The project consists in designing a secure online data store. For example, (1) a

Question

The project consists in designing a secure online data store. For example, (1) a simplistic online bookstore that allows customers to search and purchase a book based on title, author, subject and ISBN, (2) a simplistic online sale and purchase E-Commerce tool, etc. To achieve the above-mentioned goal, you will need to do the following tasks: 1. Risk analysis: which consists of asset evaluations, threat modeling, and vulnerability analysis. 2. Security requirement specification. 3. Design the security policies. 4. Select the security solutions that satisfy the security requirements of the system.

Explanation / Answer

Risk analysis :From each commerce or online bookstore point of view, risk analysis is nothing but developer has to take care of correctness of the data like title, author, ISBN must be correct and the price which is incurring on that book or product in e-commerce must be correct. The payment details which we enter must be safe by strong security and cryptography techniques. Insecure transactions must not be taken place. All these risk factors must be analyzed.

2)thread modeling and vulnerability access:Thread modeling refers to the way the entire online book store or e-commerce store is structured in such a way that it is organized in a well structured manner so that a native user can easily understand step by step procedure to purchase anything in the e-commerce site. It must start with registration and the registered user can login and then he can select books or items of his own choice and add them to cart or wishlist and then he has to enter his address details and then he has to proceed for the payment gateway securely. Vulnerability access must be there because whenever the system is broken, the previous information has to be stored by means of some recovery techniques. Backup and recovery system must be there to ensure data safety during vulnerabilities like natural disasters or system problems.

3)design the security policies :There must be strong security features must be there so that user can buy with confidence. The information whatever he enters like his personal details and bank details must be secured using some security and cryptography techniques. Then only third party users cant hack the security details of the user and the store as well.

4)Major security solutions are as following

Encryption It is a very effective and practical way to safeguard the data being transmitted over the network. Sender of the information encrypt the data using a secret code and specified receiver only can decrypt the data using the same or different secret code. For example, RSA algorithm

Digital Signature Digital signature ensures the authenticity of the information. A digital signature is a e-signature authenticated through encryption and password.

Security Certificates Security certificate is unique digital id used to verify identity of an individual website or user

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.