Chapter 4 Flashcards
What are the 6 key dimensions to e-commerce?
- Integrity - ability to ensure that information displayed on the Web has not been altered in any way by an unauthorized party
- Nonrepudiation - ability to ensure e-commerce participants do not deny their online actions
- Authenticity - refers to the ability to identify the identity of a person whom you are dealing on the Internet
- Confidentiality - ability to ensure messages and data are available only to those who are authorized to view them
- Privacy
- Availability - ability to ensure that an e-commerce site continues to function as intended
What are the two areas where there are tensions between security and Web site operations?
Ease of use - the more security measures that are added to an e-commerce site the more difficult it is to use and the slower the site becomes, hampering the ease of use
Public saftey - tension between the claims of individuals to act anonymously and the needs of public officials to maintain public saftey that can be threatened by criminals or terrorists
What are the key security threats in the e-commerce environment?
- Malicious code - viruses, worms, trojan horses and ransomware
- Potentially unwanted programs (PUPs) - Adware, spyware, installed without your consent
- Phishing - attempt by a third party to obtain confidential information for financial gain
- Hacking and cyber vandalism - intentially disrupting, defacing or destroying a site
- Credit card fraud/theft
- Identity fraud - use of social security, drivers licence and passwords for financial benefit
- Spoofing - hackers attempt to hide their true identify by using fake e-mail addresses
- Denial of Service (DoS) and Distributed Deinial of Service (DDoS) - hackers flood websites with useless information causing it to shut down
- Sniffing - program monitoring information travelling over a network enabling hackers to steal it
- Insider jobs - employees with access to sensitive information
- Poorly designed server and client software - increase in complexity of software programs leaves flaws for hackers to exploit
- Social network security issues - All above, malicious code, phising etc. on social networks
- Mobile platform security issues
- Cloud security issues - safeguarding data in the cloud becomes a major concern
What are white, black and grey hats?
White - hackers helping organizations locate and fix security flaws
Black - engage in the same activities as white but with the intention of causing harm
Grey - belive they are pursing greater good by breaking in and revealing system flaws. Then publish the weaknesses without disrupting the site
Information privacy lies on 4 premises, which?
- Control - you have the moral right to control the information that is collected about yourself and you have the right to be forgotten.
- Know when - you have the moral right to know when information is being collected about you.
- Due process - you have the right to a due process (ability to appeal to a higher authority) and that you and your information are handled fair and transparent
- Stored - you have the right to have your information being stored in a secure and correct way to prevent unauthorized access to it