E-Commerce Security
SyedManiruzzamanPabe
20,138 views
20 slides
Sep 05, 2016
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
Detailed about E-Commerce Security
Slide Content
WelcomeWelcome
To To
My Presentation.
Syed Maniruzzaman Pabel
ID:142-15-4186
Daffodil International University
To To
My Presentation.
Syed Maniruzzaman Pabel
ID:142-15-4186
Daffodil International University
Our Topic :
E-Commerce Security
2
E-Commerce Security
2
What is E-Commerce Security
E-commerce security is the protection of e-
commerce assets from unauthorized access, use,
alteration, or destruction.
3
E-commerce security is the protection of e-
commerce assets from unauthorized access, use,
alteration, or destruction.
3
Six dimensions of e-commerce security:
1. Integrity
2. Nonrepudiation
3. Authenticity
4. Confidentiality
5. Privacy
6. Availability
4
1. Integrity
2. Nonrepudiation
3. Authenticity
4. Confidentiality
5. Privacy
6. Availability
4
The Continuing Need for E-Commerce Security:
Computer Security Institute (CSI)
Nonprofit organization located in San Francisco,
California, that is dedicated to serving and training
information, computer, and network security
professionals
Computer Emergency Response Team (CERT)
Group of three teams at Carnegie Mellon University
that monitor the incidence of cyber attacks, analyze
vulnerabilities, and provide guidance on protecting
against attacks
5
Computer Security Institute (CSI)
Nonprofit organization located in San Francisco,
California, that is dedicated to serving and training
information, computer, and network security
professionals
Computer Emergency Response Team (CERT)
Group of three teams at Carnegie Mellon University
that monitor the incidence of cyber attacks, analyze
vulnerabilities, and provide guidance on protecting
against attacks
5
Basic Security Issues:
Authentication
Authorization
Auditing
6
Authentication
Authorization
Auditing
6
Nontechnical attack:
An attack that uses chicanery to trick people into
revealing sensitive information or performing actions
that compromise the security of a network
7
An attack that uses chicanery to trick people into
revealing sensitive information or performing actions
that compromise the security of a network
7
Technical attack:
An attack perpetrated using software and systems
knowledge or expertise
8
An attack perpetrated using software and systems
knowledge or expertise
8
Types of technical attack:
common (security) vulnerabilities and
exposures (CVEs
National Infrastructure Protection Center
(NIPC)
denial-of-service (DoS) attack
distributed denial-ofservice (DDoS) attack
9
common (security) vulnerabilities and
exposures (CVEs
National Infrastructure Protection Center
(NIPC)
denial-of-service (DoS) attack
distributed denial-ofservice (DDoS) attack
9
Malware:
A generic term for malicious software
Example:
10
A generic term for malicious software
Example:
10
Virus and Worm:
virus
A piece of software code that inserts itself into a host,
including the operating systems, in order to propagate;
it requires that its host program be run to activate it
worm
A software program that runs independently, consuming
the resources of its host in order to maintain itself, that
is capable of propagating a complete working version of
itself onto another machine
11
virus
A piece of software code that inserts itself into a host,
including the operating systems, in order to propagate;
it requires that its host program be run to activate it
worm
A software program that runs independently, consuming
the resources of its host in order to maintain itself, that
is capable of propagating a complete working version of
itself onto another machine
11
Common mistakes in managing
security risks:
Undervalued information
Narrowly defined security boundaries
Reactive security management
Dated security management processes
Lack of communication about security
responsibilities
12
security risks:
Undervalued information
Narrowly defined security boundaries
Reactive security management
Dated security management processes
Lack of communication about security
responsibilities
12
Security Risk Management:
A systematic process for determining the likelihood
of various security attacks and for identifying the
actions needed to prevent or mitigate those attacks
13
A systematic process for determining the likelihood
of various security attacks and for identifying the
actions needed to prevent or mitigate those attacks
13
Security risk management consists of three
phases:
Asset identification
Risk assessment
Implementation
14
phases:
Asset identification
Risk assessment
Implementation
14
passive tokens and active tokens:
passive tokens
Storage devices (e.g., magnetic strips) that contain a
secret code used in a two-factor authentication
system
active tokens
Small, stand-alone electronic devices that generate
one-time passwords used in a two-factor
authentication system
15
passive tokens
Storage devices (e.g., magnetic strips) that contain a
secret code used in a two-factor authentication
system
active tokens
Small, stand-alone electronic devices that generate
one-time passwords used in a two-factor
authentication system
15
Symmetric (Private) Key
Encryption:
16
Encryption:
16
Public (Asymmetric) Key Encryption:
public key encryption
Method of encryption that uses a pair of
matched keys—a public key to encrypt a
message and a private key to decrypt it, or
vice versa
public key
Encryption code that is publicly available to
anyone
17
public key encryption
Method of encryption that uses a pair of
matched keys—a public key to encrypt a
message and a private key to decrypt it, or
vice versa
public key
Encryption code that is publicly available to
anyone
17
virtual private network (VPN):
A network that uses the public Internet to carry
information but remains private by using
encryption to scramble the communications,
authentication to ensure that information has not
been tampered with, and access control to verify
the identity of anyone using the network
18
A network that uses the public Internet to carry
information but remains private by using
encryption to scramble the communications,
authentication to ensure that information has not
been tampered with, and access control to verify
the identity of anyone using the network
18
Honeynet and Honeypots:
honeynet
A way to evaluate vulnerabilities of an organization
by studying the types of attacks to which a site is
subjected using a network of systems called
honeypots
honeypots
Production systems (e.g., firewalls, routers, Web
servers, database servers) designed to do real work
but that are watched and studied as network
intrusions occur
19
honeynet
A way to evaluate vulnerabilities of an organization
by studying the types of attacks to which a site is
subjected using a network of systems called
honeypots
honeypots
Production systems (e.g., firewalls, routers, Web
servers, database servers) designed to do real work
but that are watched and studied as network
intrusions occur
19
Thank You
Every Body
20
Every Body
20
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 20,138
- Slides 20
- Favorites 13
- Age 3394 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
85 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
78 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
76 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
62 views
21
Know for Certain
DaveSinNM
36 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
41 views