ch5
Perform a risk assessment
First, an inventory of the information and knowledge assets of a company is taken, and a dollar value amount is placed on each asset. Then, this amount is multiplied by the estimated probability that the information could be compromised. This computation is used to produce a ranked list of the information assets of the firm prioritized by their value.
PayPal is the most popular alternative payment method in the United States.
true
There is a finite number of Bitcoins that can be created
true
Authenticity
Authenticity is the ability to identify the identity of a person or entity you are transacting with on the Internet. One instance of an authenticity security breach is "spoofing," in which someone uses a fake e-mail address, or poses as someone else. This can also involve redirecting a Web link to a different address.
The cost to merchants for accepting on line credit card transactions is approximately how much?
Between 3% and 5%
Which of the six dimensions of e-commerce security refers to the ability to identify the person or entity with whom you are dealing on the Internet?
authenticity
Privacy
The ability to control the use of information a customer provides about him or herself to an e-commerce merchant. An example of a privacy security breach is a hacker breaking into an e-commerce site and gaining access to credit card or other customer information. This violates the confidentiality of the data and also the privacy of the people who supplied the data.
Nonrepudiation
The ability to ensure that e-commerce participants do not deny their online actions. An example of a repudiation incident would be a customer ordering merchandise online and later denying that he or she had done so. The credit card issuer will usually side with the customer because the merchant has no legally valid proof that the customer ordered the merchandise.
Confidentiality
The ability to ensure that messages and data are available only to authorized viewers. One type of confidentiality security breach is "sniffing" in which a program is used to steal proprietary information on a network including e-mail messages, company files, or confidential reports.
Develop an implementation plan
The actions that must be taken to achieve the security plan goals must be set out. The tools, technologies, policies, and procedures needed to achieve the acceptable levels of risk must be developed.
Availability
This is the ability to ensure that an e-commerce site continues to function as intended. One availability security breach is a DoS (Denial of Service) attack in which hackers flood a Web site with useless traffic that causes it to shut down, making it impossible for users to access the site.
integrity
This is the ability to ensure that information being displayed on a Web site or being transmitted/received over the Internet has not been altered in any way by an unauthorized party. One type of integrity security breach would be an unauthorized person intercepting and redirecting a bank wire transfer into a different account.
All of the following are limitations of the existing online credit card payment system except
cost to customers
more security measures added to an e-commerce site, the faster and easier it becomes to use (t/f)
false
Which of the six dimensions of e-commerce security is spoofing a threat to?
integrity and authenticity
What is the first step in developing an e-commerce security plan
preform a risk assesment
What is the most frequent cause of stolen credit cards and card information today
the hacking and looting of corporate servers storing credit card information
Perform a security audit
A security audit must be conducted to identify how outsiders are using the site and how insiders are accessing the site's assets. A monthly report should be generated that will establish the routine and non-routine accesses to the system and identify any unusual patterns.
Why are consumers able to dispute on line credit card charges leaving the merchant without payment despite having shipped the merchandise
On line merchants never see the actual credit card, do not take an impression nor collect a signature
The five steps in developing an e-commerce security plan are:
Perform a risk assessment, Develop a security policy, Develop an implementation plan, Create a security organization, Perform a security audit:
Create a security organization
A security organization must be established that will train users and keep management apprised of the security threats and breakdowns. The access controls that will determine who can gain legitimate access to the firm's networks and the authentication procedures that will be used to protect data from intruders must be determined. Authorization policies must also be established for the differing levels of access to information assets for different users.
Develop a security policy
A set of statements should be developed that prioritizes the information risks, identifies acceptable risk targets, and sets out the goals for achieving these targets. Included in the security policy should be a list of the personnel who are or will be entrusted with the information assets. It should also include a description of the security policies that presently exist for these assets and suggestions for improvements. Finally, it should outline the level of risk the firm is willing to accept for each asset, and the estimated cost to achieve this level of acceptable risk.