Scribd Logo
Upload

Welcome to Scribd!

  • Security Reliability of e Business

    Uploaded by

    Shubham Singh
    28 views27 pages

    Original Title

    SECURITY RELIABILITY OF E BUSINESS

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views27 pages

    Security Reliability of e Business

    Uploaded by

    Shubham Singh

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 27

    Chapter 12

    Security and Reliability


    of
    e-Business

    © Oxford University Press 2012. All rights reserved. E-Business


    Learning Objectives

    To understand –
    • the reliability and quality considerations related to e-
    business
    • various e-business security requirements and
    application security requirements
    • the requirements of a secure e-business infrastructure
    • security strategies for e-business
    • technical measures to build a secure e-business

    © Oxford University Press 2012. All rights reserved. E-Business


    Introduction
    Challenges for e-business posed by –
    • Critical transactions
    • Round-the-clock availability
    • Integration with many other systems

    E-businesses are prone to risks of security breaches as –


    • Theft of IP, Viruses
    • Exchange of offensive material,
    • Copyright theft etc.

    © Oxford University Press 2012. All rights reserved. E-Business


    Need to invest in security initiatives due to –
    • Rise in electronic crime and
    • behavior of e-businesses

    Safeguarding online businesses -


    • E-safety - awareness among the users of a system of
    their access rights and restrictions, and adherence to
    them
    • E-security - procedures that ensure the security of
    electronic data and electronic systems
    © Oxford University Press 2012. All rights reserved.
    E-Business security Policy

    E-business security policy refers to the guidelines that


    clearly partition the e-business into two states –
    – Secure state - system is protected from any unauthorized
    access
    – Non-secure state - system is vulnerable to attacks and no
    controls are present
    Security policies must cover all aspects of e-business
    security such as –
    – Confidentiality
    – Integrity and Availability.

    © Oxford University Press 2012. All rights reserved.


    E-Business Security Policy
    A typical e-business security policy should have -
    • Clearly defined objectives and scope
    • Details about the e-security infrastructure
    • Security management programme
    • Clear definitions and policies for privacy, censorship,
    and accountability
    • Technology and usage guidelines for access controls,
    firewalls, Internet usage, and use of security
    technologies
    • Security audit policies and Legal policies
    © Oxford University Press 2012. All rights reserved.
    E-business Security Framework
    E-business security framework needs to consider -
    • People-related issues, which include –
    • privacy policies and expectation
    • Internet usage and restriction
    • Trust related expectations
    • Technology issues, which include –
    • social issues
    • Internet-related risks
    • Reliability and quality issues
    • Legal, technical, and organizational issues.
    © Oxford University Press 2012. All rights reserved.
    E-Business Security Framework

    © Oxford University Press 2012. All rights reserved. E-Business


    Dimensions of e-business security
    The major dimensions of e-business security are -
    • Integrity
    • Authenticity
    • Non-repudiation
    • Privacy
    • Availability
    • Confidentiality

    © Oxford University Press 2012. All rights reserved. E-Business


    Integrated Security Mechanism
    The integrated security mechanism has two aspects -
    • Technological aspects
    • Legal aspects
    In addition to these, there is –
    • Front-end security
    • Back-end security – Database, Storage level and
    Information handling related security
    • Mid-tier security - Trusted OSs, component-based
    security, and secured data handling

    © Oxford University Press 2012. All rights reserved. E-Business


    Front end Security
    Front end security is provided through –
    • SSL/TLS
    • Firewalls
    • Cryptographic Protocols
    • Web-Based Security Servers
    • Intrusion Detection Systems (IDS)
    • Integrity Verification Tools  

    The issues dealt with Frontend Security -


    i. Authentication ii. Authorization
    iii. Availability and iv. confidentiality

    © Oxford University Press 2012. All rights reserved. E-Business


    Risks, Risk assessment and Risk Analysis

    A Preferred approach to Risk analysis -


    1.Identification and documentation of information assets of
    the organization, along with the owners of the assets.
    2.Ranking of the systems and assets, in terms of the
    criticality, to the organization.
    3.Listing of threats for each of the identified assets
    4.Identification of the vulnerabilities for every identified
    threat
    5.Identification of impact of the exploitation of a weakness
    6.Checking the probability of an event, resulting in a threat
    7.Determining the level of risk that is associated with each of
    these events.
    © Oxford University Press 2012. All rights reserved. E-Business
    Best e-security Practices Guidelines

    The International Standards (ISO/IEC 27001),


    established in October 2005, provide a model for
    information security management.

    The motivations to comply with these standards and


    security certifications are –
    • Protecting customer data and information
    • Maintaining data integrity
    • Continuity in case of disaster, and
    • Protecting the organization’s reputation.

    © Oxford University Press 2012. All rights reserved. E-Business


    E-security Basics for Businesses
    A business needs to define a trade-off between electronic
    security / cost, and quality of service / privacy.
    Policies to establish electronic security for business should
    consider factors such as -
    • Legal framework and its enforcement
    • Electronic security for financial transactions and payment
    systems
    • Certification standard and established processes for secured
    transactions
    • Education and training

    © Oxford University Press 2012. All rights reserved. E-Business


    Legal Framework and Enforcement

    The legal framework should comprise laws for –


    • Electronic transactions
    • E-commerce
    • Payment systems
    • Cyber crimes
    • Infrastructure enforcement

    Apart from the legal framework, there is the need for


    enforcement of law within and across boundaries.

    © Oxford University Press 2012. All rights reserved. E-Business


    IT Act 2000
    • Provides legal recognition to e-commerce and other
    electronic transactions
    • Defines the terms such as access, certifying authority,
    Computers, as well the use of digital signatures and
    electronic transactions
    • Deals with electronic records and its usage
    • Specifies the penalties for the breach of confidentiality,
    privacy and misinterpretation of info.
    • Provides guidelines for digital signatures, digital certificates,
    and their validity, the power of officers in different scenarios
    etc.

    © Oxford University Press 2012. All rights reserved. E-Business


    IT Act 2000 Cont..
    IT Act 2000 defines the punishment for -
    • Tampering of computer and source documents
    • Hacking of computer systems
    • Publishing obscene information

    { Appendix 4 provides details on IT Act with


    reference to e-business }
    { Source : http://nicca.nic.in/pdf/itact2000.pdf }

    © Oxford University Press 2012. All rights reserved. E-Business


    Securing e-business Infrastructure

    • Electronic security for financial transactions and


    payment systems
    • Security and e-business infrastructure
    • Infrastructure availability

    © Oxford University Press 2012. All rights reserved. E-Business


    GLB Act

    • The Gramm-Leach-Bliley (GLB) Act is a


    comprehensive, federal law for security of financial
    institutions
    • It is aimed at maintaining integrity, security, and
    confidentiality to protect the customer information
    • It is composed of several parts, including the Privacy
    Rule (16 CFR 313) and the Safeguards Rule (16 CFR
    314)

    © Oxford University Press 2012. All rights reserved. E-Business


    Examples of the financial products and services,
    need to be compliant with GLB Act

    © Oxford University Press 2012. All rights reserved. E-Business


    Objectives of the GLBA Safeguards Rule

    • Ensuring the security and confidentiality of customer


    information.
    • Protect against any anticipated threat or hazard to the
    security or integrity of such information.
    • Protect against unauthorized access to genuine
    information that is stored at the organization end, in
    order to save the customers from any type of harm or
    inconvenience.

    © Oxford University Press 2012. All rights reserved. E-Business


    Role of IT Security & Policy in GLB Act
    • Risk assessments
    • Guidelines for secure computer data
    • Educational materials
    • Providing security tools and software
    • Providing support for security issues
    • Security event response
    • Enforcement of the GLBA

    © Oxford University Press 2012. All rights reserved. E-Business


    Technical and Remote Access Security
    Guidelines  
    Technical and remote access security guidelines can
    help businesses to secure their computer systems from
    vulnerability. For example -
    • Use of updated antivirus systems, All incoming mails
    and communications scanned for virus and mal-ware.
    • Regular assessment of all external facing devices
    • A Functional security system, A proper backup System
    • Remote access only if necessary, and through secured
    VPN
    • Password and access controls for remote access
    © Oxford University Press 2012. All rights reserved. E-Business
    Network Level Security
    • Firewalls
    • Safeguarding e-business
    • Information and network security policies
    • Authentication Mechanism
    • Intrusion detection
    • Intrusion handling
    • Network security
    • Anticipating network attacks

    © Oxford University Press 2012. All rights reserved. E-Business


    Safeguarding e-business

    © Oxford University Press 2012. All rights reserved. E-Business


    PKI (Public Key Infrastructure) Functions

    PKI   is the complete infrastructure for implementing


    security. A number of functions come under PKI.
    Those are -
    • Issue of certificates by CA
    • Revoking of invalid certificates
    • Storing certificates and providing trust

    © Oxford University Press 2012. All rights reserved. E-Business


    Ethical, Social, and Political Issues in
    e-business

    • Social, ethical, and political issues—severity and


    understanding
    • Privacy and information rights
    • Intellectual property rights
    • Ethical Internet Governance
    • Ethical issues and protections

    © Oxford University Press 2012. All rights reserved. E-Business

    You might also like