what is the first step in developing an e-commerce security plan

5 steps in Developing an E-commerce Security Plan

1. Perform a risk assessment
2. Develop a security policy
3. Develop an implementation plan
4. create a security organization
5. perform a security audit

The Role of Laws and Public Policy

New laws have granted local and national authorities new tools and mechanisms for identifying, tracing and prosecuting cybercriminals

National Infrastructure Protection Center – unit within FBI whose mission is to identify and combat threats against U.S. technology and telecommunications infrastructure

USA Patriot Act

Homeland Security Act

Government policies and controls on encryption software

Typically, the more security measures added to an e-commerce site, the slower and more difficult it becomes to use.
TRUE

A worm does not need to be activated by a user in order for it to replicate itself.
TRUE

A Trojan horse appears to be benign, but then does something other than expected.
TRUE

Phishing attacks rely on browser parasites.
FALSE

Spoofing involves attempting to hide a true identity by using someone else's e-mail or IP address.
FALSE

The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software.
TRUE

Credit cards are the dominant form of online payment throughout the world.
FALSE

In the United States, the primary form of online payment is: A) PayPal.
B) credit cards.
C) debit cards.
D) Google Wallet.
B

________ refers to the ability to ensure that e-commerce participants do not deny their online actions.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
A

________ refers to the ability to identify the person or entity with whom you are dealing on the Internet.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
B

Which of the following is an example of an integrity violation of e-commerce security?
A) A Web site is not actually operated by the entity the customer believes it to be.
B) A merchant uses customer information in a manner not intended by the customer.
C) A customer denies that he or she is the person who placed the order.
D) An unauthorized person intercepts an online communication and changes its contents.
D

An example of a privacy violation of e-commerce security is:
A) your e-mail being read by a hacker.
B) your online purchasing history being sold to other merchants without your consent.
C) your computer being used as part of a botnet.
D) your e-mail being altered by a hacker.
B

________ refers to the ability to ensure that messages and data are only available to those authorized to view them.
A) Confidentiality
B) Integrity
C) Privacy
D) Availability
A

Which of the following is not a key point of vulnerability when dealing with e-commerce?
A) the client computer
B) the server
C) the communications pipeline
D) the credit card companies
D

Accessing data without authorization on Dropbox is an example of which of the following?
A) social network security issue
B) cloud security issue
C) mobile platform security issue
D) sniffing
B

Most of the world's malware is delivered via which of the following?
A) botnets
B) Trojan horses
C) viruses
D) worms
B

Which of the following is the leading cause of data breaches?
A) theft of a computer
B) accidental disclosures
C) hackers
D) DDoS attacks
C

All of the following are examples of malicious code except:
A) worms
B) viruses
C) sniffers
D) bots
C

All of the following statements about public key encryption are true except
A) public key encryption uses two mathematically related digital keys.
B) public key encryption ensures authentication of the sender.
C) public key encryption does not ensure message integrity.
D) public key encryption is based on the idea of irreversible mathematical functions.
B

Which of the following is the current standard used to protect Wi-Fi networks?
A) WEP
B) TLS
C) WPA2
D) WPA3
C

Which of the following dimensions of e-commerce security is not provided for by encryption?
A) confidentiality
B) availability
C) message integrity
D) nonrepudiation
B

A ________ is hardware or software that acts as a filter to prevent unwanted packets from entering a network.
A) firewall
B) virtual private network
C) proxy server
D) PPTP
A

What is the first step in developing an e-commerce security plan?
A) Create a security organization.
B) Develop a security policy.
C) Perform a risk assessment.
D) Perform a security audit.
C

Paypal is an example of what type of payment system?
A) digital checking system
B) accumulating balance system
C) online stored value payment system
D) digital credit card system
C

________ relies on human curiosity, greed, and gullibility to trick people into taking action that will result in the downloading of malware.
social engineering

A fingerprint or retina (eye) scan is an example of ________.
biometrics

A(n) ________ is a feature of viruses, worms, and Trojans that allows an attacker to remotely access a compromised computer.
backdoor

Malicious code is sometimes also referred to as ________.
malware