《电子商务英语》（英文版）Chapter 11 E-Commerce Security

Security Is Everyone's Business National cyber Security Division(NCSD) A division of the department of Homeland Security charged with implementing U.S cyberspace security strategy Electronic Commerc Prentice Hall 2006

Electronic Commerce Prentice Hall © 2006 6 Security Is Everyone’s Business National Cyber Security Division (NCSD) A division of the Department of Homeland Security charged with implementing U.S. cyberspace security strategy

Basic security Issues What kinds of security questions arise? From the users perspective How can the user be sure that the web server is owned and operated by a legitimate company? How does the user know that the Web page and form do not contain some malicious or dangerous code or content How does the user know that the owner of the Web site will not distribute the information the user provides to some other party? Electronic Commerc Prentice Hall 2006

Electronic Commerce Prentice Hall © 2006 7 Basic Security Issues • What kinds of security questions arise? – From the user’s perspective: • How can the user be sure that the Web server is owned and operated by a legitimate company? • How does the user know that the Web page and form do not contain some malicious or dangerous code or content? • How does the user know that the owner of the Web site will not distribute the information the user provides to some other party?

Basic security Issues What kinds of security questions arise? From the companys perspective How does the company know the user will not attempt to break into the Web server or alter the pages and content at the site? How does the company know that the user will not try to disrupt the server so that it is not available to others? Electronic Commerc Prentice Hall 2006

Electronic Commerce Prentice Hall © 2006 8 Basic Security Issues • What kinds of security questions arise? – From the company’s perspective: • How does the company know the user will not attempt to break into the Web server or alter the pages and content at the site? • How does the company know that the user will not try to disrupt the server so that it is not available to others?

Basic security Issues What kinds of security questions arise? From both parties' perspectives How do both parties know that the network connection is free from eavesdropping by a third party "listening on the line? How do they know that the information sent back and-forth between the server and the users browser has not been altered? Electronic Commerc Prentice Hall 2006

Electronic Commerce Prentice Hall © 2006 9 Basic Security Issues • What kinds of security questions arise? – From both parties’ perspectives: • How do both parties know that the network connection is free from eavesdropping by a third party “listening” on the line? • How do they know that the information sent back￾and-forth between the server and the user’s browser has not been altered?

Basic security Issues authentication The process by which one entity verifies that another entity is who he, she, or it claims to be authorization The process that ensures that a person has the right to access certain resources auditing The process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions Electronic Commerc Prentice Hall 2006

Electronic Commerce Prentice Hall © 2006 10 Basic Security Issues authentication The process by which one entity verifies that another entity is who he, she, or it claims to be authorization The process that ensures that a person has the right to access certain resources auditing The process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions