e-Commerce Security: Enterprise Best Practices 

 

e-Commerce Security - Enterprise Best Practices

Table of Contents

INTRODUCTION   
  Security Goals
  The Difference

ARCHITECTURE
  Hosted Session Architectures
  Client/ Server Architectures and the  Internet      
    2-Tier Architectures
    3-Tier Architectures
    Security in Multi-tiered Architectures

INFRASTRUCTURE
  Protocols
  Firewalls
  Virtual Private Networks

AUTHENTICATION
  Shared Secrets/ Passwords
  Digital Certificates
    Private Key Encryption
    Public Key Encryption
    Certifying the Key Pairs
  Digital Signatures
  Public Key Infrastructure
    Components of a PKI
    Trusted Third Parties
    PKI and e-Commerce Security

APPLICATIONS
  Change Control
  Logs and Monitoring
  Intrusion Detection
  Auditability
  Non-repudiation
  Privacy

DATA PROTECTION
  Encryption
    Secure Sockets Layer (SSL)
    IPSec
   Virus scanning

AVAILABILITY
  Protecting the User Environment
  High Availability/ Fault Tolerance
  Business Continuity Planning

POLICY AND GOVERNANCE
  Policy
    Enrollment
    Authentication
    Fault Tolerance
  Privacy
  Oversight
  Notification
  Auditing and Assurance
    Risk Analysis
    Scanning
    Procedure Verification
    Log Review

BEST AND COMMON PRACTICES

REFERENCES

7
7
9

11
12
12
13
13
14

16
16
18
19

21
21
22
22
22
23
23
24
24
25
26

27
27
28
30
31
31
32

33
33
34
35
36

37
37
38
39

41
41
42
42
42
42
43
44
45
45
46
47
47

49

51