Thursday, 31 January 2008

Security Report.

Security Report
Natasha Dillow

E-commerce is shopping over the internet. It may be to buy goods or a service.
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing, which is when your details are taken and used to hack your account.
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
There are several threats to a company/person using the computer and internet. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers. However, anti-virus software is getting worse, according to the German computing magazine c’t. They studied 17 different pieces of anti-virus software and found that most of them could not track newer viruses as the creators are getting better at disguising them. Anti-virus software needs to be updated often to be effective.
Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software; it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download. Spyware may be purposely installed into your computer too. You may install a key-logger to see what is being written in emails etc. This records the strokes of the keyboard rather than what is on screen, so it is harder to prevent as somebody has intentionally put it there. Unless you know it’s there, you probably wouldn’t think to look for it. This has been an issue brought up recently about how spyware may be used in domestic abuse as a way for a person to control and monitoring their partner. However, there is one recent situation where installing spyware into a person’s computer without them knowing proved helpful. A mother was suspicious of her 12-year old daughter’s internet habits when she started behaving oddly, so installed a program to monitor everything. She found that her daughter was having a relationship with a 21-year-old man from Bristol. It began because her daughter pretended to be older than she was, and after a sexual encounter she admitted her age but the young man still wanted to continue with the relationship and admitted to police that they were going to have intercourse again. This is a positive use of spyware, but generally spyware is an infringement of privacy and a threat to the computer user.
Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems. Personal data should not be kept for any longer than is necessary.
Dishonest employees can cause your business to lose money or become bankrupt. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site.
Fire is a problem to your hardware. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly
There is some legislation in place to protect us from some of the internet dangers.
Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking. An example of past prosecution under this act is of a teenager who bombarded an ex-employer’s mail server with five million emails. He pleaded guilty and was sentenced to a two month curfew and had an electronic tag installed.

Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data, or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.

There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998. America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.

Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.

Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.

There are several reasons I can tell that JoeBrowns.co.uk is a safe website. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information. Also, information is encrypted when transferred and the website is secure. This is expected for many large and popular transactional websites. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary. However, there is always a risk when transferring any data over the internet.
The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use. There are many threats to your files and personal data when using your computer, especially the internet. With the right protection, preventative methods and backing up methods, your identity and your files should be safe. It is also essential that you keep your protective methods updated, for example have a new version of an anti-virus programme and back-up your work regularly. It is important that the law keeps up to date with the dangers to us over the internet. For example, a woman in America posed as a young male and sent abusive messages over the social networking site, ‘Myspace’, which drove a young girl to suicide. This behaviour is obviously wrong, but in America it is not illegal. All countries need to make sure that they have legislation in place to prevent people from being tempted to do damaging things, and punish those who do. With the right preventative methods and legislation in place, we can suppress crime via the internet and keep ourselves, our files and our computer safe. Not only individually, but transactional websites and employers also have to comply with these safety precautions.

Wednesday, 30 January 2008

:)


TO DO LIST:
1) Re-read; makes sense?
2) Add more real-life accounts about prosecution etc
3) Add detail to conclusion
4) Make more relevant to JoeBrowns.co.uk
5) Add more detail to the legislation part.

NOTES:

Applied ICT Data Security Report plan:
What is E-Commerce?
E-commerce is shopping over the internet. It may be to buy goods or a service.
Why is E- Commerce more susceptible to threats than normal commerce?
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing which is when your details are taken and used to hack your account.
What information has the customer given to the website?
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
What are the threats to Data Security for E-Commerce?
1. Viruses. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them.
2. Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details.
3. Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users.
4. Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem.
5. Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do.
6. Dishonest employees can cause your business to lose money or become bankrupt.
7. Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions.
8. Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account.
9. Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes.
10. Fire is a problem to your hardware.
What are the preventative methods for these threats?
1. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers.
2. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
3. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software, it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download.
4. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
5. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems.
6. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
7. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
8. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
9. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site..
10. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly.
Describe the legislation that the business should be aware of:
1. Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
2. Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data, or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
3. There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998.
4. Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
5. Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.
How effective are these pieces of legislation?
1. Computer misuse act, 1990: This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking.

2. Data protection act, 1998: This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.
3. Identity Theft & Assumption Deterrence Act, 1998, America: America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
4. Regulation of Investigatory Powers Act, 2000: ddsfs
5. Consumer Protection (distance selling) Regulations 2000: sdfsdf
Overall conclusions:
Is data secure on this website – yes:
1. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information.
2. Information is encrypted when transferred.
3. Website is secure when transactions are made.
4. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary.
Is data insecure on this website – no:
1. There is always a risk when transferring your personal information over the internet.
2.
3.
Overall conclusion:
1. The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use.
2.
3.
Macintosh HD:Users:mhighmore:Documents:Report plan y12.docx Created on 21/01/2008 13:33
F

Applied ICT Data Security Report plan:
What is E-Commerce?
E-commerce is shopping over the internet. It may be to buy goods or a service.
Why is E- Commerce more susceptible to threats than normal commerce?
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing which is when your details are taken and used to hack your account.
What information has the customer given to the website?
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
What are the threats to Data Security for E-Commerce?
1. Viruses. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them.
2. Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details.
3. Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users.
4. Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem.
5. Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do.
6. Dishonest employees can cause your business to lose money or become bankrupt.
7. Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions.
8. Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account.
9. Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes.
10. Fire is a problem to your hardware.
What are the preventative methods for these threats?
1. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers.
2. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
3. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software, it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download.
4. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
5. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems.
6. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
7. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
8. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
9. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site..
10. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly.
Describe the legislation that the business should be aware of:
1. Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
2. Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data, or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
3. There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998.
4. Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
5. Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.
How effective are these pieces of legislation?
1. Computer misuse act, 1990: This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking.

2. Data protection act, 1998: This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.
3. Identity Theft & Assumption Deterrence Act, 1998, America: America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
4. Regulation of Investigatory Powers Act, 2000: ddsfs
5. Consumer Protection (distance selling) Regulations 2000: sdfsdf
Overall conclusions:
Is data secure on this website – yes:
1. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information.
2. Information is encrypted when transferred.
3. Website is secure when transactions are made.
4. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary.
Is data insecure on this website – no:
1. There is always a risk when transferring your personal information over the internet.
2.
3.
Overall conclusion:
1. The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use.
2.
3.
Macintosh HD:Users:mhighmore:Documents:Report plan y12.docx Created on 21/01/2008 13:33

1st DRAFT:

Security Report
Natasha Dillow

E-commerce is shopping over the internet. It may be to buy goods or a service.
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing, which is when your details are taken and used to hack your account.
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
There are several threats to a company/person using the computer and internet. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers.
Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software; it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download.
Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems. Personal data should not be kept for any longer than is necessary.
Dishonest employees can cause your business to lose money or become bankrupt. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site.
Fire is a problem to your hardware. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly
There is some legislation in place to protect us from some of the internet dangers.
Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking.

Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data, or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.

There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998. America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.

Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.

Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.

There are several reasons I can tell that JoeBrowns.co.uk is a safe website. [picture here] This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information. Also, information is encrypted when transferred. This is expected for many

Tuesday, 29 January 2008

NOTES

Applied ICT Data Security Report plan:
What is E-Commerce?
E-commerce is shopping over the internet. It may be to buy goods or a service.
Why is E- Commerce more susceptible to threats than normal commerce?
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing which is when your details are taken and used to hack your account.
What information has the customer given to the website?
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
What are the threats to Data Security for E-Commerce?
1. Viruses. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them.
2. Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details.
3. Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users.
4. Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem.
5. Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do.
6. Dishonest employees can cause your business to lose money or become bankrupt.
7. Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions.
8. Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account.
9. Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes.
10. Fire is a problem to your hardware.
What are the preventative methods for these threats?
1. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers.
2. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
3. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software, it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download.
4. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
5. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems.
6. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
7. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
8. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
9. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site..
10. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly.
Describe the legislation that the business should be aware of:
1. Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data. An example of this is a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking.
2. Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data.
3. There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998.
4. Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
5. Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.
How effective are these pieces of legislation?
1. Computer misuse act, 1990: This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated.
2. Data protection act, 1998: This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.
3. Identity Theft & Assumption Deterrence Act, 1998, America: America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
4. Regulation of Investigatory Powers Act, 2000: ddsfs
5. Consumer Protection (distance selling) Regulations 2000: sdfsdf
Overall conclusions:
Is data secure on this website – yes:
1. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information.
2. Information is encrypted when transferred.
3. Website is secure when transactions are made.
4. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary.
Is data insecure on this website – no:
1. There is always a risk when transferring your personal information over the internet.
2.
3.
Overall conclusion:

Overall conclusion:
1. The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use.
2.
3.


to do:
* Relate to Joe Browns more
* Include more stories
* Improve conclusion

DUE: Friday1st February.

Tuesday, 8 January 2008

Question 9 onwards

8.) A cookie is a small text file which is usually placed on a user's hard drive when the user visits a website. This allows the website to remember the users settings when they return. It is useful for transactional websites to store cookies in their users computers so that they can remember any settings they set the website to, e.g. changing the colour scheme, language, text size etc.

9.) It is useful to get a customer to log in to the website so we can track how many times a customer uses the site even when they don't purchase anything. They can track whereabouts in the world the customer is logging on from, and what pages are particular favourites of the customer. This allows the company to get a better idea of who uses the website often and can reward their loyal customers.

Activity
Make a list of the tables you think might be involved in tracking customers' actions.
* Categories
* Categories_products
* Customers
* Discounts
* Emails
* Newsletter
* Orders
* Payments
* Products
* Wishlist

10.) HTTPS encryption is used when the site needs to be secure; e.g. when the customer is giving their credit card details to make a payment. If the details are stored in a database, then the data needs to be encrypted too, so that nobody else could access/understand the data. HTTPS is a version of HTTP but using SSL to make it secure. SSL stands for secure socket layer, which secures communication because it encrypts the data when you transfer it.

11.) This method is safe (even if someone intercepts the website) because the data is encrypted while it is sent, and anyone who intercepted the data would not understand and could not decrypt the data.

12.) A stolen card is unlikely to be used for online shopping because the transactional company usually have contact with the major card issuers. When something is purchased for the first time, the address details can be checked, and first time orders sometimes have to be delivered to the address of the cardholder. Also, transactional websites record the I.P. address of their customers, so the location of the theif could be tracked.

13.) Stock control refers to ordering, storing and selling goods. It is important that stock control is real-time, so that no customers order something that is not in stock. Getting too much stock means that money is tied up which could be spent in other areas of the business, but you don't want customers to be disappointed when something is out of stock. Therefore it is important to have a minimum level of stock at all times. A business can work out what this minimum level should be by analysing past sales and working out an estimate for future sales.

14.) The processes involved in despatch and the delivery of goods are as follows:

Once the customer has ordered, credit cards have been checked etc...
Amend stock database
Print despatch note
Print address labels
Print invoices
Goods packaged
Goods sent/collected by courier
Courier delivers to home address

These processes can often be tracked by the customer. JoeBrowns allows you to track your order, and many transactional websites do. This way, if the website says your package is due to arrive and it doesn't, you can phone up and enquire about where your goods are.

15.) see diagram (on the back of the other diagram)


Bibliography
http://www.eggheaddesign.co.uk/glossary.aspx

Monday, 7 January 2008

Back Office Processes page 140

1.) An example of a back office process is stock control. The purpose of back office processes is to keep the company systematic and efficient. Without these processes, the business would not be efficient and would lose customers.

2.) Stock control is a real-time process, making sure that the company always has enough of an item and not too much. This is controlled by a database to keep record of what is in stock, the stock demand etc. They can have all the other fields necessary in the same place too, e.g. who the supplier is, what the item description is etc.

3.) Active Server Pages (ASPs) access a database to keep the website up to date. These pages show up everytime you wish to access information about a product; (checking it's in stock so you can buy it) the ASP code is sent to the database, which then sends back the data to the webpage to tell you whether a product is in stock or not.

4.) Organisations can maintain a virtual shopping basket for a customer so that you're aware of how many items you have in your basket as you browse the site. You can also see the total cost of the basket, and this helps customers to stay aware of how much they are planning to spend. You can add/subtract items from this virtual shopping basket. To add/remove items, the totals need to be refreshed. Stock is reserved so that while it is in your trolly, the item cannot be bought by someone else. Delivery costs are not always included in the trolley, but you can check it later.

5.) [see flow diagram of virtual shopping basket system]

6.) The difference between HTTP authentication and cookie identification is that HTTP authentication is when the user logs in using a username and password, which checks you are who you say are, wheras cookie identification is cookies on your computer for websites to check how much you visit the website, how long you've spent on it etc. You can block cookies, but some websites need these to work.

7.) The advantage that cookies have over HTTP authentication is that it's an automatic way of checking how long the customer is on for etc, even if they don't log in.

8.) Wikipedia says:
HTTP cookies, sometimes known as web cookies or just cookies, are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts. The term "cookie" is derived from "magic cookie," a well-known concept in UNIX computing which inspired both the idea and the name of HTTP cookies.