SlideShare a Scribd company logo

Maloney Slides

Download as PPT, PDF
E
ecommerce

Security is a critical enabler for e-commerce. Poor security can negatively impact businesses through lack of consumer confidence, loss of profits, damage to reputation, and even bankruptcy for companies relying heavily on online transactions. While technical security solutions are important, many e-commerce security issues relate to people and processes. To ensure security, organizations should implement baseline controls, define security roles and responsibilities, conduct regular reviews, and maintain vigilance through updates.

EducationTechnologyBusiness
1 of 27
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Security and International E-Commerce Jim Maloney [email_address] November 2000 SecurityPortal The focal point for security on the Net ™
Agenda Security and e-commerce Security defined General security threats to e-commerce International security issues Key elements of a security solution Recommended security approach Summary
Why is security important for E-Commerce? Increased Exposure, Threats, Vulnerabilities, Privacy Concerns Increased Bandwidth Expanded Access ASP Delivery Model Tech-Savvy Culture Mobile Society Increased E-Business Opportunities Sophisticated Applications Customer-Centric Business Models Ubiquitous Internet
Old economy view of security In the “Old Economy” computing security was often viewed as a discretionary element of the business The focus was on protection of information systems and data
New economy view of security In the “New Economy” computing security is viewed as a strategic element of the business The focus is on enabling new ways of doing business and value creation And from a protection perspective, security is now protecting the entire business, not just its information systems
A working definition of security Confidentiality – the protection of private data on hosts or in transit Integrity - the system does not corrupt information or allow unauthorized malicious or accidental changes to information Availability - the computer system’s hardware and software keeps working efficiently and the system is able to recover quickly and completely if a disaster occurs Accountability - the ability to determine who is responsible for the result of an action
General security threats to e-commerce Web site defacement Denial of service Theft of customer data Theft of intellectual property Sabotage of data or networks Financial fraud
Resulting business impact Lack of consumer confidence if there are any real or perceived security issues Loss of profits due to last minute security implementations Damage to image and reputation if you have a visible security incident Bankruptcy if the majority of your business transactions occur online Benefits to competitors if your level of security is perceived to be inadequate
International security issues Regulations and policies Education and awareness Cultural norms Access modes Local government stance on cyber crime
Regulations and policies Encryption laws vary greatly from country to country. This can impact both the availability and use of the appropriate technology. http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm Privacy and consumer protection laws also vary greatly from country to country. These laws control how personal data can be used and shared. Can lead to substantial fines if violations occur. http://www.gilc.org/privacy/survey
Education and awareness While malicious, external security attacks get most of the publicity, it is often employee mistakes and oversights that cause security issues Security awareness education for all employees, and specific training for your IT team, can be an excellent defense for both internal and external incidents A recent survey showed that 86% of Shanghai’s networks had security products installed, but less that 2% of the network professionals actually knew how to protect their networks from intruders
Cultural norms Limited work hours for support and emergency response services Being “on-call” Multi-shift operations (24/7) History of not protecting intellectual property Electronic documents Software CDs and DVDs
Access modes There is a rapid increase in the number of users accessing the internet via wireless devices such as cell phones In addition to their small size, portable wireless devices have limited processing power, limited memory and a limited power supply These characteristics lead to several security challenges
Access modes – continued With very limited keyboards and screens, cell phones and handhelds will require new authentication schemes to replace user names and passwords New schemes may include screen-based biometrics, embedded certificates, hardware tokens, web cookies and PINs These devices are viewed as likely platforms for viruses that can be carried from network to network without detection
Access modes - continued Data moving through air is vulnerable to interception using relatively inexpensive equipment The portability of these devices increases the need for physical security and authentication
Local government stance on cyber crime Singapore – Very detailed statutes regarding penalties for criminal hacking Brazil – No special laws against cyber crime (and a very active hacking community) The Philippines had no anti-hacking laws until the “Lovebug” virus was traced back to their country Interpol is working to establish international standards for cyber crime legislation http://www.mossbyrett.of.no/info/legal.html
Asia/Pacific perspective Factors accelerating adoption of security Growth of e-commerce in this region Government initiatives supporting security Recognition of the need for security guidelines, regulations and products that enable interoperability
Asia/Pacific perspective - continued Factors inhibiting the adoption of security Lack of integrated security solutions that can span systems and regions Lack of awareness of security issues and solutions
Security is more than technology Process Technology Monitor Respond Anticipate Defend People
Security is an attribute, not a component System Management and Security Network & Networking Services Hardware & Operating System App App App App User Interface Application Development Environment Information Management Distribution Services
General security approach Develop accurate and complete policies that span the supply chain Make sure that all employees understand the importance of computing security Define clear roles and responsibilities for e-commerce security Perform regular audits, reviews and assessments of security Don’t ignore the physical security of your systems
General security approach - continued Implement and maintain a set of baseline controls for your e-commerce system Implement user ID and authentication via strong passwords, secure tokens or biometrics Have backup and recovery plans in place
Secure web site development tips Include security as part of requirements gathering Include security as part of the architecture Be careful with embedded components Never trust incoming data Provide help to users Use code reviews Be aware of privacy and encryption laws Stay up-to-date on new risks, threat and vulnerabilities Document your security solution
Secure web site development references Recent articles on SecurityPortal: Best Practices for Secure Web Development (parts I and II) Web Security & Commerce (O'Reilly Nutshell) by Simson Garfinkel, Gene Spafford Web Security: A Step-by-Step Reference Guide by Lincoln D. Stein
Summary Security is a critical enabler for e-commerce The negative impact of poor security can be substantial Many of the issues and solutions regarding secure international e-commerce are people and process related, not technical Security is a key attribute of a system that must be designed in, not added on later Maintaining a secure web site requires continuous vigilance
Bibliography E-Business Security: An Essential Element in the Post-Year 2000 World. Gartner Group Research Report, April 17, 2000. The Net Present Value of Security. AtomicTangerine Special Report, October 11, 2000. International Ecommerce. SecurityPortal cover story, November 5, 2000. Information Security: The E-Commerce Driver. Dataquest Market Analysis, January 10, 2000. E-Business Impact on Security Technology and Practices. Gartner Group Research Note, November 11, 1999. Security Services in the Connected Age: From the basement to the boardroom. Gartner Group Market Analysis, July 4, 2000.
Bibliography - Continued Shanghai to Enhance Information Security. http://www. nikkeibp . asiabiztech .com , February 15, 2000. Wireless Security: Locking Down the Wavelengths. Information Security Magazine, October 2000. Do Handhelds Need Virus Protection? PCWorld.com, June 29, 2000. Best Practices for Secure Web Development. http:// securityportal .com/cover/coverstory20001030.html , October 30, 2000. Best Practices for Secure Web Development: Technical Details. http:// securityportal .com/articles/webdev20001103.html , November 10, 2000.

More Related Content

PPTX
Information Security : Is it an Art or a Science
Pankaj Rane
 
PPTX
Cybersecurity in the Era of IoT
Amy Daly
 
PPTX
IT compliance
Phan Vuong
 
PPT
Information security.pptx
Veer Rengu korku Govt. College Khaknar
 
PDF
CyberSecurity_for_the_IoT
Abdullahi Arabo Jr (MEng, MBCS, PhD)
 
PPTX
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
PDF
The importance of information security
ethanBrownusa
 
PPTX
Information Security
steffiann88
 
Information Security : Is it an Art or a Science
Pankaj Rane
 
Cybersecurity in the Era of IoT
Amy Daly
 
IT compliance
Phan Vuong
 
Information security.pptx
Veer Rengu korku Govt. College Khaknar
 
CyberSecurity_for_the_IoT
Abdullahi Arabo Jr (MEng, MBCS, PhD)
 
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
The importance of information security
ethanBrownusa
 
Information Security
steffiann88
 

What's hot (19)

PPTX
Information & Cyber Security Risk
Murray Security Services
 
PPT
Information Technology Policy for Corporates - Need of the Hour
Vijay Dalmia
 
PDF
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
PPTX
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
PPTX
Maloney slides
Onkar Sule
 
PDF
Information Security
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
PPTX
Importance Of A Security Policy
charlesgarrett
 
PPTX
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
DOCX
The Role of Information Security Policy
Robot Mode
 
PPTX
INFORMATION SECURITY
Ahmed Moussa
 
PPT
S nandakumar
IPPAI
 
PPT
S nandakumar_banglore
IPPAI
 
PPT
Introduction to information security
Dhani Ahmad
 
PPTX
Information Systems Policy
Ali Sadhik Shaik
 
PDF
Information Security and Privacy - Public Sector actions, policies and regula...
The University of Texas (UTRGV)
 
PDF
Chapter 1 introduction(web security)
Kirti Ahirrao
 
PDF
Your organization is at risk! Upgrade your IT security & IT governance now.
Cyril Soeri
 
PPT
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Eric Vanderburg
 
PPTX
20100224 Presentation at RGIT Mumbai - Information Security Awareness
Dinesh O Bareja
 
Information & Cyber Security Risk
Murray Security Services
 
Information Technology Policy for Corporates - Need of the Hour
Vijay Dalmia
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
Maloney slides
Onkar Sule
 
Information Security
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Importance Of A Security Policy
charlesgarrett
 
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
The Role of Information Security Policy
Robot Mode
 
INFORMATION SECURITY
Ahmed Moussa
 
S nandakumar
IPPAI
 
S nandakumar_banglore
IPPAI
 
Introduction to information security
Dhani Ahmad
 
Information Systems Policy
Ali Sadhik Shaik
 
Information Security and Privacy - Public Sector actions, policies and regula...
The University of Texas (UTRGV)
 
Chapter 1 introduction(web security)
Kirti Ahirrao
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Cyril Soeri
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Eric Vanderburg
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
Dinesh O Bareja
 
Ad

Similar to Maloney Slides (20)

PDF
Ijnsa050215
IJNSA Journal
 
PPTX
Ecommerce security
politegcuf
 
PPTX
Security Threats which security threat is any potential danger that can explo...
gargyashika2023
 
PPTX
protection & security of e-commerce ...
Rishav Gupta
 
PPTX
WK8.pptx
AlphaKoiSylvester
 
PDF
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
PPT
Security&reliability
caca1009
 
PPT
Principles of Electronic Commerce_Unit_III.ppt
Sathishkumar Jaganathan
 
PDF
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
IJNSA Journal
 
PPTX
Risks & secutiry in e commerce
Arti Parab Academics
 
PPTX
Security for e commerce
Mohsin Ahmad
 
PPTX
E commerce
DrSelvamohanaK
 
PPT
Chapter three e-security
Marya Sholevar
 
PPTX
laudon-traver-ec17-ppt-ch05-accessible-dg-revised-hw1z.pptx
Amit Kumar Agrawal
 
PPTX
laudon-traver-ec17-ppt-ch05-accessible-dg-revised-hw1z.pptx
kingahsankhan02
 
PPTX
laudon-traver-ec17-ppt-ch05-accessible-dg-revised-hw1z.pptx
kingahsankhan02
 
PDF
E-Commerce Privacy and Security System
IJERA Editor
 
PDF
E-Commerce Privacy and Security System
IJERA Editor
 
PPTX
Security issues in E-commerce
nikitaTahilyani1
 
PPT
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
Ijnsa050215
IJNSA Journal
 
Ecommerce security
politegcuf
 
Security Threats which security threat is any potential danger that can explo...
gargyashika2023
 
protection & security of e-commerce ...
Rishav Gupta
 
WK8.pptx
AlphaKoiSylvester
 
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
Security&reliability
caca1009
 
Principles of Electronic Commerce_Unit_III.ppt
Sathishkumar Jaganathan
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
IJNSA Journal
 
Risks & secutiry in e commerce
Arti Parab Academics
 
Security for e commerce
Mohsin Ahmad
 
E commerce
DrSelvamohanaK
 
Chapter three e-security
Marya Sholevar
 
laudon-traver-ec17-ppt-ch05-accessible-dg-revised-hw1z.pptx
Amit Kumar Agrawal
 
laudon-traver-ec17-ppt-ch05-accessible-dg-revised-hw1z.pptx
kingahsankhan02
 
laudon-traver-ec17-ppt-ch05-accessible-dg-revised-hw1z.pptx
kingahsankhan02
 
E-Commerce Privacy and Security System
IJERA Editor
 
E-Commerce Privacy and Security System
IJERA Editor
 
Security issues in E-commerce
nikitaTahilyani1
 
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
Ad

More from ecommerce (19)

PPT
E Commerce14a(2)
ecommerce
 
PPT
E Com Center Klagenfurt
ecommerce
 
PPT
Ecommerce1
ecommerce
 
PPT
Cybercrime
ecommerce
 
PPT
E Commerce14a
ecommerce
 
PPT
B Hkorba
ecommerce
 
PPT
Am Cham Taipei Sept2004
ecommerce
 
PPT
Ecommerce(3)
ecommerce
 
PPT
Nordin Malaysia
ecommerce
 
PPT
B4 Gusmeroli
ecommerce
 
PPT
Ecommerce(2)
ecommerce
 
PPT
E Commerce052503
ecommerce
 
PPT
Wsis Alf C7 Unctad
ecommerce
 
PPT
Ecommerce
ecommerce
 
PPT
Documentation Set Up
ecommerce
 
PPT
Ecommerce Overview
ecommerce
 
PPT
Napier
ecommerce
 
PPT
S719a
ecommerce
 
PPT
Mea1
ecommerce
 
E Commerce14a(2)
ecommerce
 
E Com Center Klagenfurt
ecommerce
 
Ecommerce1
ecommerce
 
Cybercrime
ecommerce
 
E Commerce14a
ecommerce
 
B Hkorba
ecommerce
 
Am Cham Taipei Sept2004
ecommerce
 
Ecommerce(3)
ecommerce
 
Nordin Malaysia
ecommerce
 
B4 Gusmeroli
ecommerce
 
Ecommerce(2)
ecommerce
 
E Commerce052503
ecommerce
 
Wsis Alf C7 Unctad
ecommerce
 
Ecommerce
ecommerce
 
Documentation Set Up
ecommerce
 
Ecommerce Overview
ecommerce
 
Napier
ecommerce
 
S719a
ecommerce
 
Mea1
ecommerce
 

Recently uploaded (20)

PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
Trump Administration's workforce development strategy
Mebane Rash
 
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 

Maloney Slides

  • 1. Security and International E-Commerce Jim Maloney [email_address] November 2000 SecurityPortal The focal point for security on the Net ™
  • 2. Agenda Security and e-commerce Security defined General security threats to e-commerce International security issues Key elements of a security solution Recommended security approach Summary
  • 3. Why is security important for E-Commerce? Increased Exposure, Threats, Vulnerabilities, Privacy Concerns Increased Bandwidth Expanded Access ASP Delivery Model Tech-Savvy Culture Mobile Society Increased E-Business Opportunities Sophisticated Applications Customer-Centric Business Models Ubiquitous Internet
  • 4. Old economy view of security In the “Old Economy” computing security was often viewed as a discretionary element of the business The focus was on protection of information systems and data
  • 5. New economy view of security In the “New Economy” computing security is viewed as a strategic element of the business The focus is on enabling new ways of doing business and value creation And from a protection perspective, security is now protecting the entire business, not just its information systems
  • 6. A working definition of security Confidentiality – the protection of private data on hosts or in transit Integrity - the system does not corrupt information or allow unauthorized malicious or accidental changes to information Availability - the computer system’s hardware and software keeps working efficiently and the system is able to recover quickly and completely if a disaster occurs Accountability - the ability to determine who is responsible for the result of an action
  • 7. General security threats to e-commerce Web site defacement Denial of service Theft of customer data Theft of intellectual property Sabotage of data or networks Financial fraud
  • 8. Resulting business impact Lack of consumer confidence if there are any real or perceived security issues Loss of profits due to last minute security implementations Damage to image and reputation if you have a visible security incident Bankruptcy if the majority of your business transactions occur online Benefits to competitors if your level of security is perceived to be inadequate
  • 9. International security issues Regulations and policies Education and awareness Cultural norms Access modes Local government stance on cyber crime
  • 10. Regulations and policies Encryption laws vary greatly from country to country. This can impact both the availability and use of the appropriate technology. http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm Privacy and consumer protection laws also vary greatly from country to country. These laws control how personal data can be used and shared. Can lead to substantial fines if violations occur. http://www.gilc.org/privacy/survey
  • 11. Education and awareness While malicious, external security attacks get most of the publicity, it is often employee mistakes and oversights that cause security issues Security awareness education for all employees, and specific training for your IT team, can be an excellent defense for both internal and external incidents A recent survey showed that 86% of Shanghai’s networks had security products installed, but less that 2% of the network professionals actually knew how to protect their networks from intruders
  • 12. Cultural norms Limited work hours for support and emergency response services Being “on-call” Multi-shift operations (24/7) History of not protecting intellectual property Electronic documents Software CDs and DVDs
  • 13. Access modes There is a rapid increase in the number of users accessing the internet via wireless devices such as cell phones In addition to their small size, portable wireless devices have limited processing power, limited memory and a limited power supply These characteristics lead to several security challenges
  • 14. Access modes – continued With very limited keyboards and screens, cell phones and handhelds will require new authentication schemes to replace user names and passwords New schemes may include screen-based biometrics, embedded certificates, hardware tokens, web cookies and PINs These devices are viewed as likely platforms for viruses that can be carried from network to network without detection
  • 15. Access modes - continued Data moving through air is vulnerable to interception using relatively inexpensive equipment The portability of these devices increases the need for physical security and authentication
  • 16. Local government stance on cyber crime Singapore – Very detailed statutes regarding penalties for criminal hacking Brazil – No special laws against cyber crime (and a very active hacking community) The Philippines had no anti-hacking laws until the “Lovebug” virus was traced back to their country Interpol is working to establish international standards for cyber crime legislation http://www.mossbyrett.of.no/info/legal.html
  • 17. Asia/Pacific perspective Factors accelerating adoption of security Growth of e-commerce in this region Government initiatives supporting security Recognition of the need for security guidelines, regulations and products that enable interoperability
  • 18. Asia/Pacific perspective - continued Factors inhibiting the adoption of security Lack of integrated security solutions that can span systems and regions Lack of awareness of security issues and solutions
  • 19. Security is more than technology Process Technology Monitor Respond Anticipate Defend People
  • 20. Security is an attribute, not a component System Management and Security Network & Networking Services Hardware & Operating System App App App App User Interface Application Development Environment Information Management Distribution Services
  • 21. General security approach Develop accurate and complete policies that span the supply chain Make sure that all employees understand the importance of computing security Define clear roles and responsibilities for e-commerce security Perform regular audits, reviews and assessments of security Don’t ignore the physical security of your systems
  • 22. General security approach - continued Implement and maintain a set of baseline controls for your e-commerce system Implement user ID and authentication via strong passwords, secure tokens or biometrics Have backup and recovery plans in place
  • 23. Secure web site development tips Include security as part of requirements gathering Include security as part of the architecture Be careful with embedded components Never trust incoming data Provide help to users Use code reviews Be aware of privacy and encryption laws Stay up-to-date on new risks, threat and vulnerabilities Document your security solution
  • 24. Secure web site development references Recent articles on SecurityPortal: Best Practices for Secure Web Development (parts I and II) Web Security & Commerce (O'Reilly Nutshell) by Simson Garfinkel, Gene Spafford Web Security: A Step-by-Step Reference Guide by Lincoln D. Stein
  • 25. Summary Security is a critical enabler for e-commerce The negative impact of poor security can be substantial Many of the issues and solutions regarding secure international e-commerce are people and process related, not technical Security is a key attribute of a system that must be designed in, not added on later Maintaining a secure web site requires continuous vigilance
  • 26. Bibliography E-Business Security: An Essential Element in the Post-Year 2000 World. Gartner Group Research Report, April 17, 2000. The Net Present Value of Security. AtomicTangerine Special Report, October 11, 2000. International Ecommerce. SecurityPortal cover story, November 5, 2000. Information Security: The E-Commerce Driver. Dataquest Market Analysis, January 10, 2000. E-Business Impact on Security Technology and Practices. Gartner Group Research Note, November 11, 1999. Security Services in the Connected Age: From the basement to the boardroom. Gartner Group Market Analysis, July 4, 2000.
  • 27. Bibliography - Continued Shanghai to Enhance Information Security. http://www. nikkeibp . asiabiztech .com , February 15, 2000. Wireless Security: Locking Down the Wavelengths. Information Security Magazine, October 2000. Do Handhelds Need Virus Protection? PCWorld.com, June 29, 2000. Best Practices for Secure Web Development. http:// securityportal .com/cover/coverstory20001030.html , October 30, 2000. Best Practices for Secure Web Development: Technical Details. http:// securityportal .com/articles/webdev20001103.html , November 10, 2000.