Professional Documents
Culture Documents
Week 10 - BK
Week 10 - BK
and Internet
use
Cyber Security Concepts
E-Commerce security
• The rapid adoption of the Internet by organizations is because the
Internet offers the type of accessibility that is exceptional.
• E-commerce includes various aspects, including EDI(Electronic Data
Exchange), email, web-based trading, and online transactions.
• Since the Internet is open to the public, it also enable malicious
actors to learn and discover information which can lead to
significant security problems.
• Social engineering is a common and rather successful approach
used by malicious parties to gather information and at the core of
most social engineering attacks is the knowledge gathered from the
Internet.
• Industrial espionage and the value of transactional information to
competitors are significant concerns.
• Non-repudiation is a major issue in online commerce. It involves
digital equivalents of traditional proof methods for resolving
disputes such as digital signatures or audit trails, which provide
evidence of transactions and interactions that cannot be disputed.
E-commerce Security – key components
to nonrepudiation
There are three key components that ensure non-repudiation
01 02 03
Non-repudiation of origin: Non-repudiation of Non-repudiation of receipt: It
There must be evidence for a submission: There must be must be possible to prove that
receiving party that the sender is evidence (such as a postmark) the receiving party has actually
genuine, not an impostor. A that a transaction was actually received what was sent. Lesser
vendor would, for instance, sent at a particular time. issues include verifying the time
want to be sure that an order and place of transmission.
was from a genuine customer.
E-commerce Security – ISO 27001 and 27002
requirements.
ISO 27002 and ISO 27001 have specific requirements regarding to e-commerce as follows:
Authorization, to ensure that trading partners know that prices set, or contracts
agreed, have been agreed by someone authorized to do so, and that trading
partners know what each other’s authorization procedures are.
• SET (Secure Electronic Transaction) is a protocol jointly developed by Visa and MasterCard for secure
online bank and credit card transactions.
• SET includes protocols for electronic purchasing, payment authorization, and obtaining digital
certificates.
• SET adoption is limited as it requires advance registration with a payment gateway for both
customers and merchants.
Internet Use
Set out permissible use of both internet and e-mail; example: for business purposes only;
Specify what uses are prohibited; example: downloading offensive or illegal material;
Set out privacy rules in relation to other users, and in respect of the employer’s right to monitor the employees’ activity;
Organizational user IDs or websites (or e-mail accounts) should only be used for organizationally sanctioned communication.
Use of internet/intranet/e-mail/instant messaging may be subject to monitoring for reasons of security and/or network
management.
The distribution of any information through the internet (including by email, instant messaging systems and any other
computer-based systems) may be scrutinized by the organization
The use of organizational computer resources is subject to law and any abuse will be dealt with appropriately.
Users shall not visit internet sites or spam emails that contain obscene, hateful or other objectionable material, shall not
attempt to bypass organizational surf control technology.
Internet use – Organizations System
• Users shall not solicit e-mails that are unrelated to business activity or that are for personal gain,
shall not send or receive any material that is obscene or defamatory
• Users may not upload, download or otherwise transmit commercial software or any copyrighted
materials belonging to the company or any third parties
• Users shall not seek to avoid and shall uphold all malware prevention policies of the organization,
shall not intentionally interfere in the normal operation of the network.
References
• https://isoupdate.com/general/why-e-commerce-sellers-need-to-think-about-iso-standards/
• https://www.bigcommerce.com/blog/iso-certification/
• https://www.cyber.gov.au/acsc/view-all-content/guidance/how-reduce-spam-and-malicious-email