Premium Essay

Ecommerce Security

In:

Submitted By neo390
Words 1069
Pages 5
Bibliofind as a company of complexity needs to ensure that their data in acquisition, processing and storage is protected from attack. Notwithstanding the policies and accounting principles, there are significant technical steps that can be taken to protect the data. Firewalls are a very important device for data protection from a couple of levels.

From a data acquisition perspective, a firewall can also be configured as an an encryption gateway. This means when a customer try’s to commence a transaction, the firewall negotiates using a variety of available encryption methods (SSL, TSL, PPTP, L2TP) a secure channel to communicate with the client. This enable the customer and firewall to communicate in a secure fashion such that eavesdroppers would not see plain text, and intercept the data.

In addition to the encryption methods, a firewall is able to perform a number of tasks related to the connection, including stateful inspection, and application (packet) analysis. This ensures that a session is not hijacked, and questionable code is not injected within the packet stream. This packet injection is not nearly the same level of risk when using a secured or encrypted method of communication.

From a Data processing, the firewall can use the same techniques externally as it does internally. It can separate various networks internally to ensure that data being processed from one system to another is not interfered with. Using access lists the source and destination can be ascertained. In addition encryption streams can be established in the event the data is moving internally yet along untrusted components such as a wan. (i.e. moving from a NY office to a London office)

The firewall can also protect brute force attacks by hiding the core machines responsible for the transactions. It creates a vault door, for which no one can see beyond. Firewalls are

Similar Documents

Premium Essay

Ecommerce Infrastructure and Security Management for Sarbanes-Oxley

...2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. The legislation not only affects the financial side of corporations, it also affects the IT departments whose job it is to store a corporation's electronic records. The Sarbanes-Oxley Act states that all business records, including electronic records and electronic messages, must be saved for "not less than five years." The consequences for non-compliance are fines, imprisonment, or both. IT departments are increasingly faced with the challenge of creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation. Section 404 of Sarbanes-Oxley In consequence, Search Financial Security (2009) shows the Section 404 of SOX mandates that all publicly traded companies must establish internal controls and procedures for financial reporting and must document, test and maintain those controls and procedures to ensure their effectiveness. The purpose of SOX...

Words: 2280 - Pages: 10

Free Essay

Risk Analysis, Loss Prevention and Emergency Planning

...Prevention and Emergency Planning Case Study 2 By John McDowall May 19, 2012 Operating an ecommerce website carries risks for both the company and the customer. There are many worldwide, Country and State specific rules, regulations and laws that govern what type of business it can be how it should operate and what content, information and images can appear on the ecommerce website. In order to limit the risks and to ensure that we manage the expectations of our customers, it is essential that we clearly explain to our visitors what our e commerce web site, company and privacy policies are. So in the short term, the company will need to come up with policies both internally and externally for how customer data and information is handled and what our policies are. Since we are accepting online payments for purchases made using our e commerce web site, we will need to let our customers know in the Security Policy of our ecommerce web site, how we will protect their credit card details and personal information. We will also need to have a policy that requires all sensitive data to be encrypted. We should also include this in our security policy. We also need to insure that our ecommerce site and any other portion of our site that asks for personal information is being protected by an SSL Certificate. Operating our ecommerce web site also requires keeping a record of our customer’s details. It is very important to treat this information carefully...

Words: 587 - Pages: 3

Premium Essay

Sample Business Information Systems Business Plan

...Business Information Systems Enterprise 5 2.2 Organization 5 3.0 Business Information Systems Selection 5 3.1 (What are the BIS you selected for your business? Why did you select these BIS systems? (Please provide 5 BIS systems. I.e. Point of Sales, Online ordering, Enterprise Resource Planning (ERP) etc…)) 6 4.0 Networking Technology Selection 6 4.1 (What is/are the networking technology system? Why did you select this/these networking technology systems? (Please provide at least 1 Networking Technology. I.e. Website Hosting (who will host your site), Internet Service Provider (identify bandwidth speed), Wireless capabilities, etc…)) 6 5.0 Business Information Systems and Networking Security Risk and Mitigation 6 5.1 (What are the security risks for the BIS selection?) 7 5.2 (What are the security risks for the Networking Technology selection?) 7 6.0 Business Cost Analysis (OPTIONAL) (BONUS POINTS) 7 6.1 (How much does it cost for the BIS and Networking Technologies you selected for your business?) 7 6.2 (How would you go about in obtaining funding for your business?) 7 6.3 (Provide a One-Year, Two-Year, and Five-Year projected investment capital. I.e. initial funding, Return on Investment, Anticipated profit/loss, etc….) 7 Table of Figures 8 References 9 Sample Business Plan (TITLE OF PLAN) 1.0 Executive Summary 1.1 Mission Statement 1.1.1 (What and Why are you in the business about? No more than 3 sentences) 1.2 The Market 1.2.1 (What is the market...

Words: 832 - Pages: 4

Premium Essay

How to Guarantee Safe and Secure Use of a Specialist Communication Channel

...How to guarantee safe and secure use of a specialist communication channel Personal information is information that is just for you and nobody else. This could be an email address, a user name, credit card details etc. This helps ICT because it means that everyone will have a personal identification and they can log onto different sites using user specific details. Personal information is used on blogs to access you blogs and edit them. Personal information should not be given away because it would affect you by getting spam or people attacking your accounts and accessing everything you do. To avoid this you can be cautious with what details you give away and make sure things are safe and secure before entering any details. Once you have registered and set up your profile you can start adding your friends and sending them messages. As long as you are careful online, you can have a lot of fun with your mates. - Don't add anyone you don’t know to your friend list, even if they say they know you. If you don't know them, don't add them.  - People can create really great fake profiles, so be aware that even if someone says they are your age and into the same things as you, they might not be telling the truth.   - If you are doing a Prezi presentation make sure you its relevant with no personal information. - Don’t arrange to meet someone that you have met online. Some people may not be who they say they are.  - If you are contacted by someone that you are unsure of...

Words: 562 - Pages: 3

Premium Essay

Fin 501

... E-Bay should use an online auction initial public offering (IPO) to take Skype public. In April 2009, E-Bay announced plans to separate Skype from the company. E-Bay’s main reason for selling Skype is the company allows 405 million users to make free phone calls over the internet which does not have the synergies to remain with an online payment business. This paper will argue that E-Bay an e-commerce company should use the online auction IPO procedure to take Skype public. This paper will also discuss the advantages and disadvantages of going public and how using the traditional IPO is very costly compared to online auction /Dutch IPO procedures which gives more opportunity for individuals investors. Background E-bay leading ecommerce company brought Skype into the corporation to become come one of the largest telecommunications company in the world. Buying Skype would allow E-Bay to soar over all the other technology giants such as Google and Microsoft Company in the telecommunication industry. E-Bay paid $2.6 million in cash and stock for Skype along with future payments that could total an additional $1.5 billion ( Kafka, 2010). E-Bay found investment group led by Silver Lake would pay $1.9 billion in cash and retain 65% interest in Skype and E-Bay would keep hold of 35% equity interest. Initial Public Offering Advantage Going public will offer a company financial equity which may be available in amount greater than, or at cost less than the private...

Words: 1419 - Pages: 6

Premium Essay

Crm Notes

...CRM 11- Performance measurement Important stakeholders of a company - Shareholders / Board of directors - Customers - Employees/Management An organisation must maximize the main sources of revenue, profit and growth within the context of both business and customer strategy. The three key stakeholders group are: Employee Value Employee value needs to be considered from two perspectives. #1 the value employees deliver to the organization - This is usually measured against a number of performance objectives, where employees are appraised against performance targets #2 the value the organisation delivers to the employees - Comprises the benefits the work force receives in exchange for the opportunity cost, time and labour expended in performing their job. Customers Value The value the customer receives from the organisation is defined by the perceived benefits of the offer made to the customers, which extend beyond the core product or service. These higher level benefits can come from intangible factors, such as the provision of better customer service or association with a quality brand image. The value of the organisation receives from the customer is determined by the profits obtained from the customer over the lifetime of their relationship with the organisation. Shareholder Value Shareholder value is created by achieving a favourable rate of the return on capital invested. The board of director may expect the following...

Words: 3196 - Pages: 13

Premium Essay

Sdasd

...Technovation 34 (2014) 339–341 Contents lists available at ScienceDirect Technovation journal homepage: www.elsevier.com/locate/technovation Editorial The challenge of cyber supply chain security to research and practice – An introduction a b s t r a c t The tremendous potential to assist or degrade economic and national security performance make security in the cyber supply chain a topic of critical importance. This is reflected by the tremendous activity in the public and private sector to better understand the myriad of cyber challenges, identifying existing gaps and needs and closing these gaps as quickly and firmly as possible through government policy initiatives, public/private partnerships, and legal/insurance penalty and incentive regimes. However when we examine the academic literature, the research and publications in this area are rather sparse. Consequently, this special issue on Security in the Cyber Supply Chain is intended to act as a resource to practitioners and as a call to research. & 2014 Published by Elsevier Ltd. Introduction In general, the cyber supply chain provides tremendous advances in efficiency and effectiveness. The economy gains through transactions being more efficient through the low cost rapid transmission of information related to supply chain management. Not only does this rapid transmission reduce cost, but it also provides value through increased effectiveness allowing for services and decisions that were not possible...

Words: 2975 - Pages: 12

Free Essay

Ntc 411 Week 5 Individual Security Solutions

...NTC 411 Week 5 Individual Security Solutions Get Tutorial by Clicking on the link below or Copy Paste Link in Your Browser https://hwguiders.com/downloads/ntc-411-week-5-individual-security-solutions/ For More Courses and Exams use this form ( http://hwguiders.com/contact-us/ ) Feel Free to Search your Class through Our Product Categories or From Our Search Bar (http://hwguiders.com/ ) Resources: SkillSoft (2012). CompTIA Network+ 2012: Network Security Part 3. Complete the Security Solutions Model module in Skillport. Attach a copy (screen shot) of the final test page to your assignment below. Scenario: Your boss wants to know how to detect an intrusion into or an attack on the ecommerce network. Your boss also wants to know what hardware or software should be procured for intrusion detection. Write a 2- to 3-page business report describing the hardware and/or software you believe should be considered for implementation. Include your reasoning for why the described hardware and/or software should be procured and implemented. Address the following questions raised by your boss: Does a properly installed and maintained firewall provide adequate defense against intrusion? What is an IPS and do we need one in an ecommerce network? Do we need a group of network personnel to monitor the ecommerce network for intrusions 24/7? Will any of this hardware or software facilitate a real-time response to an intrusion? Format your business report consistent with...

Words: 5062 - Pages: 21

Premium Essay

Directions for Web and E-Commerce Application Security

...National Instituate of Technology,Rourkela Department of Computer Science and Engineering Term Paper on Directions for Web and E-Commerce Applications Security SupervisorProf.P.M. Khilar Submitted byDinesh Shende Roll No-212CS2102 M.Tech(1st year) Directions for Web and E-Commerce Applications Security Abstract: This paper provides directions for web and e-commerce applications security. In particular, access control policies, workflow security, XML security and federated database security issues pertaining to the web and e-commerce applications are discussed. These security measures must be implemented so that they do not inhibit or dissuade the intended e-commerce operation. This paper will discuss pertinent network and computer security issues and will present some of the threats to e-commerce and customer privacy. These threats originate from both hackers as well as the e-commerce site itself. Another threat may originate at ostensibly friendly companies such as DoubleClick, MemberWorks and similar firms that collect customer information and route it to other firms. Much of this transaction information is able to be associated with a specific person making these seemingly friendly actions potential threats to consumer privacy. Many of the issues and countermeasure discussed here come from experiences derived with consulting with clients on how to maintain secure e-commerce facilities. These methods and techniques can be useful in a variety of client and server...

Words: 3283 - Pages: 14

Premium Essay

Test Paper

...CompTIA Security+: Get Certified Get Ahead SY0-401 Study Guide Darril Gibson Dedication To my wife, who even after 22 years of marriage continues to remind me how wonderful life can be if you’re in a loving relationship. Thanks for sharing your life with me. Acknowledgments Books of this size and depth can’t be done by a single person, and I’m grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The technical editor, Steve Johnson, provided some good feedback throughout the project. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical...

Words: 125224 - Pages: 501

Premium Essay

Network Security

...this exploitation, companies subject themselves to lawsuits from their own customers. These companies often are ignorant of the simple fact that they have been exploited until customers report the issues to these companies and corporations. Many times, more than thirty days goes by before someone alerts the company of a possible security breech. Cost of an electronic exploit can be greater than a million dollars per incident as reported by the FBI. This information is found in the FBI’s (Federal Bureau of Investigation) report of cyber threats in the United States. In order to help counterbalance this, smaller to midsized companies could spend less than $5,000 to harden their systems and operating systems to put a statefull firewall in place. As stated in this paper, these companies often lack the resources, materials and funds to do so. With the FBI report showing reported incidents, there are thousands of incidents that go unreported. Often these incidents are yet to be discovered. With this number of small to mid-size corporations ignoring or slowly implementing security measures, more and more electronic computer crimes are beginning to take place throughout the U.S. With extortion now moving into the digital age, many corporations do not report intrusions to law enforcement in order to avoid negative publicity. Reports of an intrusion could directly have a negative effect on the company’s sales and position in a global competitive market. Approximately 35% of...

Words: 2166 - Pages: 9

Free Essay

Web Server Application Attacks

...Web Server Application Attacks April 15, 2015 Strayer University Spring 2015 Web Server Application Attacks Increasingly the world is becoming more and more dependent upon technology. With this dependency comes responsibility. In order to assure a company’s success, web security is a key element and has to be taken seriously; it should be at the top of the list when it comes to a company’s priorities. It is better for a company to employ an IT security policy that is more proactive than reactive. Hackers and attackers are constantly developing ways to penetrate infrastructures and there are several web server application vulnerabilities that companies should become familiar with. This document will discuss three common vulnerabilities and attacks; broken authentication, security misconfiguration, and sensitive date exposure. Mitigation strategies will also be discussed. Broken authentication involves the threat of an attacker stealing critical information such as passwords or other account information. The attacker is then able to pose as the compromised user, acting as if they are them. In most cases, the attacker targets privileged accounts. The impact to the company is as great at the value of the information that was stolen. According to an article on the website Liquid Web “protecting your application from session ID exploits requires a strong set of authentication and session management controls, secure communication and credential storage....

Words: 1230 - Pages: 5

Premium Essay

Strategic Plan

... and is in tune with the motorcycle industry with a great number of people who are also enthusiasts that he’s networked with; qualities that can spell success for his website as soon as it goes live. There are many factors to consider before going live with one of those factors being security. My project proposal is a security plan that will protect Mr. Gardner, and his website, from the variety of Internet and physical security threats. This security plan is not a complete overhaul of current systems and methods used, but a plan to harden current security measures. An environmental scan conducted on the website, and Mr. Gardner, has shown that although security measures are being taken there can be some improvements to further protect his investment, and reduce the chances of a malicious attack. Internet threats aren’t the only concerns. Physical security must be considered because mobile devices, to include laptops, are lost and stolen on a daily basis. Most mobile devices carry considerable amounts of sensitive or private information giving all the more reason to protect these items. Although the site will be hosted on Yahoo.com servers, which provide their own forms of security, there are still areas outside those servers that need to be protected. This proposal will attempt to address all areas of concern to ensure Mr. Gardner, and his website, are properly protected. The Organizational Problem and Context Brockton Gardner,...

Words: 2765 - Pages: 12

Premium Essay

Swot Analysis Of Amazon

...(launched in 1994) is one of the most famous ecommerce companies and is located in Seattle, Washington (USA). It was founded by Jeff Bezos and was one of the first American ecommerce companies to sell products over the Internet. Amazon began as just an online bookstore but over the years has extended its offering to a wide variety of product categories, including electronics, software, music, DVD’s, CD’s, video games, MP3’s, clothing, shoes, health and beauty products and even household goods. Bezos, was responsible for naming the company “Amazon” after the world’s largest river. Dell.com website was launched in 1994 with a single static web page and their online presence quickly grew. In 1997, Dell announced a single-day sales record of a million dollars on its website. In fact, around half of Dell’s total profits come directly from their website alone...

Words: 958 - Pages: 4

Premium Essay

Don't Know

...Cloud computing: benefits, risks and recommendations for information security Cloud computing is a new way of delivering computing resources, not a new technology. Computing services ranging from data storage and processing to software, such as email handling, are now available instantly, commitment-free and on-demand. Since we are in a time of belt-tightening, this new economic model for computing has found fertile ground and is seeing massive global investment. According to IDC’s analysis, the worldwide forecast for cloud services in 2009 will be in the order of $17.4bn1. The estimation for 2013 amounts to $44.2bn, with the European market ranging from €971m in 2008 to €6,005m in 2013 2. The key conclusion of ENISA’s 2009 paper on Cloud Computing: benefits, risks and recommendations for information security3 is that the cloud’s economies of scale and flexibility are both a friend and a foe from a security point of view. The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective. ENISA’s paper allows an informed assessment of the security risks and benefits of using cloud computing - providing security guidance for potential and existing users of cloud computing. The new economic model has also driven technical change in terms of: Scale: commoditisation and the drive towards economic efficiency have led to massive concentrations of the hardware resources required to provide...

Words: 2434 - Pages: 10