Concentrika poppy

About us

 

About the course

The internet is a highly functional but potentially very insecure means of enacting or controlling a business. It represents very low costs of network ownership but exposes your company to the accumulated risks of a vast number of unknown connecting machines and persons, over whom you have no control. The course aims to show you how e-commerce works, what the main risks are and how best practice should be followed to mitigate those risks.

Audience

Anyone who needs to know and understand the elements of e-commerce, from a security or audit standpoint, must attend this course. The IT technical components will be explained to you, so you will understand how the various elements work together. Also, the organisational and management aspects of e-commerce, equally critical, are addressed. Auditors, security specialists, e-commerce project managers and project owners will all benefit from this course.

You will find some of the components of e-commerce in the lab and will have a chance to examine it first hand – PKI software, a web site, CGI programs, a firewall and much more.
We will show you how to find your way around web sites representing best practice in e-commerce. Learn how to examine browser and web server configurations.

Prerequisites

Delegates should have a reasonable knowledge of IT in general. You should feel comfortable investigating system settings through a Windows GUI interface, as well as entering line commands in console environments. Some investigations may be carried out on a UNIX platform. The course has technical content, but this is technically in breadth, rather than depth.

Audience

If you come from one of these business areas, you would find the course very useful:

  • An application developer seeking a wider view of the wired-world
  • An IT manager wishing to understand how the technology fits together and what the risks are
  • A senior user or system owner wishing to establish sources of risk
  • An e-commerce project manager
  • Computer auditors and computer audit planners
  • Computer security specialists
  • Business risk analysts
  • Legal experts who need to understand how e-commerce works and how the components are connected together

Duration

3 days

1 Introducting e-commerce

Definition of e-commerce
E-commerce disasters and controls that would have prevented them
Top ten pitfalls
Top ten checks
Goals and objectives
Main elements of e-commerce strategy

5. Web related programming environments

Programming languages
Exploits and accidents
Website design

9 System security checks

Top 20 IT-based vulnerabilities

2 Communications protocols used on the internet

TCP/IP mechanism
Ports and services
Network services
Intruder techniques
Port scanning and detection
TCP/IP based threats
WAN links
Remote access
Protecting TCP/IP exchanges

 6 E-mail

E-mail services
Risks and best practice
Privacy enhanced mail
How to respond to a violation

10 Legal issues

Review of British Law
Litigation risks exposed by computer systems
Case history

3 Web browsers and servers

How a browser works
Security risks
Browser settings
Security policy statements and staff training/monitoring
Cookies
Microsoft IIS, Apache
Other web-related services
Admin interfaces and settings
Risks
Securely networking a web server

7 Building an E-commerce trust infrastructure

Business objectives
Types of encryption
Hash check-summing
SSL
Digital Certificates
E-wallets

  

4 Hosting web services

Web domain names
Managing the ISP
ISP risks
Contingency planning

8 Traffic control

Firewalls
Application level filtering

  

 

 

Courses
schedule
Contact us