DATA SECURITY
What is e-commerce?
E-commerce is the action of buying and selling products over electronic systems and the Internet. Over the years, ecommerce has grown popular amongst much of the population and it is now a widely used means of purchasing and selling. A wide variety of commerce is conducted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), automated inventory management systems, and automated data collection systems.
E–Commerce is using electronic information technologies on the Internet to allow direct selling and automatic processing of purchases between parties. It is a system used to conduct business transactions of buying and selling goods and services over a computer network online via Electronic Data Interchange (EDI)
Why is e-commerce more susceptible to threats than other commerce?
What information has the customer given to the website?
What are the threats to data security for e-commerce?
Viruses
A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.
A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer.
Many personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behaviour and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.
Some viruses can be created to delete important files or in some way to relay the information on these files back to the creator. If this virus infects a computer system for a company, then the damage could be catastrophic. All of the customer details, possibly including credit card details, could be taken and used in ghastly ways.
Hackers
A Hacker is a general term in computing that refers to a computer programmer who takes advantage of the faults in the design of computer software or hardware (commonly referred to as "weaknesses") in order to:
Gain further knowledge about the internal workings of the software or hardware,
Gain access to some previously locked or hidden function of the software or hardware,
Disable some previously functioning part of the software or hardware so that it no longer works in the way it was originally intended, or
Command the software or hardware to perform an additional task that it was not originally designed to do.
As a hacker's activities commonly (but not always) involve reverse engineering or direct modification of the software or hardware without the manufacturer's knowledge or authorization, hacking often can create disastrous consequences for the company as information regarding customer data could be stolen and used for purposes involving activity whereby the information is used in beneficial ways only for the hacker and disadvantageous for everyone else.
Spyware - http://en.wikipedia.org/wiki/Spyware
Hardware failure – if the hardware fails, data may be lost. If the computer breaks then it will need to be repaired so it will be sent to a repair person and they might use their skills to access important information which could be used against the company.
Human error – if the data is incorrectly entered, then a problem could arise.
Dishonest employees – these are a big threat to companies because if an employee is skilled enough then they can access the files containing data that could be taken to be used by the employee to use what they want to use it for.
Natural disasters –
Theft – this would mean that data has come into the hands of a criminal and being a criminal, the thief would probably not want the information to use for good. Problems would occur from the thief holding that information.
Flood and fire –
Terrorism
Cyber-terrorism is the leveraging of a target's computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. As the Internet becomes more pervasive in all areas of human endeavor, individuals or groups can use the anonymity afforded by cyberspace to threaten citizens, specific groups (i.e. with membership based on ethnicity or belief), communities and entire countries, without the inherent threat of capture, injury, or death to the attacker that being physically present would bring. As the Internet continues to expand, and computer systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.
What are the preventative measures for these threats?
Risk analysis – the company is asked questions on how safe their computer system is. If they have adequate measures of security then their website is safe to use.
Passwords – some websites only allow their customers to create passwords that contain a certain number of characters and sometimes must include a number as well. Some websites also give an indication as to how good the password is, helping the customer to create the safest password possible.
Access levels –
Backup –
Anti virus measures –
Training –
Firewalls –
Secure electronic transactions (SET) –
Encryption –
Physical Security –
Describe the legislation that the company should be aware of.
How effective are these pieces of legislation?
Overall Conclusions:
Is data secure on this website – yes?
Is data insecure on this website – yes?
Overall conclusion.
Wednesday, 30 January 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment