Electronic Commerce Security: An introduction for everyone.
In the 21st century, any entity that does business or maintains customer data will do it online. The 'e' in eBusiness has already become redundant. There are already well understood practices and standards in place for user authentication, data encryption, and credit card transactions. We will explain what it all means and guide you through the process of deciding which security choices are right for you, not just for selling online, but for any website that handles financial or private data. .
Brainstorming points .
What is E-Commerce .
B2C vs B2B .
new definitions for the new millennium .
design centers .
overseas locations .
the extended enterprise .
joint ventures .
strategic partners .
n-tier suppliers .
Supply chain management. anderson paper .
when is a DMZ appropriate? .
dedicated connections .
shared private network (ANX) .
presenting goods .
allow customer inquiries .
credit card transactions .
News reports on major break-ins, credit card exposures .
credit card authorities .
Storing private customer data .
file system encryption .
storing data in cookies (discuss the '97 privacy paper) .
Configuring a public server .
Doing a security review (ACR) .
Risk vs. Convenience: Security FAQ .
Choosing a platform .
authentication/authorization schemes .
Secure Transactions .
setting up SSL - encryption .
signing authorities - which one is best for you? (shane, does this cover your RSA point?) .
Schneier's rule of cracking .
international (128 bit) .
How to keep up to date (SANS, CERT) .
What is E-Commerce: Electronic Commerce may include any computer mediated business process, but a common usage is to use it to describe commerce taking place using the World Wide Web as an enabling transport. For many reasons, including our areas of expertise and experience, we will concentrate on this definition of E-Commerce.