Information Security Provisions

Q 1. What is E-Commerce and what are the key security concerns for doing business online?

Ans :     

E-commerce refers to online buying and selling of goods or services over internet. The key security concerns are

1. 1. 1. Privacy – The personal details are to be kept confidential by the merchants online.
      2. Integrity – There should be no tampering with the information shared by the buyer.
      3. Authentication – There should be proof of identification that buyer is real and also merchant needs to ensure that products are real.
      4. Non-repudiation – This is to ensure that message was indeed received.

Q 2. How do you maintain privacy online?

Ans:

1. 1. Ensure that the connections are secure which means that data is encrypted when sent over internet. E.g. using https connection instead of http.
   2. Do not click on unknown links or attachments.
   3. Block cookies and go for private browsing. Make sure you understand the privacy policy offered by the sites.
   4. Ensure you are protected by from malware by using virus protection software.
   5. Share minimum necessary information online esp. on social networking sites.

Q 3. How do you maintain integrity of data transferred over the net?

Ans:      

SSL–  SSL is Secure Sockets Layer which is standard security protocol to establish an encrypted link between a web server and a browser. This is to ensure data transmitted between browser and web site is encrypted. The presence of an SSL protocol and an encrypted session is indicated by the presence of the lock icon in the address bar.

PCI – Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

SET – Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over networks.

Firewall – firewall is a network security system that monitors and controls network traffic.It establishes a barrier between internal network and Internet based on predetermined security rules.

Q 4. How do you do authentication?

Ans:      

Digital Signature: A digital signature is a digital code that can be attached to an electronically transmitted message that uniquely identifies the sender.

Digital Certificate: Is a legal document issued by CA (Certification Authority like Verisign) that uniquely identifies the site.