Textbook Notes (280,000)
CA (170,000)
Humber (100)
BUS (10)
BUS 252 (10)
Hanadi (10)
Chapter 5

BUS 252 Chapter Notes - Chapter 5: Teijin, Bit, High Visibility


Department
Business
Course Code
BUS 252
Professor
Hanadi
Chapter
5

This preview shows page 1. to view the full 5 pages of the document.
Chapter 5
What are the risks faced by Ebusiness?
Ebusiness risks arise from threats that are either not prevented from occurring or are not promptly
detected and corrected when they occur.
New Services: Internal risks associated with new services include lack of standards, regulations and
rules, and support systems. External risks associated with new services are natural hazards, legal issues,
and environmental issues.
New Business Models: Since the ebusiness business model are different than brick and mortar business
model, they are vulnerable to revenue leakage, poor image and inability to gain customer confidence
and satisfaction.
New Processes: Ebusiness models allows the integration of suppliers and customers in manner that was
not possible before. (e.g., real-time information processing, just-in-time).
New Technologies: Ebusinesses use leading-edge technologies that may have issues associated with
scalability, security, availability, and processing integrity. In addition, such systems may not be able to
integrate with existing systems.
New Fulfillment Processes: Due to the online fulfillment process, customers expect instant delivery of
the product. This puts ebusiness models at risk as they now have less room for error within their supply
chain.
Outsourcing IT Activities: It is common for ebusiness entities to outsource various aspects of their IT
activities to outside service provider, ranging from website hosting to fulfillment of the entire IT
infrastructure.
CONTROLS
The entry of a company into ebusiness raise some unique challenges, these challenges center around
the use of internet as a vehicle of communication with customer and business partners. Preventive,
detective, and corrective measures to reduce the risk error, fraud, malicious acts, or disaster to an
acceptable level is known as control. All controls are guided by strategy, policy, and implementation
procedures.
General Controls
General controls are controls that are not unique to a particular application. There are several
categories of general control.
Security management
Physical and logical access controls
System acquisition and development controls
System maintenance and change controls
Operation controls
Business continuity controls
find more resources at oneclass.com
find more resources at oneclass.com
You're Reading a Preview

Unlock to view full version

Only page 1 are available for preview. Some parts have been intentionally blurred.

Chapter 5
Security Management
The policies and procedures that management adopts and implements to guide the security program of
an enterprise fall under the security management category. These policies are approved by top
management, often as a result of a strategic plans, and are then monitored by a security committee.
Physical and Logical Access Controls
There are two kinds of access to a computer system ~ physical access and logical access. Physical access
controls are measures that an enterprise takes to safeguard the physical safety of a resource by
restricting access to it. Any measure designed to protect the physical security of the system fall under
this category.
Logical access control are control that are included in software to permit access by authorized
personnel in accordance with the privileges granted to them, and to prevent access by unauthorized
personnel. They involve the use of user IDs, passwords, biometrics, and the granting of permissions and
rights by the security software.
CAPTCHA (Completely auto-generated Public Test to tell Computer from Human Apart) is a type of
access control technique that presents the users with a set of distorted squiggly letters and numbers.
Users have to enter the information correctly to gain access.
Logical access control can be established at various software levels. If they are established at the
application level, they are considered application controls. If they are installed at the operating system
or database level, they are considered general controls.
Firewalls are the most important elements of control over the security threats posed by the internet is
the use of firewalls. Firewalls must be a part of the overall security policy of a company and must also be
accompanied by specific policies that determine how the firewall is configured, who has access to it, and
how the firewall actually works.
An Intrusion detection system (IDS), monitors devices and processes for security threats and can alert
security personnel of the occurrence of unusual activity as it occurs.
The difference between a firewall and an IDS is that an IDS has an extensive data-base of attack
signatures or patterns, which allows it to detect intrusions dynamically.
System Acquisition or Development Controls
Operations Control
Business Continuity Controls
Application Controls
find more resources at oneclass.com
find more resources at oneclass.com
You're Reading a Preview

Unlock to view full version