1 / 20

Dr. Ja’far Alqatawna KASIT, University of Jordan

Dr. Ja’far Alqatawna KASIT, University of Jordan. E-Business Security in the Light of Jordan ETL and the National E-commerce Strategy أمن الأعمال الإلكترونية في ضوء كل من قانون المعاملات الإلكتروني الاردني و الإستراتيجية الوطنية للتجارة الإلكترونية. Socio-Technical Interaction.

ann
Download Presentation

Dr. Ja’far Alqatawna KASIT, University of Jordan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dr. Ja’far Alqatawna KASIT, University of Jordan E-Business Security in the Light of JordanETL and the National E-commerce Strategyأمن الأعمال الإلكترونية في ضوء كل من قانون المعاملات الإلكتروني الاردني و الإستراتيجية الوطنية للتجارة الإلكترونية

  2. Socio-Technical Interaction socio-technical framework of enquiry for e-Business security (Alqatawna 2010)

  3. The Same framework but with stakeholders

  4. E-Business Security in the Light of Jordan ETL and the National E-Commerce Strategy • Motivation • The government of Jordan started a number of initiatives to increase the adoption of e-services and get the benefits of this new area and there was a notable increase in the number of e-Business start-ups. • Electronic Transactions Law 2001. • National E-commerce Strategy 2008-2012.

  5. Overview of the Electronic Transaction Law (ETL) • It consists of 7 chapters and 41 articles which for the purpose of conducting secure e-Business can be considered in terms of the following four areas: • Electronic documents including records, contracts and messages. • Electronic transfer of fund. • Electronic signature and digital certificates. • Penalties on some kinds of online abuse.

  6. Analysing ETL in Relation to e-Business Security • Several issues related to e-Business security can in this law: • large part of this law inactive is the lack of regulations and instructions on how to implement and enforce some of its provisions • Example 1: validity of the electronic signature is linked, under this law, to the validity of the digital certificate which needs to be issued by a competent and licensed certificate authority. According to article (40/b) the Cabinet will issue the necessary regulations for implementing the provision related to “the procedure for issuing security certificates, the authority competent to do such and the application fees”.

  7. Analysing ETL in Relation to e-Business Security • Example 2: Other missing regulations are related to security of electronic transfer of fund which, according to article (29), should be issued by the Central Bank of Jordan which is responsible for maintaining and insuring the safety of the banking environment in Jordan.

  8. Other issue in the ETL • Cybercrimes: • The ETL covers very limited aspects of cybercrimes which mainly address the illegal use of digital certificates. • Additionally, it introduced up to one year imprisonment as a penalty for any illegal act which is conducted online

  9. In addition to the previous limitations • Several important security aspects are not covered in the this law: • Online privacy and data protection • Online customer protection • Security of e-Business infrastructure

  10. Summary of the ETL Limitations • Lack Enforcement, • Lack of Supportive regulations for establishing security infrastructure, • Limited Cybercrimes aspects, • Lack privacy and online customer protection

  11. Security in the light of the National e-Commerce Strategy • In 2007 the government policy for ICT and postal sectors call for more efforts to encourage local companies to offer e-services especially e-Commerce services (ICT-Policy, 2007) • In reaction to recommendations of this policy, the Ministry of Information and Communications Technology (MoICT) introduced the National e-Commerce Strategy for the period from 2008 to 2012.

  12. Overview of the National E-Commerce Strategy • (SWOT) analysis, which has been carried out between July and October 2007 to assess the current state of e-Business in the country: • five major factors were identified as reasons for why e-Commerce has not take off in Jordan: • the lack of e-payment systems, the lack of supportive legislations, the lack of e-Commerce awareness, unaffordable broadband access and PCs, and arbitrary tax changes.

  13. Overview of the National E-Commerce Strategy • Strategic goals and objects • Set of Enabling factors (see next slide)

  14. Overview of the National E-Commerce Strategy

  15. How and to what extent security addressed within this strategy • Acknowledged that the lack of trust in e-Business is important barrier. • The strategy related this lack of trust directly to the lack of adequate legal framework and lack of security awareness among potential online merchants. • Also, it speculated that the level of trust will increase as society becomes more familiar with e-Business transactions.

  16. How and to what extent security addressed within this strategy • Action to be take based on the previous acknowledgment: • promulgating three new laws; Cyber Crime Law, Consumer Protection Law and law to establish Credit Bureau facilities in Jordan • Security Guidelines for online companies.

  17. Deficiencies of the strategy • securing e-Business environment was not perceived as strategic goal but as a hurdle which can be simply removed mainly two things: • Passing CA law & Security Guidelines for companies. • Implications: • See next slide

  18. Deficiencies of the strategy • Implications: • Lack of clear and systematic methodology to address security which increases the chance that security will be overlooked at different part of the action plan: • ICT infrastructure • Logistics and transportation • skills • Public awareness • Responsibly

  19. General observations • Both of the ETL and the national E-commerce strategy failed to address security in its socio-technical form. • It is not enough that the government limits its role to pass laws and regulations that address security; it should include: • Support public security awareness and education. • Monitoring and ensuring compliance. • Protecting country’s ICT critical infrastructure.

  20. Take Home Message • Security is a shared responsibility (every one is responsible…customer/citizen, business, tech provider and government). • Security is a process not an end product. • Security is a feeling and reality (Bruce shneier). • Security is a socio-technical. Thank you....Dr. Ja’far Alqatawna

More Related