1、电子商子商务第第10版版第10章电子商务的安全 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part.E-Business,
2、 Tenth Edition2 2学习目标在线交易中存在的安全风险和应对措施创建安全策略客户机的安全计算机之间通信信道的安全Web服务器的安全推动计算机、网络和互联网安全的组织 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted
3、to a publicly accessible website, in whole or in part.E-Business, Tenth Edition310.1 在线安全问题概述互联网发展早期最流行的应用:电子邮件今天风险更大了电子邮件、购物、各种类型的金融交易网上购物的顾客普遍担心的是信用卡号在互联网上传输时被盗很可能从存储它的计算机上失窃本章主题: 电子商务情景下的安全问题 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, wi
4、th content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part.E-Business, Tenth Edition410.1.1 互联计算机系统的安全问题起源罗马帝国所采用的数据安全措施对信息进行编码来防止敌人了解罗马军团的秘密战争和防御计划现代电子安全技术国防部战时使用“橙皮书”: 强制执行的访问控制规则商业计算机最初采用军事安全方法今天的
5、计算技术要求更为综合的计算机安全计划4 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part.E-Business, Ten
6、th Edition510.1.2 计算机安全和风险管理计算机安全算机安全保护资产免于未经授权的访问、使用、篡改或破坏物理安全物理安全包括有形的保护设备警铃、保卫、防火门、安全栅栏、保险箱和防爆建筑物等逻辑安全安全使用非物理的手段来保护资产 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned
7、, copied, duplicated, or posted to a publicly accessible website, in whole or in part.E-Business, Tenth Edition610.1.2 计算机安全和风险管理(续)威威胁对计算机资产带来危险的任何行动或对象安全措施安全措施程序(物理的或逻辑的)识别、减少、消除威胁安全措施的范围和费用根据资产的重要性不同而有所不同6 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the
8、 U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part.E-Business, Tenth Edition710.1.2 计算机安全和风险管理(续)风险管理模型组织通常会采用的四种行动影响(成本)和物理威胁的概率这种风险模型也可以应用在保护互联网或电子商务资产免受物理或电子的安全威胁电子安全威胁的例子:欺诈
9、、窃听和盗窃窃听者(人或窃听者(人或设备)能听到并复制互联网上传输内容7 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in par
10、t.E-Business, Tenth Edition8图 10-1 风险管理模型 圣智学习 2013 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in
11、whole or in part.E-Business, Tenth Edition910.1.2 计算机安全和风险管理(续)骇客或黑客(人)客或黑客(人)编写程序;掌握技术获取对计算机和网络的非法访问白帽黑客和黑帽黑客白帽黑客和黑帽黑客区分好的黑客和坏的黑客良好的安全方案的实现识别风险确定对手到安全威胁的资产的保护措施计算保护资产的成本 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be d
12、ifferent from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part.E-Business, Tenth Edition1010.1.3 计算机安全要素保密性保密性防止未授权的数据泄露确保数据源的真实性完整性完整性防止未经授权的数据修改中中间人攻人攻击截获电子邮件信息;内容在发送到原始目的地之前被改动即需性即需性防止数据延迟或决绝服务(去除)推迟消息或完全摧毁它 2013 Cengage Lea
13、rning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part.E-Business, Tenth Edition10.1.4 制定安全策略安全策略安全策略要保护的资
14、产以及原因,保护责任人,哪些行为可以接受,哪些行为不可以接受物理安全、网络安全、访问授权、病毒防护、灾难恢复等军事安全策略: 强调多级安全的分级企业信息分级公开公司秘密11 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to
15、 a publicly accessible website, in whole or in part.E-Business, Tenth Edition1210.1.4 制定安全策略(续)制定安全策略的步骤确定要保护哪些资产免受哪些安全威胁确定对系统不同部分的访问权限识别可以用来保护资产的资源开发出书面的安全策略投入资源全面的安全计划目标保护保密性、完整性和可用性;认证应该满足图10-2中所列的各项要求 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S
16、. only, with content that may be different from the U.S. Edition. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part.E-Business, Tenth Edition1310.1.4 制定安全策略(续)安全策略方面的信息源WindowS 网站信息安全策略世界网站绝对的安全:难以实现设置充分的障碍来阻止有意图的违犯者减低自然灾害和恐怖袭击的影响综合的安全将所有的安全措施协同起来防止未经授权的资产暴露、破坏或修改 2013 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S. Edition. May not be scanned,
