Podcast
Questions and Answers
What is a major challenge in achieving good e-commerce security?
What is a major challenge in achieving good e-commerce security?
- Balancing security with ease of use (correct)
- Monitoring underground economy marketplaces
- Implementing new technologies
- Adhering to industry standards
Which of the following is NOT a key point of vulnerability in the e-commerce environment?
Which of the following is NOT a key point of vulnerability in the e-commerce environment?
- Database (correct)
- Communications pipeline
- Server
- Client
What is the primary concern in the underground economy marketplace?
What is the primary concern in the underground economy marketplace?
- Malicious code distribution
- Network security breaches
- Fraudulent transactions
- Stolen information storage (correct)
What is a major factor to consider when evaluating the cost of security measures?
What is a major factor to consider when evaluating the cost of security measures?
Which of the following is a type of malicious code?
Which of the following is a type of malicious code?
What is the primary goal of security measures in e-commerce?
What is the primary goal of security measures in e-commerce?
What is a major concern in the e-commerce environment?
What is a major concern in the e-commerce environment?
What is a key factor in the tension between security and ease of use?
What is a key factor in the tension between security and ease of use?
What is the primary goal of hacktivism?
What is the primary goal of hacktivism?
Which type of threat involves the theft of sensitive information to impersonate an individual?
Which type of threat involves the theft of sensitive information to impersonate an individual?
What is the primary purpose of a firewall in network security?
What is the primary purpose of a firewall in network security?
Which encryption method is commonly used to secure online transactions?
Which encryption method is commonly used to secure online transactions?
What type of attack involves tricking individuals into revealing sensitive information?
What type of attack involves tricking individuals into revealing sensitive information?
What is the primary goal of a denial-of-service (DoS) attack?
What is the primary goal of a denial-of-service (DoS) attack?
Which type of malware is designed to monitor and capture sensitive information?
Which type of malware is designed to monitor and capture sensitive information?
What is the primary purpose of a VPN in network security?
What is the primary purpose of a VPN in network security?
What is the primary function of a firewall in network security?
What is the primary function of a firewall in network security?
What is the main purpose of a proxy server in network security?
What is the main purpose of a proxy server in network security?
What is the easiest and least expensive way to prevent threats to system integrity?
What is the easiest and least expensive way to prevent threats to system integrity?
What is a critical component of managing risk in network security?
What is a critical component of managing risk in network security?
What is a key component of a security plan?
What is a key component of a security plan?
What is the purpose of a security audit in network security?
What is the purpose of a security audit in network security?
Study Notes
E-commerce Security Environment
- The size and losses of cybercrime are unclear due to reporting issues.
- In 2011, 46% of respondents in a CSI survey detected a breach in the last year.
- Stolen information is stored on underground economy servers.
What Is Good E-commerce Security?
- To achieve the highest degree of security, new technologies, organizational policies and procedures, and industry standards and government laws are necessary.
- Other factors to consider include the time value of money, the cost of security vs. potential loss, and the concept that security often breaks at the weakest link.
The Tension Between Security and Ease of Use
- The more security measures added, the more difficult a site is to use, and the slower it becomes.
- The use of technology by criminals to plan crimes or threaten nation-state security is a concern.
Security Threats in the E-commerce Environment
- Three key points of vulnerability in the e-commerce environment are: • Clients • Servers • Communications pipeline (Internet communications channels)
Most Common Security Threats
- Malicious code threats include: • Viruses • Worms • Trojan horses • Drive-by downloads • Backdoors • Bots and botnets
- Potentially unwanted programs (PUPs) include: • Browser parasites • Adware • Spyware
- Phishing threats include: • E-mail scams • Social engineering • Identity theft
- Hacking threats include: • Hackers vs. crackers • Types of hackers: White, black, and grey hats • Hacktivism
- Cybervandalism: Disrupting, defacing, or destroying a Web site
- Data breach: Losing control over corporate information to outsiders
- Credit card fraud/theft: Hackers targeting merchant servers to establish credit under false identity
- Spoofing (Pharming): Spam (junk) Web sites
- Denial of service (DoS) attack: Hackers flooding a site with useless traffic to overwhelm the network
- Distributed denial of service (DDoS) attack
- Sniffing: Eavesdropping programs that monitor information traveling over a network
- Insider attacks: Poorly designed server and client software
- Social network security issues: Mobile platform security issues
- Cloud security issues: Same risks as any Internet device
Technology Solutions
- Protecting Internet communications: • Encryption
- Securing channels of communication: • SSL • VPNs
- Protecting networks: • Firewalls
- Protecting servers and clients: • Hardware and software security measures
Protecting Networks
- Firewall: Hardware or software that uses security policy to filter packets • Two main methods: Packet filters and Application gateways
- Proxy servers (proxies): Software servers that handle all communications originating from or being sent to the Internet
Protecting Servers and Clients
- Operating system security enhancements: • Upgrades • Patches
- Anti-virus software: Easiest and least expensive way to prevent threats to system integrity • Requires daily updates
Management Policies, Business Procedures, and Public Laws
- Companies worldwide spend $60 billion on security hardware, software, and services
- Managing risk includes: • Technology • Effective management policies • Public laws and active enforcement
A Security Plan: Risk Management Policies
- Risk assessment
- Security policy
- Implementation plan: • Security organization • Access controls • Authentication procedures, including biometrics • Authorization policies, authorization management systems
- Security audit
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers the basics of e-commerce security, including the size and losses of cybercrime, reporting issues, and the importance of new technologies and organization in achieving good e-commerce security.