secure e business infrastructure l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Secure e-Business Infrastructure PowerPoint Presentation
Download Presentation
Secure e-Business Infrastructure

Loading in 2 Seconds...

play fullscreen
1 / 38

Secure e-Business Infrastructure - PowerPoint PPT Presentation


  • 554 Views
  • Uploaded on

Secure e-Business Infrastructure Gerald Trites, CA*CISA, FCA Professor of Accounting and Information Systems St Francis Xavier University Coverage of Session What is meant by e-Business What is meant by E-Business Infrastructure What is meant by e-Business Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Secure e-Business Infrastructure' - oshin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure e business infrastructure

Secure e-Business Infrastructure

Gerald Trites, CA*CISA, FCA

Professor of Accounting and Information Systems

St Francis Xavier University

coverage of session
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security
coverage of session3
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security
definition of e business
Definition of e-Business
  • In a very broad and general sense, electronic business has often been defined as any business carried out in electronic form.
  • “e-Business is the complex fusion of business processes, enterprise applications, and organizational structure necessary to create a high-performance business model.” - Kalakota and Robinson
components of e business
Components of e-Business
  • Strategic internet commerce
  • Collaborative commerce
  • Mobile Commerce
  • E-Business involves a technological and business infrastructure
coverage of session6
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security
e business infrastructure definitions
E-business Infrastructure - Definitions
  • Basis for security strategy
  • Definition - IBM paper (pg 15)
  • Dell - http://www.dell.com/us/en/esg/topics/products_infrastructure_arc_pedge_000_internet-infra.htm
infrastructure a broader perspective
Infrastructure – a broader perspective
  • Hardware and operating systems
  • Networking infrastructure and technology
  • Intranets, extranets, shared technologies, policies, collaboration, including wireless
  • Enterprise resource planning
  • Data management- Data warehousing - Business intelligence applications
  • Web infrastructure and Internet applications
  • Software and related infrastructure
coverage of session9
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security
what is meant by e business security
What is meant by e-Business Security
  • The infrastructure as a whole must be secure
  • IAPS 1013 – Para 9
  • Policies
  • Risk/Benefit Approach
  • Administration
coverage of session11
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security
e business risks
E-Business Risks
  • We will address the incremental risks of E-business.
  • Risks that apply to traditional IT also apply to e-business. Some of the controls to address the incremental risks also apply to traditional risks.
general e business security risks
General e-Business Security Risks
  • Web/Internet exposure
  • Access to back office systems
  • Integration of collaborative systems
  • Particular importance of encryption, digital certificates, PKI, etc.
  • Growth of wireless
e business risks14
E-Business Risks
  • Incomplete transactions because of network breakdown.
  • Incomplete or inaccurate transactions because of cracker interception.
e business risks15
E-Business Risks
  • Unauthorized transactions
  • Unauthorized access to confidential or personal information
e business risks16
E-business Risks
  • Parties denying transactions because of insufficient audit trail
  • Inadequate participation by customers and stakeholders because of lack of confidence in information security, privacy and system reliability
  • Embarrassment caused by crackers
some industry statistics
Some Industry Statistics
  • In the 2003 “Computer Crime and Security Survey” of the CSI, 56% of the respondents acknowledged financial losses due to customer breaches.
  • In the same survey, 46% of respondents detected system penetration from the outside and 45% from the inside.
some industry statistics18
Some Industry Statistics
  • The cost of these incidents is reported at $201,797,340 USD
  • In another survey, 17% of CIOs who experienced “external computer crime” said the attacks cost their company more than $1 million (CIO Magazine)
some industry statistics19
Some Industry Statistics
  • The results of a test in 2002 showed that, on average, it took 34 hours of forensics research to uncover and understand an unauthorized entry, while it took the cracker less than a minute to crack the system. (Honeynet Project’s Forensics Challenge)
internet security issues
Internet Security Issues
  • Securing the web server
  • Securing information that travels between the web server and the user
  • Protecting the organization’s systems
  • Protecting the user’s computer
damages of website cracking
Damages of Website Cracking
  • Theft of data.
  • Web site defacement.
  • Web site alteration, e.g., changing a sentence in the terms and conditions of an e-business service, thus exposing a company to liabilities.
other damages of cracking
Other Damages of Cracking
  • Alteration of business systems
  • Denial of service
virus infection
Virus Infection
  • Propagate by email
  • Infected through data download
  • Infected through diskettes or internal file transfer
damage caused by viruses
Damage Caused by Viruses
  • Loss of business information
  • Down time for mission critical systems
  • Loss of customer confidence
  • Unauthorized disclosure of confidential or personal information
approach to security
Approach to Security
  • Identify Risks
  • Costs of those risks
  • Costs of covering those risks
  • Make hard decisions
coverage of session26
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security
state of e business security
State of E-business Security
  • Not well defined
  • Numerous standards
  • Defining Infrastructure Helps
  • Incidents are down and spending is up – good sign
coverage of session28
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security
international pronouncement
International Pronouncement

IAPS 1013 - Electronic Commerce: Effect on the Audit of Financial Statements

  • http://www.ifac.org/Store/Details.tmpl?SID=1020391644143062&Cart=10288243744623
main points in iaps 1013
Main Points in IAPS 1013
  • Knowledge of Business
  • E-Business Infrastructure
  • System and Process Integration
  • Dependence on Internet
  • Controls over encryption
  • Legal issues
  • Impact on audit evidence
coverage of session31
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security
notes on wireless security
Notes on Wireless Security
  • Wireless LANs (WiFi) - 802.11(b)
    • WEP
  • Bluetooth
  • Cell Phones
wireless network security 802 11
Wireless Network Security (802.11)
  • Native system weak - WEP (Wired Equivalency Protocol)
  • Default is no WEP security – needs to be enabled at high encryption level
  • Set MAC Address Security
need protection from
Need Protection from
  • Denial of service attacks
  • Parking lot attacks
  • Man-in-the Middle Attacks
  • Session Hijacking
wlan security basic recommendations
WLAN Security Basic Recommendations
  • Develop a Security Policy
  • Enable WEP
  • Restrict MAC Address Access
  • Bluetooth Security
    • Profiles - Headset, LAN, PAN
    • Passkeys (unit and combination)
    • Authentication and encryption
conclusions needed for e business infrastructure security
Conclusions – Needed for e-Business Infrastructure Security
  • Infrastructure Definition and Monitoring
  • Infrastructure Level Risk/Benefit Evaluation and Implementation
  • Process for Ongoing Security Change Management
  • Oversight, Resources and Constant Vigilance
presentation for download
Presentation for Download

http://www.zorba.ca/e-Business Security.htm