Wednesday, 30 January 2008

DATA SECURITY

What is e-commerce?

E-commerce is the action of buying and selling products over electronic systems and the Internet. Over the years, ecommerce has grown popular amongst much of the population and it is now a widely used means of purchasing and selling. A wide variety of commerce is conducted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), automated inventory management systems, and automated data collection systems.

E–Commerce is using electronic information technologies on the Internet to allow direct selling and automatic processing of purchases between parties. It is a system used to conduct business transactions of buying and selling goods and services over a computer network online via Electronic Data Interchange (EDI)

Why is e-commerce more susceptible to threats than other commerce?



What information has the customer given to the website?



What are the threats to data security for e-commerce?

Viruses

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.
A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer.
Many personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behaviour and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

Some viruses can be created to delete important files or in some way to relay the information on these files back to the creator. If this virus infects a computer system for a company, then the damage could be catastrophic. All of the customer details, possibly including credit card details, could be taken and used in ghastly ways.


Hackers

A Hacker is a general term in computing that refers to a computer programmer who takes advantage of the faults in the design of computer software or hardware (commonly referred to as "weaknesses") in order to:

Gain further knowledge about the internal workings of the software or hardware,
Gain access to some previously locked or hidden function of the software or hardware,
Disable some previously functioning part of the software or hardware so that it no longer works in the way it was originally intended, or
Command the software or hardware to perform an additional task that it was not originally designed to do.

As a hacker's activities commonly (but not always) involve reverse engineering or direct modification of the software or hardware without the manufacturer's knowledge or authorization, hacking often can create disastrous consequences for the company as information regarding customer data could be stolen and used for purposes involving activity whereby the information is used in beneficial ways only for the hacker and disadvantageous for everyone else.

Spyware -
http://en.wikipedia.org/wiki/Spyware

Hardware failure – if the hardware fails, data may be lost. If the computer breaks then it will need to be repaired so it will be sent to a repair person and they might use their skills to access important information which could be used against the company.

Human error – if the data is incorrectly entered, then a problem could arise.

Dishonest employees – these are a big threat to companies because if an employee is skilled enough then they can access the files containing data that could be taken to be used by the employee to use what they want to use it for.

Natural disasters –

Theft – this would mean that data has come into the hands of a criminal and being a criminal, the thief would probably not want the information to use for good. Problems would occur from the thief holding that information.

Flood and fire –

Terrorism
Cyber-terrorism is the leveraging of a target's computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. As the Internet becomes more pervasive in all areas of human endeavor, individuals or groups can use the anonymity afforded by cyberspace to threaten citizens, specific groups (i.e. with membership based on ethnicity or belief), communities and entire countries, without the inherent threat of capture, injury, or death to the attacker that being physically present would bring. As the Internet continues to expand, and computer systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.

What are the preventative measures for these threats?
Risk analysis – the company is asked questions on how safe their computer system is. If they have adequate measures of security then their website is safe to use.

Passwords – some websites only allow their customers to create passwords that contain a certain number of characters and sometimes must include a number as well. Some websites also give an indication as to how good the password is, helping the customer to create the safest password possible.

Access levels –

Backup –

Anti virus measures –

Training –


Firewalls –

Secure electronic transactions (SET) –

Encryption –

Physical Security –


Describe the legislation that the company should be aware of.

How effective are these pieces of legislation?

Overall Conclusions:

Is data secure on this website – yes?

Is data insecure on this website – yes?

Overall conclusion.
DATA SECURITY

What is e-commerce?

E-commerce is the action of buying and selling products over electronic systems and the Internet. Over the years, ecommerce has grown popular amongst much of the population and it is now a widely used means of purchasing and selling. A wide variety of commerce is conducted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), automated inventory management systems, and automated data collection systems.

E–Commerce is using electronic information technologies on the Internet to allow direct selling and automatic processing of purchases between parties. It is a system used to conduct business transactions of buying and selling goods and services over a computer network online via Electronic Data Interchange (EDI)

Threats to data security

Viruses

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.
A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer.
Many personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behaviour and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

Some viruses can be created to delete important files or in some way to relay the information on these files back to the creator. If this virus infects a computer system for a company, then the damage could be catastrophic. All of the customer details, possibly including credit card details, could be taken and used in ghastly ways.


Hackers

A Hacker is a general term in computing that refers to a computer programmer who takes advantage of the faults in the design of computer software or hardware (commonly referred to as "weaknesses") in order to:

Gain further knowledge about the internal workings of the software or hardware,
Gain access to some previously locked or hidden function of the software or hardware,
Disable some previously functioning part of the software or hardware so that it no longer works in the way it was originally intended, or
Command the software or hardware to perform an additional task that it was not originally designed to do.

As a hacker's activities commonly (but not always) involve reverse engineering or direct modification of the software or hardware without the manufacturer's knowledge or authorization, hacking often can create disastrous consequences for the company as information regarding customer data could be stolen and used for purposes involving activity whereby the information is used in beneficial ways only for the hacker and disadvantageous for everyone else.

Hardware failure – if the hardware fails, data may be lost. If the computer breaks then it will need to be repaired so it will be sent to a repair person and they might use their skills to access important information which could be used against the company.

Human error – if the data is incorrectly entered, then a problem could arise.

Dishonest employees – these are a big threat to companies because if an employee is skilled enough then they can access the files containing data that could be taken to be used by the employee to use what they want to use it for.

Theft – this would mean that data has come into the hands of a criminal and being a criminal, the thief would probably not want the information to use for good. Problems would occur from the thief holding that information.

Terrorism
Cyber-terrorism is the leveraging of a target's computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. As the Internet becomes more pervasive in all areas of human endeavor, individuals or groups can use the anonymity afforded by cyberspace to threaten citizens, specific groups (i.e. with membership based on ethnicity or belief), communities and entire countries, without the inherent threat of capture, injury, or death to the attacker that being physically present would bring. As the Internet continues to expand, and computer systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.

What are the preventative measures for these threats?
Risk analysis – the company is asked questions on how safe their computer system is. If they have adequate measures of security then their website is safe to use.

Passwords – some websites only allow their customers to create passwords that contain a certain number of characters and sometimes must include a number as well. Some websites also give an indication as to how good the password is, helping the customer to create the safest password possible.

Monday, 7 January 2008

Back Office Processes:
Page 140
Explain what Back Office Processes are and why your organisation needs them

e.g. stock control, management of stock, website management

is needed to keep order and control.

Is all about business being efficient?

Back office processes are necessary because without them there wouldn’t be any system and the company would lose customers. They help the business to run efficiently. All of the processes are there to help the customer and make sure their goods are there on time and to help the company keep track of their customers.



What processes are involved in Stock Control? What is at the centre of this type of system?

Make sure that there is always enough stock
Make sure items are available
Make sure don’t sell the same item twice
Real-time process
Uses a database because can have all items listed, the supplier, price, when sold, etc. etc. etc. any information related to each product

ASP – active server pages

Basically logs onto the database over the internet so every time go to the website, type in a search, actually searching a database via the internet. Looks like a website because it’s made to look nice and user friendly, but is actually a database.




Explain what ASPs, and how it can update a database.


See page 141.


How do organisations maintain the virtual shopping basket for a customer, what processes are involved?

They are able to maintain the virtual shopping basket by:

Log in, items added, prices totalled, stock is reserved so not sold twice, items can be removed, delivery costs.




Draw an example flowchart for your organisation to illustrate these processes.

See sheet.


P143, Explain briefly the difference between, HTTP authentication, and cookie identification.

Http authentication = normal log in, username + password, - checks who you are

Cookie identification = when you were last on, what bought, etc, stored on hard-drive, allows the website to ‘sort-of’ know you and how you want things.

E.g. colour scheme of a website.

Remember my username?

YES = making a cookie!!!!

can block cookies, but could mean not allowing some sites to work.

What advantage do cookies have over HTTP authentication?

Automatic way of tracking who is on the site, where logging in etc, without them logging in