1 / 26

“Electronic Commerce - Risk Management"

“Electronic Commerce - Risk Management". Peter Croll. Large projects  expensive failures Small companies  loss of business Safety-critical  loss of life Safety-related  large equipment loss, environmental damage, human injury. Why is risk analysis important?. Risk Identification.

trula
Download Presentation

“Electronic Commerce - Risk Management"

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Electronic Commerce - Risk Management" Peter Croll

  2. Large projects  expensive failures Small companies  loss of business Safety-critical  loss of life Safety-related  large equipment loss, environmental damage, human injury Why is risk analysis important?

  3. Risk Identification • Technology risks • People risks • Organisational risks • Tools risks • Requirements risks • Estimation risks

  4. Avoidance strategies- reducing the probability of the risk occurring Minimisation strategies- reducing the impact Contingency plans- having an alternative strategy Risk Planning

  5. Risk Analysis is core for Software Engineering Boehm’s spiral model (simplified)

  6. Building a dependable distributed systems is difficult Enterprises have to weigh up the risks of competing forces Why analyse risk? time to market goodprocess

  7. Delphi Threat Scenarios ALARP some methods for assessing risk exposure

  8. Delphi Threat Scenarios ALARP some methods for assessing risk exposure • Delphi Method • Team of expert write down perceived threats • Threats are unified (approx. 50-100) • Questionnaire drawn up - each threat rated by: - likelihood - importance - cost (time/money) • Team undertakes a number of revisions until listed in order of importance by: - threat - probability of occurrence - estimation of losses • Response drawn from final list

  9. Delphi Threat Scenarios ALARP some methods for assessing risk exposure • Threat Scenarios • Brainstorm on how to cope with failures • Participants asked the effect of:- the required systems were not functioning for a period- the required systems were destroyed- information was read by an unauthorised reader- information was modified with evidence …… • Plus questions like:- how can the system be harmed?- what are the potential consequences?- who or what is the enemy?- what are the targets?……

  10. Delphi Threat Scenarios ALARP some methods for assessing risk exposure

  11. Cost less than company turnover / 10? Cost less than the predicted insurance payout? Probability of loss of life > 10-3 p.a.? Road deaths in NSW  1.3 x 10 –4 Commercial Aircraft probability per flight = 3 x 10 –6 Who should determine these? How do we know they are accurate? Acceptable risk levels?

  12. Risk Analysis • Probability <10% = very low10-25% = low25-50% = moderate50-75% = high>75% = very high insignificanttolerableseriouscatastrophic • Effects

  13. Calculating Integrity with Control Systems

  14. Paying multiple SA funds through a single interface Aimed at Small Enterprises Clients connect via the Internet Links to the Banks’ payment and clearing network Links directly to the Tax Office Case study - EC superannuation payments

  15. Example System Architectural Overview

  16. E-commerce Adversaries Trusted Hackers Malicious Hackers   Disgruntled Employees    Industrial Spies    Terrorist   Special Interest Groups Journalists Real Spies Criminals

  17. Client application software Account-number access Password access Documentation of the system Eavesdropping tools Reverse-engineering tools Real-Time monitor tools Resources

  18. Public Disclosure Financial Loss Inconvenience Loss of Trust Compromise Credit Rating Defamation of Character Consequence

  19. “obscurity does not enhance security.” “it is easy for someone to create an algorithm that he himself cannot break.” “some people obsess about key length; a long key does not equal a strong system.” “the problem with bad cryptography is that it looks just like good cryptography.” “the social problems are much harder than the mathematics.” dispelling some cryptography myths

  20. a process for assessing risk

  21. Fault Tree Example Access compromised A Server compromised Client compromised Comms compromised B3 B1 B2 Modified server software Obtained access codes Account name compromised Password compromised C1 C2 C 3 C4

  22. Fault Tree for Access Control Compromised

  23. resources knowledge desire expectance {software, account-number, password, documents, eavesdropping, reverse-eng, RT-monitor} { knowledge } { desire } { expectance } = threat-capability threat-intent {Negligible, VLow, Low, Medium, High, VHigh, Certain} {Negligible, VLow, Low, Medium, High, VHigh, Certain} = { Negligible, VLow, Low, Medium, High, VHigh, Certain } {Frequent, Probable, Occasional, Remote, Improbable, ExtremelyImprobable} threat-level threat-frequency = {Negligible, VLow, Low, Medium, High, VHigh, Certain} {PublicDisclosure, FinancialLoss, Inconvenience, LossOfTrust, CompromiseCreditRating, DefamationOfCharacter} threat-exposure threat- consequence f4 [threat-levelxthreat-frequency]-> threat-exposure = Determining the factors that influence Risk Threat signature. Each category of threat has a threat signature. f 1 [resources x knowledge] -> threat-capability f 2 [desire x expectance] ->threat-intent Threat-capability and threat-intent are used to determine threat-level. f 3 [threat-intentx threat-capability] ->threat-level Threat-level and threat-frequency are used to determine threat-exposure Threat-exposure and consequence are used to determine Risk. f 5[threat-exposurexconsequence] ->risk

  24. RISK for an E-commerce application

  25. SWSAHS MINET Dynamic Analysis - Embedding, Integrating and Adapting LEO satellites Telecoms Extranet Risk Engine Wireless application Intranet

  26. Security Risk is dynamic Learn from others – avoid home grown solutions Ongoing reviews and monitoring are essential Good lines of communications must be established Top level management must be involved Don’t be complacent What did we learn about Risk Management?

More Related