Emerging GROUP & sELF REFLECTION
EVALUATION OF SECURITY THREATS IN E-COMMERCE
BY
Suryaprakash Reddy Gottimukkula
Srinath Kumar Kavuri
Parameswara Rao Mallela
Eswar Pranai Kumar Shaganti
Manisha Tavva
Vasanth Kumar Reddy Thipparthi
INTRODUCTION
Buying and selling of goods using internet transactions.
Data security plays a key role in E-Commerce businesses.
Solomon Enterprises business model has Merchant infrastructure, Customer browser, Payment Solution Provider. (Good & Schultz, 2003)
PSP is the platform where all the transactions takes place. Data must be properly secured from hackers.
INTRODUCTION Cont.
Know the location of all your cardholder data.
If you don’t need it, don’t store it.
Evaluation of risks associated with E-Commerce.
Service provider remote access to Merchant Environment.
Consumer awareness.
ADMINISTRATIVE CONTROLS
Appropriate administrative security controls must also be implemented to ensure the confidentiality, availability, and integrity of the Organization's CCI maintained by Suppliers
An adequate information security program
Vulnerability assessments and penetration testing conducted regularly.
All users who access systems that contain GDS/mask data or test programs must have a unique ID; sharing of account logins and access shall not be permitted
User authentication and maintenance of multiple levels of access controls shall be required
NETWORK SECURITY TOOLS
Few of network security monitoring tools:
SFTP
ARGUS
NESSUS
PHYSICAL THREATS
Physical security deals with who has access to buildings, computer rooms and devices within them
Physical threats areas include but not limited to
Weather
Fire/chemical
Earth movement
structural failure
Energy
Biological
Human (Chen, Dong, Li, Zhang, Chen & Ceo, 2014)
PHYSICAL SECURITY CONTROLS
Physical security deals with who has access to buildings, computer rooms and devices within them (Akanni 2019).
Physical security controls include but not limited to
Perimeter security controls,
Badging/Biometrics,
Keys and combination locks,
Security Dogs,
Lighting
TECHNICAL CONTROLS
First line of defense for an e-commerce company.
Next-Gen firewalls.
Web Application Firewalls.
Two Factor Authentication (2FA).
Password policies
TECHNICAL CONTROLS Cont…
Security Information and Event Management System (SIEM),
Event log parser/aggregators (Hunt, 2002).
Host based IDS/IPS/AV.
PKI and Encryption.
SECURITY POLICIES
Media destruction policy
Vulnerability scan policy
Incident response policy
Acceptable use policy
U.S. COMPLIANCE LAWS
Gramm-Leach-Bliley Act (GLBA)
Governance
Information Security risk assessment
Information Security Strategy
Security controls implementation
Security monitoring
Security monitoring and updating
INDUSTRY STANDARDS
Payment Card Industry Data Security Standard (PCI DSS)
Maintain a secure network
Protect cardholder data
Vulnerability Management program
Strong access control measures.
Monitor and test networks
Maintain an information security policy
CONCLUSION
Number of people using these services is increasing each day as the global population is embracing technology.
E-Commerce must have an enterprise-wide model that addresses all security needs
Protecting E-commerce from unauthorized access and data disclosure
REFERENCES
Chen, Z., Dong, W., Li, H., Zhang, P., Chen, X., & Cao, J. (2014). Collaborative network security in multi-tenant data center for cloud computing. Tsinghua Science and Technology, 19(1), 82-94.
AKANNI, A. (2019). PROTECTION OF CYBER PHYSICAL SYSTEMS WITH BIOMETRICS.
Good. D. & Schultz. R. (2003). E-commerce strategies for B2B service firm in the global
environment. American Business Review, 20(2).
Hunt, R. (2002). PKI and Digital Certification Infrastructure . Proceedings of the 9th IEEE International Conference on Networks.