Lesson 8 - Questions Flashcards
(6 cards)
Question 2: Explain why an e-commerce site might not want to report being the target of cybercriminals.
An e-commerce site might hesitate to report having been the target of cybercriminals for fear of losing the trust of consumers. For this reason, it is difficult to estimate the actual amount of cybercrime. Companies fear that if they reveal the full extent of the theft of proprietary information and financial fraud, legitimate customers will lose confidence in the e-marketing channel and will take their business back offline.
Question 3: Give an example of security breaches as they relate to each of the six dimensions of e-commerce security. For instance, what would be a privacy incident?
Integrity is the ability to ensure that information being displayed on a website or being transmitted/received over the Internet has not been altered in any way by an unauthorized party. An example of an integrity security breach would be an unauthorized person intercepting and redirecting a bank wire transfer into a different account.
Non-repudiation is the ability to ensure that e-commerce participants do not deny their online actions. An example of a repudiation incident would be a customer ordering merchandise online and later denying the purchase. The credit card issuer will usually side with the customer because the merchant has no legal proof that the customer ordered the merchandise.
Authenticity is the ability to identify the identity of a person or entity you are transacting with on the Internet. Spoofing is an example of an authenticity security breach, in which someone uses a fake email address, or poses as someone else. This can also involve redirecting a Web link to a different address.
Confidentiality is the ability to ensure that messages and data are available only to authorized viewers. Sniffing is a type of confidentiality breach in which a program is used to steal proprietary information on a network including email messages, company files, or confidential reports.
Privacy is the ability to control the use of personal information a customer provides to an e-commerce merchant. An example of such a breach is a hacker breaking into an e-commerce site and gaining access to credit card or other customer information. This violates the confidentiality of the data and also the privacy of the people who supplied the data.
Availability is the ability to ensure that an e-commerce site continues to function as intended. A DoS (Denial of Service) attack is an availability security breach in which hackers flood a website with useless traffic that causes it to shut down, making it impossible for users to access the site.
Question 4: How would you protect your firm against a Denial of Service attack?
DoS is a critical technical attack that can harm e-commerce systems and networks. DoS refers to flooding a website with useless pings and/or page requests to inundate and overwhelm the network and therefore increase the risk that it will shut down. Such an attack can harm the firm’s business in terms of missed sales, lack of response and customer service, and damaged reputation. To protect against DoS attacks, it is important to increase the redundancy of the network’s servers. Firewalls and proxy servers that filter communications directed at servers should also be used.
Question 6: How does spoofing threaten a website’s operations?
Spoofing can redirect customers to a knock-off website where they are fooled into completing an online order with a fraudulent company, or company different from the one they intended to do business. In this way, business can be stolen away from a site. Spoof hackers can also alter orders by inflating them or changing the products ordered. These orders can then be sent on to the original site for processing and delivery. Customers will become irate at the poor customer service and will take their business elsewhere. Huge inventory fluctuations caused by these actions can also significantly harm operations.
Question 7: Why is adware or spyware considered to be a security threat?
Spyware programs can be used to obtain information such as user’s keystrokes, copies of e- mails and messages, as well as private and confidential data such as passwords. Adware causes pop-up ads to be displayed when the user calls a web page. Both spyware and adware are considered to be security threats because they are covertly placed on web users’ computers, where they then collect and distribute private personal information.
Question 8: What are some of the steps a company can take to curtail cybercriminal activity from within a business?
One measure a company can take is to implement access controls to determine which insiders can gain access to the firm’s networks. Insider access controls typically consist of login procedures using usernames, passwords, and access codes. Authorization management systems regulate where and when a user is permitted to access certain parts of a website. Entry rules are established up front for each user, and the authorization management system “knows” who is permitted to go where at all times. The authorization management system encrypts a user session and functions like a passkey following a user from page to page and only allowing access to areas where the user has been granted permission based on data that has been entered in the system database.
