e-Auctions 動態定價 - 中央大學管理學院.pptVIP

中央大學。范錚強 Security Issues and e-Payment 中央大學.資訊管理系 范錚強 mailto: ckfarn@.tw .tw/~ckfarn 2007.05 Outline Security Payment Security Is Everyone’s Business The DHS (Department of Homeland Security) strategy includes five national priorities: A national cyberspace security response system A national cyberspace security threat and vulnerability reduction program A national cyberspace security awareness and training program Securing governments’ cyberspace National security and international security cooperation 安全威脅有多大？ 2002年電腦犯罪及安全調查 來源：Computer Secrity Institute (CSI), Computer Crime and Security Survey 2002 90%電腦受過各種安全破壞 40%偵測到系統外部入侵(2000年為25%) 85%電腦偵測到病毒 環境惡劣，你如何自保？ 公司資產如何保障？ Security Is Everyone’s Business Accomplishing these priorities requires concerted effort at five levels: Level 1—The Home User/Small Business Level 2—Large Enterprises Level 3—Critical Sectors/Infrastructure Level 4—National Issues and Vulnerabilities Level 5—Global What kinds of security questions arise? From the user’s perspective: How can the user be sure that the Web server is owned and operated by a legitimate company? How does the user know that the Web page and form do not contain some malicious or dangerous code or content? How does the user know that the owner of the Web site will not distribute the information the user provides to some other party? What kinds of security questions arise? From the company’s perspective: How does the company know the user will not attempt to break into the Web server or alter the pages and content at the site? How does the company know that the user will not try to disrupt the server so that it is not available to others? What kinds of security questions arise? From both parties’ perspectives: How do both parties know that the network connection is free from eavesdropping by a third party “listening” on the line? How do they know that the information sent back-and-forth between the server and the user’s browser has not been altered? Basic Security Issu