Omar manages the IT department of his company. He knows that it is not realistic to have a 100% secure web site and Internet
connection. Omar realizes, however, that there are many steps he can take to get an acceptable level of security for his business. He had hoped that the modern firewall would have been enough to keep hackers out.
However, one of his staff learned that an e-mail to a regular customer had been tampered with and some important figures changed. His immediate thoughts were that a competitor or disgruntled employee might have been the culprit.
Omar wants to address this breach of security immediately. If he loses the trust he has built up with his customers it will do serious damage to his company.
Omar wants to make an informed decision quickly and has asked you and your colleague to identify ways he can improve security, especially in relation to e-mail. He has asked you to keep him informed about your findings as he may have discover other things for you to research for him. You will need to understand components of Internet security and write a report on your findings.
You will be expected to produce a report that details recommendations on securing the business.
|1.||Find out some background research into why it important part of securing a web site. You will find it of benefit to conduct an interview with an outside company to understand these issues.
Describe and discuss the differences between online and off-line businesses in terms of security and access to information.
Evaluate these differences and assess them as risk factors
Explain the importance of maintaining secure systems.
As an example describe what may happen if an e-business is affected by a virus. Use some real life examples of damage caused.
Explain and evaluate the common internet standards and protocols for the internet and web applications.
Describe why physical protection for computers is important for an e-business.
Identify physical and software access control
Examine the development of biometric software and its impact on e-businesses
|2.||Find out the profile of the most common type of hackers. It may help to understand the type of people and why they want to hack into your site.|
|3.||Research digital certificates and digital encryption in detail. What are they and how do they work.|
|4.||Sign up for a free trial of a digital certificate and/or an encrypted service of some kind and use this as a practical example for your manager to see it work in action.|
This project will be 3 weeks long. It will start on Week 9 of the semester and will end on the Week 12.
- A report in HTML format ( as a web page/site) that summarizes your findings and makes a recommendation to Omar on what you think he should do. Put the report on your web site. Ensure you cover the BTEC content areas in this project in your paper.
- If a web site is not available, please submit it as a Word document.
- Please ensure that it has been checked with SafeAssign through BB Vista
- Your instructor
- Students from other courses
- LRC / ILC center
To pass, your report must have the following evidence and your report covers these issues:
|1.||Describe and discuss the differences between online and off-line businesses in terms of security and access to information|
|2.||Evaluate these differences and assess them as risk factors|
|3.||Explain the importance of maintaining secure systems.|
|4.||As an example describe what may happen if an e-business is affected by a virus. Use some real life examples of damage caused.|
|5.||Explain and evaluate the common internet standards and protocols for the internet and web applications.|
|6.||Describe why physical protection for computers is important for an e-business|
|7.||Identify physical and software access control|
|8.||Examine the development of biometric software and its impact on e-businesses|
|9.||The report's recommendations to Omar are prioritized, clearly backed up and linked to specific points in the body of the report, and convincing.|
|10.||The report is written in context of the business.|
|11.||Student provides an informed insight into the areas of Firewalls, Hackers, Encryption, and Digital Signatures / Certificate|
|12.||Signposts that may indicate depth of research are: real life examples of security breaches are used to support and clarify areas; Details of firewalls are given including software and hardware; weaknesses in various operating systems are mentioned; Physical computer security measures are detailed.|
Unit 27 Security for E-Business (HND E-Business):
|1.||Describe the major security concerns and identify important legal issues with regard to e-business.|
|2.||Identify the risks of insecure systems.|
|3.||Explain common internet standards and protocols.|
|4.||Understand the components of good e-business security.|
Major security concerns and important legal issues
|Background:||e-business security focusing on protecting systems and information; companies open their information systems to other businesses and to the public to exchange information, provide information, increase sales and allow transactions to take place; resulting vulnerability of business to security breaches.|
|Security principles:||confidentiality – knowing who can read data and ensuring that information remains private; authentication – making sure that people (suppliers/customers/official representatives) are who they say they are; integrity – making sure information is not accidentally or deliberately altered or corrupted; access control– restricting the use of resources to authorised sources; non-repudiation – ensuring that records/audit trails are maintained to ensure that denial of communications is not possible;firewalls – a filter between corporate networks and the internet to secure corporate information and files from intruders.|
|Other concerns:||privacy – the ability to control who can see certain information; level of security – establishing good security policies and practices which are sufficient yet do not adversely affect business/transactions being undertaken; upgrades – as the number of risks increase then the level (or version) of e.g. virus checkers, firewalls should be updated; legal issues – Data Protection Act 1998, domain name registration, forming an electronic contract, making and accepting payments, authenticating contracts concluded over the internet, email risks, spam, defamation, intellectual property (patents, trademarks, copyright), advertising.|
Risks of insecure systems
|Threats:||hacking – a person who, without permission, accesses an information system resource; website defacement – the change or replacement of web pages with nonapproved content; viruses – a malicious program that spreads among computers and can cause varying degrees of damage; denial of service – results when, due to hectic malicious activity, and organisation cannot serve its clients; spoofing – mechanism that allows traffic from a legitimate site to be redirected to a bogus site.|
Common internet standards and protocols
|Security standards:||implemented in various e-business technologies to ensure business confidence in the e-business world, to counter the threats as mentioned above and encourage long-term trust in e-business; security for web applications (SSL and S-HTTP), security for e-commerce transactions (SET), security for email (PGP, S/MIME) The components of good e-business security.|
|Components:||physical protection for computers, network systems management, email control security, networks security, firewalls, encryption, antivirus software, incident handling, digital certificates, strong authentication, access control (physical and non-physical), audit and tracing software, backup and disaster recovery, biometric software, wireless communications security.|