SlideShare una empresa de Scribd logo

Maloney slides

Descargar como PPTX, PDF
Onkar Sule
Onkar Sule
TecnologíaEmpresariales
1 de 27
Security and International E-Commerce Jim Maloney jmaloney@SecurityPortal.com November 2000 SecurityPortal The focal point for security on the Net™
Agenda  Security and e-commerce  Security defined  General security threats to e-commerce  International security issues  Key elements of a security solution  Recommended security approach  Summary 2 Copyright 2000 Security Portal, Inc. All rights reserved.
Why is security important for E-Commerce? Increased E-Business Opportunities Increased Exposure, Threats, Vulnerabilities, Privacy Concerns Ubiquitous Customer- Sophisticated Internet Centric Business Applications Models Increased Expanded ASP Tech- Mobile Bandwidth Access Delivery Savvy Society Model Culture 3 Copyright 2000 Security Portal, Inc. All rights reserved.
Old economy view of security  In the “Old Economy” computing security was often viewed as a discretionary element of the business  The focus was on protection of information systems and data 4 Copyright 2000 Security Portal, Inc. All rights reserved.
New economy view of security  In the “New Economy” computing security is viewed as a strategic element of the business  The focus is on enabling new ways of doing business and value creation  And from a protection perspective, security is now protecting the entire business, not just its information systems 5 Copyright 2000 Security Portal, Inc. All rights reserved.
A working definition of security  Confidentiality – the protection of private data on hosts or in transit  Integrity - the system does not corrupt information or allow unauthorized malicious or accidental changes to information  Availability - the computer system’s hardware and software keeps working efficiently and the system is able to recover quickly and completely if a disaster occurs  Accountability - the ability to determine who is responsible for the result of an action 6 Copyright 2000 Security Portal, Inc. All rights reserved.
General security threats to e-commerce  Web site defacement  Denial of service  Theft of customer data  Theft of intellectual property  Sabotage of data or networks  Financial fraud 7 Copyright 2000 Security Portal, Inc. All rights reserved.
Resulting business impact  Lack of consumer confidence if there are any real or perceived security issues  Loss of profits due to last minute security implementations  Damage to image and reputation if you have a visible security incident  Bankruptcy if the majority of your business transactions occur online  Benefits to competitors if your level of security is perceived to be inadequate 8 Copyright 2000 Security Portal, Inc. All rights reserved.
International security issues  Regulations and policies  Education and awareness  Cultural norms  Access modes  Local government stance on cyber crime 9 Copyright 2000 Security Portal, Inc. All rights reserved.
Regulations and policies  Encryption laws vary greatly from country to country. This can impact both the availability and use of the appropriate technology.  http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm  Privacy and consumer protection laws also vary greatly from country to country. These laws control how personal data can be used and shared. Can lead to substantial fines if violations occur.  http://www.gilc.org/privacy/survey 10 Copyright 2000 Security Portal, Inc. All rights reserved.
Education and awareness  While malicious, external security attacks get most of the publicity, it is often employee mistakes and oversights that cause security issues  Security awareness education for all employees, and specific training for your IT team, can be an excellent defense for both internal and external incidents  A recent survey showed that 86% of Shanghai’s networks had security products installed, but less that 2% of the network professionals actually knew how to protect their networks from intruders 11 Copyright 2000 Security Portal, Inc. All rights reserved.
Cultural norms  Limited work hours for support and emergency response services  Being “on-call”  Multi-shift operations (24/7)  History of not protecting intellectual property  Electronic documents  Software  CDs and DVDs 12 Copyright 2000 Security Portal, Inc. All rights reserved.
Access modes  There is a rapid increase in the number of users accessing the internet via wireless devices such as cell phones  In addition to their small size, portable wireless devices have limited processing power, limited memory and a limited power supply  These characteristics lead to several security challenges 13 Copyright 2000 Security Portal, Inc. All rights reserved.
Access modes – continued  With very limited keyboards and screens, cell phones and handhelds will require new authentication schemes to replace user names and passwords  New schemes may include screen-based biometrics, embedded certificates, hardware tokens, web cookies and PINs  These devices are viewed as likely platforms for viruses that can be carried from network to network without detection 14 Copyright 2000 Security Portal, Inc. All rights reserved.
Access modes - continued  Data moving through air is vulnerable to interception using relatively inexpensive equipment  The portability of these devices increases the need for physical security and authentication 15 Copyright 2000 Security Portal, Inc. All rights reserved.
Local government stance on cyber crime  Singapore – Very detailed statutes regarding penalties for criminal hacking  Brazil – No special laws against cyber crime (and a very active hacking community)  The Philippines had no anti-hacking laws until the “Lovebug” virus was traced back to their country  Interpol is working to establish international standards for cyber crime legislation  http://www.mossbyrett.of.no/info/legal.html 16 Copyright 2000 Security Portal, Inc. All rights reserved.
Asia/Pacific perspective  Factors accelerating adoption of security  Growth of e-commerce in this region  Government initiatives supporting security  Recognition of the need for security guidelines, regulations and products that enable interoperability 17 Copyright 2000 Security Portal, Inc. All rights reserved.
Asia/Pacific perspective - continued  Factors inhibiting the adoption of security  Lack of integrated security solutions that can span systems and regions  Lack of awareness of security issues and solutions 18 Copyright 2000 Security Portal, Inc. All rights reserved.
Security is more than technology Anticipate People Process Respond Monitor Technology Defend 19 Copyright 2000 Security Portal, Inc. All rights reserved.
Security is an attribute, not a component User Interface App App App App Application Development Environment Information Management System Management and Security Distribution Services Network & Networking Services Hardware & Operating System 20 Copyright 2000 Security Portal, Inc. All rights reserved.
General security approach  Develop accurate and complete policies that span the supply chain  Make sure that all employees understand the importance of computing security  Define clear roles and responsibilities for e- commerce security  Perform regular audits, reviews and assessments of security  Don’t ignore the physical security of your systems 21 Copyright 2000 Security Portal, Inc. All rights reserved.
General security approach - continued  Implement and maintain a set of baseline controls for your e-commerce system  Implement user ID and authentication via strong passwords, secure tokens or biometrics  Have backup and recovery plans in place 22 Copyright 2000 Security Portal, Inc. All rights reserved.
Secure web site development tips  Include security as part of requirements gathering  Include security as part of the architecture  Be careful with embedded components  Never trust incoming data  Provide help to users  Use code reviews  Be aware of privacy and encryption laws  Stay up-to-date on new risks, threat and vulnerabilities  Document your security solution 23 Copyright 2000 Security Portal, Inc. All rights reserved.
Secure web site development references  Recent articles on SecurityPortal: Best Practices for Secure Web Development (parts I and II)  Web Security & Commerce (O'Reilly Nutshell) by Simson Garfinkel, Gene Spafford  Web Security: A Step-by-Step Reference Guide by Lincoln D. Stein 24 Copyright 2000 Security Portal, Inc. All rights reserved.
Summary  Security is a critical enabler for e-commerce  The negative impact of poor security can be substantial  Many of the issues and solutions regarding secure international e-commerce are people and process related, not technical  Security is a key attribute of a system that must be designed in, not added on later  Maintaining a secure web site requires continuous vigilance 25 Copyright 2000 Security Portal, Inc. All rights reserved.
Bibliography  E-Business Security: An Essential Element in the Post-Year 2000 World. Gartner Group Research Report, April 17, 2000.  The Net Present Value of Security. AtomicTangerine Special Report, October 11, 2000.  International Ecommerce. SecurityPortal cover story, November 5, 2000.  Information Security: The E-Commerce Driver. Dataquest Market Analysis, January 10, 2000.  E-Business Impact on Security Technology and Practices. Gartner Group Research Note, November 11, 1999.  Security Services in the Connected Age: From the basement to the boardroom. Gartner Group Market Analysis, July 4, 2000. 26 Copyright 2000 Security Portal, Inc. All rights reserved.
Bibliography - Continued  Shanghai to Enhance Information Security. http://www.nikkeibp.asiabiztech.com, February 15, 2000.  Wireless Security: Locking Down the Wavelengths. Information Security Magazine, October 2000.  Do Handhelds Need Virus Protection? PCWorld.com, June 29, 2000.  Best Practices for Secure Web Development. http://securityportal.com/cover/coverstory20001030.html, October 30, 2000.  Best Practices for Secure Web Development: Technical Details. http://securityportal.com/articles/webdev20001103.html, November 10, 2000. 27 Copyright 2000 Security Portal, Inc. All rights reserved.

Recomendados

Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 

Recomendados

Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017japijapi
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsNarinrit Prem-apiwathanokul
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...TI Safe
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyAndris Soroka
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldWTHS
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small BusinessJulius Clark, CISSP, CISA
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of securitySouthern Cross Group Services
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisTI Safe
 
I walden
I waldenI walden
I waldenOnkar Sule
 
Ecommerce (2)
Ecommerce (2)Ecommerce (2)
Ecommerce (2)Onkar Sule
 
Nordin malaysia
Nordin malaysiaNordin malaysia
Nordin malaysiaOnkar Sule
 
Ecommerce2
Ecommerce2Ecommerce2
Ecommerce2Onkar Sule
 

Más contenido relacionado

La actualidad más candente

Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017japijapi
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...TI Safe
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyAndris Soroka
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldWTHS
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisTI Safe
 

La actualidad más candente (18)

Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile world
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
 

Destacado

Nordin malaysia
Nordin malaysiaNordin malaysia
Nordin malaysiaOnkar Sule
 
Understanding e commerce
Understanding e commerceUnderstanding e commerce
Understanding e commerceOnkar Sule
 
E commerce052503
E commerce052503E commerce052503
E commerce052503Onkar Sule
 
Introduction to ecommerce
Introduction to ecommerceIntroduction to ecommerce
Introduction to ecommerceOnkar Sule
 
E commerce (1)
E commerce (1)E commerce (1)
E commerce (1)Onkar Sule
 
Ecommerce overview
Ecommerce overviewEcommerce overview
Ecommerce overviewOnkar Sule
 

Destacado (20)

I walden
I waldenI walden
I walden
 
Ecommerce (2)
Ecommerce (2)Ecommerce (2)
Ecommerce (2)
 
Nordin malaysia
Nordin malaysiaNordin malaysia
Nordin malaysia
 
Ecommerce2
Ecommerce2Ecommerce2
Ecommerce2
 
Conklin
ConklinConklin
Conklin
 
Understanding e commerce
Understanding e commerceUnderstanding e commerce
Understanding e commerce
 
Ecommerce (1)
Ecommerce (1)Ecommerce (1)
Ecommerce (1)
 
Conklin
ConklinConklin
Conklin
 
E commerce052503
E commerce052503E commerce052503
E commerce052503
 
Part i
Part iPart i
Part i
 
Introduction to ecommerce
Introduction to ecommerceIntroduction to ecommerce
Introduction to ecommerce
 
E commerce (1)
E commerce (1)E commerce (1)
E commerce (1)
 
Ecommerce overview
Ecommerce overviewEcommerce overview
Ecommerce overview
 
I walden
I waldenI walden
I walden
 
Tisc99keynote
Tisc99keynoteTisc99keynote
Tisc99keynote
 
Overview
OverviewOverview
Overview
 
E commerce
E commerceE commerce
E commerce
 
Hengesbaugh
HengesbaughHengesbaugh
Hengesbaugh
 
Ec elim purch
Ec elim purchEc elim purch
Ec elim purch
 
It act ppt ( 1111)
It act ppt ( 1111)It act ppt ( 1111)
It act ppt ( 1111)
 

Similar a Maloney slides

Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxJordanKinobe1
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developerstechtutorus
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveAvinantaTarigan
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsSyam Madanapalli
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 

Similar a Maloney slides (20)

Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
Cyber Security.pptx
Cyber Security.pptxCyber Security.pptx
Cyber Security.pptx
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protection
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 

Más de Onkar Sule

Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004Onkar Sule
 
A realistic look at e commerce
A realistic look at e commerceA realistic look at e commerce
A realistic look at e commerceOnkar Sule
 
Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004Onkar Sule
 
Security concerns-with-e-commerce
Security concerns-with-e-commerceSecurity concerns-with-e-commerce
Security concerns-with-e-commerceOnkar Sule
 
Information technology-act 2000
Information technology-act 2000Information technology-act 2000
Information technology-act 2000Onkar Sule
 
Types of letters 8-11
Types of letters 8-11Types of letters 8-11
Types of letters 8-11Onkar Sule
 
Oral communication
Oral communicationOral communication
Oral communicationOnkar Sule
 
Memos and emails
Memos and emailsMemos and emails
Memos and emailsOnkar Sule
 
Management of oral and written communication
Management of oral and written communicationManagement of oral and written communication
Management of oral and written communicationOnkar Sule
 

Más de Onkar Sule (11)

Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004
 
A realistic look at e commerce
A realistic look at e commerceA realistic look at e commerce
A realistic look at e commerce
 
Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004
 
Security concerns-with-e-commerce
Security concerns-with-e-commerceSecurity concerns-with-e-commerce
Security concerns-with-e-commerce
 
Information technology-act 2000
Information technology-act 2000Information technology-act 2000
Information technology-act 2000
 
Types of letters 8-11
Types of letters 8-11Types of letters 8-11
Types of letters 8-11
 
Oral communication
Oral communicationOral communication
Oral communication
 
Message 1
Message 1Message 1
Message 1
 
Memos and emails
Memos and emailsMemos and emails
Memos and emails
 
Management of oral and written communication
Management of oral and written communicationManagement of oral and written communication
Management of oral and written communication
 
Life
LifeLife
Life
 

Último

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Último (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Maloney slides

  • 1. Security and International E-Commerce Jim Maloney jmaloney@SecurityPortal.com November 2000 SecurityPortal The focal point for security on the Net™
  • 2. Agenda  Security and e-commerce  Security defined  General security threats to e-commerce  International security issues  Key elements of a security solution  Recommended security approach  Summary 2 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 3. Why is security important for E-Commerce? Increased E-Business Opportunities Increased Exposure, Threats, Vulnerabilities, Privacy Concerns Ubiquitous Customer- Sophisticated Internet Centric Business Applications Models Increased Expanded ASP Tech- Mobile Bandwidth Access Delivery Savvy Society Model Culture 3 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 4. Old economy view of security  In the “Old Economy” computing security was often viewed as a discretionary element of the business  The focus was on protection of information systems and data 4 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 5. New economy view of security  In the “New Economy” computing security is viewed as a strategic element of the business  The focus is on enabling new ways of doing business and value creation  And from a protection perspective, security is now protecting the entire business, not just its information systems 5 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 6. A working definition of security  Confidentiality – the protection of private data on hosts or in transit  Integrity - the system does not corrupt information or allow unauthorized malicious or accidental changes to information  Availability - the computer system’s hardware and software keeps working efficiently and the system is able to recover quickly and completely if a disaster occurs  Accountability - the ability to determine who is responsible for the result of an action 6 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 7. General security threats to e-commerce  Web site defacement  Denial of service  Theft of customer data  Theft of intellectual property  Sabotage of data or networks  Financial fraud 7 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 8. Resulting business impact  Lack of consumer confidence if there are any real or perceived security issues  Loss of profits due to last minute security implementations  Damage to image and reputation if you have a visible security incident  Bankruptcy if the majority of your business transactions occur online  Benefits to competitors if your level of security is perceived to be inadequate 8 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 9. International security issues  Regulations and policies  Education and awareness  Cultural norms  Access modes  Local government stance on cyber crime 9 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 10. Regulations and policies  Encryption laws vary greatly from country to country. This can impact both the availability and use of the appropriate technology.  http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm  Privacy and consumer protection laws also vary greatly from country to country. These laws control how personal data can be used and shared. Can lead to substantial fines if violations occur.  http://www.gilc.org/privacy/survey 10 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 11. Education and awareness  While malicious, external security attacks get most of the publicity, it is often employee mistakes and oversights that cause security issues  Security awareness education for all employees, and specific training for your IT team, can be an excellent defense for both internal and external incidents  A recent survey showed that 86% of Shanghai’s networks had security products installed, but less that 2% of the network professionals actually knew how to protect their networks from intruders 11 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 12. Cultural norms  Limited work hours for support and emergency response services  Being “on-call”  Multi-shift operations (24/7)  History of not protecting intellectual property  Electronic documents  Software  CDs and DVDs 12 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 13. Access modes  There is a rapid increase in the number of users accessing the internet via wireless devices such as cell phones  In addition to their small size, portable wireless devices have limited processing power, limited memory and a limited power supply  These characteristics lead to several security challenges 13 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 14. Access modes – continued  With very limited keyboards and screens, cell phones and handhelds will require new authentication schemes to replace user names and passwords  New schemes may include screen-based biometrics, embedded certificates, hardware tokens, web cookies and PINs  These devices are viewed as likely platforms for viruses that can be carried from network to network without detection 14 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 15. Access modes - continued  Data moving through air is vulnerable to interception using relatively inexpensive equipment  The portability of these devices increases the need for physical security and authentication 15 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 16. Local government stance on cyber crime  Singapore – Very detailed statutes regarding penalties for criminal hacking  Brazil – No special laws against cyber crime (and a very active hacking community)  The Philippines had no anti-hacking laws until the “Lovebug” virus was traced back to their country  Interpol is working to establish international standards for cyber crime legislation  http://www.mossbyrett.of.no/info/legal.html 16 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 17. Asia/Pacific perspective  Factors accelerating adoption of security  Growth of e-commerce in this region  Government initiatives supporting security  Recognition of the need for security guidelines, regulations and products that enable interoperability 17 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 18. Asia/Pacific perspective - continued  Factors inhibiting the adoption of security  Lack of integrated security solutions that can span systems and regions  Lack of awareness of security issues and solutions 18 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 19. Security is more than technology Anticipate People Process Respond Monitor Technology Defend 19 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 20. Security is an attribute, not a component User Interface App App App App Application Development Environment Information Management System Management and Security Distribution Services Network & Networking Services Hardware & Operating System 20 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 21. General security approach  Develop accurate and complete policies that span the supply chain  Make sure that all employees understand the importance of computing security  Define clear roles and responsibilities for e- commerce security  Perform regular audits, reviews and assessments of security  Don’t ignore the physical security of your systems 21 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 22. General security approach - continued  Implement and maintain a set of baseline controls for your e-commerce system  Implement user ID and authentication via strong passwords, secure tokens or biometrics  Have backup and recovery plans in place 22 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 23. Secure web site development tips  Include security as part of requirements gathering  Include security as part of the architecture  Be careful with embedded components  Never trust incoming data  Provide help to users  Use code reviews  Be aware of privacy and encryption laws  Stay up-to-date on new risks, threat and vulnerabilities  Document your security solution 23 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 24. Secure web site development references  Recent articles on SecurityPortal: Best Practices for Secure Web Development (parts I and II)  Web Security & Commerce (O'Reilly Nutshell) by Simson Garfinkel, Gene Spafford  Web Security: A Step-by-Step Reference Guide by Lincoln D. Stein 24 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 25. Summary  Security is a critical enabler for e-commerce  The negative impact of poor security can be substantial  Many of the issues and solutions regarding secure international e-commerce are people and process related, not technical  Security is a key attribute of a system that must be designed in, not added on later  Maintaining a secure web site requires continuous vigilance 25 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 26. Bibliography  E-Business Security: An Essential Element in the Post-Year 2000 World. Gartner Group Research Report, April 17, 2000.  The Net Present Value of Security. AtomicTangerine Special Report, October 11, 2000.  International Ecommerce. SecurityPortal cover story, November 5, 2000.  Information Security: The E-Commerce Driver. Dataquest Market Analysis, January 10, 2000.  E-Business Impact on Security Technology and Practices. Gartner Group Research Note, November 11, 1999.  Security Services in the Connected Age: From the basement to the boardroom. Gartner Group Market Analysis, July 4, 2000. 26 Copyright 2000 Security Portal, Inc. All rights reserved.
  • 27. Bibliography - Continued  Shanghai to Enhance Information Security. http://www.nikkeibp.asiabiztech.com, February 15, 2000.  Wireless Security: Locking Down the Wavelengths. Information Security Magazine, October 2000.  Do Handhelds Need Virus Protection? PCWorld.com, June 29, 2000.  Best Practices for Secure Web Development. http://securityportal.com/cover/coverstory20001030.html, October 30, 2000.  Best Practices for Secure Web Development: Technical Details. http://securityportal.com/articles/webdev20001103.html, November 10, 2000. 27 Copyright 2000 Security Portal, Inc. All rights reserved.