1.

FIRST DESIGN CHOICE

The first choice is to have an e-commerce site with Single sign-on (SSO) authentication,
intrusion detection and prevention system (IDPS) for the site’s System Security, data
encryption for Security of Sensitive Data, a payment gateway for the site’s Payment Data,
and adopting user training for the site’s User Security (employees of the start-up) process.

1.1. Authentication
SSO is an authentication method that allows a user to access various apps with just one set of
credentials. SSO is most often implemented utilising a central database of users and
passwords (Clercq, 2002).

1.1.1. “What are the key attack vectors applicable from an authentication perspective?”
In the case of SSO for an e-commerce application, there are a few primary attack vectors that
may be used for authentication. Credential stuffing, brute force assaults, and phishing are
different types of SSO attacks possible.

1.1.2. “What should the user authentication process be for customers?”

A single sign-on (SSO) method should allow users to log in to the e-commerce application.
This would allow them to utilize the same credentials across numerous apps, making it more
convenient for users and reducing the risk of passwords being forgotten.

1.1.3. “Describe your recommended process to be followed by the customers for initial
password setting as well as the password reset process?”
In the recommended SSO process, it is relatively easy to set up passwords and then later reset
them too. A user is forwarded to the SSO login screen while attempting to access an
application. They provide a login and password, which are then checked against a central
database. The user is allowed access to the programme if the credentials are legitimate.

The consumer must submit their login and answer a security question in order to reset their
password. A reset link will be delivered to the customer's registered email address after these
have been given. The consumer can then generate a new password using this link (Volchkov,
2001).
 1.1.4. “The e-commerce application being developed provides for administrative access
by internal employees to configure the application. Explain the difference in
approach to authentication that you would adopt to authenticate the internal
administrative users vs. customers.”
Single sign-on (SSO) is an excellent alternative for internal administrative users. This is
because a single set of credentials may be used to access many apps. This is especially
beneficial for employees who use various programmes on a regular basis.

It may not be the ideal solution for clients. This is due to the fact that clients may not always
have the same amount of faith in an e-commerce site as they have in their own personal
accounts.

1.2. “System Security”

IDPS stands for intrusion detection and prevention system, which analyses network traffic for
suspicious activities and can block malicious data. It's an important part of any cyber security
plan since it may assist protect against sophisticated assaults that elude other safeguards
(Scarfone and Mell, 2007).

1.2.1. “What are the key attack vectors applicable to endpoints (employee laptops,
servers, etc.)?”
There are several attack routes for endpoints in an intrusion detection and prevention system
(IDPS), however the following are some of the more prevalent and possibly harmful
including malware, phishing, SQL injection, buffer overflow, and DoS (Distributed Denial of
Service).

1.2.2. “What are the security controls that you would implement to protect against the
identified attack vectors?”
Various security controls should be established to guard against the identified attack vectors.
On the e-commerce server, install and configure an IDPS system. Configure the IDPS system
to monitor all e-commerce server traffic, including incoming and outgoing. To identify and
prohibit suspicious activity, set up rules and thresholds in the IDPS system. Examine IDPS
records on a regular basis to spot any possible threats or assaults (Sheikh et al., 2019).
Respond appropriately to any threats or assaults discovered, such as banning suspicious IP
addresses or running a virus check on the e-commerce server.

1.2.3. “Describe processes that you would implement to be followed in the event of a
loss of an employee laptop.”
Notify the IT department or security team right away so they can investigate and respond
appropriately. All passwords for accounts accessed on the missing laptop should be changed.
Any accounts used for email, social networking, banking, or other sensitive information are
included.

1.2.4. “Provide your perspective on whether employees should have admin access on
their laptops? What are pros and cons of provisioning employees with admin
access?”
It is generally recommended that employees should not have admin access on their laptops,
as this can open up the potential for privilege escalation attacks. Employees would be able to
notice and report suspicious activities more readily, which would allow for improved
intrusion detection as well as prevention, and increase job satisfaction due to employee
empowerment (Al-Lozi, 2017). A disadvantage is that if an employee's laptop is lost or
stolen, attackers may be able to obtain access to the company's systems.

1.3. “Security of Sensitive Data”

Here, data encryption can be applied. The most popular technique of encrypting data is to
employ a software programme that scrambles data using a mathematical formula such that it
can only be unscrambled and read by someone who possesses the encryption key.

1.3.1. “Identify what could potentially be sensitive data elements that may be collected
as a part of the application being developed and what is the reason for collecting
them.”
Credit card numbers, billing addresses, shipping addresses, and contact information are some
of the sensitive data components that may be gathered as part of an e-commerce application
(email, phone number).
These data pieces are collected to allow the e-commerce website to process and fulfil orders.
Data should be encrypted before being stored or sent to secure this sensitive information.

1.3.2. “What are the key attack vectors applicable related to storage of sensitive data?”
When storing sensitive data under an encryption mechanism, there are a few main attack
vectors to consider. Brute force attacks, known-plaintext attacks, chosen-plaintext attacks,
and man-in-the-middle attacks are only a few examples.

1.3.3. “Explain the security measures that you would adopt to store the collected
sensitive data securely?”
There are a variety of security measures that may be used to keep sensitive data safe. One
safeguard is to encrypt data at rest, which means that the information is changed into a format
that can only be read by someone who has the encryption key. This assures that even if an
unauthorised person has access to the data, they will be unable to read it.

1.3.4. “Explain the approach that you would adopt for data retention.”
There are several techniques to data retention in data encryption methods, but the most
essential thing is to make sure that all data is encrypted before being kept. Even if an
unauthorised entity had access to the data, they would be unable to read it. In the event of
data loss, it's also critical to have a solid backup and disaster recovery strategy in place.

1.4. “Payment Data”

Tokenization is a data security technique that uses non-sensitive tokens to replace sensitive
data.

1.4.1. “Identify and describe what types of payment data would be collected as part for
the application being developed, as well as associated key risks. Clearly describe
any assumptions that you are making on the scenario.”
When a consumer purchases something on an e-commerce site user's credit or debit card
number, as well as the card's expiration date and security code must be collected.

Key risks to consider are the risk of tokens being stolen by cyber criminals and used to make
fraudulent purchases, the risk of tokens being intercepted by third-parties during transmission
and used to make fraudulent purchases, and the risk of tokens being misused by e-commerce
site or service provider employees.

1.4.2. “How should the payment data be collected and stored? Be specific about the
recommended security controls.”
When it comes to collecting and storing payment data, the tokenization payment technique is
the preferred security control. Customer data is replaced by a randomly generated number
(known as a token) that represents the customer's data in this way. This token is then saved in
the company's system instead of the customer's actual data, helping to secure the customer's
data in the case of a data breach.

1.4.3. “What are compliance obligations that may need to be fulfilled?”

When employing tokenization as a payment mechanism, there are a few compliance
requirements to meet, including PCI DSS (Payment Card Industry Data Security Standard),
EMV (Europay, Mastercard, and Visa), and 3-D Secure.

1.4.4. “How could an Incident Response Plan look like for the event of a security breach
that compromises payment data?”
There are many actions that must be taken. Report the breach to the payment processor right
away, and cancel the current payment token. Investigate how the breach occurred with the
payment processor and take actions to prevent it from happening again. Notify all impacted
consumers and offer credit monitoring or identity theft prevention services.

1.5. “User Security (employees of the start-up)”

User training is a strategy for educating employees in the site's User Security (start-up
employees) process on how to recognise and prevent potential cyber security threats.
Phishing schemes, social engineering assaults, and various sorts of malware are examples of
this. Employees may be more alert in their own online activity and help defend the firm from
potential cyber security dangers by having a better grasp of these hazards.
 1.5.1. “What are the key attack vectors that are applicable from an employee
perspective?”
In the User training approach for User Security, there are numerous main threat vectors that
are applicable from an employee viewpoint (employees of the start-up). Social engineering
attacks, malicious insiders, password attacks, and malware attacks are just a handful of the
primary attack vectors.

1.5.2. “Outline your approach to security awareness trainings that you plan to adopt.”
First and foremost, consumers must be informed of the fundamentals of cyber security and
how to defend themselves online. Second, it's critical that consumers understand the
significance of keeping their personal information safe and secure. Finally, make sure that
users are aware of what to do in the case of a security breach or incident.

1.5.3. “Describe technical controls that you propose to deploy to combat the risks of
phishing attacks.”
To mitigate the hazards of phishing attempts, a few technological measures can be
implemented. Create a web proxy server to serve as a conduit between users and the internet.
Access to recognised phishing websites can be blocked using the proxy server. Anti-phishing
software should be installed on users' PCs.

2. SECOND DESIGN CHOICE

The second choice for the startup would be to have an e-commerce site with Two-factor
authentication (2FA), firewalls for the site’s System Security, data masking for Security of
Sensitive Data, point-to-point encryption (P2PE) for the site’s Payment Data, and adopting
two-factor authentication (2FA) for the site’s User Security (employees of the start-up)
process.

2.1. “Authentication”
Two-factor authentication (also known as 2FA) is an authentication system that needs two
pieces of evidence to validate a user's identity.
 2.1.1. “What are the key attack vectors applicable from an authentication perspective?”
Brute force attacks, social engineering attacks, and man-in-the-middle attacks are the main
attack vectors for the Two-factor authentication (2FA) approach for the e-commerce site from
an authentication standpoint.

2.1.2. “What should the user authentication process be for customers?”

The consumer would submit their password on the e-commerce site, and then get a text
message containing a code that they would need to input to complete the login procedure.
This code would be created by an app on their phone, so even if they knew their password,
they wouldn't be able to login unless they also had access to the user's phone.

2.1.3. “Describe your recommended process to be followed by the customers for initial
password setting as well as the password reset process?”
Customers will be required to create a password when they first register on the site. At this
point, the consumer will be requested to set up 2FA. This may be accomplished through a
text message, an email, or a mobile app like Google Authenticator. If a consumer forgets their
password, they can use the site's password reset feature to recover it. This will need them to
enter their account's login or email address, as well as answer one or more security questions.

2.1.4. “The e-commerce application being developed provides for administrative access
by internal employees to configure the application. Explain the difference in
approach to authentication that you would adopt to authenticate the internal
administrative users vs. customers.”
When authenticating internal administrative users, you'll probably utilise a two-factor
authentication approach that uses both something the user knows (such as a password) and
something the user has such as a fingerprint (e.g., a security token). This is necessary to
guarantee that only authorised users have access to the e-commerce site's administrative
services. For customers, on the other hand, you'd probably choose a 2FA approach that relies
only on something the user owns such as a security token, because it's more vital to verify
that anybody who does have access is who they say they are than it is to ensure that only
authorised people have access.
 2.2. “System Security”
Between a trustworthy network and an untrusted network, firewalls operate as a barrier. They
can defend against viruses, hackers, and other dangerous behaviour. The firewall would be
set up to allow traffic from the trusted network (the company's internal network) to the
untrusted network (the Internet), but not from the untrusted network to the trusted network.
As a result, attackers would be unable to get access to sensitive data on the company's
internal network.

2.2.1. “What are the key attack vectors applicable to endpoints (employee laptops,
servers, etc.)?”
Denial of Service (DoS) assaults, Malware, Phishing, and SQL Injection are the main attack
vectors for firewalls as a system security measure in this situation (Panchal et al., 2018).

2.2.2. “What are the security controls that you would implement to protect against the
identified attack vectors?”
Configuring the firewall to block access to known malicious websites and downloads,
configuring the firewall to block access to known phishing websites, and filtering traffic and
blocking suspicious activity with the firewall are the security controls that would be
implemented to protect against the identified attack vectors.

2.2.3. “Describe processes that you would implement to be followed in the event of a
loss of an employee laptop.”
If an employee laptop is lost, the first step should be to check the perimeter firewall for any
unwanted access. If there are no suspicious behaviours, the laptop was most likely misplaced
rather than stolen.

2.2.4. “Provide your perspective on whether employees should have admin access on
their laptops? What are pros and cons of provisioning employees with admin
access?”
Giving staff admin access to their laptops is typically not advised since it increases the risk of
privilege escalation attacks. The flexibility for employees to install and configure software as
needed is one of the benefits, which can be handy when setting up a development or test
environment. However, there are also substantial drawbacks, such as the increased risk of a
hostile attack or data breach since an employee with administrative access may potentially
install malware or bypass security controls.

2.3. “Security of Sensitive Data”

The technique of masking original data with changed information (characters or other data)
that cannot be utilised to identify the original data is known as data masking. Data masking is
frequently used to safeguard sensitive information from identity thieves and fraudsters, such
as credit card numbers or personally identifiable information (PII).

2.3.1. “Identify what could potentially be sensitive data elements that may be collected
as a part of the application being developed and what is the reason for collecting
them.”
Names, addresses, credit card numbers, social security numbers, birthdates, driver's licence
numbers, and health information are some of the sensitive data components that may be
acquired as part of the application development process.

The purpose of gathering these sensitive data pieces is to enable the start-up to sell its
products online.

2.3.2. “What are the key attack vectors applicable related to storage of sensitive data?”
Social Engineering, SQL Injection, Cross-Site Scripting (XSS), and Man-in-the-Middle are
the main attack vectors for sensitive data storage in terms of data masking methods for
sensitive data protection or MiTM (Panchal et al., 2018).

2.3.3. “Explain the security measures that you would adopt to store the collected
sensitive data securely?”
There are a variety of security techniques that may be used to safely preserve sensitive data,
but data masking is a particularly effective approach for doing so. Data masking entails
substituting sensitive information with fictional information that seems to be real but cannot
be used to identify individuals. This assures that even if the data is compromised, the
attackers will be unable to access the real data.
 2.3.4. “Explain the approach that you would adopt for data retention.”
In this scenario, there are a number various data retention techniques that might be used, but
data masking would be the best option for preserving sensitive data. Data masking entails
retaining just the information necessary to identify and process an order, while disguising or
encrypting any personally identifying information (PII) or financial information (Goyal,
2015).

2.4. “Payment Data”

P2PE stands for point-to-point encryption, which encrypts data at the point of origin (such as
a keyboard) and decrypts it only at the destination (such as a display). P2PE is a security
protocol that protects data in transit from being intercepted and read by unauthorised
individuals (PCI, 2015).

2.4.1. “Identify and describe what types of payment data would be collected as part for
the application being developed, as well as associated key risks. Clearly describe
any assumptions that you are making on the scenario.”
Credit card numbers, expiration dates, security codes, and billing addresses are all examples
of payment data that might be gathered as part of an e-commerce service. Each of these
pieces of information comes with its own set of vulnerabilities; for example, a stolen credit
card number can be used to make fraudulent charges. Billing addresses may be used to
perpetrate identity theft, while expiration dates and security codes can be utilised to make
online transactions.

2.4.2. “How should the payment data be collected and stored? Be specific about the
recommended security controls.”
To safeguard the payment data obtained by the e-commerce site, it is advised that the site
collect and store this data using a P2PE mechanism. This will encrypt the data while it is
transferred and stored, making it considerably more difficult for attackers to access and utilise
the information. In order to further secure this sensitive data, it is also critical to have robust
security controls in place around the P2PE system, including access control measures and
monitoring capabilities (PCI, 2015).
 2.4.3. “What are compliance obligations that may need to be fulfilled?”
With regard to the point-to-point encryption (P2PE) mechanism for the site's Payment Data,
there are a few compliance responsibilities that may need to be addressed (PCI, 2015). The
first is the PCI DSS, which is a set of security guidelines developed by the main credit card
firms to help secure sensitive data. The Payment Card Industry Data Security Standard (PCI
DSS) is the second, which is a collection of rules that must be followed in order to be PCI
compliant. The third is the Payment Application Data Security Standard (PA-DSS), which is
a collection of rules for developers and suppliers of payment-related applications.

2.4.4. “How could an Incident Response Plan look like for the event of a security breach
that compromises payment data?”
In the case of a security breach that affects payment data, an Incident Response Plan would
involve investigating the cause of the breach and taking actions to remediate the problem.
Notifying legal enforcement and cooperating with them to investigate and prosecute those
responsible for the security breach. Notifying any customers who may have been affected by
the security compromise, as well as providing advice on how they may protect themselves.
Collaboration with the payment processor to guarantee that all payment data is protected and
safe. Taking preventative measures to avoid future security breaches (Scott, 2020).

2.5. “User Security (employees of the start-up)”

Two-factor authentication adds another degree of protection to user accounts. Employees
would be required to log in to the site using two distinct forms of identity in this situation. A
combination of a username and password, as well as a code texted to the user's cell phone,
might be used. Only authorised users have access to the site, thanks to two-factor
authentication.

2.5.1. “What are the key attack vectors that are applicable from an employee
perspective?”
From an employee's perspective, the main attack vectors include social engineering assaults,
malware, and insider threats.
 2.5.2. “Outline your approach to security awareness trainings that you plan to adopt.”
First, staff should understand how to setup two-factor authentication on their accounts.
Finally, employees should be aware of what to do if their second factor device is lost. It's
critical to be precise and straightforward while giving 2FA security awareness training
(Petsas et al., 2015).

2.5.3. “Describe technical controls that you propose to deploy to combat the risks of
phishing attacks.”
In terms of the two-factor authentication (2FA) procedure for the site's user security, there are
a few potential technological measures that might be introduced to help against phishing
assaults. For the 2FA procedure, one possibility is to employ a challenge-response
mechanism. Instead of just inputting a code, the user would be required to answer a question
(or series of questions) that only they would be able to answer. It would be more difficult for
someone who isn't the genuine user to authenticate successfully.

Another alternative for the 2FA procedure is to employ a biometric authentication system.
This would need the user providing tangible proof of identity, such as a fingerprint or iris
scan. It is considerably more difficult to spoof someone's biometrics than it is to figure out or
guess their code, hence this is typically believed to be more secure than utilising a code. In
the end, issues like money, practicality, and security requirements will determine which
technical controls are chosen.

2.5.4. “Explain your approach to provisioning user access to the systems.”

It can be recommended to use two-factor authentication (2FA) method for the site's User
Security when provisioning user access to the systems. Before being allowed to access the
company's online systems, employees would have to utilise their own devices (e.g.,
cellphones) to get a second factor, such as a one-time password (OTP). This would provide
another layer of protection, making it more difficult for unauthorised people to access the
sensitive data held by the startup (Petsas et al., 2015).
REFERENCES
Al-Lozi, M., 2017. Administrative empowerment and its role on the work teams
Performance: A literature review. Journal of Social Sciences (COES&RJ-JSS), 6(4), pp.851-
868.

Clercq, J.D., 2002, October. Single sign-on architectures. In International Conference on

Infrastructure Security (pp. 40-58). Springer, Berlin, Heidelberg.

Goyal, C., 2015. Data Masking: Need, Techniques & Solutions. International Research
Journal of Management Science & Technology (IRJMST), 6(5), pp.221-229.

Panchal, A.C., Khadse, V.M. and Mahalle, P.N., 2018, November. Security issues in IIoT: A
comprehensive survey of attacks on IIoT and its countermeasures. In 2018 IEEE Global
Conference on Wireless Computing and Networking (GCWCN) (pp. 124-130). IEEE.

Petsas, T., Tsirantonakis, G., Athanasopoulos, E. and Ioannidis, S., 2015, April. Two-factor
authentication: is the world ready? Quantifying 2FA adoption. In Proceedings of the eighth
european workshop on system security (pp. 1-7).

PCI, P.C.I., 2015. Point-to-Point Encryption. City, 1010, p.409.

Scarfone, K. and Mell, P., 2007. Guide to intrusion detection and prevention systems (idps).
NIST special publication, 800(2007), p.94.

Scott, B., 2020. Creating an Incident Response Plan.

Sheikh, T.U., Rahman, H., Al-Qahtani, H.S., Hazra, T.K. and Sheikh, N.U., 2019, October.
Countermeasure of Attack Vectors using Signature-Based IDS in IoT Environments. In 2019
IEEE 10th Annual Information Technology, Electronics and Mobile Communication
Conference (IEMCON) (pp. 1130-1136). IEEE.

Volchkov, A., 2001. Revisiting single sign-on: a pragmatic approach in a new context. IT
Professional, 3(1), pp.39-45.