CH.5  E-commerce Security Fundamentals
22 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is a major challenge in achieving good e-commerce security?

  • Balancing security with ease of use (correct)
  • Monitoring underground economy marketplaces
  • Implementing new technologies
  • Adhering to industry standards

Which of the following is NOT a key point of vulnerability in the e-commerce environment?

  • Database (correct)
  • Communications pipeline
  • Server
  • Client

What is the primary concern in the underground economy marketplace?

  • Malicious code distribution
  • Network security breaches
  • Fraudulent transactions
  • Stolen information storage (correct)

What is a major factor to consider when evaluating the cost of security measures?

<p>Cost of potential loss (B)</p> Signup and view all the answers

Which of the following is a type of malicious code?

<p>Backdoor (A)</p> Signup and view all the answers

What is the primary goal of security measures in e-commerce?

<p>To achieve the highest degree of security (A)</p> Signup and view all the answers

What is a major concern in the e-commerce environment?

<p>Criminal use of the Internet (D)</p> Signup and view all the answers

What is a key factor in the tension between security and ease of use?

<p>The number of security measures added (D)</p> Signup and view all the answers

What is the primary goal of hacktivism?

<p>Political or social change (C)</p> Signup and view all the answers

Which type of threat involves the theft of sensitive information to impersonate an individual?

<p>Identity theft (B)</p> Signup and view all the answers

What is the primary purpose of a firewall in network security?

<p>To block unauthorized access (D)</p> Signup and view all the answers

Which encryption method is commonly used to secure online transactions?

<p>SSL (A)</p> Signup and view all the answers

What type of attack involves tricking individuals into revealing sensitive information?

<p>Social engineering (B)</p> Signup and view all the answers

What is the primary goal of a denial-of-service (DoS) attack?

<p>System disruption (B)</p> Signup and view all the answers

Which type of malware is designed to monitor and capture sensitive information?

<p>Spyware (D)</p> Signup and view all the answers

What is the primary purpose of a VPN in network security?

<p>To secure channels of communication (D)</p> Signup and view all the answers

What is the primary function of a firewall in network security?

<p>To filter packets based on a security policy (A)</p> Signup and view all the answers

What is the main purpose of a proxy server in network security?

<p>To handle all communications originating from or being sent to the Internet (B)</p> Signup and view all the answers

What is the easiest and least expensive way to prevent threats to system integrity?

<p>Installing antivirus software (D)</p> Signup and view all the answers

What is a critical component of managing risk in network security?

<p>All of the above (D)</p> Signup and view all the answers

What is a key component of a security plan?

<p>Risk assessment (A)</p> Signup and view all the answers

What is the purpose of a security audit in network security?

<p>To evaluate the effectiveness of a security plan (D)</p> Signup and view all the answers

Study Notes

E-commerce Security Environment

  • The size and losses of cybercrime are unclear due to reporting issues.
  • In 2011, 46% of respondents in a CSI survey detected a breach in the last year.
  • Stolen information is stored on underground economy servers.

What Is Good E-commerce Security?

  • To achieve the highest degree of security, new technologies, organizational policies and procedures, and industry standards and government laws are necessary.
  • Other factors to consider include the time value of money, the cost of security vs. potential loss, and the concept that security often breaks at the weakest link.

The Tension Between Security and Ease of Use

  • The more security measures added, the more difficult a site is to use, and the slower it becomes.
  • The use of technology by criminals to plan crimes or threaten nation-state security is a concern.

Security Threats in the E-commerce Environment

  • Three key points of vulnerability in the e-commerce environment are: • Clients • Servers • Communications pipeline (Internet communications channels)

Most Common Security Threats

  • Malicious code threats include: • Viruses • Worms • Trojan horses • Drive-by downloads • Backdoors • Bots and botnets
  • Potentially unwanted programs (PUPs) include: • Browser parasites • Adware • Spyware
  • Phishing threats include: • E-mail scams • Social engineering • Identity theft
  • Hacking threats include: • Hackers vs. crackers • Types of hackers: White, black, and grey hats • Hacktivism
  • Cybervandalism: Disrupting, defacing, or destroying a Web site
  • Data breach: Losing control over corporate information to outsiders
  • Credit card fraud/theft: Hackers targeting merchant servers to establish credit under false identity
  • Spoofing (Pharming): Spam (junk) Web sites
  • Denial of service (DoS) attack: Hackers flooding a site with useless traffic to overwhelm the network
  • Distributed denial of service (DDoS) attack
  • Sniffing: Eavesdropping programs that monitor information traveling over a network
  • Insider attacks: Poorly designed server and client software
  • Social network security issues: Mobile platform security issues
  • Cloud security issues: Same risks as any Internet device

Technology Solutions

  • Protecting Internet communications: • Encryption
  • Securing channels of communication: • SSL • VPNs
  • Protecting networks: • Firewalls
  • Protecting servers and clients: • Hardware and software security measures

Protecting Networks

  • Firewall: Hardware or software that uses security policy to filter packets • Two main methods: Packet filters and Application gateways
  • Proxy servers (proxies): Software servers that handle all communications originating from or being sent to the Internet

Protecting Servers and Clients

  • Operating system security enhancements: • Upgrades • Patches
  • Anti-virus software: Easiest and least expensive way to prevent threats to system integrity • Requires daily updates

Management Policies, Business Procedures, and Public Laws

  • Companies worldwide spend $60 billion on security hardware, software, and services
  • Managing risk includes: • Technology • Effective management policies • Public laws and active enforcement

A Security Plan: Risk Management Policies

  • Risk assessment
  • Security policy
  • Implementation plan: • Security organization • Access controls • Authentication procedures, including biometrics • Authorization policies, authorization management systems
  • Security audit

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

This quiz covers the basics of e-commerce security, including the size and losses of cybercrime, reporting issues, and the importance of new technologies and organization in achieving good e-commerce security.

More Like This

Use Quizgecko on...
Browser
Browser