Electronic Commerce Risk Management"

1
Electronic Commerce - Risk Management"

• Peter Croll

2
Why is risk analysis important?

• Large projects ? expensive failures
• Small companies ? loss of business
• Safety-critical ? loss of life
• Safety-related ? large equipment loss,
  environmental damage, human injury

3
Risk Identification

• Technology risks

• People risks

• Organisational risks

• Tools risks

• Requirements risks

• Estimation risks

4
Risk Planning

• Avoidance strategies- reducing the probability
  of the risk occurring
• Minimisation strategies- reducing the impact
• Contingency plans- having an alternative strategy

5
Risk Analysis is core for Software Engineering
Boehms spiral model (simplified)
6
Why analyse risk?

• Building a dependable distributed systems is
  difficult
• Enterprises have to weigh up the risks of
  competing forces

time to market
goodprocess
7
some methods for assessing risk exposure

• Delphi
• Threat Scenarios
• ALARP

8
some methods for assessing risk exposure

• Delphi Method
• Team of expert write down perceived threats
• Threats are unified (approx. 50-100)
• Questionnaire drawn up - each threat rated by -
  likelihood - importance - cost (time/money)
• Team undertakes a number of revisions until
  listed in order of importance by - threat -
  probability of occurrence - estimation of losses
• Response drawn from final list

• Delphi
• Threat Scenarios
• ALARP

9
some methods for assessing risk exposure

• Threat Scenarios
• Brainstorm on how to cope with failures
• Participants asked the effect of- the required
  systems were not functioning for a period- the
  required systems were destroyed- information was
  read by an unauthorised reader- information was
  modified with evidence
• Plus questions like- how can the system be
  harmed?- what are the potential consequences?-
  who or what is the enemy?- what are the
  targets?

• Delphi
• Threat Scenarios
• ALARP

10
some methods for assessing risk exposure

• Delphi
• Threat Scenarios
• ALARP

11
Acceptable risk levels?

• Cost less than company turnover / 10?
• Cost less than the predicted insurance payout?
• Probability of loss of life gt 10-3 p.a.?
• Road deaths in NSW ? 1.3 x 10 4
• Commercial Aircraft probability per flight 3
  x 10 6
• Who should determine these?
• How do we know they are accurate?

12
Risk Analysis
lt10 very low10-25 low 25-50
moderate50-75 highgt75 very high

• Probability

insignificanttolerable seriouscatastrophic

• Effects

13
Calculating Integrity with Control Systems
14
Case study - EC superannuation payments

• Paying multiple SA funds through a single
  interface
• Aimed at Small Enterprises
• Clients connect via the Internet
• Links to the Banks payment and clearing network
• Links directly to the Tax Office

15
Example System Architectural Overview
16
E-commerce Adversaries
Trusted Hackers Malicious Hackers   Disgruntled
Employees    Industrial Spies    Terrorist  
Special Interest Groups Journalists Real Spies
Criminals
17
Resources

• Client application software
• Account-number access
• Password access
• Documentation of the system
• Eavesdropping tools
• Reverse-engineering tools
• Real-Time monitor tools

18
Consequence

• Public Disclosure
• Financial Loss
• Inconvenience
• Loss of Trust
• Compromise Credit Rating
• Defamation of Character

19
dispelling some cryptography myths

• obscurity does not enhance security.
• it is easy for someone to create an algorithm
  that he himself cannot break.
• some people obsess about key length a long key
  does not equal a strong system.
• the problem with bad cryptography is that it
  looks just like good cryptography.
• the social problems are much harder than the
  mathematics.

20
a process for assessing risk
21
Fault Tree Example
Access compromised
A
Server compromised
Client compromised
Comms compromised
B3
B1
B2
Modified server software
Obtained access codes
Account name compromised
Password compromised
C1
C2
C 3
C4
22
Fault Tree for Access Control Compromised
23
Determining the factors that influence Risk
Threat signature. Each category of threat has a
threat signature.
f 1 resources x knowledge -gt threat-capability f
2 desire x expectance -gt threat-intent
Threat-capability and threat-intent are used to
determine threat-level.
f 3 threat-intent x threat-capability -gt
threat-level
Threat-level and threat-frequency are used to
determine threat-exposure
Threat-exposure and consequence are used to
determine Risk.
f 5 threat-exposure x consequence -gt risk
24
RISK for an E-commerce application
25
Dynamic Analysis - Embedding, Integrating and
Adapting
LEO satellites
Telecoms
Extranet
Risk Engine
Wireless application
Intranet
26
What did we learn about Risk Management?

• Security Risk is dynamic
• Learn from others avoid home grown solutions
• Ongoing reviews and monitoring are essential
• Good lines of communications must be established
• Top level management must be involved
• Dont be complacent