Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 10 : ONLINE SECURITY, stages-information-security-risk-management …
CHAPTER 10 : ONLINE SECURITY
Origins of Security 🤳
Online Security Issues Overview
Early internet days - most popular use of electronic mail
Today's higher stakes - electronic mail, shopping, all types of financial transactions
Common worry of Web shoppers - stolen credit card as it transmits over the Internet and more likely to be stolen from computer where stored
Interconnected Computer Systems
Data security measure taken by Roman Empire and coded information to prevent enemies from reading secret wart and defense plan
Modern electronic security techniques by Defense Department wartime use "Orange Book": rules for mandatory access control
Business computers by initially adapted military's security methods
Today's computing by requiring comprehensive computer security plans
Computer Security and Risk Management
Computer Security
Physical Security
Logical Security
Threat
Countermeasure
Risk Management Model
Applicable for protecting Internet and electronic commerce assets from physical and electronic threats
Four general organizational actions - impact (cost) and probability of physical threat
Electronic Threats
Impostors
Thieves
Eavesdroppers
Crackers or hackers
Element of Computer Security
Secrecy
Protecting against unauthorized data disclosure and ensuring the authenticity of data source
Necessity
Preventing data delays or denials (removal)
Integrity
Preventing unauthorized data modification
Security Policy
E-commerce security is at stake, the security breach will lead to information disclosure or other misuse of the information . E-commerce security policy must be clear confidentiality, integrity, non-repudiation requirements.
There are three primary characteristics of a good security policy: Most important, the policy must be enforceable and it must apply to everyone. The policy must be capable of being implemented through system administration procedures and through the publication of acceptable-use guidelines or other appropriate methods.
4 steps process creating a security policy
Step 1: Review Your Security Architecture and Establish Your Desired Security State
Step 2: Conduct a Physical and Logical Review of Your IT Security Components
Step 3: Assemble a Data Security Team and Start Assigning Responsibilities
Step 4: Align Your IT Security Components with Your Business’ Goals
