BEC 4 Security and Internet implications for business Flashcards Preview

BEC > BEC 4 Security and Internet implications for business > Flashcards

Flashcards in BEC 4 Security and Internet implications for business Deck (90):
1

Technologies and security management features

A. Safeguarding records and files
B. Back up files
1. Son-father-grandfather concept
2. Back up of systems that can be shut down
3. Backups of systems that do not shut down
4. Mirroring
C. Uninterrupted power supply
D. Program modification controls
E. Data encryption
1. Digital certificates
2. Digital signatures vs E-signatures
F. Managing passwords
1. Password length
2. Password complexity
3. Password age
4. Password reuse
G. User access
1. Initial passwords and authorization for system access
2. Changes in position

2

A. Safeguarding records and files

-inadequate protection may result in damage or loss
- data can be protected by the use of internal and external labels and file protection rings

3

B. Back up files

Back up files

1. Son-father-grandfather concept - the most recent file is called the son and the back up process includes reading the previous file, recording transactions being processed and then creating a new updated master file.There are always at least two back ups.

2. Back up of systems that can be shut down - updated when shut down

3. Backups of systems that do not shut down - recovery includes applying a transaction log and reapplying those transactions to get back to the point immediately before the failure

4. Mirroring - the use of a back up computer to duplicate all of the processes and transactions on the primary computer

4

C. Uninterrupted power supply

a device that maintains a continuous supply of electrical power to connected equipment. Called battery back up.

5

D. Program modification controls

Program modification controls are controls over the modification of programs being used in production applications. They include controls designed to prevent changes by unauthorized personnel and also controls that track program changes

6

E. Data encryption

E. Data encryption - an essential foundation for electronic commerce. Encryption involves using a password or a digital key to scramble a readable message into an unreadable message. Then intended recipient of the message then uses the same or another digital key to decrypt or decipher the ciphertext message back into plaintext.
1. Digital certificates - an electronic document, created and digitally signed by a trusted party, which certifies the identity of the owners of a particular public key.
- The public key infrastructure - the system and processes used to issue and manage asymmetric keys and digital certificates.
- Certificate authority - the organization that issues public and private keys and records the public key in a digital certificate.
2. Digital signatures vs E-signatures - use asymmetric encryption to create legally-blinding electronic documents. Web-based e-signatures are an alternative mechanism for accomplishing the same objectives. An e-signature - a cursive style imprint of a person’s name that is applied to an electronic document

7

F. Managing passwords

F. Managing passwords - every account needs one
1. Password length - 7-8 signs
2. Password complexity - upper, lowercase, numeric, ASCII characters !@#$
3. Password age - every 3 months
4. Password reuse - should not be reused (24 passwords)

8

G. User access

G. User access
1. Initial passwords and authorization for system access
2. Changes in position - Hr and IT communication

9

Brute force attack

the attacker simply tries every possible key until the right one is found

10

A. Security Policy defined

A. Security Policy defined - a document that states how an org plans to protect the org’s info.

11

B. Security Policy goal

B. Security Policy goal - requires people to protect info, which protects the org, its people, and customers.

12

C. States and Locations of information covered by security policies:

1. The security policy should seek to secure info that exists in 3 distinct states:
a. Stored information
b. Processed information
c. Transmitted information
2. Information resides in locations:
a. information technology systems
b. paper
c. human brain
3. Relationship between states and locations of info (Examples):
a. Info systems - stored hard drives - processed computers - transmitted via internet
b. Paper - file cabinets - copy machine - fax
c. Brain - memory - synapses - language

13

Types of policies

1. Program level policy - used for creating a management sponsored computer security program. A program level policy, at the highest level, might prescribe the need for information security and may delegate the creation and management of the program to a role within the IT department.
2. Program-framework policy - establishes the overall approach to computer security
3. Issue specific policy
4. System specific policy

14

Development and management of security policies

1. Security objectives - series of statements to describe meaningful actions about specific resources.
2. Operational security - defines the manner in which a specific data operation would remain secure
3. Policy implementation - security is enforced by a combination of technical and traditional management methods.

15

Policy support documents

1. Regulations - laws, rules, regulations represent governmentally imposed restrictions passed by regulators and lawmakers
2. Standards and baselines - topic specific (Standards) and system specific (baseline) documents that describe overall requirements for security
3. Guidelines - provide hints, tips, and best practices in implementation
4. Procedures - step by step instructions on how to perform a specific security activity

16

Decryption or decipherment

the intended recipient converts the cipher text into plain text

17

Digital signature

is a means of ensuring that a message is not altered in transmission. It is a form of data encryption

18

Electronic Commerce (E-Commerce)

- the electronic consummation of exchange transactions,
- can use a private network or the Internet as the communications provided
- may involve communication between previously known parties or between parties that have had no prior contract or agreements

19

Electronic Business (E-business)

- general term
- any use of information technology like networking and communications technology to perform business processes in an electronic form
- may or may not relate to selling or buying

20

Electronic Data Interchange (EDI)

the computer to computer exchange of business transaction documents

21

EDI -Reduced handling costs and increased processing speed

reduces transaction handling costs and speeds transaction processing

22

EDI- Standard data format

Standard data format
a. Mapping - process of determining the correspondence between data elements in an organization’s terminology and data elements in standard EDU terminology.
b. Standards - several different standards
- XML - extensible markup language - technology that has been developed to transmit data in flexible formats instead of the standard formats of EDI.

23

EDI - Communication

EDI can be implemented using direct links between the organizations exchanging information via communication intermediaries, VANs or networks of VANs, or over the Internet.

24

Features of EDI

- allows the transmission of electronic documents between compeer systems in different organizations
- reduces handling costs and speeds transaction processing compared to traditional paper based processing.
- requires that all transactions be submitted in a standard data format
- can be implemented using direct links between the trading partners, communication intermediaries, VANs or networks of VANs, or over the Internet.

25

Costs of EDI

5. Costs of EDI
a. Legal costs
b. Hardware costs
c. Costs of translation software
d. Costs of data transmission
e. Costs associated with security, monitoring and control procedures

26

EDI controls

Audit trails should include:
- activity logs of failed transactions
- network and sender/recipient acknowledgements

27

EDI Risks

unauthorized access to the organization’s system is the greatest risk

28

Comparison of EDI and E-Commerce

Which has higher?
Cost - EDI
Security - EDI
Speed - E-Commerce
Network - EDI - VAN (private), E-Commerce - Internet (public)

29

Business process reengineering

the analysis and redesign of business processes and information systems to achieve significant performance improvements.

30

Challenges faced in business process reengineering

1. Tradition - old ways of doing things do not die easily
2. Resistance - people don’t like changes
3. Time and cost requirements - takes 2 + years to complete
4. Lack of management support
5. Skepticism
6. Retraining
7. Controls

31

Business to business (B2B)

1. Business to Consumer (B2C) transaction - a business sells its products or services to the public
2. Business to Business (B2B) transaction - a business sells products to another business
3. Consumer to Consumer (C2C) transaction - consumers sell products to other consumers (eBay)

32

B2B E-Commerce

a lot of business do that, especially in the wholesale markets

33

Electronic market

Internet transactions can occur between businesses where there is no pre existing relationship.

34

Direct market

B2B transactions may occur electronically between businesses where there is a pre-existing relationship (EDI, corporate intranets and extranets)

35

Importance of B2B

1. Speed - the faster the better and the Internet is faster than phone, fax or mail.
2. Timing - E-Commerce transactions do not have to occur during normal business hours (time zones)
3. Personalization - after registering with a new business partner, the website can guide it to the most interesting areas.
4. Security - private info is encrypted
5. Reliability - transactions occur electronically from one computer directly to another computer, the transactions should be very precisely performed, no opportunity for human error

36

Factors to consider

1. The selection of the business model
2. Channel conflicts - the possibility of stealing business from existing sales or channels
3. Legal issues - laws governing electronic commerce
4. Security - outsiders can hack into your account

37

Components of B2B

1. the customer connecting to the site through the Internet
2. the seller’s site behind an enterprise firewall
3. the seller’sInternet commerce center, considering of an order entry system and a catalog system containing product descriptions and other information on what is for sale and which acts as an interface to the customer’s browser.
4. the seller’s back office system for inventory management, order processing, and order fulfillment, which could include a shipping or transportation system
5. the seller’s back office accounting system
6. the seller’s payment gateway communicating via the Internet to validate and authorize credit card transactions or other payment methods.

38

B2B vs B2C

B2C - less complex, the payment mechanism is more problematic

39

Enterprise Resource Planning System (ERP) defined

- a cross functional enterprise system that integrates and automates the many business processes that must work together in the manufacturing, logistics, distribution, accounting, finance and HR of a business.
- ERP software comprises a number of modules that can function independently or as an integrated system to allow data and information to be shared among all of the different departments and divisions of large businesses.

40

ERP Functions

1. ERP systems store information in a central repository so that data may be entered and accessed and used by the various departments.
2. ERP systems act as the framework for integrating and improving an organization’s ability to monitor and track sales, expenses, customer service, distribution, and many other business functions.
3. ERP systems can provide vital cross functional information quickly to managers across the organization in order to assist them in the decision making process.

41

Supply chain management

concerned with four characteristics of every sale: what, when, where, how much

42

Supply chain management functions

1. Achieve flexibility and responsiveness
- planning
- sourcing
- making
- delivery
2. Supply chain planning software
3. Often termed an extension of ERP

43

Customer relationship management systems defined

provide sales force automation and customer services in an attempt to manage customer relationships.

44

Customer relationship management systems objectives

- increase customer satisfaction and increase revenue and profitability.
- CRM attempts to do this by appearing to market to each customer individually.
- the assumptions are that 20% of customers generate 80% of sales and that it is 5-10 time more expensive to acquire a new customer that to obtain repeat business from an existing customer.

45

Categories of CRM

1. Analytical CRM - creates and exploits knowledge of a company’s current and future customers to drive business decisions
2. Operational CRM - the automation of customer contracts or contact points

46

Electronic Funds Transfer system

- a form of electronic payment for banking and retailing industries.
- the federal reserve fedwire system (automated clearing house network) is used very frequently in EFT to reduce the time and expense required to process checks and credit transactions

47

Electronic Funds Transfer system

1. Third party vendor - EFT service is often provided by a third party vendor who acts as the intermediary between the company and banking system
2. Data encryption - EFT security is provided via various types of data encryption.
3. Reduction in errors - EFT reduces the need for manual data entry, thus reducing the occurrence of data entry errors

48

Application Service Providers (ASP)

- provide access to application programs on a rental basis.
- They allow small companies to avoid the extremely high cost of owning and maintaining today’s application systems by allowing them to pay only for what is used.
- The ASPs own and host the software.

49

Advantages of ASP

- lower cost
- greater flexibility

50

Disadvantages of ASP

- possible risks to the security and privacy of the organization’s data
- the financial viability or thereof lack of the ASP
- possible poor support by the ASP

51

Similar concepts to ASP

- IBM offers a similar thing in its utility computing and E-Commerce on demand strategies
- ASPs are similar to the timesharing providers or service bureaus of the past that rented raw computing power (time on computers) to customers, except that ASPs rent applications instead of just the computer processing
- related to ASPs are present day service bureaus, which perform processing outside the organization

52

Web 2.0

1. Collaborative websites and social networking - collaborative website in which users not only brows content, but also ass and modify content
2. Dynamic content - increase in web pages with dynamic content, linked to databases, price lists and catalog product lists.

53

Mashups

Web pages that are collages of other web pages and other information (google maps)

54

Web stores

1. Stand alone web stores - many small companies have stand alone Web stores that are not integrated with large accounting systems (shopping cart software)
2. Integrated web stores - many larger companies, and an increasing number of small companies, have turned to ERP systems that integrate all the major accounting functions, as well as the web stores into a single software system

55

Cloud computing

virtual servers available over the Internet

56

Cloud computing services

1. Infrastructure as a service (IaaS) - outsources storage, hardware, services, and networking components to customers
2. Platform as a service (PaaS) - allows customers to rent virtual servers and related services that can be used to develop and test new software applications
3. Software as a service (SaaS) - method of software distribution in which applications are hosted by a vendor or service provider and made available to customers over the Internet

57

Hypertext Markup Language (HTML)

a tag base formatting language used for web pages

58

Hypertext Transfer Protocol (HTTP)

- communications protocol used to transfer Web pages on the World Wide Web.
- HTTP uses SSL (secure socket layer) for its security

59

URL

- a Web address is the uniform resource locator (URL) that directs the user to a specific location on the web

60

Web addresses

1. Transfer protocol http:// (Hypertext Transfer Protocol) or ftp:// (File Transfer Protocol)
2. Server www (web server)
3. Domain name - Becker - subdomain name, Becker.com - füll domain name
4. Top-leve domain .com, .net, .edu (generic top level domains)
5. Country .us, .de. pl (country code top level domains)
6. http://www.becker.com.us (us not needed)

61

TCP

Transport Control Protocol is the transmission protocol of the Internet protocol suite. TCP is a transport layer protocol.

62

Domain name

includes one or more IP addresses

63

Domain Name System (DNS)

system of domain names that is employed by the Internet

64

Domain Name Warehousing

practice of obtaining control of domain names with the intent of warehousing (owning but not using)

65

Web Server

a computer that delivers a Web page upon request

66

Web Hosting Service

an organization that maintains a number of Web servers and provides fee paying customers with the space to maintain their websites

67

WiFi

1. WiFi Alliance - a global nonprofit org with the goal of driving the adoption of a single worldwide accepted standard for high speed wireless local area networks

68

Potential errors in computerized system

1. Opportunity for remote access increases the likelihood for unauthorized access.
2. Concentration of information means that once security is breached, the potential for damage is higher.
3. Decrease human involvement in processing results in a decreased opportunity for observation of errors.
4. Errors or fraud might occur in the design or maintenance of application programs.

69

Safeguard files and records

Safeguarding of files and records is important because inadequate protection may result in loss or damage that might drive an organization out of business. Hardware cab aways be replaced, but data often can’t be.

70

Encryption

Encryption involves using a password or a digital key to scramble a readable message (plaintext) into an unreadable (cipher text). The intended recipient of the message then uses either the same or another digital key (depending on encryption method) to convert the cipher text message back into plaintext.

71

Password management policy

1. Password length - the longer the better. Passwords should be greater than seven characters, many organizations requires 8.
2. Password complexity - complex passwords feature three of the following four characteristics: uppercase, lowercase, numeric characters and ASCII characters !@@#$$%

72

Types of policy

1. Program level policy
2. Program framework policy
3. Issue specific policy
4. System specific policy

73

Digital signatures

use asymmetric encryption to create legally binding electronic documents

74

E-signatures

an alternative mechanism for accomplishing the same objective. An e-signature is a cursive style imprint of a person’s name that is applied to an electronic document.

75

Information security policy

states how organization plans to protect its tangible and intangible information assets

76

Internet

international network composed of servers around the world that communicate with each other

77

Public Key Infrastructure

the system and processes used to issue and manage asymmetric keys and digital certificates

78

Implementation of EDI

1. Legal cost
2. Hardware cost
3. Costs of translation software
4. Costs of data transmission
5. Process reengineering and employee training costs for affected applications
6. Costs associated with security, monitoring and control procedures

79

B2B transactions

When business sells its products to another business

80

B2B e-Commerce

many businesses buy, sell, or trade their products and services with other businesses

81

Electronic market

very common for B2B transactions to occur electronically via the Internet

82

Direct market

B2B transactions occur electronically between businesses when there is a preexisting relationship

83

Advantages of B2B e-Commerce

1. Speed
2. Timing
3. Personalization
4. Security
5. Reliability

84

Electronic Funds Transfer EFT

Major form of electronic payment for banking and retailing industries.
EFT uses a variety of technologies to transact, process, and verify money transfers and credits between banks, businesses, and consumers. The Federal Reserve wire system is used very frequently in EFT to reduce the time and expense required to process checks and credit transactions.

85

EDI

computer to computer exchange of business transaction documents

86

EDI transactions are submitted

submitted in a standard data format

87

EDI Mapping

the process of determining the correspondence between elements in a company’s terminology and elements in standard EDI terminology

88

Characteristics of EDI

1. EDI allows the transmission of electronic documents between systems in different organizations
2. EDI reduces handling costs and speeds transaction processing
3. EDI can be implemented using direct links, VANs, or over the Internet
4. EDI can be implemented using direct links, VANs, or over the Internet.

89

EDI controls

1. Encryption of data
2. Activity logs of failed transactions
3. Network and sender/recipient acknowledgments

90

e-Commerce

involves electronic consummation of exchange transactions. Uses the Internet