Secure e-Business Infrastructure - PowerPoint PPT Presentation

1 / 38
About This Presentation
Title:

Secure e-Business Infrastructure

Description:

Secure e-Business Infrastructure Gerald Trites, CA*CISA, FCA Professor of Accounting and Information Systems St Francis Xavier University Coverage of Session What is ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 39
Provided by: zorbaCae
Category:

less

Transcript and Presenter's Notes

Title: Secure e-Business Infrastructure


1
Secure e-Business Infrastructure
  • Gerald Trites, CACISA, FCA
  • Professor of Accounting and Information Systems
  • St Francis Xavier University

2
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security

3
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security

4
Definition of e-Business
  • In a very broad and general sense, electronic
    business has often been defined as any business
    carried out in electronic form.
  • e-Business is the complex fusion of business
    processes, enterprise applications, and
    organizational structure necessary to create a
    high-performance business model. - Kalakota and
    Robinson

5
Components of e-Business
  • Strategic internet commerce
  • Collaborative commerce
  • Mobile Commerce
  • E-Business involves a technological and business
    infrastructure

6
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security

7
E-business Infrastructure - Definitions
  • Basis for security strategy
  • Definition - IBM paper (pg 15)
  • Dell - http//www.dell.com/us/en/esg/topics/produc
    ts_infrastructure_arc_pedge_000_internet-infra.htm

8
Infrastructure a broader perspective
  • Hardware and operating systems
  • Networking infrastructure and technology
  • Intranets, extranets, shared technologies,
    policies, collaboration, including wireless
  • Enterprise resource planning
  • Data management- Data warehousing - Business
    intelligence applications
  • Web infrastructure and Internet applications
  • Software and related infrastructure

9
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security

10
What is meant by e-Business Security
  • The infrastructure as a whole must be secure
  • IAPS 1013 Para 9
  • Policies
  • Risk/Benefit Approach
  • Administration

11
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security

12
E-Business Risks
  • We will address the incremental risks of
    E-business.
  • Risks that apply to traditional IT also apply to
    e-business. Some of the controls to address the
    incremental risks also apply to traditional risks.

13
General e-Business Security Risks
  • Web/Internet exposure
  • Access to back office systems
  • Integration of collaborative systems
  • Particular importance of encryption, digital
    certificates, PKI, etc.
  • Growth of wireless

14
E-Business Risks
  • Incomplete transactions because of network
    breakdown.
  • Incomplete or inaccurate transactions because of
    cracker interception.

15
E-Business Risks
  • Unauthorized transactions
  • Unauthorized access to confidential or personal
    information

16
E-business Risks
  • Parties denying transactions because of
    insufficient audit trail
  • Inadequate participation by customers and
    stakeholders because of lack of confidence in
    information security, privacy and system
    reliability
  • Embarrassment caused by crackers

17
Some Industry Statistics
  • In the 2003 Computer Crime and Security Survey
    of the CSI, 56 of the respondents acknowledged
    financial losses due to customer breaches.
  • In the same survey, 46 of respondents detected
    system penetration from the outside and 45 from
    the inside.

18
Some Industry Statistics
  • The cost of these incidents is reported at
    201,797,340 USD
  • In another survey, 17 of CIOs who experienced
    external computer crime said the attacks cost
    their company more than 1 million (CIO Magazine)

19
Some Industry Statistics
  • The results of a test in 2002 showed that, on
    average, it took 34 hours of forensics research
    to uncover and understand an unauthorized entry,
    while it took the cracker less than a minute to
    crack the system. (Honeynet Projects Forensics
    Challenge)

20
Internet Security Issues
  • Securing the web server
  • Securing information that travels between the web
    server and the user
  • Protecting the organizations systems
  • Protecting the users computer

21
Damages of Website Cracking
  • Theft of data.
  • Web site defacement.
  • Web site alteration, e.g., changing a sentence in
    the terms and conditions of an e-business
    service, thus exposing a company to liabilities.

22
Other Damages of Cracking
  • Alteration of business systems
  • Denial of service

23
Virus Infection
  • Propagate by email
  • Infected through data download
  • Infected through diskettes or internal file
    transfer

24
Damage Caused by Viruses
  • Loss of business information
  • Down time for mission critical systems
  • Loss of customer confidence
  • Unauthorized disclosure of confidential or
    personal information

25
Approach to Security
  • Identify Risks
  • Costs of those risks
  • Costs of covering those risks
  • Make hard decisions

26
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security

27
State of E-business Security
  • Not well defined
  • Numerous standards
  • Defining Infrastructure Helps
  • Incidents are down and spending is up good sign

28
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security

29
International Pronouncement
  • IAPS 1013 - Electronic Commerce Effect on the
    Audit of Financial Statements
  • http//www.ifac.org/Store/Details.tmpl?SID1020391
    644143062Cart10288243744623

30
Main Points in IAPS 1013
  • Knowledge of Business
  • E-Business Infrastructure
  • System and Process Integration
  • Dependence on Internet
  • Controls over encryption
  • Legal issues
  • Impact on audit evidence

31
Coverage of Session
  • What is meant by e-Business
  • What is meant by E-Business Infrastructure
  • What is meant by e-Business Security
  • Security - Risks and Benefits
  • State of E-business Security
  • Professional Standards
  • Notes on Wireless Security

32
Notes on Wireless Security
  • Wireless LANs (WiFi) - 802.11(b)
  • WEP
  • Bluetooth
  • Cell Phones

33
Wireless Network Security (802.11)
  • Native system weak - WEP (Wired Equivalency
    Protocol)
  • Default is no WEP security needs to be enabled
    at high encryption level
  • Set MAC Address Security

34
Need Protection from
  • Denial of service attacks
  • Parking lot attacks
  • Man-in-the Middle Attacks
  • Session Hijacking

35
WLAN Security Basic Recommendations
  • Develop a Security Policy
  • Enable WEP
  • Restrict MAC Address Access
  • Bluetooth Security
  • Profiles - Headset, LAN, PAN
  • Passkeys (unit and combination)
  • Authentication and encryption

36
Conclusions Needed for e-Business
Infrastructure Security
  • Infrastructure Definition and Monitoring
  • Infrastructure Level Risk/Benefit Evaluation and
    Implementation
  • Process for Ongoing Security Change Management
  • Oversight, Resources and Constant Vigilance

37
Presentation for Download
  • http//www.zorba.ca/e-Business Security.htm

38
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com