Escolar Documentos
Profissional Documentos
Cultura Documentos
Chapter 10
E-Commerce Security
Learning Objectives
1. Explain EC-related crimes and why they cannot be stopped. 2. Describe an EC security strategy and why a life cycle approach is needed. 3. Describe the information assurance security principles. 4. Describe EC security issues from the perspective of customers and e-businesses. 5. Identify the major EC security threats, vulnerabilities, and risks.
Chapter 10 Copyright 2009 Pearson Education, Inc. Publishing as Prentice Hall 1
5/25/11
Learning Objectives
6. Identify and describe common EC threats and attacks. 7. Identify and assess major technologies and methods for securing EC communications. 8. Identify and assess major technologies for information assurance and protection of EC networks. 9. Describe types of fraud on the Internet and how to protect against it.
Chapter 10 Copyright 2009 Pearson Education, Inc. Publishing as Prentice Hall 2
Chapter 10
5/25/11
Chapter 10
Chapter 10
5/25/11
Chapter 10
Chapter 10
5/25/11
Information Assurance
information assurance (IA) The protection of information systems against unauthorized access to or modification of information whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
Chapter 10 Copyright 2009 Pearson Education, Inc. Publishing as Prentice Hall 8
Information Assurance
confidentiality Assurance of data privacy and accuracy. Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes. integrity Assurance that stored data has not been modified without authorization; and a message that was sent is the same message that was received. availability Assurance that access to data, the Web site, or other EC data service is timely, available, reliable, and restricted to authorized users.
Chapter 10 Copyright 2009 Pearson Education, Inc. Publishing as Prentice Hall 9
5/25/11
Information Assurance
authentication Process to verify (assure) the real identity of an individual, computer, computer program, or EC Web site. authorization Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform.
Chapter 10 Copyright 2009 Pearson Education, Inc. Publishing as Prentice Hall 10
Information Assurance
nonrepudiation Assurance that an online customer or trading partner cannot falsely deny (repudiate) their purchase or transaction. digital signature or digital certificate Validates the sender and time stamp of a transaction so it cannot later be claimed that the transaction was unauthorized or invalid.
Chapter 10
11
5/25/11
Information Assurance
Chapter 10
12
Information Assurance
Chapter 10
13
5/25/11
Chapter 10
15
5/25/11
Chapter 10
16
Chapter 10
17
5/25/11
10
5/25/11
Chapter 10
20
11
5/25/11
Chapter 10
22
Chapter 10
23
12
5/25/11
Chapter 10
24
Chapter 10
25
13
5/25/11
Chapter 10
26
Chapter 10
27
14
5/25/11
Secure Socket Layer (SSL) Protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality.
Chapter 10 Copyright 2009 Pearson Education, Inc. Publishing as Prentice Hall 28
Chapter 10
29
15
5/25/11
Chapter 10
30
Chapter 10
31
16
5/25/11
Chapter 10
32
17
5/25/11
SELLER PROTECTION
What Can Sellers Do?
Chapter 10
35
18
5/25/11
Managerial Issues
1. Why should managers learn about EC security? 2. Why is an EC security strategy and life cycle approach needed? 3. How should managers view EC security issues? 4. What is the key to establishing strong e-commerce security? 5. What steps should businesses follow in establishing a security plan? 6. Should organizations be concerned with internal security threats?
Chapter 10
36
Summary
1. Stopping e-commerce crimes. 2. EC security strategy and life cycle approach. 3. Information assurance. 4. Enterprisewide EC security and privacy model. 5. Basic EC security issues and perspectives.
Chapter 10 Copyright 2009 Pearson Education, Inc. Publishing as Prentice Hall 37
19
5/25/11
Summary
6. 7. 8. 9. Threats and attacks. Securing EC communications. Technologies for securing networks. Fraud on the Internet and how to protect against it.
Chapter 10
38
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.
Chapter 10
39
20