Home ●  Calendar ●  Print

Omar manages the IT department of his company. He knows that it is not realistic to have a 100% secure web site and Internet connection. Omar realizes, however, that there are many steps he can take to get an acceptable level of security for his business. He had hoped that the modern firewall would have been enough to keep hackers out.

However, one of his staff learned that an e-mail to a regular customer had been tampered with and some important figures changed. His immediate thoughts were that a competitor or disgruntled employee might have been the culprit.

Omar wants to address this breach of security immediately. If he loses the trust he has built up with his customers it will do serious damage to his company.

Objectives

Omar wants to make an informed decision quickly and has asked you and your colleague to identify ways he can improve security, especially in relation to e-mail. He has asked you to keep him informed about your findings as he may have discover other things for you to research for him. You will need to understand components of Internet security and write a report on your findings.

Instructions

You will be expected to produce a report that details recommendations on securing the business.

1. Find out some background research into why it important part of securing a web site. You will find it of benefit to conduct an interview with an outside company to understand these issues.

Describe and discuss the differences between online and off-line businesses in terms of security and access to information.

Evaluate these differences and assess them as risk factors
Explain the importance of maintaining secure systems.

As an example describe what may happen if an e-business is affected by a virus. Use some real life examples of damage caused.

Explain and evaluate the common internet standards and protocols for the internet and web applications.

Describe why physical protection for computers is important for an e-business.

Identify physical and software access control

Examine the development of biometric software and its impact on e-businesses
2. Find out the profile of the most common type of hackers. It may help to understand the type of people and why they want to hack into your site.
3. Research digital certificates and digital encryption in detail. What are they and how do they work.
4. Sign up for a free trial of a digital certificate and/or an encrypted service of some kind and use this as a practical example for your manager to see it work in action.

Time Frame

This project will be 3 weeks long. It will start on Week 9 of the semester and will end on the Week 12.

Deliverables

Resources

Assessment

To pass, your report must have the following evidence and your report covers these issues:

1. Describe and discuss the differences between online and off-line businesses in terms of security and access to information
2. Evaluate these differences and assess them as risk factors
3. Explain the importance of maintaining secure systems.
4. As an example describe what may happen if an e-business is affected by a virus. Use some real life examples of damage caused.
5. Explain and evaluate the common internet standards and protocols for the internet and web applications.
6. Describe why physical protection for computers is important for an e-business
7. Identify physical and software access control
8. Examine the development of biometric software and its impact on e-businesses
9. The report's recommendations to Omar are prioritized, clearly backed up and linked to specific points in the body of the report, and convincing.
10. The report is written in context of the business.
11. Student provides an informed insight into the areas of Firewalls, Hackers, Encryption, and Digital Signatures / Certificate
12. Signposts that may indicate depth of research are: real life examples of security breaches are used to support and clarify areas; Details of firewalls are given including software and hardware; weaknesses in various operating systems are mentioned; Physical computer security measures are detailed.

Learning Outcomes:

Unit 27 Security for E-Business (HND E-Business):

1. Describe the major security concerns and identify important legal issues with regard to e-business.
2. Identify the risks of insecure systems.
3. Explain common internet standards and protocols.
4. Understand the components of good e-business security.

BTEC Content Areas

Major security concerns and important legal issues

Background: e-business security focusing on protecting systems and information; companies open their information systems to other businesses and to the public to exchange information, provide information, increase sales and allow transactions to take place; resulting vulnerability of business to security breaches.
Security principles: confidentiality – knowing who can read data and ensuring that information remains private; authentication – making sure that people (suppliers/customers/official representatives) are who they say they are; integrity – making sure information is not accidentally or deliberately altered or corrupted; access control– restricting the use of resources to authorised sources; non-repudiation – ensuring that records/audit trails are maintained to ensure that denial of communications is not possible;firewalls – a filter between corporate networks and the internet to secure corporate information and files from intruders.
Other concerns: privacy – the ability to control who can see certain information; level of security – establishing good security policies and practices which are sufficient yet do not adversely affect business/transactions being undertaken; upgrades – as the number of risks increase then the level (or version) of e.g. virus checkers, firewalls should be updated; legal issues – Data Protection Act 1998, domain name registration, forming an electronic contract, making and accepting payments, authenticating contracts concluded over the internet, email risks, spam, defamation, intellectual property (patents, trademarks, copyright), advertising.

Risks of insecure systems

Threats: hacking – a person who, without permission, accesses an information system resource; website defacement – the change or replacement of web pages with nonapproved content; viruses – a malicious program that spreads among computers and can cause varying degrees of damage; denial of service – results when, due to hectic malicious activity, and organisation cannot serve its clients; spoofing – mechanism that allows traffic from a legitimate site to be redirected to a bogus site.

Common internet standards and protocols

Security standards: implemented in various e-business technologies to ensure business confidence in the e-business world, to counter the threats as mentioned above and encourage long-term trust in e-business; security for web applications (SSL and S-HTTP), security for e-commerce transactions (SET), security for email (PGP, S/MIME) The components of good e-business security.
Components: physical protection for computers, network systems management, email control security, networks security, firewalls, encryption, antivirus software, incident handling, digital certificates, strong authentication, access control (physical and non-physical), audit and tracing software, backup and disaster recovery, biometric software, wireless communications security.