ch07+ student f13
TRANSCRIPT
-
7/27/2019 Ch07+ Student F13
1/33
Chapter Seven
E-Business Risks
-
7/27/2019 Ch07+ Student F13
2/33
Topics Addressed in Chapter 7
E-Business and E-Commerce
The Technology of E-Business
Understanding E-Business Risk Specialized E-Business Applications
Managing Third-Party Providers
Third-Party Assurance Services Auditing Data Centers and Data Recovery
Auditing Web Servers
Auditing Databases
-
7/27/2019 Ch07+ Student F13
3/33
E-Commerce and E-Business
E-commerce means using IT to buy and sell goods
and services electronically.
E-business is a broader term, covering not only goodsand services exchanges, but also all forms of business
conducted using electronic transmission of data and
information.
Current state of E-business is C-business, where the
Cstands for collaborative.
-
7/27/2019 Ch07+ Student F13
4/33
-
7/27/2019 Ch07+ Student F13
5/33
E-Supply Chains
e-supply chain management (e-SCM)
The collaborative use of technology toimprove the operations of supply chain
activities as well as the management of supplychains
information visibility
The process of sharing critical data required tomanage the flow of products, services, andinformation in real time between suppliers andcustomers
-
7/27/2019 Ch07+ Student F13
6/33
RFID as a Key Enabler inSupply Chain Management
radio frequency identification (RFID)
Tags that can be attached to or embedded in
objects, animals, or humans and use radio
waves to communicate with a reader for the
purpose of uniquely identifying the object or
transmitting data and/or storing information
about the object
-
7/27/2019 Ch07+ Student F13
7/33
-
7/27/2019 Ch07+ Student F13
8/33
-
7/27/2019 Ch07+ Student F13
9/33
Collaborative Commerce
collaborative commerce (c-commerce)
The use of digital technologies that enablecompanies to collaboratively plan, design, develop,
manage, and research products, services, andinnovative EC applications
collaboration hub (c-hub)
The central point of control for an e-market. Asingle c-hub, representing one e-market owner, canhost multiple collaboration spaces (c-spaces) inwhich trading partners use c-enablers to exchange
data with the c-hub
-
7/27/2019 Ch07+ Student F13
10/33
-
7/27/2019 Ch07+ Student F13
11/33
Collaborative Commerce
vendor-managed inventory (VMI)
The practice of retailers making suppliers responsible
for determining when to order and how much to order
RetailerSupplier Collaboration: Target Corporation Lower Transportation and Inventory Costs and
Reduced Stock-Outs: Unilever
Reduction of Design Cycle Time: Clarion Malaysia
Reduction of Product Development Time: Caterpillar,
Inc.
-
7/27/2019 Ch07+ Student F13
12/33
Evolution of E-Business
EDI, electronic exchange of source documents between buyers andsellers
Phase 1
Web pages, development of Web pages that mirrored paperdocuments
Phase 2
Active websites, development of Websites that use Internetcommunication features
Phase 3
Intranets, use of Internet to improve business within organizationsPhase 4
Supply chain, use of Internet to improve business across the supplychain
Phase 5
Collaborative commerce, use of Internet to conduct businessvirtually
Phase 6
-
7/27/2019 Ch07+ Student F13
13/33
The Technology of E-Business
TCP/IP is the most widely used protocol.
Each message transmission over the Internet
requires an IP address, which may be static or
dynamic, for both the sender and the receiver.
The main hardware component is the Web
server.
-
7/27/2019 Ch07+ Student F13
14/33
The TCP/IP Model
Layer Function Description
Application Layer Translates messages into the hosts
computer application software for
screen presentation.
Presentation Transport Layer Breaks messages into TCP packetscalled datagrams and attaches header
plus information on reassembling, and
ensures data delivery
Internet Protocol (IP) Layer Breaks down packets further and routes
them from sender to receiver
Network Interface Layer Handles addressing and the interface
between requesting and receiving
computers
-
7/27/2019 Ch07+ Student F13
15/33
HTML and XML
HTML (hypertext markup language) is a
formatting language that specifies the
presentation of information over the WWW. XML (extensible markup language) enables
the transmission and manipulation of
information across the Internet.
-
7/27/2019 Ch07+ Student F13
16/33
HTML and XML
HTML and XML are both markup languages.
HTML describes how the data are displayed. XML
describes what the data mean. XML is extensible (expandable), while HTML is not.
The accounting and finance industry is developing extensible business
reporting language (XBRL). XBRL tags would ensure retrieval of
similar data and allow for manipulation of the information so thatcomparison would be possible. Business entities can store the data once
in XBRL format and extract it as needed for a variety of reporting
purposes.
-
7/27/2019 Ch07+ Student F13
17/33
Privacy and Confidentiality
Privacy concerns the protection afforded to
proprietary information.
trade-off between privacy and personalization
trade-off between privacy and security
Confidentiality is a similar concept except that
it focuses on information specially designed tobe confidential or secret.
-
7/27/2019 Ch07+ Student F13
18/33
Risk Indicators for E-Business Privacy and Confidentiality
The entity has no privacy policy
The entity captures data not needed to process transactions
The degree of protection afforded by the privacy policy is minimal
The entity uses third-party cookies
The entity allows third-party cookies
Transmissions to and from the entity are not encrypted
The entity does not promise not to share data with third parties
-
7/27/2019 Ch07+ Student F13
19/33
Privacy Policies
Two main purposes: Protect the entity
Explicitly explains how proprietary information is handled
Provide assurance to business partners about information use
Elements of a sound privacy policy General statement
Description of information collected at the site
Use of collected information
-
7/27/2019 Ch07+ Student F13
20/33
Internet Explorers Privacy Settings Screen
-
7/27/2019 Ch07+ Student F13
21/33
Understanding E-Business Risk
Areas associated with e-business risks:
privacy and confidentiality
security and availability
transaction integrity
business policies
-
7/27/2019 Ch07+ Student F13
22/33
The Languages of E-Business
HTML
XML
XBRL ebXML
-
7/27/2019 Ch07+ Student F13
23/33
Privacy
Privacy vs confidentiality
Privacy and security trade-offs
Privacy policies Internet tracking tools
-
7/27/2019 Ch07+ Student F13
24/33
Information System Security
and Availability
General network and telecommunications
risks and controls
EncryptionSSL, SET, S-HTTP
Securing electronic payments
Securing the web server
System availability and reliability
-
7/27/2019 Ch07+ Student F13
25/33
Transaction Integrity and
Business Policies
The integrity of transactionscomplete,
accurate, timely, authorized
Repudiationorigin and reception non-
repudiation
Digital signatures and digital certificates
Electronic audit trails
-
7/27/2019 Ch07+ Student F13
26/33
Specialized E-Business
Applications
Electronic Data Interchange (EDI)VAN
vs web-based
Collaborative Commerce
E-Mail Security and Privacyspamming,
spoofing, and e-mail policies and controls
-
7/27/2019 Ch07+ Student F13
27/33
Managing Third Party Providers
Third-party servicesISPs, ASPs,
certificate authorities, and electronic
payment providers
Independent evaluations of third parties
SAS 70 Reports on Processing of Transactions
by Service organizations
-
7/27/2019 Ch07+ Student F13
28/33
Third Party Assurance Services
CPA Trust engagements
TRUSTe
BBB Online Veri-Sign
-
7/27/2019 Ch07+ Student F13
29/33
Information Risks
Content on web page exposing web publisher to libel, defamation of character, slander
Copyright infringement and invasion of privacy suits stemming from posted textual
content
Copyright infringement and invasion of privacy suits stemming from digital scanning
and morphing
Copyright, patent, or trade secret infringement violations by material used by web site
developers After unauthorized access to a web site, online information about employees or
customers is stolen, damaged or released without authorization
Electronic bulletin boards containing defamatory statements resulting in liability or
embarrassment
Worldwide legal exposure resulting from use of creative material (e.g. names,
likenesses) that violate laws of countries outside of the home country Credit card information intercepted in transit is disclosed or used for fraudulent
purposes
Information that has been changed or inserted in transmission is processed leading to
erroneous results
Flight of intellectual property due to employees moving to competitors
-
7/27/2019 Ch07+ Student F13
30/33
Technology Risk Negligent errors or omissions in software design
Unauthorized access to a web site,
Infecting a web site with computer viruses
Internet service provider (ISP) server crashes Software error and omission risks causing unauthorized access
Software content risk that violates a copyright or is libelous.
Third party intercepts credit card information in transit causing breeches in security
for online payments.
Intercepting and copying or changing non-credit card information during
transmission
Insufficient bandwidth to handle traffic
Obsolete hardware or hardware lacking the capacity to process required traffic
Risk due to excessive ISP outages or poor performance
ISP or home-company servers being down
Scant technical infrastructure to manage cycle time to develop, present, and
process web-based products
Risk of improperly integrating e-commerce system with internal databases
Risk of improperly integrating e-commerce system with internal operational
processes
Risk due to poor web site design manifesting themselves in long response times
Inability of customer or supplier computers to handle graphical downloads
-
7/27/2019 Ch07+ Student F13
31/33
Business Risk Electronic bulletin boards containing defamatory statements resulting in liability
Worldwide legal exposure resulting from use of information in violation of home-
country laws
Using web sites to conduct illegal promotional games, such as a sweepstakes orcontests
Risks related to payment to web site developers and disputes between
developers and clients
Lack of maintenance on existing web pages
Impact on business due to intellectual property lost due to employees moving to
competitors
Changes in supplier relationships re: data access, data ownership, distribution
strategy, and marketing tactics
Changes in customer relationships re: data access, data ownership, distribution
strategy, and marketing tactics
Products out-of-stock due to poor communication with operations
Inconvenient return policies -- lack of coordination with physical system
Excessive dependence on ISP to support firm's business strategy
Inability to manage cycle time for developing, presenting, and processing web-
based products
Improperly integrating e-commerce systems with internal operational processes
Insufficient integration of e-commerce with supply chain channels
-
7/27/2019 Ch07+ Student F13
32/33
-
7/27/2019 Ch07+ Student F13
33/33
Questions or Comments