Professional Documents
Culture Documents
E-security
Increased potential costumer base, Reduced paperwork and administration, Reduced time to receive orders, supply goods and
Electronic Commerce Digital Signature Electronic via Website Electronic Payment System Face-to-face Absence Difficult Detectability Special Security Protocol
Network Traffic
You may consider E-banking E-shopping E-tailing Sending and receiving orders to and from partners Loading your tax return or business activity statements or conducting other transactions with government agencies.
card numbers stolen via the Internet Information transmitted over Internet can be intercepted at any point
Overview of security needed
Businesses need to consider The basic applications such as email How to go about buying and selling online How to protect computer system and The legal issues surrounding e-business.
E-security technologies
Four basic security principles
Authenticity Security Non-repudiation Privacy or confidentiality
regulation work? Basic laws in the e-security area vary a lot across countries as do penalties Defining a money transmitter How to define a proper service level agreement (SLA) Downstream liability Issues in certification and standard setting
Risk:
Retail Payment Networks;Commercial Banks;
E-Security Vendors Capital Standards and E-Risk On-Site IT examinations Off-site processes Coordination: between regulatory agencies; between supervisors and law enforcement
Cyber-Risk Insurance Education and Prevention
12 Core Layers of proper e-security Part of proper operational risk management General axioms in layering e-security
Attacks and losses are inevitable Security buys time The network is only as secure as its weakest link
GSM Vulnerabilities
SIM-CARD
Vulnerability SMS Bombs Gateway Vulnerability WAP Vulnerability Man in the Middle Attack
Authentication technologies
Authentication technoligies rely on Something you know Something you possess Something you are a unique physical quality Password systems for authenticating identities
and communications:
Secure sockets layer (SSL) technologies Public key infrastructure (PKI) Virtual private network (VPN) Secure managed services
Technologies.
High level of security offered.
PKI Plus Biometrics Digital Signature Certificate - PKI
Mail Server
Mail Server
Mail Server
Email Users
Viruses Hacking Denials of services Dumping Port scanning and sniffing Method of protection - firewall
Thanks!
CBRC