1 / 39

Chapter 1 Overview of EC

Chapter 1 Overview of EC. To learn the activities encompassed by e-commerce and the role of the Internet and WWW. To understand the benefits that can be achieved through the use of e-commerce. To compare various e-commerce business models.

signa
Download Presentation

Chapter 1 Overview of EC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 1 Overview of EC • To learn the activities encompassed by e-commerce and the role of the Internet and WWW. • To understand the benefits that can be achieved through the use of e-commerce. • To compare various e-commerce business models. • To examine the general nature of security concerns surrounding e-commerce.

  2. Security Concerns • frequently cause potential Internet purchasers from buying • have made some businesses reluctant to expand their electronic commerce businesses to the web, at least into the virtual transaction space • arise for firms migrating to the web without appropriately designed sites

  3. Chapter 3Regulatory Environment • To identify the primary legal issues surrounding web-based electronic commerce. • To understand the impact an international environment has on a country’s domestic legal framework. • To explore the relative benefits of self-regulatory practices versus government regulation

  4. Cryptography Issues • Cryptography methods transform a message into a non-decipherable form. • This process is conducted with the use of algorithms. • In general, the key size of the encryption process reflects the strength of the algorithmic process.

  5. Digital Signatures • The American Bar Association contends that the use of digital signatures, when performed correctly, not only meets the following criteria, but can surpass handwritten technologies: • signer authentication • document authorization • affirmative act • efficiency

  6. Chapter Four EDI, EC and the Internet • To understand the evolution of EDI from traditional systems to fully-integrated web-based systems • Be able to differentiate EDI from financial EDI • Identify the potential benefits of web-based EDI • Understand the role of trading partners, VANs, and the necessity of standards for EDI to work properly

  7. Electronic Data Interchange... • is the electronic exchange of business documents between trading partners using a standardized format. • Traditional EDI • High start-up costs • Used primarily by large firms • Generally, even large firms could only connect with 20% of their trading partners

  8. Benefits of EDI Systems • Reduced purchasing lead times • Reduced errors in producing manual documents and data entry • Reduced processing costs, and • Increased inventory supply and claim processing information for customers

  9. EDI Systems and the Internet • The Internet provides universal connectivity and it allows lower cost EDI options for small and medium sized firms • It also allows for increased sharing of information and greater tracking of marketing data

  10. Chapter 5 Risks of Insecure Systems • To identify the risks of insecure systems faced by business trading partners and consumers • To differentiate between intranets, extranets, and the Internet and to understand their relative risks and benefits • To understand different categories of malicious code techniques that may harm an insecure system

  11. What is risk, in the context of electronic commerce? • The possibility of loss of confidential data or the destruction, generation, or use of data or programs that physically, mentally, or financially harms another party, as well as the possibility of harm to hardware.

  12. Risks to Customers • Malicious Web Sites • Man in the Middle Attacks • Privacy • Cookies • Party Line Connections

  13. Risks to Selling Agents • Customer Impersonation • Denial of Service Attacks • File Upload Attacks • Sabotage by Employees • Sniffers • Downloading of Data • Email Spoofing & Social Engineering

  14. Other Risks • Intranets vs Extranets vs Internet • Viruses • Hoaxes • Internal vs External Controls

  15. Chapter 6 Risk Management • To understand the risk management paradigm and methodology • To differentiate between control weakness and control risk • To understand the role of internal controls in risk management • To understand the objectives of disaster recovery plans

  16. Risk Management • The assessment of the potential for future events (which are unknowable at the present time) that can cause adverse effects; and • the implementation of cost-efficient strategies that can deal with these risks

  17. Corrective actions CONTROL IDENTIFY MONITOR ANALYZE PLAN Tracking devices Proactive vs. reactive COMMUNICATION NETWORK Assess probabilities & prioritize Available resources assigned Lines of communication Source: Adapted from SEI’s Risk Management Paradigm

  18. Internal Enterprise Level Risks • disruption in information processing operation • ineffective personnel hiring and training practices • change in management responsibilities • inadequate access controls to assets by employees • an unassertive or ineffective top management or audit committee

  19. Five Internal Control Elements • Integrity, ethical values and competence - tone at the top and personnel skills sets • Directives by the Board of Directors or Audit Committee and the attention given by them to control matters • Management’s philosophy and operating style- cautious or impulsive • Assignment of authority and responsibility - formal vs. informal - appropriate alignment • Human resources policies and practices - scrutiny of employees

  20. Disaster Recovery Plans • No one that is a victim of a disaster ever wakes up the morning of the disaster and says: • I think our server will go down because one of the technicians will make an error today • I think our building will have fire damage because of an unknown wiring problem • I think our telecommunications devices will not work today because of an ice storm

  21. External Enterprise Level Risks • new technological developments • new marketing strategies of competitors • unfavorable regulatory changes • natural disasters • unfavorable economic environment and foreign markets

  22. Chapter 7 Internet Standards & Protocols • To understand the necessity of standards. • To understand the impact that the global environment has on standard setting processes. • To identify the seven layers in the Open Systems Interconnections Model. • To identify common Internet protocols and languages.

  23. OSI Model APPLICATION LAYER PRESENTATION LAYER SESSION LAYER TRANSPORT LAYER NETWORK LAYER DATA LINK LAYER PHYSICAL LAYER UPPER LAYERS LOWER LAYERS

  24. Chapter 8 Cryptography & Authentication • To understand and compare alternative encryption techniques • To understand the role of certificate authorities in key management • To identify important key management tasks

  25. SECURITY ISSUE SECURITY OBJECTIVE SECURITY TECHNIQUES Confidentiality Privacy of Message Encryption Message Integrity Detecting Message Hashing (Digest) Tampering Authentication Origin Verification Digital Signatures Challenge-response Passwords Biometric Devices Non-repudiation Proof of Origin, Receipt, Digital Signatures and Contents Transaction Certificates Time Stamps Confirmation Services Bi-Directional Hashing Access Controls Limiting entry to Firewalls authorized users Passwords Biometric devices

  26. Encryption…. • Is the best device for ensuring message confidentiality • involves transforming cleartext into ciphertext • the level of secrecy is a function of • strength of the algorithm • key length • key management policies

  27. Chapter 9 Firewalls • To learn the TCP/IP and OSI models. • To understand the underlying components of firewalls, including their benefits and limitations. • To learn important factors to consider in designing a firewall.

  28. Characteristics of Good Firewalls • All traffic from inside the corporate network to outside the network, and vice-versa, must pass through it; • Only authorized traffic, as defined by the security policy, is allowed to pass through it; and • the system itself is immune to penetration. Cheswick and Belloven, 1994

  29. TCP/IP MODEL OSI MODEL APPLICATION APPLICATION PRESENTATION SESSION TRANSPORT TRANSPORT INTERNET (IP) NETWORK NETWORK INTERFACE DATA LINK PHYSICAL

  30. Chapter 10 Electronic Payment Mechanisms • To distinguish between alternative electronic payment mechanisms • To understand the underlying structure of the SET protocol and how it is different from SSL • To understand the role of certificate authorities in electronic payment processes

  31. Set vs. SSL FEATURE SET SSL Secure Transmission of Data Yes Yes Identify Authorized Purchasers Yes No Verify Validity of Account Yes No Identify Legitimate of Payment Brand for Merchants Yes No Track Sales Slips and Totals Yes No Validate Merchant’s Credit Policy Yes No

  32. Chapter 11 Intelligent Agents • To understand the nature of intelligent agents and agent societies. • To identify potential applications of agent technologies. • To understand the limitations of agent technologies.

  33. Issue Commands Display Results Monitor stock Issue Commands & Delegate Tasks (monitor XXX stock price) Agents Agents Agents Share Results (XXX price dropped 1 point) Request advice or input (purchase stock?) Agents Social Interaction Cooperation & Negotiation Ability to act autonomously, Respond to environment, Adapt to “perceived” Changes in environment, and Determine new or different tasks that need to be performed Agents

  34. Predictive/ProactiveAgent ServicePerformingAgent GopherAgent

  35. How can intelligent agents impact electronic commerce? • gather product and pricing information • monitor the environment • more greatly customize services • reduce negotiation cycle time • allow around around the clock business

  36. Chapter 12 Web-based Marketing • To understand the impact of the WWW on business and marketing strategies. • To apply the four marketing “Ps” to the WWW. • To understand the importance of personalisation. • To learn and categorise Internet marketing techniques.

  37. Information Systems & Technology Mission and Goals Marketing Mission and Goals Web-based E-Commerce Mission and Goals Web-based E-Commerce Plan Environmental Changes Environmental Changes Corporate Mission and Goals

  38. PASSIVE AGGRESSIVE Initiative Providers of information Site registration with multiple search engines Targeted e-mail to users requesting periodic sales and information notices Targeted services to users requesting such services Interactive site providing visitors with general, useful information Banner advertising Television, magazine & other off-line advertising Targeted e-mail to past visitors or customers Spam mail Chain-mail advertising, with a potential reward for perpetuating the chain

  39. THANK YOU!It was a pleasure Teaching You Good Luck in the Exams and for those of you who are finishing this year Best Wishes for the Future.

More Related