Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 10: : ONLINE SECURITY - Coggle Diagram
CHAPTER 10: : ONLINE SECURITY
Origins of Security
Computer Security and Risk Management
Threat
Physical Security
Computer Security
Countermeasure
Logical Security
Online Security Issues Overview
Early internet days - most popular use of electronic
mail
Today's higher stakes - electronic mail, shopping, all
types of financial transactions
Common worry of Web shoppers - stolen credit card as it transmits over the Internet and more likely to be stolen from computer where stored
Interconnected Computer Systems
Data security measure taken by Roman Empire and coded information to prevent enemies from reading secret wart and defense plan
Modern electronic security techniques by Defense Department wartime use e "Orange Book": rules for mandatory access control
Business computers by initially adapted military's
security methods
Today's computing by requiring comprehensive
computer security plans
Security Policy
E-commerce security is at stake, the security breach will lead to information disclosure or other misuse of the information.
E-commerce security policy must be clear confidentiality, integrity, non-repudiation requirements.
There are three primary characteristics of a good security policy: Most important, the policy must be enforceable and it
must apply to everyone.
The policy must be capable of being
implemented through system administration n procedures through the publication of acceptable-use guidelines or other appropriate methods.
4 steps process creating a security policy
Step 2: Conduct a Physical and Logical Review of Your IT
Security Components
Step 3: Assemble a Data Security Team and Start Assigning
Responsibilities
Step 1: Review Your Security Architecture and Establish Your
Desired Security State
Step 4: Align Your IT Security Components with Your Business’
Goals
Electronic Threats
Eavesdroppers
Crackers or hackers
Thieves
Impostors
Element of Computer Security
Integrity
Preventing unauthorized data modification
Secrecy
Protecting against unauthorized data disclosure and ensuring the authenticity of data source
Necessity
Preventing data delays or denials (removal)
Risk Management Model
Applicable for protecting Internet and electronic commerce assets from physical and electronic threats
Four general organizational actions - impact (cost) and probability of physical threat