Emerging GROUP & sELF REFLECTION

profileLionking
Group7.pptx
Home>Information Systems homework help>Emerging GROUP & sELF REFLECTION

EVALUATION OF SECURITY THREATS IN E-COMMERCE

BY

Suryaprakash Reddy Gottimukkula

Srinath Kumar Kavuri

Parameswara Rao Mallela

Eswar Pranai Kumar Shaganti

Manisha Tavva

Vasanth Kumar Reddy Thipparthi

INTRODUCTION

Buying and selling of goods using internet transactions.

Data security plays a key role in E-Commerce businesses.

Solomon Enterprises business model has Merchant infrastructure, Customer browser, Payment Solution Provider. (Good & Schultz, 2003)

PSP is the platform where all the transactions takes place. Data must be properly secured from hackers.

INTRODUCTION Cont.

Know the location of all your cardholder data.

If you don’t need it, don’t store it.

Evaluation of risks associated with E-Commerce.

Service provider remote access to Merchant Environment.

Consumer awareness.

ADMINISTRATIVE CONTROLS

Appropriate administrative security controls must also be implemented to ensure the confidentiality, availability, and integrity of the Organization's CCI maintained by Suppliers

An adequate information security program

Vulnerability assessments and penetration testing conducted regularly.

All users who access systems that contain GDS/mask data or test programs must have a unique ID; sharing of account logins and access shall not be permitted

User authentication and maintenance of multiple levels of access controls shall be required

NETWORK SECURITY TOOLS

Few of network security monitoring tools:

SFTP

ARGUS

NESSUS

PHYSICAL THREATS

Physical security deals with who has access to buildings, computer rooms and devices within them

Physical threats areas include but not limited to

Weather

Fire/chemical

Earth movement

structural failure

Energy

Biological

Human (Chen, Dong, Li, Zhang, Chen & Ceo, 2014)

PHYSICAL SECURITY CONTROLS

Physical security deals with who has access to buildings, computer rooms and devices within them (Akanni 2019).

Physical security controls include but not limited to

Perimeter security controls,

Badging/Biometrics,

Keys and combination locks,

Security Dogs,

Lighting

TECHNICAL CONTROLS

First line of defense for an e-commerce company.

Next-Gen firewalls.

Web Application Firewalls.

Two Factor Authentication (2FA).

Password policies

TECHNICAL CONTROLS Cont…

Security Information and Event Management System (SIEM),

Event log parser/aggregators (Hunt, 2002).

Host based IDS/IPS/AV.

PKI and Encryption.

SECURITY POLICIES

Media destruction policy

Vulnerability scan policy

Incident response policy

Acceptable use policy

U.S. COMPLIANCE LAWS

Gramm-Leach-Bliley Act (GLBA)

Governance

Information Security risk assessment

Information Security Strategy

Security controls implementation

Security monitoring

Security monitoring and updating

INDUSTRY STANDARDS

Payment Card Industry Data Security Standard (PCI DSS)

Maintain a secure network

Protect cardholder data

Vulnerability Management program

Strong access control measures.

Monitor and test networks

Maintain an information security policy

CONCLUSION

Number of people using these services is increasing each day as the global population is embracing technology.

E-Commerce must have an enterprise-wide model that addresses all security needs

Protecting E-commerce from unauthorized access and data disclosure

REFERENCES

Chen, Z., Dong, W., Li, H., Zhang, P., Chen, X., & Cao, J. (2014). Collaborative network security in multi-tenant data center for cloud computing. Tsinghua Science and Technology, 19(1), 82-94.

AKANNI, A. (2019). PROTECTION OF CYBER PHYSICAL SYSTEMS WITH BIOMETRICS.

Good. D. & Schultz. R. (2003). E-commerce strategies for B2B service firm in the global

environment. American Business Review, 20(2).

Hunt, R. (2002). PKI and Digital Certification Infrastructure . Proceedings of the 9th IEEE International Conference on Networks.