Monday 18 February 2008

Testing

The consequences of not testing could include:

Virus spreading
A loss of customers
Hacking into the system
A bad reputation
Time and money
Data could be lost
Have to spend time putting it right.

http://news.bbc.co.uk/1/hi/education/3557902.stm


What was the problem?

The system wasn’t working as it was intended to and slow processing along with occasional crashes were causing a problem for the applicants as they weren’t getting the money that they needed for university which they need to pay course fees, rent, travel, books, food and other necessities with so the problem is that the students will not be able to cope financially and this will cause a problem.

What were the consequences?

The consequences of the above are that the students may not be able to stay at university due to the lack of finance. So by having the problem, many students may have to drop out of university and will be unable to finish the course. This means that the university as well has lost out because of the problem caused by the student loan company.

Another consequence of having this problem is that word will spread of the company’s inefficiencies and the company will gain a bad reputation from this and this will cause them to lose out on what could have been customers. Students will decide to go elsewhere in future to get a student loan.


How could testing have prevented this?

Testing could have prevented the whole problem before it became a problem. This is what testing does. It makes sure that the system works as it was intended. Testing the system should identify the problem and then it can be corrected or if unable to be corrected then the system at least wont be used and the problems wont arise either way.

What is testing?

Testing is a process of making sure that all aspects of a system work as they should by following through a test plan that was designed specifically to make sure that the system being tested works.
Why is it important?

It is important because it makes sure that the system works and it eliminates the threat that problems could come from the system. It makes sure that the system does exactly what it was intended to do.
Give 2 possible consequences to a company of not testing.

Two possible consequences to a company from not testing are:

A bad reputation could come from not testing because when the system goes into use and it doesn’t work as it should then customers will pick up on this and will begin to wonder whether the company is the right company to use.
a second consequence that could

Give 2 reasons why it is important to have a test plan.

Wednesday 30 January 2008

DATA SECURITY

What is e-commerce?

E-commerce is the action of buying and selling products over electronic systems and the Internet. Over the years, ecommerce has grown popular amongst much of the population and it is now a widely used means of purchasing and selling. A wide variety of commerce is conducted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), automated inventory management systems, and automated data collection systems.

E–Commerce is using electronic information technologies on the Internet to allow direct selling and automatic processing of purchases between parties. It is a system used to conduct business transactions of buying and selling goods and services over a computer network online via Electronic Data Interchange (EDI)

Why is e-commerce more susceptible to threats than other commerce?



What information has the customer given to the website?



What are the threats to data security for e-commerce?

Viruses

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.
A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer.
Many personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behaviour and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

Some viruses can be created to delete important files or in some way to relay the information on these files back to the creator. If this virus infects a computer system for a company, then the damage could be catastrophic. All of the customer details, possibly including credit card details, could be taken and used in ghastly ways.


Hackers

A Hacker is a general term in computing that refers to a computer programmer who takes advantage of the faults in the design of computer software or hardware (commonly referred to as "weaknesses") in order to:

Gain further knowledge about the internal workings of the software or hardware,
Gain access to some previously locked or hidden function of the software or hardware,
Disable some previously functioning part of the software or hardware so that it no longer works in the way it was originally intended, or
Command the software or hardware to perform an additional task that it was not originally designed to do.

As a hacker's activities commonly (but not always) involve reverse engineering or direct modification of the software or hardware without the manufacturer's knowledge or authorization, hacking often can create disastrous consequences for the company as information regarding customer data could be stolen and used for purposes involving activity whereby the information is used in beneficial ways only for the hacker and disadvantageous for everyone else.

Spyware -
http://en.wikipedia.org/wiki/Spyware

Hardware failure – if the hardware fails, data may be lost. If the computer breaks then it will need to be repaired so it will be sent to a repair person and they might use their skills to access important information which could be used against the company.

Human error – if the data is incorrectly entered, then a problem could arise.

Dishonest employees – these are a big threat to companies because if an employee is skilled enough then they can access the files containing data that could be taken to be used by the employee to use what they want to use it for.

Natural disasters –

Theft – this would mean that data has come into the hands of a criminal and being a criminal, the thief would probably not want the information to use for good. Problems would occur from the thief holding that information.

Flood and fire –

Terrorism
Cyber-terrorism is the leveraging of a target's computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. As the Internet becomes more pervasive in all areas of human endeavor, individuals or groups can use the anonymity afforded by cyberspace to threaten citizens, specific groups (i.e. with membership based on ethnicity or belief), communities and entire countries, without the inherent threat of capture, injury, or death to the attacker that being physically present would bring. As the Internet continues to expand, and computer systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.

What are the preventative measures for these threats?
Risk analysis – the company is asked questions on how safe their computer system is. If they have adequate measures of security then their website is safe to use.

Passwords – some websites only allow their customers to create passwords that contain a certain number of characters and sometimes must include a number as well. Some websites also give an indication as to how good the password is, helping the customer to create the safest password possible.

Access levels –

Backup –

Anti virus measures –

Training –


Firewalls –

Secure electronic transactions (SET) –

Encryption –

Physical Security –


Describe the legislation that the company should be aware of.

How effective are these pieces of legislation?

Overall Conclusions:

Is data secure on this website – yes?

Is data insecure on this website – yes?

Overall conclusion.
DATA SECURITY

What is e-commerce?

E-commerce is the action of buying and selling products over electronic systems and the Internet. Over the years, ecommerce has grown popular amongst much of the population and it is now a widely used means of purchasing and selling. A wide variety of commerce is conducted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), automated inventory management systems, and automated data collection systems.

E–Commerce is using electronic information technologies on the Internet to allow direct selling and automatic processing of purchases between parties. It is a system used to conduct business transactions of buying and selling goods and services over a computer network online via Electronic Data Interchange (EDI)

Threats to data security

Viruses

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.
A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer.
Many personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behaviour and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

Some viruses can be created to delete important files or in some way to relay the information on these files back to the creator. If this virus infects a computer system for a company, then the damage could be catastrophic. All of the customer details, possibly including credit card details, could be taken and used in ghastly ways.


Hackers

A Hacker is a general term in computing that refers to a computer programmer who takes advantage of the faults in the design of computer software or hardware (commonly referred to as "weaknesses") in order to:

Gain further knowledge about the internal workings of the software or hardware,
Gain access to some previously locked or hidden function of the software or hardware,
Disable some previously functioning part of the software or hardware so that it no longer works in the way it was originally intended, or
Command the software or hardware to perform an additional task that it was not originally designed to do.

As a hacker's activities commonly (but not always) involve reverse engineering or direct modification of the software or hardware without the manufacturer's knowledge or authorization, hacking often can create disastrous consequences for the company as information regarding customer data could be stolen and used for purposes involving activity whereby the information is used in beneficial ways only for the hacker and disadvantageous for everyone else.

Hardware failure – if the hardware fails, data may be lost. If the computer breaks then it will need to be repaired so it will be sent to a repair person and they might use their skills to access important information which could be used against the company.

Human error – if the data is incorrectly entered, then a problem could arise.

Dishonest employees – these are a big threat to companies because if an employee is skilled enough then they can access the files containing data that could be taken to be used by the employee to use what they want to use it for.

Theft – this would mean that data has come into the hands of a criminal and being a criminal, the thief would probably not want the information to use for good. Problems would occur from the thief holding that information.

Terrorism
Cyber-terrorism is the leveraging of a target's computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. As the Internet becomes more pervasive in all areas of human endeavor, individuals or groups can use the anonymity afforded by cyberspace to threaten citizens, specific groups (i.e. with membership based on ethnicity or belief), communities and entire countries, without the inherent threat of capture, injury, or death to the attacker that being physically present would bring. As the Internet continues to expand, and computer systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.

What are the preventative measures for these threats?
Risk analysis – the company is asked questions on how safe their computer system is. If they have adequate measures of security then their website is safe to use.

Passwords – some websites only allow their customers to create passwords that contain a certain number of characters and sometimes must include a number as well. Some websites also give an indication as to how good the password is, helping the customer to create the safest password possible.

Monday 7 January 2008

Back Office Processes:
Page 140
Explain what Back Office Processes are and why your organisation needs them

e.g. stock control, management of stock, website management

is needed to keep order and control.

Is all about business being efficient?

Back office processes are necessary because without them there wouldn’t be any system and the company would lose customers. They help the business to run efficiently. All of the processes are there to help the customer and make sure their goods are there on time and to help the company keep track of their customers.



What processes are involved in Stock Control? What is at the centre of this type of system?

Make sure that there is always enough stock
Make sure items are available
Make sure don’t sell the same item twice
Real-time process
Uses a database because can have all items listed, the supplier, price, when sold, etc. etc. etc. any information related to each product

ASP – active server pages

Basically logs onto the database over the internet so every time go to the website, type in a search, actually searching a database via the internet. Looks like a website because it’s made to look nice and user friendly, but is actually a database.




Explain what ASPs, and how it can update a database.


See page 141.


How do organisations maintain the virtual shopping basket for a customer, what processes are involved?

They are able to maintain the virtual shopping basket by:

Log in, items added, prices totalled, stock is reserved so not sold twice, items can be removed, delivery costs.




Draw an example flowchart for your organisation to illustrate these processes.

See sheet.


P143, Explain briefly the difference between, HTTP authentication, and cookie identification.

Http authentication = normal log in, username + password, - checks who you are

Cookie identification = when you were last on, what bought, etc, stored on hard-drive, allows the website to ‘sort-of’ know you and how you want things.

E.g. colour scheme of a website.

Remember my username?

YES = making a cookie!!!!

can block cookies, but could mean not allowing some sites to work.

What advantage do cookies have over HTTP authentication?

Automatic way of tracking who is on the site, where logging in etc, without them logging in

Thursday 13 December 2007


AV & BV Andrews LTD achieves its objectives by laying the website out in a specific way aimed to allow the potential customers access to all information quickly and easily.

Overall the site is successful in meeting its objectives because it is a very small site and can take advantage of that by not having to add many complex tools to help users to find what they are looking for. By only having a few select products, the site can take advantage of simply being able to list what is available and not have to spend large amounts of time working on website development and updates.

Structure

This website has a very simple structure.


Wednesday 12 December 2007


Purpose and Objectives

AV & BV Andrews LTD is an ecommerce site that aims to show and sell products to potential buyers. It allows for people to browse through their list of products and to easily create an account with them for purchasing goods. The main aim is to sell but the website also has the objective of portraying what the business is like and to fully make people aware of the goods and services that are on offer. Another objective of this site is to make people believe that the products offered are good quality and cheaper than other places at the same time.

AV & BV Andrews LTD
Examples of transactional websites:
TESCO, Amazon, Andrews LTD.





Tesco.com is a transactional website mostly selling groceries. The site also sells many other things such as electrical goods, finance and insurance, entertainment, clothing, furniture, etc. To buy, one has to set up an account with TESCO and then proceed to added items to the basket, once all items that are to be bought are in the basket, direct your attention towards the ‘view basket/checkout’ button and click it. Once on this page, checkout and delivery should occur as the details showed when buying the products, not usually longer than a week or so.



Amazon.co.uk is a transactional website that sells nearly everything, including books, movies, music, games, electronics, computers, groceries, toys, jewellery, etc. To buy, first create an account and then either use the search button located near the top or follow the links located on the right hand side. Once the product has been found, add it to the shopping basket and proceed to checkout.

Andrewsltd.co.uk is a smaller transactional website than the two shown before and this one specifically deals with jewellery. It sells rings, earrings, bracelets, pendants, etc. and it also deals with clocks.
There are very few products that are actually available for purchase online in comparison to other transactional websites – there was only 28 items on the day that I had a look (12/12/07)