tailieunhanh - Lecture Electronic commerce - Chapter 11: E-Commerce Security

Lecture Electronic commerce - Chapter 11: E-Commerce Security learning objectives: Explain EC-related crimes and why they cannot be stopped. Describe an EC security strategy and why a life cycle approach is needed. Describe the information assurance security principles. Describe EC security issues from the perspective of customers and e-businesses. | Chapter 11 E-Commerce Security 2008 Pearson Prentice Hall Electronic Commerce 2008 Efraim Turban et al. Learning Objectives 1. Explain EC-related crimes and why they cannot be stopped. 2. Describe an EC security strategy and why a life cycle approach is needed. 3. Describe the information assurance security principles. 4. Describe EC security issues from the perspective of customers and e- businesses. 11-2 Learning Objectives 5. Identify the major EC security threats vulnerabilities and risk. 6. Identify and describe common EC threats and attacks. 7. Identify and assess major technologies and methods for securing EC communications. 8. Identify and assess major technologies for information assurance and protection of EC networks. 11-3 Stopping E-Commerce Crimes Information assurance IA The protection of information systems against unauthorized access to or modification of information whether in storage processing or transit and against the denial of service to authorized users including those measures necessary to detect document and counter such threats human firewalls Methods that filter or limit people s access to critical business documents 11-4 Stopping E-Commerce Crimes zombies Computers infected with malware that are under the control of a spammer hacker or other criminal application firewalls Specialized tools designed to increase the security of Web applications common security vulnerabilities and exposures CVE Publicly known computer security risks which are collected listed and shared by a board of security- related organizations 11-5 Stopping E-Commerce Crimes vulnerability Weakness in software or other mechanism that threatens the confidentiality integrity or availability of an asset recall the CIA model . It can be directly used by a hacker to gain access to a system or network risk The probability that a vulnerability will be known and used 11-6 Stopping E-Commerce Crimes exposure The estimated cost loss or damage that can result if a .