- مبلغ: ۸۶,۰۰۰ تومان
- مبلغ: ۹۱,۰۰۰ تومان
Cyber crime is a growing threat affecting all business sectors. Stock Exchanges, a financial services sector, are not far from it. Trading stocks via Internet exposes the process to cyber threats that might take advantage of a system defect to breach security and cause possible harm. Online Trading websites are protected by various security systems. Digital Certificate, which is based on Secure Socket Layer (SSL) protocol, is an example. This research examines implementation of Digital Certifi- cate in online trading servers. This evaluation helps to identify security weaknesses and take actions for protection improvement.
The developed threat modeling for stock exchange determine that the most effort should be applied to online trading servers. Digital Certificates, which are based on SSL/TLS protocols, are considered as the countermeasures to prevent, or mitigate the effects of threats to the environment.
The results emphasize that there is a particular lack of attention towards information security as demonstrated in the case study. The regulation, as a high level document, is good if it is considered as baseline. Thus, companies cannot depend on it for security technologies deployment. Guidelines should be released to help implementing technologies, related to regulation, best practices. Moreover, the regulator should monitor the companies constantly and pay attention to those who violate the regulation.
Needless to say that more assessments needed to complete the whole picture. These assessments aim to make sure that all regulation points are well covered by brokerage companies. Regulation point 3 is an example. Do brokerage companies follow firewalls deployment best practices? Do they maintain and update their technologies (operating systems, services such as mail & web, database engines, network equipment, antivirus, firewall, IPS, ... etc.) to the latest release that cover volubilities found in the previous versions or not? Another subject is “Software Security”. Is the trading web application used is protected from Buffer Overflow, SQL injection ... etc.? All these assessment are considered as future work.