Posts
Q.6 Describe the different types of e-commerce security policies, applications
and technologies, which are currently in use
Introduction : Electronic commerce is buying and selling of goods and services across the Internet. An e-commerce site can be as simple as a catalog page with a phone number or it can range all the way to a real-time credit card processing site where customers can purchase downloadable goods and receive them on the spot. Electronic commerce merchants can range from the small business with a few items for sale all the way to a large on-line retailer such as Amazon.com.
Commercial activities over the Internet have been growing in an exponential manner over the last few years. Despite this rapid growth the security of monetary transaction over the wide-open Internet has been a major point of uneasiness for many to join this new modality of buying and selling.
This defination is undertaken firstly to determine the different types of e-commerce security policies, applications and technologies currently in use, and secondly, to point out the possible weaknesses and drawbacks of the existing security measures. This defination will specifically point out the benefits of encryption methods and techniques to secure Internet e-commerce.
In order to fulfill this goal pertaining to security measures will be discussed first. This will be followed by detailed description of the technology behind the security measures. The weak points of these technologies will be pointed out and attempts’ will be made to propose solutions to make it safer.
It is clear that electronic commerce will revolutionize businesses, and customers will be offered new and exciting services. As e-commerce businesses are growing, more secure technologies are being developed and improved every day.The purpose of this research is to show how current Internet security polices and technologies fail to meet the needs of end users.
Polices of e-commerce security measure
1. Privacy Policy
Without a thorough privacy security policy, it’s not possible to spend money in a responsible and cost-effective manner. Developing a privacy security policy that includes defining the sensitivity of information, the exposure of the organization if that information was leaked or modified, and the risks to security and the likelihood of those risks becoming reality. A policy may contain many elements including purchasing guidelines, and statements of availability and privacy.
Privacy polices articulate the manner in which a company collects, uses, protects data, and the choices they offer consumers to exercise rights when their personal information is used. On the basis of this policy, consumers can determine whether and to what extent they wish to make information available to companies.
World Wide Web is an exciting new marketplace for a consumer that offers easy access for consumers, not only to a vast array of goods and services, but also to rich sources of information that enable them to make better informed purchasing decisions. It also offers the convenience of shopping from the office or home. This wealth of information serves as a source of vast amounts of personal information about consumers. Commercial web sites collect personal information explicitly through a variety of means, including registration pages, user surveys, and online contests, application forms, and order forms.
The online consumer market is growing exponentially. In early 1997, 51 million adults were already online in the
Internet users in
2. Network security policy
The major role of network security policy is to ensure that each of the four fundamental components that make up computer security, Authentication, Access Control, Integrity and Confidentiality are adequately addressed.
Authentication, firewall-1 and gateways provide customers, including remote users and telecommuters, with secure, authenticated access to enterprise resources using multiple authentication schemes. User authentication services securely validate that the users attempting to make a connection are who they say they are before the communication is allowed to proceed. Modifications to local servers or client applications are not required. Authentication services are fully integrated into the enterprise-wide security policy and can be centrally managed through the graphical user interface. All authentication sessions can be monitored and tracked through the Log Viewer.
Firewall-1 and gateways provide two major authentication methods:
User Authentication
Client Authentication
User Authentication
FireWall-1 and gateways include transparent User Authentication providing access privileges on a per user basis for FTP, Telnet, HTTP, and Relogin connections, regardless of the user's IP address. If a local user is temporarily away from the office and logging in from a different host, the security administrator may define a rule that allows that user to work on the local network without extending access to all users on the same host.
Client Authentication
Client Authentication enables an administrator to grant access privileges to a specific user at a specific IP address. In contrast to User Authentication, Client Authentication provides a mechanism for authenticating users of any application, standard or custom. Client authentication is not transparent, in that the user must first connect with the firewall-1 or VPN-1 gateway to be authenticated. It does not, however, require any additional software or modifications on either the client or server. Client Authentication is done via a Telnet or a Web browser where the user accesses the firewall, and is then authenticated before being granted access to network resources. All authentication schemes (e.g. SecurID token cards, RADIUS-based solutions, and static passwords) are supported.
Internet technology provides a cost effective, global communications infrastructure that enables worldwide access for employees, customers, vendors, suppliers and key business partners. While this is a critical requirement to collaborative information sharing, it also exposes an organization's network to new risks and threats. How can an organization keep its resources and information protected from unauthorized network access, from both inside and outside the organization? Access control, a fundamental building block in any security policy, addresses this issue
Protection against common attacks
There are several common types of attacks that hackers employ to gain access or damage a company’s network. These attacks are easily defeated by FireWall-1 and VPN-1 Gateways.
IP Spoofing - A technique where an attacker attempts to gain unauthorized access through a false source address to make it appear as though communications have originated in a part of the network with higher access privileges. For example, a packet originating on the Internet may be masquerading as a local packet with the source IP address of an internal host. Firewall-1 and VPN-1 gateways protect against IP spoofing attacks by limiting network access based on the gateway interface from which data is being received.
Denial of Service Attack - There are many types of denial of service
(DOS) attacks. One type of DOS attack is a Synchronized Data Packet (SYN) flood the new type of attack that came out late last year which disabled Internet service providers. The SYN flood is not an intrusion attack, it does not attempt to access or modify data, instead its purpose is to disable servers and thus it is classified as a denial of service attack.
Advanced Logging and Alerting
Connection Accounting - Detailed log information is captured on every connection. This information includes user, service, time of connection, destination, duration of connection, action taken, and much more. Log information can be output to reporting and analysis tools available from multiple OPSEC Alliance partners. All log information is transferred using Check Point’s Log Export API (LEA).
Active Connections - With Firewall-1 and VPN-1 gateways, the security manager can use the Log Viewer in Active Connection mode to view in real time all connections currently active through the gateway. Active connections can be killed or terminated by the security manager using the Block Intruder feature. The live connections are stored and handled in the same way as ordinary log records, but are kept in a special file that is continuously updated as connections start & end.
Multiple Alerting Capabilities - Firewall-1 and VPN-1 gateways provide integration of multiple alerting options, including email notification and SNMP traps for integration with SNMP-based network management systems such as HP OpenView, SunNet Manager, Tivioli Enterprise Management or IBM's NetView 6000. A user defined alerting mechanism is also available to integrate with paging, trouble-ticketing and help desk systems providing a great deal of flexibility in how security alerts are integrated into current management systems.
Q.7 What do you mean by value chain? Explain Traditional & virtual value chain.
The value chain was described and popularized by Michael Porter in his 1985 best-seller: Competitive Advantage: Creating and Sustaining Superior Performance.
Value chain is a high-level model of how businesses receive raw materials as input, add value to the raw materials through various processes, and sell finished products to customers. A critical pre-requisite for success in digital economy is the implementation of an integrated value chain that extends across - and beyond - the enterprise
The value chain categorizes the generic value-adding activities of an organization. The main activities are: outbound logistics, production, inbound logistics, sales and marketing, maintenance. These activities are supported by: administrative infrastructure management, human resources management, R&D, and procurement. The costs and value drivers are identified for each value activity. The value chain framework quickly made its way to the forfront of management though as a powerful analysis tool for strategic planning. Its ultimate goal is to maximize value creation while minimizing costs.
The concept has been extended beyond individual organizations. It can apply to whole supply chains and distribution networks. The delivery of a mix of products and services to the end customer will mobilize different economic actors, each managing its own value chain. The industry wide synchronized interactions of those local value chains create an extended value chain, sometimes global in extent. Capturing the value generated along the chain is the new approach taken by many management strategists. By exploiting the upstream and downstream information flowing along the value chain the firms may try to bypass the intermediaries creating new business models.
Traditional Value Chain :
"Value chain" is a term for the circuit a product takes from the point of its inception until it reaches the customer (Hill and Jones 1998). At each stage, value is added to the product. The value chain is not a "business" model used to track how price increases accrue to the customer; rather, it describes the process through which products and services gain value for the customer. The value chain might include editors who help authors share and refine their ideas to better meet customers' needs; salespeople who interpret customer requirements and explain to customers how they can adapt the product to meet them; a distribution system that makes it easy for customers to get what they need when they need it; and service and support of the product after sale.
To give a simple example, the value chain for milk begins with the farmer who raises the cows that produce the milk. It is picked up from the farmer by a trucker, who transports it to a central processing plant. There the milk is pasteurized, homogenized, processed and graded into different fat contents, and bottled. It is then shipped from the processor to a wholesaler, or perhaps directly to a retail store, where it is displayed and purchased by the consumer. In this example, the actual product, the milk itself, is produced in the early stages of the chain, but a barrel of milk on a farm is of no use to most consumers. Participants in later stages of the value chain add value to the product by ensuring that the milk is healthy, and by packaging and transporting it for the consumer's convenience. At each stage, the product gains in value. In the sense that we use the term here, "value" is often correlated with monetary value, but it is not necessarily synonymous with it. Adding vitamin D to milk, for instance, may have a negligible effect on cost but still adds value because it's something consumers appreciate.
Comparing the value chain for a traditional print textbook with the value chain associated with digital products is a good way to grasp both the nature and the magnitude of the changes we anticipate in educational publishing.
The value chain for a traditional textbook can be divided into five stages (see Figure 4): creation of the concept, development and production, manufacturing, marketing and sales, and distribution. In the creation stage, the publisher and/or author conceives of the project and writes, or aggregates, the materials, such as the manuscript, original source documents, photos, illustrations, and maps. Then the publisher develops the manuscript editorially, helping authors shape their ideas into coherent, pedagogically grounded presentations that respond to customers' needs as determined through market research and academic reviews. During production, the manuscript is readied for printing. In the manufacturing stage, the product is produced in the appropriate quantities. The marketing stage involves advertising and selling to encourage faculty to adopt the book. The distribution process entails storing the books in warehouses, shipping, and finally selling the book in campus bookstores.
This traditional process has several defining characteristics. First, it is linear - a textbook project begins at a certain point and proceeds systematically through a series of steps. Second, it is a one-way process; eventual customers have little direct influence on the process. Third, the process works well in a relatively stable and predictable market environment, and last, the process lends itself to mass production
" The "Traditional" Value Chain
Virtual Value Chain:
The virtual value chain, developed by John Sviokla of the
Every business today competes in two worlds: a physical world of resources that managers can see and touch and a virtual world made of information. The latter has given rise, among other things, to the world of electronic commerce, a new avenue for value creation.
Since businesses now compete in two worlds, two value chains need to be considered - a physical value chain (PVC) and a virtual value chain (VVC), the latter incorporating information.
Rayport JF (1995) refers to this new information world and the physical world as the marketspace and the marketplace respectively. It is necessary to distinguish between these two worlds, since the processes for creating values in them are not the same.
However, Federal Express Corporation (FedEx) recently did just that by allowing customers to track packages through the company’s World Wide Web site on the Internet. The initial value is being created for the customer, and although FedEx provides this service for free, it has possibly increased customer loyalty, which is essential in such a fiercely competitive market within which FedEx presides, and has thereby created value for itself.
Therefore, to enable information and information technology to create value, the value-adding steps must themselves become virtual.Rayport explains that a sequence of five activities is required to create value within a virtual value chain:
• Gathering information,
• Organising the information,
• Selecting the information,
• Synthesising the information, and
• Distributing the information.
It is however crucial that the value created through information does not destroy the value created by the other activities of an organisation, but rather adds to the total. Three stages have been identified by Rayport, through which companies make use of the value created by information:
Visibility
The first stage, visibility, allows companies to "see" physical operations through information, co-ordinate activities, and lay the foundation for a virtual value chain
Information technology acts as a central nervous system within the business that integrates marketing, sales, manufacturing, logistics, and finance; it also provides managers with information on suppliers, customers, and competitors.
Mirroring capabilities
In the second stage, mirroring capability, companies substitute virtual activities for physical ones and begin to create a parallel value chain in the marketspace.
Once the necessary infrastructure for visibility is established, managers should then try to establish what the company is currently doing in the marketplace; what could be done more efficiently and effectively in the marketspace; and what value-adding steps currently performed in the physical value chain might be shifted to the mirror world of the virtual value chain?
The extent to which this mirroring is done will determine the total benefits to be derived from it. For example, when Boeing addressed the question of how to create a new engine to improve the performance of its existing 737 Airframe design, it turned not to wind tunnels but to a synthetic environment – a mirror world made of information. Boeing engineers developed the prototype as a virtual product that enabled the company to test an evolving computer-simulated model in a virtual wind tunnel.
As a result, engineers could test many more designs at dramatically lower costs and with much greater speed. By moving elements of the PVC to the mirror world of the VVC, Boeing succeeded in shattering a dominant paradigm of engine design and delivered a product that easily outperformed the competition.
New customer relationships
Finally, businesses use information to establish new customer relationships. Managers draw on the flow of information in their virtual value chain to deliver value to customers. Today thousands of companies accomplish this by having established sites on the World Wide Web to advertise products, to obtain comments from customers and to automate the interface with the customer, through electronic mail and electronic commerce.
The value matrix
Each stage of the VVC – as a mirror of the PVC – allows for many new extracts from the flow of information, and each extract could constitute a new product or service.
This is what Rayport refers to as the matrix of value opportunities.
Implications for management
The benefits of the VVC can only be reaped if management and staff are sold on the idea. It is important to note that the PVC and the VVC are distinctly different. The physical value chain is composed of a linear sequence of activities with defined points of input and output. By contrast, the virtual value chain is non-linear – a matrix of potential inputs and outputs that can be accessed and distributed through a wide variety of channels.
By implementing a virtual value chain, a company could inherit the following aspects:
The law of digital assets
Digital assets, unlike physical ones, are not used up in their consumption. Companies that create value with digital assets may be able to re-harvest them through a potentially infinite number of transactions, thus changing the competitive dynamics of their industries.
New economies of scale
The virtual value chain redefines economies of scale, allowing small companies to achieve low unit costs for products & services in markets dominated by big companies
New economies of scope
In the marketspace, businesses can redefine economies of scope by drawing on a single set of digital assets to provide value across many different &disparate markets.
Transaction-cost compression
Transaction costs along the VVC are lower than their counterparts on the PVC, and they continue to decline sharply as the processing capacity per unit of cost for microprocessors doubles every 18 months. Lower transaction costs allow companies to control and track information that would have been too costly to capture and process just a few years ago.
Re-balancing supply and demand
Taken together, these four axioms combine to create a fifth: the world of business, which increasingly demands a shift from supply-side to demand-side thinking. Companies must "sense and respond" to customers’ desires rather than simply make and sell products and services.
Senior managers must perform SWOT analyses along the value chains of both worlds, virtual and physical.
Managers can no longer rely on the value chain models from the past, in the sense that they do not incorporate information effectively and also assume that the ultimate value which is created by the organisation is destroyed or consumed by the customer.
Definite efforts need to be made by management to add new focus points to their value chains, e.g. the incorporation of a VVC which mirrors the PVC and ensuring that their customers are co-creating value for the organisation.By incorporating the new focus points, new managerial issues arise:
• Value chain guidelines will need to be amended
• Value chain analysis will need to be re-performed
• The customer needs to be incorporated
• Virtual value chain maintenance needs to be done
• Different treatment of information
Finally, to remain or to become a value-added service and/or product provider in the next millennium a value driven approach is a necessity. The benefits to be derived from a value driven approach should also ensure that this approach ranks among the top priorities of an organisation.
1 Comment:
Hello Sir,
Nice blog and nice information for E-Business and IT Law 1.2 Gr8
With electronic commerce growing so rapidly, businesses need to examine critical elements that could influence users' perceptions of business-to-business and business-to-consumer electronic commerce. http://www.infyecommercesolution.com/
Post a Comment