Global ETD Search

1	Transparent safe settlement protocol and I-ticket booth user verification mechanism for electronic commerce Sai, Ying 09 May 2011 (has links) Not available / text Electronic commerce--Security measures
2	An audit approach of the information systems auditor in an electronic commerce environment with emphasis on internet payment security Bezuidenhout, Pieter Stefan 22 August 2005 (has links) Electronic Commerce (EC) is a growing business option and due to the “openness” of the underlying technologies used for EC, introduces new risks and new technologies that require sophisticated and sometimes very technical controls to be implemented. The role of the IS auditors is to ensure that they are technically competent to understand the impact of new technologies on the control environment and at the same time IS auditors need to be able to communicate the audit results to non-technical management. In this study the following framework, supported by detailed information and procedures for each step, is provided to assist the IS auditor to formulate an appropriate audit approach for an EC payment security audit: <ul> <li>-- Gathering of background information related to EC payment security.</li> <li>-- Highlighting the risks in this environment.</li> <li>-- Identifying possible controls that will minimise the risks.</li> <li>-- Attending to various audit considerations that should be addressed by the IS auditor (these considerations are based on the underlying technologies, general controls, and ED-specific issues e.g., PKI, digital certificates, etc.</li> </ul> The study highlighted the fact that the IS auditors should understand that they can not be experts in all the different technologies related to EC payment security. They should, however, equip themselves with the knowledge to understand the risks involved with new technologies and they should have a sufficiently in depth background exposure to technology to understand the controls required to address the risks. Results of previous audit procedures also play a significant role in shaping the IS auditor’s approach when auditing in an EC payment security environment. This thesis provides the IS auditor with a holistic approach to an EC payment security audit. After considering and implementing the elements of the framework developed in this study in an EC payment security audit, the IS auditor has to perform the actual audit tests, evaluate the results, and report the finding. Detailed audit considerations have also been provided to assist the IS auditor in collecting information and in developing an audit program. Copyright 2002, University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. Please cite as follows: Bezuidenhout, PS 2002, An audit approach of the information systems auditor in an electronic commerce environment with emphasis on internet payment security, MCom dissertation, University of Pretoria, Pretoria, viewed yymmdd < http://upetd.up.ac.za/thesis/available/etd-08222005-120314/ > / Dissertation (MCom (Computer Auditing))--University of Pretoria, 2006. / Auditing / unrestricted Electronic commerce security measures Electronic commerce auditing UCTD
3	Combining multiple Iris matchers using advanced fusion techniques to enhance Iris matching performance Nelufule, Nthatheni Norman 17 September 2014 (has links) M.Phil. (Electrical And Electronic Engineering) / The enormous increase in technology advancement and the need to secure information e ectively has led to the development and implementation of iris image acquisition technologies for automated iris recognition systems. The iris biometric is gaining popularity and is becoming a reliable and a robust modality for future biometric security. Its wide application can be extended to biometric security areas such as national ID cards, banking systems such as ATM, e-commerce, biometric passports but not applicable in forensic investigations. Iris recognition has gained valuable attention in biometric research due to the uniqueness of its textures and its high recognition rates when employed on high biometric security areas. Identity veri cation for individuals becomes a challenging task when it has to be automated with a high accuracy and robustness against spoo ng attacks and repudiation. Current recognition systems are highly a ected by noise as a result of segmentation failure, and this noise factors increase the biometric error rates such as; the FAR and the FRR. This dissertation reports an investigation of score level fusion methods which can be used to enhance iris matching performance. The fusion methods implemented in this project includes, simple sum rule, weighted sum rule fusion, minimum score and an adaptive weighted sum rule. The proposed approach uses an adaptive fusion which maps feature quality scores with the matcher. The fused scores were generated from four various iris matchers namely; the NHD matcher, the WED matcher, the WHD matcher and the POC matcher. To ensure homogeneity of matching scores before fusion, raw scores were normalized using the tanh-estimators method, because it is e cient and robust against outliers. The results were tested against two publicly available databases; namely, CASIA and UBIRIS using two statistical and biometric system measurements namely the AUC and the EER. The results of these two measures gives the AUC = 99:36% for CASIA left images, the AUC = 99:18% for CASIA right images, the AUC = 99:59% for UBIRIS database and the Equal Error Rate (EER) of 0.041 for CASIA left images, the EER = 0:087 for CASIA right images and with the EER = 0:038 for UBIRIS images. Biometric identification Electronic commerce - Security measures Security systems
4	The impact of IT security psychological climate on salient user beliefs toward IT security: an empirical study Unknown Date (has links) There is a growing need to better understand what influences user behavior for developing comprehensive IT security systems. This study integrates two prominent bodies of research, the theory of planned behavior used to frame the factors influencing user behavior and individual level climate perceptions used to frame organizational environment influences, to develop a multidimensional IT security user behavior model. The model is then used as the basis for a survey based research to empirically test the hypotheses whether the perceived IT security climate of an organization significantly influences the users beliefs regarding the use of IT security. The intent of the study is to extend the theory of planned behavior and IT security literature by investigating salient IT security beliefs and environmental influences on those beliefs. First, anti-spyware was identified as an appropriate target IT security artifact, and then incorporated into a multi-phased research approach. Second, a semi-structured interview process was used to elicit salient beliefs regarding use of the IT security artifact. Third, IT security psychological climate was conceptualized based on the extant literature on organizational climate, safety climate and IT security in order to examine the organizational environment influences on these beliefs. Finally, a survey was used to collect data to validate the constructs and test the hypothesized relationships. / The study found that there was a significant positive relationship between IT security psychological climate and 1) the belief that anti-spyware will protect organizational interests such as privacy and data, 2) the belief that anti-spyware will prevent disruptions to work, 3) the belief that the approval of anti-spyware use by the technical support group is important, 4) the belief that monetary resources are needed to enable the use of anti-spyware, and 5) the belief that time is a facilitating condition for the use of anti-spyware. A discussion of the findings and their implications for theory and practice is provided. / by Janis A. Warner. / Thesis (Ph.D.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web. Security (Psychology) Electronic commerce--Security measures Web sites--Design Consumer behavior--Mathematical models Organizational effectiveness
5	Authentication techniques for secure Internet commerce Ndaba, Sipho Lawrence 23 August 2012 (has links) M.Sc.(Computer Science) / The aim of this dissertation (referred to as thesis in the rest of the document) is to present authentication techniques that can be used to provide secure Internet commerce. The thesis presents techniques that can be used to authenticate human users at logon, as well as techniques that are used to authenticate user's PC and the host system during communication. In so doing, the thesis presents cryptography as the most popular approach to provide information security. Chapter 1 introduces the authentication problem, the purpose and the structure of the thesis. The inadequate security of the Internet prevents companies and users to conduct commerce over the Internet. Authentication is one of the means of providing secure Internet commerce. - Chapter 2 provides an overview of the Internet by presenting the Internet history, Internet infrastructure and the current services that are available on the Internet. The chapter defines Internet commerce and presents some of the barriers to the Internet commerce. Chapter 3 provides an overview of network and internetwork security model. The purpose of this chapter is to put authentication into perspective, in relation to the overall security model. Security attacks, security services and security mechanisms are defined in this chapter. The IBM Security Architecture is also presented. Chapter 4 presents cryptography as the popular approach to information security. The conventional encryption and public-key encryption techniques are used to provide some of the security services described in chapter 3. Chapter 5 presents various schemes that can be used to provide computer-to-computer authentication. These schemes are grouped into the following authentication functions: message encryption, cryptographic checksums, hash functions and digital signatures. Chapter 6 differentiates between one-way authentication schemes and mutual authentication schemes. The applicability of each approach depends on the communicating parties. Chapter 7 presents some of the popular and widely used open-systems technologies Internet protocols, which employ some of the schemes discussed in chapter 5 and chapter 6. These include the SSL, PCT, SHTTP, Kerberos, SESAME and SET. Chapter 8 discusses some of the enabling technologies that are used to provide human user authentication in a computer system. The password technology, the biometric technologies and the smart card technology are discussed. The considerations of selecting a specific technology are also discussed. Chapter 9 presents some of the techniques that can be used to authentication Internet users (human users) over the Internet. The techniques discussed are passwords, knowledge-based technique, voice recognition, smart cards, cellular based technique, and the technique that integrates Internet banking. Chapter 10 defines criteria on which the Internet user authentication techniques presented in chapter 9 can be measured against. The evaluation of each of the techniques is made against the specified criteria. In fact, this chapter concludes the thesis. Chapter 11 provides case studies on two of the techniques evaluated in chapter 10. Specifically, the insurance case study and the medical aid case studies are presented. Electronic commerce -- Security measures Internet -- Security measures Computers -- Access control -- Passwords
6	An incremental approach to a secure e-commerce environment Mapeka, Kgabo Elizabeth 07 October 2014 (has links) M.Sc. (Computer Science) / The terms "Electronic Commerce" and "Internet Commerce" are often used interchangeably to mean similar processes. By definition, electronic commerce (e-commerce) means any exchange of information that occurs electronically. There are various types of electronic commerce transactions to name a few; electronic data interchange (EDI), fax, electronic funds transfer, interorganisational systems, technical data and document exchange, customer credit approval systems, interaction with customers and vendors, etc ([151, p. 27). The term internet commerce evolved with the era of the Internet. It became evident that both business and consumers are gradually conducting business via the Internet. For the purpose of this dissertation the term e-commerce will be used to refer to both electronic commerce and Internet commerce. The aim of this dissertation is to give guidance to organisations or individuals wishing to build a secure electronic commerce environment. This will be achieved by presenting an incremental phase by phase reference model. The model gives guidance on how to establish a network (local area network) with the intention to expand it through various phases to a complete, secure electronic commerce environment in the future. The dissertation will be discussed in the ten chapters outlined below. These chapters are discussed in detail in chapter 1. Chapter 1 sets out the problem addressed in this dissertation, the main objective of the dissertation and its structure. Chapter 2 introduces the framework of the reference model. It presents the different phases of the e-commerce reference model. Chapters 3 to 8 outline the phases of the e-commerce reference model in detail. Electronic commerce - Security measures Information networks - Planning Information networks - Security measures
7	A real time, system independent, secure, Internet based auctioning system. Brown, Cuan. January 2000 (has links) This thesis outlines the creation of a secure, real time, system independent, Internet based auctioning application. The system has been developed to meet the needs of today's stringent reqUirements on secure Internet based applications. To attain this goal, the latest cryptographic algorithms and development platforms have been used. The result is a JAVA based server and client auctioning application. The client application is designed to run In any common web browser, and the server to execute on any JAVA enabled operating system with a web server and Internet connection. The real time system uses a relatively secure hybrid cryptosystem for communication. This involves the use of RSA for secure key exchange, and RC6 and MARS for secure communication. / Thesis (M.Sc.)-University of Natal,Durban, 2000. Internet auctions. Electronic commerce--Security measures. Internet--Security measures. Cryptography. Java (Computer program language) Theses--Computer science.
8	Validity and accuracy issues in electronic commerce with specific reference to VPN's 13 August 2012 (has links) M.Comm. / Business have traditionally relied on private leased lines to link remote office together so that distant workers could share information over a Wide Area Network (WAN). However, while providing a high degree of privacy, leased lines are expensive to set up and maintain. The Internet is fast becoming a requirement for supporting business operations in the global economy. The major concern in using a public network, like the Internet, for data exchange is the lack of security. The Internet was designed to be an "open" network, accessible to anyone with low or none security consideration. Virtual Private Networks (VPN) using Point-to-Point Tunneling Protocol (PPTP) has emerged as a relatively inexpensive way to solve this problem. The primary objective of this dissertation is to evaluate validity and accuracy issues in electronic commerce using VPN as a secure medium for data communication and transport over the Internet. The inherent control features of PPTP were mapped to data communication control objectives and the control models show how these address validity, completeness and accuracy. After analysing and evaluating the inherent control features of PPTP, the overall result is that: PPTP enables a valid communication link to be established with restricted access (validity); the PPTP communication link remains private for the full time of the connection (validity); data can be sent accurately and completely over the PPTP connection and remains accurate during transmission (accuracy); and all data sent is completely received by the receiver (accuracy). By deploying a Point-to-Point Tunneling Protocol for virtual private networking, management can mitigate the risk of transmitting private company and business data over the Internet. The PPTP analysis and evaluation models developed intend to give the auditor a control framework to apply in practice. If the auditor needs to perform a data communication review and finds that a virtual private network has been established using PPTP, the control models can assist in providing knowledge and audit evidence regarding validity and accuracy issues. The auditor should however, not review PPTP in isolation. Validity and accuracy control features inherent to TCP/IP and PPP should also be considered as well as controls on higher levels, e.g. built-in application controls. Electronic commerce-Security measures. Extranets (Computer networks) Electronic commerce-Auditing. Virtual Private Networks Point-to-Point Tunneling Protocol
9	A data protection methodology to preserve critical information from the possible threat of information loss Schwartzel, Taryn 03 October 2011 (has links) M.Tech. / Information is a company’s greatest asset that is continually under threat from human error, technological failure, natural disasters and other external factors. These threats need to be identified and quantified and their relevant protection techniques need to be deployed. This research will allow businesses to ascertain which of these data protection strategies to embrace and deploy, thereby highlighting the balance between cost and value for their business needs. Every commercial enterprise should understand the business value of their data and realise that protecting this data is of utmost importance. However, company data often resides on different mediums, in different locations and implementing a data protection strategy is not always cost effective in terms of the cost of storage mediums and protection methods. The challenges that businesses face is trying to distinguish between mission-critical data from other business data, excluding any non-business or invaluable data that resides on their systems. Thus a cost-effective data protection strategy can be implemented according to the different values of business data. This research provides a model to enable an organisation to: · Utilise the model as a framework or guideline in determining a strategy for protection, storage, retrieval and preservation of business critical data. · Define the data protection strategy to meet the organisation’s business requirements. · Define a cost effective data protection solution that encompasses protection, storage, retrieval and preservation of business critical data. · Make strategic decisions based on an array of best practices to ensure mission-critical data is protected accordingly. iii · Draw a conclusion between the costs of implementing these solutions against the real business value of the data that it protects. Data protection Computer security management Electronic commerce - Security measures
10	The role of risk perception in Internet purchasing behaviour and intention De Villiers, R. R. (Raoul Reenen) 12 1900 (has links) Thesis (MComm.)--Stellenbosch University, 2001. / ENGLISH ABSTRACT: In recent years the importance and number of users of electronic commerce and its medium, the Internet, have grown substantially. Despite this, the Business-to- Consumer sector has shown slow expansion and limited growth, with the majority of consumers slow to adopt the Internet as a medium for purchase. A probable factor affecting the purchasing behaviour of individuals is the perception of risk of a breach in (credit card) security and/or a violation of privacy. The research discussed here indicates that two closely related constructs, namely perceived privacy risk and perceived security risk exerts an influence on the Internet purchasing behaviour of Internet users, and more importantly, the intention to purchase. In addition, the role of social pressures regarding the provision of personal and credit card information is indicated to be of considerable importance. / AFRIKAANSE OPSOMMING: Die afgelope aantal jare het die belangrikheid en gebruik van eletroniese handel en die Internet aansienlik toegeneem. Ongeag hierdie groei het die sektor gemoeid met die handel tussen besighede en verbruikers egter beperkte groei getoon. 'n Waarskynlike rede vir die tendens in Internet aankoop gedrag is die persepsie dat daar 'n risiko is van misbruik van 'n krediet kaart sowel as misbruik en skending van privaatheid. Die studie wat hier bespreek word toon aan dat twee nou verwante kostrukte, naamlik persepsie van sekuriteits- en persepsie van privaatheidsrisiko 'n rol speel in die bepaling van Internet aankoop gedrag, sowel as die intensie om te koop. Verder is die rol van sosiale druk rakende die verskaffing van persoonlike en krediet kaart inligting uitgelig as 'n faktor van uiterste belang. Consumer behavior Electronic commerce -- Security measures Consumer protection Risk Internet -- Security measures Dissertations -- Business management Theses -- Business management

Search results