Creating Trust in ECommerce - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Creating Trust in ECommerce

Description:

Taking actions to enhance security - The defence program ... Concerns over the Internet's contribution to the emergence of a big brother' ... – PowerPoint PPT presentation

Number of Views:82
Avg rating:3.0/5.0
Slides: 23
Provided by: nan8159
Category:

less

Transcript and Presenter's Notes

Title: Creating Trust in ECommerce


1
Creating Trust in E-Commerce
  • The importance of trust in cyberspace
  • The nature of the risks in EC
  • Taking actions to enhance security - The defence
    program
  • Privacy in e-commerce how to create public
    confidence

2
Trust in cyberspace
  • The concept of trust in business
  • The special characteristics of EC
  • The reasons for concerns
  • How lack of trust has affected EC
  • What companies have been doing to create trust
  • the role of PKI and industry-wide code of conduct
    (TRUSTe)

3
Problems in trust building
  • The lack of visible corporate policies on privacy
  • The lack of understanding of the risks involved
    in on-line data transfer

4
The nature of the risks
  • External hackers - vandals and serious data
    thieves
  • Corrupt (ex)employees
  • The vulnerability of a computer system due to
    lack of management support, neglect, misuse by
    external partners etc.
  • Inappropriate use of data collected on-line
  • Use of networked mobile equipment.

5
A defence programme to enhance security
  • A defence programme is an integrated set of
    processes designed to create an infrastructure
    for maintaining confidentiality and integrity of
    data.
  • It involves on-going activities of risk
    assessment, planning, developing, testing and
    implementing controls, and awareness raising

6
(No Transcript)
7
Identifying threats and vulnerabilities
  • Analyse existing systems and activities
  • examine the information handled
  • evaluate the importance and sensitivity of the
    information
  • assess the threats and vulnerabilities
  • review the effectiveness of the current safety
    measures.

8
A plan of action
  • Technical information about the systems under
    consideration
  • A note of the sensitivity levels of the systems
  • An overview of the security requirements
  • The controls already in place
  • The controls to be implemented
  • The rules of behaviour
  • Measures taken to protect systems from individual
    employees

9
  • Policies to assess the security risks from
    trading partners
  • Management and operational responsibilities for
    implementing and monitoring security plans
  • Response procedures in case of breeches of
    security
  • Plans for training programmes and awareness
    raising activities

10
Establishing controls - operational
  • Taking steps to protect a systems from corrupt
    individuals
  • Improving physical security to limit damage and
    theft
  • Making recovery plans
  • Improving manual procedures to ensure accuracy
    and safety of data input.

11
Technical controls
  • The establishment of
  • Proper management of user access procedures
  • Policies on the distribution of access rights
  • Management of the allocation and maintenance of
    access to partners and external users
  • Implementing a legal infrastructure

12
The other steps in a defence programme
  • Test control following established methods of
    testing a system
  • Create awareness by trianing and awreness raising
    sessions

13
Privacy in e-commerce
  • At the root of consumers resistance against EC
    is the uncertainty surrounding how data submitted
    by them on-line is used and what regulatory
    framework there is to safeguard it.

14
The steps taken to create public confidence
  • In the EU the Data Protection Directive of 1998
    aims to
  • Give individual certain rights
  • Compels data users to comply with the law
  • Forces data users to inform data subjects of how
    their personal data will be used
  • Maintains a data register holding data users
    details plus nature and purpose of data held.

15
The principles of the DP Directive
  • The holders of data must
  • Obtain and process data fairly and lawfully
  • Collect and use data only for specified,
    explicitly stated and legitimate purposes, as
    described in the register entry
  • Collect only data which is relevant (and not
    excessive) to the stated purposes, and disclosed
    only to those people described in the register
    entry

16
  • Ensure that data is accurate and kept up-to-date
  • Take reasonable steps to rectify or erase
    inaccurate data
  • Keep data in an identifiable form for no longer
    than is necessary for the registered purposes

17
  • Protect the security of data against accidental
    or unauthorised access or manipulation. However,
    data must be accessible to the data subjects who,
    where appropriate, has the right to have
    information about themselves corrected or erased
  • Guarantee that safeguards are implemented if data
    is transferred abroad.

18
The situation in the USA
  • In the USA, self-regulation has so far been
    preferred to a government act.
  • But now there is pressure from the FTC for
    organisations to take action to provide choice
    and awareness among consumers and establish
    policies for security, integrity, accountability
    and verification procedures.

19
International collaboration on privacy
  • For effective data protection, an international
    agreement is required.
  • The EU has created a list of safe countries for
    data protection based on the adequacy of their
    data protection levels.
  • The USA and EU have a safe harbour policy which
    enables U.S. organisations included on such a
    list to receive data from the EU.

20
Other initiatives
  • Some companies have joined initiatives
    facilitated by organisations such as Trust UK and
    TRUSTe in which they follow a code of conduct in
    return for a seal of assurance.
  • The display of the seal assures customers of the
    reliability of a company and also creates a
    doorway for further information.

21
Questions
  • To what extent is it realistically possible for
    e-commerce companies to gain consumer trust?
  • Concerns over the Internets contribution to the
    emergence of a big brother state have provoked
    much debate. What, if any, are the justification
    behind such concerns?
  • Comment on the effectiveness of the measures
    described in todays lecture in alleviating the
    above fear.

22
Case studies
  • PKI at Eduard de Graaff
  • Earnst Young
  • Firefly
Write a Comment
User Comments (0)
About PowerShow.com