4. Outlines
Definitions
Importance of e-security systems (ESS)
Objectives/Goals of ESS
E- security threats
Main security risks
Types of E-commerce threats
Elements of a COMPREHENSIVE SECURITY
Program
5. Definitions
Electronic security system(ESS) means a security system
comprised of an interconnected series of devices or
components, including systems with audio and video signals
or other electronic systems, which emits or transmits an
audible, visual or electronic signal warning of intrusion and
provides notification of authorized entry or exit, which is
designed to discourage crime.
6. Importance of e- security
system
1.Assets Protection
2.Safe work place
3.Instant security updates
4.Protection when premises unattended
5.Conflict resolution
6.Value for money
7.Internal theft control
8.Monitoring high-risk areas
9.Automation and analytics
8. - Confidentiality: if it is supposed to be secret, be careful
who hears it.
- Availability : Don’t let someone change something they
shouldn't.
- Exclusivity : Don’t let someone use something he
shouldn't.
- Necessity: prevention against data delays or removal.
9. – Secrecy: protection against unauthorized data disclosure
and authentication of data source.
– Integrity: prevention against unauthorized data
modification.
– Non-repudiation: prevention against any one party from
reneging on an agreement after the fact protect
corporation's image and reputation.
10. 1) Unauthorized access
2) Loss of message confidentiality or integrity
3) User Identification
4) Access Control
5) Players:
◦ User community
◦ Network Administration
◦ Introducers
12. ⚫ Data being stolen
⚫Electronic mail can be intercepted and read
⚫Customer’s credit card numbers may be read
⚫ Login/password and other access information stolen
⚫ Operating system shutdown
⚫ Filesystem corruption
⚫ User login information can be captured
13. • Active Content
• Malicious Code
Client threats
Communication
channels
Threats
• Confidentiality Threats
• Integrity Threats
• Availability Threats
• Web-Server ,Commerce Server
Threats
• Password Hacking,Data base
Threats
Server Threats
14.
15. ELEMENTS OF A COMPREHENSIVE SECURITY
PROGRAM
Have Good Passwords
Use Good Antiviral Products
Use Good Cryptography
Have Good Firewalls
Have a Backup System
Audit and Monitor Systems and Networks
Have Training and Awareness Programs
Test Your Security Frequently
18. ⦁ Phishing
◦ Deceptive online attempt to obtain confidential information
◦ Social engineering, e-mail scams, spoofing legitimate Web
sites
◦ Use information to commit fraudulent acts (access checking
accounts), steal identity
⦁ Hacking and cybervandalism
◦ Hackers vs. crackers
◦
Cybervandalism: intentionally disrupting, defacing,
destroying Web site
◦ Types of hackers: white hats, black hats, grey hats
19. ⦁ Credit card fraud/theft
◦ Fear of stolen credit card information deters online
purchases
◦ Hackers target merchant servers; use data to establish
credit under false identity
◦ Online companies at higher risk than offline
⦁ Spoofing: misrepresenting self by using fake e-
mail address
⦁ Pharming: spoofing a Web site
◦ Redirecting a Web link to a new, fake Web site
20. ۩Electronic data security is important at a time
when people are considering banking and
other financial transaction by PCs.
۩One major threat to data security is
unauthorized network monitoring also called
packet sniffing.
21. □ Messaging Security is a program that
provides protection for companies messaging
infrastructure.
□ It protects all the personal message of the
company which are related to company’s
vision and mission.
25. Encryption is the mutation of information in
any form (text, video, and graphics) into a
representation unreadable by anyone without a
decryption key.
26. ⦁
No can figure out the private key from the
corresponding public key. Hence, the key
management problems is mostly confined to
the management of private keys
⦁
The need for sender and receiver to share
secret information over public channels is
completely eliminated.