ec-160905073212 (1).ppthttps://youtu.be/JepLZh_dMeY?si=aAWl7Fi7l0qJJFv4
subhamkumar56644
14 views
20 slides
Aug 31, 2024
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
E COMMERCE
Slide Content
WelcomeWelcome
ToTo
My Presentation.
Name:- Abhishek raj
Course:- BCA “2
nd
”
Shobhit University (‘Merrut’)
ToTo
My Presentation.
Name:- Abhishek raj
Course:- BCA “2
nd
”
Shobhit University (‘Merrut’)
Our Topic :
2
2
What is E-Commerce Security
E-commerce security is the protection of e-
commerce assets from unauthorized access,
use, alteration, or destruction.
3
E-commerce security is the protection of e-
commerce assets from unauthorized access,
use, alteration, or destruction.
3
Six dimensions of e-commerce security:
1. Integrity
2. Nonrepudiation
3. Authenticity
4. Confidentiality
5. Privacy
6. Availability
4
1. Integrity
2. Nonrepudiation
3. Authenticity
4. Confidentiality
5. Privacy
6. Availability
4
The Continuing Need for E-Commerce Security:
Computer Security Institute (CSI)
Nonprofit organization located in San Francisco,
California, that is dedicated to serving and training
information, computer, and network security
professionals
Computer Emergency Response Team (CERT)
Group of three teams at Carnegie Mellon University
that monitor the incidence of cyber attacks, analyze
vulnerabilities, and provide guidance on protecting
against attacks
5
Computer Security Institute (CSI)
Nonprofit organization located in San Francisco,
California, that is dedicated to serving and training
information, computer, and network security
professionals
Computer Emergency Response Team (CERT)
Group of three teams at Carnegie Mellon University
that monitor the incidence of cyber attacks, analyze
vulnerabilities, and provide guidance on protecting
against attacks
5
Basic Security Issues:
Authentication
Authorizatio
n
Auditing
6
Authentication
Authorizatio
n
Auditing
6
Nontechnical attack:
An attack that uses chicanery to trick people into
revealing sensitive information or performing
actions that compromise the security of a
network
7
An attack that uses chicanery to trick people into
revealing sensitive information or performing
actions that compromise the security of a
network
7
Technical attack:
An attack perpetrated using software and
systems knowledge or expertise
8
An attack perpetrated using software and
systems knowledge or expertise
8
Types of technical attack:
common (security) vulnerabilities and
exposures (CVEs
National Infrastructure Protection Center
(NIPC)
denial-of-service (DoS) attack
distributed denial-ofservice (DDoS) attack
9
common (security) vulnerabilities and
exposures (CVEs
National Infrastructure Protection Center
(NIPC)
denial-of-service (DoS) attack
distributed denial-ofservice (DDoS) attack
9
Malware:
A generic term for malicious software
:
Example
10
A generic term for malicious software
:
Example
10
Virus and Worm:
virus
A piece of software code that inserts itself into a
host, including the operating systems, in order to
propagate; it requires that its host program be run to
activate it
worm
A software program that runs independently,
consuming the resources of its host in order to
maintain itself, that is capable of propagating a
complete working version of itself onto another
machine
11
virus
A piece of software code that inserts itself into a
host, including the operating systems, in order to
propagate; it requires that its host program be run to
activate it
worm
A software program that runs independently,
consuming the resources of its host in order to
maintain itself, that is capable of propagating a
complete working version of itself onto another
machine
11
Common mistakes in managing
security risks:
Undervalued information
Narrowly defined security boundaries
Reactive security management
Dated security management processes
Lack of communication about security
responsibilities
12
security risks:
Undervalued information
Narrowly defined security boundaries
Reactive security management
Dated security management processes
Lack of communication about security
responsibilities
12
Security Risk Management:
A systematic process for determining the
likelihood of various security attacks and for
identifying the actions needed to prevent or
mitigate those attacks
13
A systematic process for determining the
likelihood of various security attacks and for
identifying the actions needed to prevent or
mitigate those attacks
13
Security risk management consists of three
phases:
Asset identification
Risk assessment
Implementation
14
phases:
Asset identification
Risk assessment
Implementation
14
passive tokens and active tokens:
passive tokens
Storage devices (e.g., magnetic strips) that
contain a secret code used in a two-factor
authentication system
active tokens
Small, stand-alone electronic devices that
generate one-time passwords used in a two-
factor authentication system
15
passive tokens
Storage devices (e.g., magnetic strips) that
contain a secret code used in a two-factor
authentication system
active tokens
Small, stand-alone electronic devices that
generate one-time passwords used in a two-
factor authentication system
15
Symmetric (Private) Key
Encryption:
16
Encryption:
16
Public (Asymmetric) Key Encryption:
public key encryption
Method of encryption that uses a pair of
matched keys—a public key to encrypt a
message and a private key to decrypt it,
or vice versa
public key
Encryption code that is publicly available
to anyone
17
public key encryption
Method of encryption that uses a pair of
matched keys—a public key to encrypt a
message and a private key to decrypt it,
or vice versa
public key
Encryption code that is publicly available
to anyone
17
virtual private network (VPN):
A network that uses the public Internet to
carry information but remains private by
using encryption to scramble the
communications, authentication to ensure
that information has not been tampered with,
and access control to verify the identity of
anyone using the network
18
A network that uses the public Internet to
carry information but remains private by
using encryption to scramble the
communications, authentication to ensure
that information has not been tampered with,
and access control to verify the identity of
anyone using the network
18
Honeynet and Honeypots:
honeynet
A way to evaluate vulnerabilities of an
organization by studying the types of attacks to
which a site is subjected using a network of
systems called honeypots
honeypots
Production systems (e.g., firewalls, routers, Web
servers, database servers) designed to do real
work but that are watched and studied as
network intrusions occur
19
honeynet
A way to evaluate vulnerabilities of an
organization by studying the types of attacks to
which a site is subjected using a network of
systems called honeypots
honeypots
Production systems (e.g., firewalls, routers, Web
servers, database servers) designed to do real
work but that are watched and studied as
network intrusions occur
19
Thank You
Every Body
20
Every Body
20
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 14
- Slides 20
- Age 478 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
45 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
48 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
44 views
14
Fertility awareness methods for women in the society
Isaiah47
41 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
43 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
42 views