Chapter 5

1.      Why is it less risky to steal online? Explain some of the ways criminals deceive consumers and merchants.

dIt is less risky to steal online because the Internet makes it possible to rob people remotely and almost anonymously.  A few of the ways criminals deceive consumers and merchants are by Trojans, phishing, data theft, or identity theft.

2.      Give an example of security breaches as they relate to each of the six dimensions of
e-commerce security. For instance, what would be a privacy incident?

Integrity (ability to ensure that information being displayed on a Web site or transmitted or received over the Internet has not been altered in any way by an unauthorized party), Non repudiation (the ability to ensure that e-commerce participants do not deny their online actions), and Authenticity (the ability to identify the identity of a person or entity with whom you are dealing on the Internet).

3.      How would you protect your firm against a Denial of Service attack?

I would protect my firm against a Denial of Service attack by assigning a duty to part of my company to watch for these attacks to start coming in and block them immediately.

4.      How does spoofing threaten a Web site’s operations?

Spoofing threatens a Web site's operations by for ex if hackers redirect customers to a fake Web site they can then collect and process orders, effectively stealing business from the true site.

5.      What are some of the steps a company can take to curtail cybercriminal activity from within a business?

Some steps a company can take to curtail cybercriminal activity from within a business by using firewalls or a proxy server so that they will be caught before they're able to destroy everything.

6.      Identify and discuss the five steps in developing an e-commerce security plan.

Five steps in developing an e-commerce security plan is perform a risk assessment (an assessment of the risks and points of vulnerability), develop a security policy (a set of statements prioritizing the information risks, identifying acceptable risk targets, and identifying the mechanisms for achieving these targets), develop an implementation plan (the action steps you will take to achieve the security plan goals), create a security organization (educates and trains users, keeps management aware of security threats and breakdowns, and maintains the tools chosen to implement security), and perform a security audit (which involves the routine review of access logs).

7.      What are tiger teams, who uses them, and what are some of the tactics they use in their work?

 Tiger teams are groups of hackers that are used by corporate security departments to test their own security measures. White hats are the good hackers who help organizations locate and fix security flaws.  Black hats are hackers who act with the intention of causing harm,  Grey hats are hackers who believe they are perusing some greater good by breaking in and revealing system flaws.

8.      How do the interests of the four major payment systems stakeholders impact each other?

The interests of the four major payment systems stakeholders impact each other because the stakeholders may have different preferences with respect to the different dimensions.  The main stakeholders in payment systems are consumers, merchants, financial intermediaries, and government regulators.