maliciousness. A worm is a program that copies itself repeatedly into a computers memory or onto a disk drive. By so doing can cause a computer to crash.

11

 A virus is a program that can cause unexpected and

often undesirable effects, such as destroying or corrupting data. They could be passed by diskettes or networks. Antivirus software scans computer storage devices, may detect and destroy the viruses.

12

Computer criminals
Computer

criminals perpetrate most of the information-technology crime: Include are: Employees; Outsiders; Hacker and crackers Hackers gain access for the challenge of it, while crackers break into computers for malicious purposes to obtain information for gain or just destroy it

13

Security Threats.. Contd

Unauthorised access
Tapping of information Sniffing monitoring of information over network so

as say to steal a form of eavesdropping Message alteration

14

 Denial of services- flooding a net server with false

communications or requests for service so as to crash the network Phishing -setting fake web or sending email messages that look like those of legitimate business Spoofing redirecting a web service link to an address different from the intended Hacking and cybervandalism- hacking involves unauthorized access to a computer system, cybervandals intentionally destroy or deface sites

15

 Credit card fraud- here the culprit targets the credit

card information of the various users

16

Anti-Security Measures
1. Encryption Encryption is the altering of data so it is not usable unless the changes are undone. Encryption is able to use powerful mathematical concepts to create coded messages that are virtually impossible to break. Encryption is useful for some organizations, especially those concerned with trade secrets, military matters, and other sensitive data.

17

 Encryption is the altering of data so it is not usable unless the changes are undone. Encryption is able to use powerful mathematical concepts to create coded messages that are virtually impossible to break. Encryption is useful for some organizations, especially those concerned with trade secrets, military matters, and other sensitive data.

18

 A very sophisticated form of encryption is used in most personal computers and is available with every late-model web browser to provide for secure communications over the Internet. In fact, encryption is what has given people confidence to do online shopping or stock trading. Software is needed on the other end to make

sense of the encrypted data.

19

Anti-Security Measures
2. Firewall

These are software applications that act as a filter between a companys private and the internet itself. It therefore acts as a bodyguard of the internet connection and can prevent suspicious connections or websites from gaining access to your network.

20

Anti-Security measures
3.

Controlling access Here the main challenge is to control both physical and electronic access to unauthorised parties. Unauthorised access could be from both outsiders and even internal employees. Controlling acces may involve Systems trying to authenticate your identity by determining (1) what you have, (2) what you know, or (3) who you are.

21

Access Control Mechanisms..contd

Some control measures could include:

Use of mechanical devices Use of cabinets to store storage medium Use of alarms

Use of electronic systems e.g card swipe

Use of Biometrics system

22

Access Control Mechanisms..contd

Passwords- are secret words or expression used by

authorized persons to prove their right to access information or a system. Things to note with passwords;
Keep it secret
Do not write it down Change it regularly

Use it discreetly
Do not use an obvious password

23

Access Control Mechanisms..contd

automatic time-outs for inactive terminals
operating time restrictions logon suspension for excessive attempts

24

DEVELOPING AN E-BUSINESS SECURITY PLAN

Perform a security audit Perform a Risk assessment

Create a security organisation

Develop security policy

Develop an implementation plan

25

SECURITY PLAN
It is instrumental in managing of security problems it

consists of statements ranking information risks, identifying security goals and identifying mechanism for achieving these goals.

26

SECURITY PLAN DEVELOPMENT

1. Performing Risk Assessment

This is the assessment of risks and vulnerable points. Organisation must seek to uncover elements of its operations, both within and without the organisation that may be possible areas of security breaches.

27

SECURITY PLAN DEVELOPMENTcontd

2. Security Policy

This is a set of statements prioritizing the information risks, identifying acceptable risk targets and identifying the mechanisms for achieving these targets. 3. Implementation plan These are the various action steps that have been set out to achieve the security plan goals.

28

SECURITY PLAN DEVELOPMENTcontd

4. Creating a Security conscious organisation

Here the challenge is to consistently educate and train users on the various security policies and security threats and to maintain the tools chosen to implement the security plan.

29

SECURITY PLAN DEVELOPMENTcontd

5. Security Audit

This involves routine review of the security protocols that have been put in place. The desire is to try and check whether all concerned are knowledgeable about the procedures and if the procedures are effective against actual security threats.

30

THE END

31