1 / 18

SECURITY MECHANISM & E-COMMERCE

Explore the importance of network security in the context of e-commerce and the challenges faced, including concerns of IT executives, increased costs, and lack of standards. Learn about security requirements, mechanisms, services, and attacks, as well as the six layers of network security and structuring solutions for trust and security in e-commerce.

mabramson
Download Presentation

SECURITY MECHANISM & E-COMMERCE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURITY MECHANISM& E-COMMERCE Mr. In-Seop Lee KT/ITU-SG 2

  2. Reliability 75% Complexity of the Transition 73% Unproven Services 69% Concerns of IT executives Increased Telecom Costs 64% Increased Operating Costs 64% Quality of Management Tools 62% Security 61% Lack of Standards 60% Lack of Applications to Exploit 48% Other 1% Source: Information Week. Importance of Network Security Background Explosive growth of computers and network - To protect data and resources - To guarantee the authenticity of data - To protect systems ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  3. Security Requirements Treats Security algorithms Security services Security mechanisms Relationship between security objectives Security objectives Security aspects Security Attacks : An action that compromise the information Security Mechanism : Design to protect,prevent,recover from attacks Security Service : Enhance the security of data,systems, transfer ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  4. B A NORMAL FLOW Information Source Information Destination INFORMATION FLOW MODEL ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  5. A B INTERRUPTION B A A B A B X X X MODIFICATION FABRICATION INTERCEPTION SECURITY THREATS CONFIDENTIALITY AVAILABILITY INTEGRITY AUTHENTICITY ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  6. CONFIDENTIALITY AVAILABILITY Communications & IT NON-REPUDIATION INTEGRITY AUTHENTICATION SECURITY REQUIREMENTS ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  7. SECURITY SERVICES Confidentiality Protection of transmitted data Authentication Assuring that communication is authentic Integrity Assuring that message has originality Non-repudiation Preventing denying message Access Control Limit & control the access Availability Automated or physical countermeasures ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  8. MODEL FOR NETWORK SECURITY ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  9. SECURITY AUDITING SECURITY TOOLS SOFTWARE MONITORING PHYSICAL SECURITY NETWORK ADMINISTRATOR SIX LAYERSOF NETWORKSECURITY ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  10. Enlarge Increase Security & Trust Secure E-CommerceEXAMPLE • Internet intrinsic • not possess an unique control • world wide • changing traditional “paper-based” transactions • not offering an adequate protection,mechanisms • * Need to countermeasures ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  11. Security SECURE E-COMMERCE:Security & Trust For Buyer & Merchant Trust Business & Legal Relationships IT Applications & Systems Correct Biz Legal trustworthy Technical Protections ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  12. Security STRUCTURING SOLUTIONS Trust Third party Interactions Fraud Controls IT Infrastructure International Legislation Insurance Technology & Management Policy ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  13. TECHNICAL SOLUTIONS Mechanisms - Verify the Actors’ Identity - Authorize Access to Resources - Protect Privacy - Keep Confident Sensitive Data • Techniques • - Firewall, SSL,VPN, IDS, • - Authentication, Secure Applications • (Web, DBMS, etc.), • IPDR and Click Stream Analysis ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  14. OPEN PROBLEMS ofE-COMMERCE(credibility,efficiency,solvency) Good’s Quality & Quantity After-sales assistance Privacy Safeguard Buyer’s Solvency Business Risk Involved Risk Related to the Purchase ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  15. TRUST SOLUTIONS International Legislation Customer Profile check Payment Methods assessment For Merchants to preserve the merchant public reputation and credibility to guarantee the payments to reduce the merchants’ economical losses due to fraudulent orders. Third Party Interactions Insurance ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  16. TRUST SOLUTIONS International Legislation Product Quality Product Delivery For Buyers - verification of process control - process based on information Third Party Interactions Insurance ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  17. Security factors Risk Management strategy Secure E-commerce Trust factor RISK MANAGEMENT • Managing risks • - Scan environments & identify risks • Analyze risks & prioritized • Define the solution ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

  18. Investment costs Trust Solutions Business loss Security Solutions Threats Conclusions Thank you very much !!! ITU-T Workshop on Security - Seoul(Korea), 13-14May 2002

More Related