SENECA COLLEGE, TORONTO
As Taught by Prof. Tim Richardson School of Marketing and e-Business, Faculty of Business

DETAILED OUTLINE©
.

DETAILED OUTLINE, Security Considerations©

4. Security Considerations

In dealing with a matter as serious as internet security issues it is prudent to issue a "disclaimer", namely:
It is not intended that the presentation of these topics will result in the participants learning everything they need to know about e-security; - but rather
1. create an awareness of the business and marketing consequence of these security considerations
2. identify resources they can access should they need to know a lot more

This section of IEC 719 will be delivered with some key guest speakers, in addition to lectures by the course professor and related reading material.

Security Considerations can be broadly categorized into three main areas (WTGR)

This section of IEC 719 will be focusing on Corporate Security
The following topics will be covered:
 
 
. Coverage

The subject of security concerns cannot be properly dealt with in this section given time constraints. Originally when IEC 802 was taught in 1999, security concerns was only mentioned in one and a half classes. In IEC 719 (Sept-Dec 2000) we have made security concerns a whole section of one month. Ideally, security concerns could be a complete course by itself but our present IEC curriculum does not allow for this. This section of the course will be delivered in December and due to final exam schedules and Christmas holidays we will only be able to have 3 (possibly 2) in-class sessions to discuss this material.

There is more material listed below than we can discuss in class. We will concentrate on the issues at the beginning of this list and leave the topics at the end for your personal reading interest should you have the time.

The criteria for choosing the following links and information is not based on creating "e-commerce experts" among the IEC participants but rather giving you a solid introduction to the major topics in this area and allow you to know about the risks and consequences. Most of these links can allow you to read much material further if you develop a strong interest on a particular area (eg. Digital Cryptography)

WTGR

..
 
http://www.sans.org
  • In SAN's web page, which includes the listing "How To Eliminate The Ten Most Critical Internet Security Threats" their introduction serves to provide some important points we should consider in beginning this section of the IEC 719 course, namely:

  •  
    • The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws. 
    • Recent compromises of Windows NT-based web servers are typically traced to entry via a well-known vulnerability. 
    • A few software vulnerabilities account for the majority of successful attacks because attackers are  opportunistic – taking the easiest and most convenient  route. They exploit the best-known flaws with the  most effective and widely available attack tools. They  count on organizations not fixing the problems, and  they often attack indiscriminately, by scanning the  Internet for vulnerable systems.
    • System administrators report that they have not corrected these flaws because they simply do not know which of over 500 potential problems are the ones that are most dangerous, and they are too busy to correct them all
    .
    . . .
    http://www.mhhe.com/business/accounting/greenstein/

    Electronic Commerce: Security, Risk Management and Control by Greenstein and Feinman. 
     http://www.mhhe.com/business/accounting/greenstein/

    In the 4rth section of IEC 719, this book by Greenstein should be used more extensively than it was in Nov 2000. Ideally this section of the course should utilize the following chapters in Greenstein,

    • Chapter 5, Risk of Insecure Systems
    • Chapter 6, Risk Management
    • Chapter 7, Internet Security Standards


    additionally
    Chapter 8, Cryptography and Authentification
    Chapter 9, Firewalls
    will be covered by Prof. David Bath's classes

    .