IS Test #3

Ace your homework & exams now with Quizwiz!

Risk Management

A process that identifies, controls, and minimizes the impact of threats, in an effort to reduce risk to manageable levels.

Risk Mitigation

A process that identifies, controls, and minimizes the impact of threats, in an effort to reduce risk to manageable levels.

Wattpad Empowers Readers

Two of the most common are traditional publishing and self-publishing. In traditional publishing, authors complete their manuscripts and submit proposal letters to publishing houses (or have a literary agent do this for them, if they can obtain the services of an agent.) An editor reads the manuscript and decides to either reject it, leaving the author free to offer it to another publisher), or to publish it. If the decision is to publish the manuscript, the house buys the rights from the author and puts up the money to edit, design, and market the book. The publishing house pays authors royalties on the number of books sold. One of the most common ways to self-publish is through Amazon, through its self-publishing platform, Kindle Direct. Authors upload their books digitally to Amazon's Web site. The Amazon team, analyzing the company's massive customer databases, designs e-mail and Kindle marketing campaigns and selects key words for Amazon's search engine. In most cases, Amazon handles distribution and payment processing. Amazon sells the majority of its books as e-books through Kindle, but also prints paperback books on demand. he primary goal for Wattpad authors is to gain a fan base. After that, the writer must keep them coming back for more. The writers accomplish this goal by regularly uploading new work and by communicating directly with readers. Having many fans is critical because traditional publishers look more favorably on an author with a manuscript and 15,000 fans, than on an author with only a manuscript.

One costly problem that e-commerce can cause is

"mistake fares" in the airline industry.

for large companies around the world, the average cost of a data breach was almost

$4 million in 2015.

In addition, the annual global cost of cybercrime is estimated to be approximately

$400 billion.

Risk Analysis Involves three steps:

(1) assessing the value of each asset being protected, (2) estimating the probability that each asset will be compromised, and (3) comparing the probable costs of the asset's being compromised with the costs of protecting that asset. The organization then considers how to mitigate the risk.

IS auditing procedures fall into three categories:

(1) auditing around the computer, (2) auditing through the computer, and (3) auditing with the computer.

Two functions of risk mitigation:

(1) implementing controls to prevent identified threats from occurring, and (2) developing a means of recovery if the threat becomes a reality.

Intermediaries, also known as middlemen, have two functions:

(1) they provide information, and (2) they perform value-added services such as consulting. The first function can be fully automated and most likely will be assumed by e-marketplaces and portals that provide information for free.

Public-Key Encryption

(also called asymmetric encryption) A type of encryption that uses two different keys, a public key and a private key.

Consumer to Consumer Electronic Commerce

(also called customer-to-customer), an individual sells products or services to other individuals. The major strategies for conducting C2C on the Internet are auctions and classified ads.

Cyberterrorism (Cyberwarfare)

Malicious acts in which attackers use a target's computer systems, particularly via the Internet, to cause physical, real-world harm or severe disruption, often to carry out a political agenda.

There are many components to a marketing campaign, including

1) define your target audience; (2) develop your message (i.e., how you will solve their problem); (3) decide on how you will deliver your message (e.g., e-mail, snail mail, Web advertising, social networks); and (4) follow up

Current U.S. laws award patents for 20 years and copyright protection for the life of the creator plus

70 years. Owners are entitled to collect fees from anyone who wants to copy their creations.

The most important secret to making online job search sites work for you is to use them carefully. Job coaches advise you to spend

80 percent of your day networking and directly contacting the people in charge of jobs you want. Devote another 10 percent to headhunters. Spend only the remaining 10 percent of your time online.

Microblogging

A form of blogging that allows users to write short messages (or capture an image or embedded video) and publish them. Ex. Twitter

Twitter

A free microblogging service that allows its users to send messages and read other users' messages and updates, known as tweets.

Tag

A keyword or term that describes a piece of information, for example, a blog, a picture, an article, or a video clip.

Phishing attack

Phishing attacks use deception to acquire sensitive personal information by masquerading as official-looking e-mails or instant messages.

A social network can be described as a map of all relevant links or connections among the network's members. For each individual member that map is his or her

Social Graph

Passwords

A private combination of characters that only the user should know.

Whitelisting

A process in which a company identifies acceptable soft ware and permits it to run, and either prevents anything else from running or lets new soft ware run in a quarantined environment until the company can verify its validity.

Blacklist

A process in which a company identifies certain types of soft ware that are not allowed to run in the company environment.

multichanneling

A process in which a company integrates its online and offline channels.

Authentication

A process that determines the identity of the person requiring access.

Authorization

A process that determines which actions, rights, or privileges the person has, based on verified identity.

Really Simple Syndication (RSS)

A Web 2.0 feature that allows you to receive the information you want (customized information), when you want it, without having to surf thousands of Web sites. RSS allows anyone to syndicate (publish) his or her blog, or any other content, to anyone who has an interest in subscribing to it.

Wiki

A Web site made up entirely of content posted by users. Wikis have an "edit" link on each page that allows any user to add, change, or delete material, thus fostering easy collaboration.

Mashup

A Web site that takes different content from a number of other Web sites and mixes them together to create a new kind of content. The launch of Google Maps is credited with providing the start for mashups. A user can take a map from Google, add his or her data, and then display a map mashup on his or her Web site that plots crime scenes, cars for sale, or anything else

Electronic Business (e-business)

A broader definition of electronic commerce, including buying and selling of goods and services, and servicing customers, collaborating with business partners, conducting e-learning, and conducting electronic transactions within an organization.

Privilege

A collection of related computer system operations that a user is authorized to perform.

Domain Names

A domain name is considered legal when the person or business who owns the name has operated a legitimate business under that name for some time. Consider the case of Delta Air Lines. Delta originally could not obtain the Internet domain name delta.com because Delta Faucet had already purchased it. Delta Faucet had been in business under that name since 1954, so it had a legitimate business interest in using the domain name. Delta Air Lines had to settle for delta-airlines.com until it bought the domain name from Delta Faucet. Delta Faucet is now at deltafaucet.com. Several cases of disputed domain names are currently in court.

Tunneling

A process that encrypts each data packet to be sent and places each encrypted packet inside another packet.

Web 2.0

A loose collection of information technologies and applications, plus the Web sites that use them. These Web sites enrich the user experience by encouraging user participation, social interaction, and collaboration. Web 2.0 sites often harness collective intelligence (e.g., wikis); deliver functionality as services, rather than packaged software (e.g., Web services); and feature remixable applications and data (e.g., mashups).

Social Graph

A map of all relevant links or connections for one member of a social network Mark Zuckerberg of Facebook originally coined this term to refer to the social network of relationships among Facebook users. The idea was that Facebook would take advantage of relationships among individuals to offer a richer online experience.

Social Shopping

A method of electronic commerce that takes all of the key aspects of social networks—friends, groups, voting, comments, discussions, reviews, and others—and focuses them on shopping.

Business Ecosystem

A network of organizations—including suppliers, distributors, customers, competitors, government agencies, and others—involved in the delivery of products and services through both competition and cooperation.

Weblog (or Blog)

A personal Web site, open to the public, in which the site creator expresses his or her feelings or opinions via a series of chronological entries.

Least Privilege

A principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.

Native Advertising

A sales pitch that fits into the flow of the information being shown.

Logic bomb

A segment of computer code that is embedded within an organization's existing computer programs and is designed to activate and perform a destructive action at a certain time or date.

Demilitarized Zone (DMZ)

A separate organizational local area network that is located between an organization's internal network and an external network, usually the Internet.

Social Network

A social structure composed of individuals, groups, or organizations linked by values, visions, ideas, financial exchange, friendship, kinship, conflict, or trade.

Firewall

A system that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company's network. Put simply, firewalls prevent unauthorized Internet users from accessing private networks.

Certificate Authority

A third party that acts as a trusted intermediary between computers (and companies) by issuing digital certificates and verifying the worth and integrity of the certificates.

Social Computing

A type of information technology that combines social behavior and information systems to create value.

Risk Acceptance

Accept the potential risk, continue operating with no controls, and absorb any damages that occur.

Social Advertising

Advertising formats that make use of the social context of the user viewing the ad.

The vast majority of pestware is

Adware

Information Security

All of the processes and policies designed to protect an organization's information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction.

Social Marketplaces and Direct Sales

Act as online intermediaries that harness the power of social networks for introducing, buying, and selling products and services. A social marketplace helps members market their own creations (see Etsy in Figure 8.5). Craigslist Fotolia Flipsy

Social Networking

Activities performed using social software tools (e.g., blogging) or social networking features (e.g., media sharing). Social networking allows convenient connections to those of similar interest.

Social advertisements

Ads placed in paid-for media space on social media networks.

Keystroke loggers

Also called keyloggers, record both your individual keystrokes and your Internet Web browsing history.

Amazon Moves into B2B Marketing

Amazon Business (www.amazon.com/business) is Amazon's e-commerce Web site that targets the wholesale and distribution business-to-business (B2B) marketplace. Amazon's B2B efforts began with AmazonSupply, which launched in 2012 with 500,000 items for sale. By 2014, the product list had expanded to more than 2.25 million items, including tools, home improvement goods, janitorial supplies, steel pipes, and a host of other products. In 2015, Amazon created Amazon Business and folded AmazonSupply into it. Amazon Business uses a hybrid business model, selling both products directly from its own warehouses, as well as those from third-party vendors. The outside vendors, which still have to compete with Amazon products, receive a commission of between 6 and 15 percent for their items sold, based on the product category and order size. Amazon Business customers, who will be approved to buy and sell based on their tax ID, will be able to access hundreds of millions of business-only products, obtain bulk discounts, set up a corporate credit line, and receive free two-day shipping on orders over $49. Clients can also chat with manufacturer representatives about product specifications. This process is crucial when dealing with complex technical products. Wholesalers are taking Amazon's threat seriously. The wholesale industry in the United States is almost twice the size of the retail industry. In 2014, wholesale sales totaled $7.2 trillion, compared with more than $4 trillion for retail sales. The average wholesaler offers approximately 50,000 products online, compared to Amazon Business's hundreds of millions of products. One area that Amazon Business may not be able to penetrate is the close partnerships that some distributors have with institutional clients. For example, medical supplier Cardinal Health (www.cardinalhealth.com) has taken over the entire supply chain at the Nebraska Medical Center. Cardinal handles everything from truck to patient. It orders products from suppliers, tracks product distribution, handles loading dock workers, and deals with supplier invoicing.

Digital Wallet

An application (app) used for making financial transactions. Ex. Paypal, Google Wallet, Apple Pay

Social Engineering

An attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords. The most common example of social engineering occurs when the attacker impersonates someone else on the telephone, such as a company manager or an information systems employee. The attacker claims he forgot his password and asks the legitimate employee to give him a password to use. Other common ploys include posing as an exterminator, an air-conditioning technician, or a fire marshal. Examples of social engineering abound.

Distributed denial-of-service attack

An attacker first takes over many computers, typically by using malicious software. These computers are called zombies or bots. The attacker uses these bots—which form a botnet—to deliver a coordinated stream of information requests to a target computer, causing it to crash.

Denial-of-service attack

An attacker sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes (ceases to function).

Collaborative Consumption

An economic model based on sharing, swapping, trading, or renting products and services, enabling access over ownership. The premise of collaborative consumption is that having access to goods and services is more important than owning them. This new model is transforming social, economic, and environmental practices.

Digital Certificate

An electronic document attached to a file that certifies that the file is from the organization it claims to be from and has not been modified from its original format.

Audit

An examination of information systems, their inputs, outputs, and processing.

Fast Identity Online (FIDO) Alliance

An industry consortium to address the lack of interoperability among strong authentication devices and the problems that users face in creating and remembering multiple usernames and passwords.

Trade Secret

An intellectual work, such as a business plan, that is a company secret and is not based on public information. An example is the formula for Coca-Cola.

Business to Employee

An organization uses EC internally to provide information and services to its employees. For example, companies allow employees to manage their benefits and to take training classes electronically. In addition, employees can buy discounted insurance, travel packages, and tickets to events on the corporate intranet. They can also order supplies and materials electronically. Finally, many companies have electronic corporate stores that sell the company's products to its employees, usually at a discount.

Threat

Any danger to which an information resource may be exposed.

Stated that 99 percent of organizations had installed anti-malware systems, but 62 percent still suffered malware attacks.

As we have seen, anti-malware systems are usually reactive, and malware continues to infect companies.

Benefits of Social Commerce (to Customers)

Better and faster vendor responses to complaints, because customers can air their complaints in public (on Twitter, Facebook, YouTube) Customers can assist other customers (e.g., in online forums). Customers' expectations can be met more fully and quickly. Customers can easily search, link, chat, and buy while staying on a social network's page.

Recruiting

Both recruiters and job seekers are moving to online social networks as recruiting platforms. Enterprise recruiters are scanning online social networks, blogs, and other social resources to identify and find information about potential employees.

Types of E-Commerce

Business to consumer electronic commerce (B2C) Business to business electronic commerce (B2B) Consumer to consumer electronic commerce (C2C)

Section 9.3

Business-to-Business Electronic Commerce

Section 9.2

Business-to-Consumer (B2C) Electronic Commerce

Electronic tendering system

Businesses request quotes from suppliers. Uses B2B with a reverse auction mechanism

Ethical Issues

By making it easier to store and transfer personal information, e-business presents some threats to privacy. To begin with, most electronic payment systems know who the buyers are. It may be necessary, then, to protect the buyers' identities. Businesses frequently use encryption to provide this protection. Another major privacy issue is tracking. For example, individuals' activities on the Internet can be tracked by cookies. In addition to compromising individual privacy, the use of EC may eliminate the need for some of a company's employees, as well as brokers and agents.

Business Continuity

The chain of events linking planning to protection and to recovery. The purpose of the business continuity plan is to provide guidance to people who keep the business operating after a disaster occurs. The objective is to restore the business to normal operations as quickly as possible following an attack.

Because organizing an appropriate defense system is so important to the entire enterprise, it is one of the major responsibilities of any prudent

CIO as well as of the functional managers who control information resources.

Tracking cookies

Can be used to track your path through a Web site, the time you spend there, what links you click on, and other details that the company wants to record, usually for marketing purposes. Tracking cookies can also combine this information with your name, purchases, credit card information, and other personal data to develop an intrusive profile of your spending habits.

Benefits of Social Commerce (to Businesses)

Can test new products and ideas quickly and inexpensively Learn a lot about their customers Identify problems quickly and alleviate customer anger Learn about customers' experiences via rapid feedback Increase sales when customers discuss products positively on social networking sites Create more effective marketing campaigns and brand awareness Use low-cost user-generated content, for example, in marketing campaigns Obtain free advertising through viral marketing Identify and reward influential brand advocates

Human Mistakes with Examples:

Carelessness with laptops - Losing or misplacing laptops, leaving them in taxis, and so on. Carelessness with computing devices - Losing or misplacing these devices, or using them carelessly so that malware is introduced into an organization's network. Opening questionable e-mails - Opening e-mails from someone unknown, or clicking on links embedded in e-mails. Careless Internet surfing - Accessing questionable Web sites; can result in malware and/or alien software being introduced into the organization's network. Poor password selection and use - Choosing and using weak passwords (see strong passwords in the "Authentication" section later in this chapter). Carelessness with one's office - Leaving desks and filing cabinets unlocked when employees go home at night; not logging off the company network when leaving the office for any extended period of time. Carelessness using unmanaged devices - Unmanaged devices are those outside the control of an organization's IT department and company security procedures. These devices include computers belonging to customers and business partners, computers in the business centers of hotels, and so on. Carelessness with discarded equipment - Discarding old computer hardware and devices without completely wiping the memory; includes computers, smartphones, BlackBerry® units, and digital copiers and printers. Careless monitoring of environmental hazards - These hazards, which include dirt, dust, humidity, and static electricity, are harmful to the operation of computing equipment.

Alien Software (pestware)

Clandestine software that is installed on your computer through duplicitous methods.

conversational marketing

Companies are utilizing social computing tools to obtain feedback from customers. This trend is referred to as

Virtual (Pure-Play) Organization

Companies engaged only in EC

Online auctions

Companies run auctions of various types on the Internet. Very popular in C2C, but gaining ground in other types of EC as well

Risks of Social Computing

Companies that employ this strategy must be willing to accept negative reviews and feedback. If the company turns off the feature that lets other users write on its Wall, people may wonder what the company is afraid of. Another risk is the 20-80 rule of thumb, which posits that a minority of individuals (20 percent) contribute most of the content (80 percent) to blogs, wikis, social computing Web sites, and so on. Other risks of social computing include: Information security concerns Invasion of privacy Violation of intellectual property and copyright Employees' reluctance to participate Data leakage of personal information or corporate strategic information Poor or biased quality of users' generated content Cyberbullying/cyberstalking and employee harassment

Deep discounters

Company offers deep price discounts. Appeals to customers who consider only price in their purchasing decisions

Physical Controls

Controls that restrict unauthorized individuals from gaining access to a company's computer facilities.

Access Controls

Controls that restrict unauthorized individuals from using information resources and are concerned with user identification.

Controls

Controls, or defense mechanisms (also called countermeasures).

Piracy

Copying a soft ware program (other than freeware, demo soft ware, etc.) without making payment to the owner.

Theft of Equipment or Information

The cost of a stolen laptop includes the loss of data, the loss of intellectual property, laptop replacement, legal and regulatory costs, investigation fees, and lost productivity.

Difficulties in Protecting Information Resources

Computing resources may be situated in many locations. Many individuals control or have access to information assets. Computer networks can be located outside the organization, making them difficult to protect. Rapid technological changes make some controls obsolete as soon as they are installed. Many computer crimes are undetected for a long period of time, so it is difficult to learn from experience. People tend to violate security procedures because the procedures are inconvenient. The amount of computer knowledge necessary to commit computer crimes is usually minimal. As a matter of fact, a potential criminal can learn hacking, for free, on the Internet. The costs of preventing hazards can be very high. Therefore, most organizations simply cannot afford to protect themselves against all possible hazards. It is difficult to conduct a cost-benefit justification for controls before an attack occurs because it is difficult to assess the impact of a hypothetical attack.

Clicks-and-mortar organizations

Conduct some e-commerce activities, yet their primary business is carried out in the physical world. A common alternative to the term clicks-and-mortar is clicks-and-bricks.

The ratings and reviews come from the following sources:

Customer Rating and Reviews Expert Rating and Reviews Sponsored Events Conversational Marketing

Name-your-own-price

Customers decide how much they are willing to pay. An intermediary tries to match a provider

Find-the-best-price

Customers specify a need; an intermediary compares providers and shows the lowest price. Customers must accept the offer in a short time, or they may lose the deal

Product customization

Customers use the Internet to self-configure products or services. Sellers then price them and fulfill them quickly (build-to-order)

Section 7.3

Deliberate Threats to Information Systems

Worms

Destructive programs that replicate themselves without requiring another program to provide a safe environment for replication.

Benefits of Digital Wallets

Digital wallets replace the need to carry physical credit and debit cards, gift cards, and loyalty cards, as well as boarding passes and other forms of identification. Digital wallets may also store insurance and loyalty cards, drivers' licenses, ID cards, Web site passwords, and login information. Further, digital wallets eliminate having to enter shipping, billing, and credit card data each time you make a purchase at a Web site.

A few examples of social commerce include:

Disney allows people to book tickets on Facebook without leaving the social network. PepsiCo provides a live notification when its customers are close to physical stores (grocery, restaurants, gas stations) that sell Pepsi products. The company then uses Foursquare to send them coupons and discount information. Mountain Dew attracts video game lovers and sports enthusiasts via Dewmocracy contests. The company also encourages the most dedicated community members to contribute ideas on company products. Levi's advertises on Facebook by enabling consumers to populate a "shopping cart" based on what their friends think they would like.

The following list shows you the mistakes NOT to make on your LinkedIn profile.

Do have a current, professional picture. (No dogs, no spouses, no babies, etc.) Do make certain your LinkedIn Status is correct and current. Do join groups related to your field of study or even to your personal interests. Do list an accurate skill set. Do not embellish. Do not use the standard connection request. Do some research on that person and tailor your connection request to that person. Do not neglect LinkedIn's privacy settings. When you have a job and are looking for another one, you will want to be discreet. You can set your privacy settings so that your boss does not see that you are looking for opportunities. Do not skip the Summary. The Summary is a concise way of selling yourself. Write it in the first person. Do not eliminate past jobs or volunteer work. Do not say you have worked with someone when you have not.

Section 9.4

Ethical and Legal Issues in E-Business

Security

The degree of protection against criminal activity, danger, damage, and/or loss.

Identity Theft

The deliberate assumption of another person's identity, usually to gain access to his or her financial information or to frame him or her for a crime.

Ch. 9

E-Business and E-Commerce

Benefits

E-commerce benefits organizations by making national and international markets more accessible and by lowering the costs of processing, distributing, and retrieving information. Customers benefit by being able to access a vast number of products and services, around the clock. The major benefit to society is the ability to easily and conveniently deliver information, services, and products to people in cities, rural areas, and developing countries.

Mobile commerce (m-commerce)

E-commerce that is conducted entirely in a wireless environment. An example is using cell phones to shop over the Internet.

IT security is the business of (blank) in an organization.

EVERYONE

The most widely used mechanisms for buying and selling on the Internet are as follows:

Electronic catalogs Electronic auctions E-storefronts E-malls E-marketplaces

Disintermediation

Elimination of intermediaries in electronic commerce.

There are many types of deliberate threats to information systems. We provide a list of 10:

Espionage or trespass Information extortion Sabotage or vandalism Theft of equipment or information Identity theft Compromises to intellectual property Software attacks Alien software Supervisory control and data acquisition (SCADA) attacks Cyberterrorism and cyberwarfare

Espionage or Trespass

Espionage or trespass occurs when an unauthorized individual attempts to gain illegal access to organizational information. Competitive intelligence consists of legal information-gathering techniques, such as studying a company's Web site and press releases, attending trade shows, and similar actions. In contrast, industrial espionage crosses the legal boundary.

Electronic commerce influences organizations in many significant ways.

First, it increases an organization's reach. Another major impact of electronic commerce has been to remove many of the barriers that previously impeded entrepreneurs seeking to start their own businesses.

Transport Layer Security (TLS)

Formerly call secure socket layer: An encryption standard used for secure transactions such as credit card purchases and online banking.

Legal and Ethical Issues Specific to E-Commerce

Fraudulent activities on the Internet are increasing.

Section 8.2

Fundamentals of Social Computing in Business

Types of Software Attacks

Go below

Group Shopping

Group shopping Web sites such as Groupon (www.groupon.com) and LivingSocial (www.livingsocial.com, see Figure 8.4) offer major discounts or special deals during a short time frame. Group buying is closely associated with special deals (flash sales).

Cybercrime

Illegal activities executed on the Internet.

Phising

Impersonating a trusted organization in an electronic communication

Taxes and Other Fees

In offline sales, most states and localities tax business transactions that are conducted within their jurisdiction. The most obvious example is sales taxes. Federal, state, and local authorities are now scrambling to create some type of taxation policy for e-business. This problem is particularly complex for interstate and international e-commerce. For example, some people claim that the state in which the seller is located deserves the entire sales tax (in some countries, it is a value-added tax (VAT)). Others contend that the state in which the server is located should also receive some of the tax revenues. In December 2013, the U.S. Supreme Court declined to get involved in state efforts to force Web retailers such as Amazon to collect sales tax from customers even in places where the companies do not have a physical presence. Even before electronic commerce over the Internet emerged, the basic law was that as long as a retailer did not have a physical presence in the state where the consumer was shopping, that retailer did not have to collect a sales tax. As of mid-2016, some 25 states required Amazon to collect sales taxes.

The Omni-Chanel Customer Experience

In recent years, the traditional bricks-and-mortar strategy for large retailers, with its accompanying high overhead costs, has become a barrier to competitiveness. Amazon (www.amazon.com), which does not maintain any physical stores, has achieved major market share—and has evolved into the world's largest Internet retailer—through a combination of lower prices and huge selection. But traditional retailers with stores have the upper hand over e-commerce for shoppers who want to try in person before they buy. To compete with Amazon, the world's largest retailers are adopting an omni-channel strategy that enables customers to seamlessly combine their experience of online shopping on any device with in-store shopping. This strategy is becoming increasingly important as Amazon builds its own fulfillment centers closer to customers. Big-box retailers are rethinking their distribution systems, which are often based on centralized warehouses. Many of them are now filling online orders from the store nearest the customer instead of hundreds of miles away.

Unfortunately, information technologies can also be misused, often with devastating consequences. Consider the following scenarios:

Individuals can have their identities stolen. Organizations can have customer information stolen, leading to financial losses, erosion of customer confidence, and legal action. Countries face the threats of cyberterrorism and cyberwarfare, terms for Internet-based attacks. Cyberwarfare is a critical problem for the U.S. government. In fact, President Obama signed a cyberwarfare directive in October 2012. In that directive, the White House, for the first time, laid out specific ground rules for how and when the U.S. military can carry out offensive and defensive cyber operations against foreign threats. The directive emphasizes the Obama administration's focus on cybersecurity as a top priority.

Conversational Marketing

Individuals converse via e-mail, blog, live chat, discussion groups, and tweets. Monitoring these conversations yields rich data for market research and customer service.

Trustev: Helping to Prevent Credit Card Fraud

Industry analysts claim that electronic commerce is unfair to merchants because they assume all of the risk in credit card transactions. Merchants also suffer most, if not all, of the financial damages in fraudulent transactions. The overall effect is that many online retailers fear fraud so much that they limit their business opportunities. merchants reject approximately 2 percent of legitimate customers. This number is more damaging than it might appear, because merchants suffer hidden costs as well. The cost to acquire an online customer is about $51 per customer. If merchants block a legitimate customer, then they lose the $51. Some merchants block transactions from entire countries. For example, in Europe only 6 percent of online merchants permit electronic transactions from another country. Trustev (www.trustev.com), which enables online retailers to accept more online transactions. The company helps reduce fraud by analyzing customer behavior while they browse and buy online. Using this analysis, Trustev takes roughly two-tenths of a second to decide whether to accept each transaction. In essence, Trustev validates the shoppers themselves, not just their payment method. Trustev is growing rapidly. One company in the United Kingdom tried out Trustev for four weeks. The company's goal was to stop fraudulent online transactions while letting through real customers who may be accidentally blocked. In just four weeks, the company noted a 5 percent revenue increase from blocking fraudulent transactions and another 6 percent increase from accepting customers who previously would have been blocked.

Chapter 7

Information Security

Section 7.5

Information Security Controls

Information Extortion

Information extortion occurs when an attacker either threatens to steal, or actually steals, information from a company. The perpetrator demands payment for not stealing the information, for returning stolen information, or for agreeing not to disclose the information.

Customer ratings and reviews:

Integrated into the vendor's Web page, a social network page, a customer review site, or in customer feeds (e.g., Amazon, iTunes, Buzzillions, Epinions).

Bartering online

Intermediary administers online exchange of surplus products and/or company receives "points" for its contribution, which it can use to purchase other needed items

Fraud on the Internet

Internet fraud has grown even faster than Internet use itself. Stocks are only one of many areas where swindlers are active. Auctions are especially conducive to fraud, by both sellers and buyers. Other types of fraud include selling bogus investments and setting up phantom business opportunities. Because of the growing use of e-mail, financial criminals now have access to many more potential victims.

Cyberbanking also enables banks to attract remote customers. In addition to regular banks with added online services, Internet-only banks, which are dedicated solely to

Internet transactions, are emerging.

Section 7.1

Introduction to Information Security

The bottom line:

It is critical to extend most of your efforts beyond an online search.

Finding a Job

Job sites are the fastest, least expensive, and most efficient method to connect employers with potential employees. The company's automated approach does not lend itself well to the upper tier of the job market—for example, CEO searches—where traditional face-to-face searches continue to be the preferred strategy. At the other end of the spectrum—that is, low-paying, low-skill jobs such as cashiers and truck drivers—job boards provide faster results.

Risk Limitation

Limit the risk by implementing controls that minimize the impact of the threat.

Malware

Malicious soft ware such as viruses and worms.

Viruses

Malicious soft ware that can attach itself to (or "infect") other computer programs without the owner of the program being aware of the infection.

Online direct marketing

Manufacturers or retailers sell directly to customers. Very efficient for digital products and services. Can allow for product or service customization

consumer-generated media

Many companies listen to consumers in the blogosphere who express their views on the companies' products.

Ransomware

Mark Stevens, president of a small firm, was notified by one of his employees that her computer was locked. Within hours, the malicious software spread from her computer to the company's servers and backup systems. The malware encrypted the firm's client and financial data. A ransom note appeared on the company's computers: Pay $400 within 72 hours to unlock the data. The malicious software that infected Mr. Stevens's company is called ransomware. Simply put, ransomware blocks access to a computer system until the system owner or operator pays a sum of money. Types of ransomware include Cryptolocker, Cryptowall, TeslaCrypt, and CTB Locker. The most current form of ransomware demands payment via the hard-to-trace cryptocurrency Bitcoin, and it uses the anonymizing Tor network. There are two possible solutions to the ransomware problem. The first is to hope that if your computer is infected, a third-party supplier will have come up with antivirus software to deal with your ransomware. Several antivirus vendors have provided fixes that victims can download to a USB stick. The victim then plugs the stick into the infected computer. Unfortunately, antivirus companies can't always keep up with the ransomware versions that pop up all the time. Therefore, if you are infected with a new type of ransomware, you may have little choice if you want your system and data back, other than to pay the ransom. The second possible solution to the ransomware problem is more effective. Essentially, hackers profit from the fact that many people don't back up their valuable information. Therefore, an effective defense against ransomware is to back up your entire system (all of your data, your files, and your operating system) every day onto a hard drive that is separate from your computer. You can also use a cloud storage company or an online backup service to make copies of your operating system and data.

Online Securities Trading.

Millions of Americans use computers to trade stocks, bonds, and other financial instruments. In fact, several well-known securities companies, including E*Trade, Ameritrade, and Charles Schwab, offer only online trading. In Korea, more than half of stock traders are already using the Internet for that purpose. Why? Because it is cheaper than a full-service or discount broker. On the Web, investors can find a considerable amount of information regarding specific companies or mutual funds in which to invest

Group Purchasing

Multiple buyers combine their orders so that they constitute a large volume and therefore attract more seller attention. In addition, when buyers place their combined orders on a reverse auction, they can negotiate a volume discount. Typically, the orders of small buyers are aggregated by a third-party vendor, such as the United Sourcing Alliance.

Corporate social networks are used for many processes, including:

Networking and community building, both inside and outside an organization Social collaboration: Collaborative work and problem solving using wikis, blogs, instant messaging, collaborative office, and other special-purpose Web-based collaboration platforms; for example, see Laboranova (www.laboranova.com) Social publishing: Employees and others creating, either individually or collaboratively, and posting contents—photos, videos, presentation slides, and documents—into a member's or a community's accessible-content repository such as YouTube, Flickr, SlideShare, and DocStoc Social views and feedback Social intelligence and social analytics: Monitoring, analyzing, and interpreting conversations, interactions, and associations among people, topics, and ideas to gain insights. Social intelligence is useful for examining relationships and work patterns of individuals and groups and for discovering people and expertise.

Limitations

One major technological limitation is the lack of universally accepted security standards. Also, in less-developed countries, telecommunications bandwidth often is insufficient, and accessing the Web is expensive. Nontechnological limitations include the perceptions that EC is insecure, has unresolved legal issues, and lacks a critical mass of sellers and buyers. As time passes, these limitations, especially the technological ones, will diminish or be overcome.

Membership

Only members can use the services provided, including access to certain information, conducting trades, etc.

Section 9.1

Overview of E-Business and E-Commerce

Sponsored reviews:

Paid-for reviews (e.g., SponsoredReviews, PayPerPost).

Collaborative consumption does have advantages:

Participants cite advantages that include self-management, variety, and the flexibility that comes from being able to set their own schedules.

Bloggers

People who create and maintain blogs—write stories, convey news, and provide links to other articles and Web sites that are of interest to them.

Spear phishing

Phishing attacks target large groups of people. In spear phishing attacks, attack the perpetrators find out as much information about an individual as possible to improve their chances that phishing techniques will obtain sensitive, personal information.

Using LinkedIn For Market Research

Post a question (e.g., solicit advice) regarding the topic or issue you are interested in. You may obtain a better result if you go to a specific LinkedIn group.

E-procurement

Procurement by using electronic support

brick-and-mortar organizations

Purely physical organizations

Shopping Communities and Clubs

Shopping clubs host sales for their members that last just a few days and usually feature luxury brands at heavily discounted prices. Club organizers host three to seven sales per day, usually via e-mail messages that entice club members to shop at more than 70 percent off retail—but quickly, before supplies run out.

Japan's Largest E-Commerce Company, Rakuten, Competes Globally

Rakuten (www.rakuten.com) is a Japanese electronic commerce company. (The Japanese word rakuten means optimism.) Since it began in 1997, the company has moved into sports, banking, insurance, and even wedding planning. in Japan that one in four online purchases in the country occurs on the company's B2C and B2B e-commerce platform, Ichiba. The diversified company owns: A professional baseball team and a professional soccer team; The Rakuten Bank; Rakuten Broadband Service; Rakuten Beauty, a chain of beauty salons; A vehicle inspection service; Rakuten Insurance; Rakuten Wedding, where couples plan their weddings; and The Rakuten smartphone app BeautyC Navigator, which helps couples predict the best time to try to conceive a child. Rakuten's limited global presence is a barrier to growth given Japan's decreasing population and its poorly performing economy. As a result, the e-commerce giant is expanding overseas, purchasing several foreign companies and investing in others.

Copyright

Recall from Chapter 6 that intellectual property is protected by copyright laws and cannot be used freely. This point is significant because many people mistakenly believe that once they purchase a piece of software, they have the right to share it with others. In fact, what they have bought is the right to use the software, not the right to distribute it. That right remains with the copyright holder. Similarly, copying material from Web sites without permission is a violation of copyright laws. Protecting intellectual property rights in e-commerce is extremely difficult, however, because it involves hundreds of millions of people in 200 countries with differing copyright laws who have access to billions of Web pages.

Viral marketing

Recipients of your marketing notices send information about your product to their friends

Supervisory Control and Data Acquisition Attacks (SCADA)

Refers to a large-scale, distributed measurement and control system. SCADA systems are used to monitor or to control chemical, physical, and transport processes such as those used in oil refineries, water and sewage treatment plants, electrical generators, and nuclear power plants. Essentially, SCADA systems provide a link between the physical world and the electronic world.

Geotagging

Refers to tagging information on maps. For example, Google Maps allows users to add pictures and information, such as restaurant or hotel ratings, to maps.

Cookies

Small amounts of information that Web sites store on your computer, temporarily or more or less permanently.

Group purchasing (e-coops)

Small buyers aggregate demand to create a large volume; the group then conducts tendering or negotiates a low price.

Forward auctions focus on the buyers.

Reverse auctions focus on the sellers.

Sabotage or Vandalism

Sabotage and vandalism are deliberate acts that involve defacing an organization's Web site, potentially damaging the organization's image and causing its customers to lose faith.

Chapter 8

Social Computing

Section 8.5

Social Computing in Business: Customer Relationship Management

Section 8.6

Social Computing in Business: Human Resource Management

Section 8.4

Social Computing in Business: Marketing

Section 8.3

Social Computing in Business: Shopping

Communication Controls

Secure the movement of data across networks. Communications controls consist of firewalls, anti-malware systems, whitelisting and blacklisting, encryption, virtual private networks (VPNs), transport layer security (TLS), and employee monitoring systems.

E-Commerce Business Models

See below

Worm

Segment of computer code that performs malicious actions and will replicate, or spread, by itself (without requiring another computer program)

Virus

Segment of computer code that performs malicious actions by attaching to another computer program

Opening Case: Social Commerce Company Teespring Plans to Become a Platform

Social commerce company Teespring (http://teespring.com) is one of the leading T-shirt manufacturers and sellers in the United States. In 2014, the company printed more than seven million T-shirts. Teespring says that about 60 percent of its sales come through ads on social media, with approximately 20 percent of the people who buy Teespring tees sharing their purchases on Facebook. eespring prints shirts only when a customer has placed an online order. As a result, the company and its designers are not left with unsold inventory. This process is an excellent example of mass customization, or make-to-order production. ndependent designers use Facebook extensively because the social network's 1.5 billion users provide such a vast amount of data on what its users like and dislike. In addition, designers use free tools such as Google Trends (www.google.com/trends) and Reddit (www.reddit.com) to identify current trends in specific niches that allows them to identify potential audiences. Teespring's annual revenue exceeds $100 million. In 2014, the firm raised approximately $55 million in venture funding and built a 105,000-square-foot printing factory in Kentucky. By contrast, businesses using the platform model integrate an increasing number of customers and partners into their ecosystems. A business ecosystem is a network of organizations—including suppliers, distributors, customers, competitors, government agencies, and others—involved in the delivery of products and services through both competition and cooperation. One caveat: Teespring's expenses are increasing at the same time that Facebook ad rates are rising. Further, the company has to deal with a number of legal complaints about tees that use copyrighted images from movies or sports teams, or images that copy existing top sellers. The company says that its staff members review all designs to avoid incurring liability.

Anti-malware Systems (AV or antivirus software)

Software packages that attempt to identify and eliminate viruses and worms, and other malicious software.

Trojan horse

Software programs that hide in other computer programs and reveal their designed behavior only when they are activated

Banjo Organizes the World's Social Media

Startup Banjo (http://ban.jo) has developed software that functions as an event-detection engine. The software organizes the world's social signals by location, enabling an unprecedented level of understanding of events that occur anywhere in the world, in real time. As such, Banjo has developed an information-gathering and -disseminating system that works anywhere in the world. Banjo displays data from geolocated posts uploaded from mobile devices, through a user-friendly Web site. Banjo integrates uploads from more than a dozen social networks, including Twitter (www.twitter.com), Instagram (https://instagram.com), Vine (https://vine.co), Facebook (www.facebook.com), Russia's VKontakte (https://vk.com), and China's Weibo (www.weibo.com), among others. Banjo maps a grid over the whole world, consisting of more than 35 billion squares, each about the size of a football field. Since 2011, Banjo has constantly monitored every square in real time, overlaying every mobile public post onto its grid. The software knows what the usual state is for each square: this square is in a wheat field; this square is in a war zone with smoke and fire; this square is in Disneyland, and so on. Every minute, Banjo's software analyzes thousands of geolocated mobile posts, examining data on linguistics and location, and classifying photos and videos.

Techniques for illegally obtaining personal information include the following:

Stealing mail or dumpster diving Stealing personal information in computer databases Infiltrating organizations that store large amounts of personal information (e.g., data aggregators such as Acxiom) (www.acxiom.com) Impersonating a trusted organization in an electronic communication (phishing)

SCADA Stands for?

Supervisory Control and Data Acquisition Attacks

Employee Monitoring Systems

Systems that monitor employees' computers, e-mail activities, and Internet surfing activities.

Cyberterrorism and Cyberwarfare

Terms for internet based attacks.

Viral marketing

That is, word-of-mouth advertising—lends itself especially well to social networking.

Travel Services.

The Internet is an ideal place to plan, explore, and arrange almost any trip economically. Online travel services allow you to purchase airline tickets, reserve hotel rooms, and rent cars. Most sites also offer a fare-tracker feature that sends you e-mail messages about low-cost flights.

The Online Job Market

The Internet offers a promising new environment for job seekers and for companies searching for hard-to-find employees. Thousands of companies and government agencies advertise available positions, accept resumes, and take applications via the Internet.

Thus, intermediaries who provide value-added services not only are likely to survive but they may also actually prosper.

The Web helps these employees in two situations: (1) when the number of participants is enormous, as with job searches, and (2) when the information that must be exchanged is complex.

Channel Conflict

The alienation of existing distributors when a company decides to sell to customers directly online.

Electronic Retailing (e-tailing)

The direct sale of products and services through electronic storefronts or electronic malls, usually designed around an electronic catalog format and/or auctions.

Aadhaar

The goal of the project is to issue identification numbers linked to the fingerprints and iris scans of all 1.2 billion Indian citizens. The biometrics and the Aadhaar identification number will serve as a verifiable, portable, and unique national ID. The Aadhaar project should enable millions of poor Indian citizens to access government services that previously were out of reach to them. As of April 2016, Aadhaar had enrolled over one billion million people.

Exposure

The harm, loss, or damage that can result if a threat compromises an information resource.

On the other hand, collaborative consumption does have disadvantages:

The law and regulatory agencies are trying to keep abreast of the rapidly growing companies in this economy. Participants have no basic employee benefits or protections. Another disadvantage is that the pay may be less than expected when participants factor in the time spent, expenses, insurance costs, and taxes on self-employment earnings. They do not have the right to organize into a union, meaning that they do not have access to union-based collective bargaining processes. They also do not have the right to due process should a services remove them from its platform.

Social Intelligence

The monitoring, collection, and analysis of socially generated data, and the resultant strategic decisions

Customer Churn

The more intangible costs of a breach include the loss of business from increased customer turnover.

Electronic Cards

The most common types are electronic credit cards, purchasing cards, stored-value money cards, and smart cards. Electronic credit cards allow customers to charge online payments to their credit card account. These cards are used primarily in B2C and in shopping by small-to-medium enterprises (SMEs).

Social Capital

The number of connections a person has within and between social networks.

Controls Evaluation

The organization examines the costs of implementing adequate control measures against the value of those control measures. If the costs of implementing a control are greater than the value of the asset being protected, the control is not cost effective.

Vulnerability

The possibility that an information resource will be harmed by a threat.

Advertising

The practice of disseminating information in an attempt to influence a buyer-seller transaction.

Cybersquatting

The practice of registering or using domain names for the purpose of profiting from the goodwill or the trademark that belongs to someone else. The Anti-Cybersquatting Consumer Protection Act (1999) permits trademark owners in the United States to sue for damages in such cases. Domain tasting lets registrars profit from the complex money trail of pay-per-click advertising. The practice can be traced back to the policies of the organization responsible for regulating Web names, the Internet Corporation for Assigned Names and Numbers (ICANN) In some cases, companies engage in cybersquatting by registering domain names that are very similar to their competitors' domain names in order to generate traffic from people who misspell Web addresses. Domain tasters exploit this policy by claiming Internet domains for five days at no cost. These domain names frequently resemble those of prominent companies and organizations. The tasters then jam these domains full of advertisements that come from Yahoo! and Google. Because this process involves zero risk and 100 percent profit margins, domain tasters register millions of domain names every day—some of them over and over again. Experts estimate that registrants ultimately purchase less than 2 percent of the sites they sample. In the vast majority of cases, they use the domain names for only a few days to generate quick profits.

Risk analysis

The process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it.

Electronic Commerce (EC or e-commerce)

The process of buying, selling, transferring, or exchanging products, services, or information via computer networks, including the Internet.

Encryption

The process of converting an original message into a form that cannot be read by anyone except the intended receiver.

Intellectual Property

The property created by individuals or corporations that is protected under trade secret, patent, and copyright laws.

Using Facebook for Market Research

There are several ways to use Facebook for market research. Consider the following examples: Obtain feedback from your Facebook fans (and their friends if possible) on advertising campaigns, market research, and so on. It is the equivalent of holding a free focus group. Test-market your messages. Provide two or three options, and ask fans which one they prefer and why. Use Facebook for survey invitations (i.e., to recruit participants). Essentially, turn Facebook into a giant panel, and ask users to participate in a survey. Facebook offers a self-service model for displaying ads, which can function as invitations to take a survey. Facebook also allows you to target your audience very specifically based on traditional demographic criteria such as age and gender.

Human errors or mistakes by employees pose a serious problem.

These errors are typically the result of laziness, carelessness, or a lack of awareness concerning information security.

Opening Case: Thumbtack

These professionals all belong to a very large industry called local commerce or local services. This industry is difficult to define; however, estimates of its size range from $400 billion to $800 billion per year. Despite its large size, local commerce remains an inefficient market that depends on phone calls, the Yellow Pages, and, when things go wrong, small claims court. In fact, every year professionals spend approximately $65 billion on local ads to generate business leads. Now, a company called Thumbtack is striving to create efficiencies in the local commerce marketplace. Founded in 2009, Thumbtack (www.thumbtack.com) is a marketplace that connects customers with local service professionals. On Thumbtack, the providers bid on the customer. When Thumbtack entered this marketplace, it faced two major problems. First, the company had to list enough suppliers (local professionals) on its Web site to attract demand (customers). Significantly, Thumbtack did not cold-call anyone. Rather, they analyzed billions of Web pages to create a database of information on local professionals. This process helped them learn where service providers searched online for new business. Thumbtack sends some $2 billion of business to local firms in the United States. The company has raised $150 million in venture capital funding, and industry analysts estimate their valuation to exceed $800 million.

VPNs have several advantages:

They allow remote users to access the company network. Second, they provide flexibility. That is, mobile users can access the organization's network from properly configured remote devices. Third, organizations can impose their security policies through VPNs.

Internet-based classified ads have one major advantage over traditional types of classified ads:

They provide access to an international, rather than a local, audience. This wider audience greatly increases both the supply of goods and services and the number of potential buyers.

The basic guidelines for creating strong passwords are:

They should be difficult to guess. They should be long rather than short. They should have uppercase letters, lowercase letters, numbers, and special characters. They should not be recognizable words. They should not be the name of anything or anyone familiar, such as family names or names of pets. They should not be a recognizable string of numbers, such as a Social Security number or a birthday.

Catching a Hacker

To be a hacker, all you really need is a computer and an Internet connection. Aleksandr Panin is a Russian hacker who created SpyEye, one of the most sophisticated and destructive malicious software programs ever developed. SpyEye automates the collection of confidential personal and financial information. The malware can hijack Web browsers and/or present fake bank Web pages that prompt users to enter their login information. SpyEye systematically infected nearly 1.5 million computers around the world, creating a massive botnet. The U.S. Justice Department estimates that SpyEye caused $500 million worth of theft and other damage. By December, agents had collected enough evidence—two hard drives and more than 1 terabyte of data—to secure a 23-count indictment against Bendelladj. However, they still did not know the identity of the creator of SpyEye. As a result, a grand jury indicted "John Doe." The case wasn't over yet, though. Because Russia and the United States do not have an extradition treaty, federal officials had to wait until Panin left Russia to arrest him. The indictment against him remained sealed for two years so that he would not get word that he'd been found out. It wasn't until January 5, 2013, that the first arrest in the case was made. Bendelladj was travelling from Malaysia to Egypt and was arrested by Thai authorities during a stopover in Bangkok. In May 2013, he was extradited to the United States to face charges, and he pleaded not guilty. Then, on July 1, 2013, FBI agents arrested Panin when he flew through Hartsfield-Jackson Atlanta International Airport. Panin had been visiting a friend in the Dominican Republic and was flying back to Russia. In January 2014, Panin pleaded guilty to bank and wire fraud. In April 2016, Panin was sentenced to 9 and one-half years in prison.

multifactor authentication

To identify authorized users more efficiently and effectively, organizations are implementing more than one type of authentication. This system is particularly important when users log in from remote locations.

There are several reasons for employing Web sites, including:

To sell goods and services To induce people to visit a physical location To reduce operational and transaction costs To enhance your reputation

Five key factors are contributing to the increasing vulnerability of organizational information resources, making it much more difficult to secure them:

Today's interconnected, interdependent, wirelessly networked business environment Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a computer hacker International organized crime taking over cybercrime Lack of management support

Market Research

Traditionally, marketing professionals used demographics compiled by market research firms as one of their primary tools to identify and target potential customers. Obtaining this information was time-consuming and costly, because marketing professionals had to ask potential customers to provide it. Today, however, members of social networks provide this information voluntarily on their pages!

Electronic marketplaces and exchanges

Transactions are conducted efficiently (more information to buyers and sellers, lower transaction costs) in electronic marketplaces (private or public)

Risk Transference

Transfer the risk by using other means to compensate for the loss, such as by purchasing insurance.

Back door

Typically a password, known only to the attacker, that allows him or her to access a computer system at will, without having to go through any security procedures (also called a trap door).

There are numerous, diverse companies in the collaborative consumption market including:

Uber (www.uber.com) operates the Uber mobile app, which allows consumers with smartphones to submit a trip request that is sent to Uber drivers who use their own cars. Airbnb (www.airbnb.com) is a Web site for people to list, find, and rent lodgings. Zipcar (www.zipcar.com) and RelayRides (http://relayrides.com) are car-sharing services. Yerdle (https://yerdle.com) is a smartphone app that helps people give and get things for free. They gain credits by giving things away and spend those credits on whatever they need (e.g., clothes, kitchen appliances and tools). Skillshare (www.skillshare.com) provides access to top-class tutors very cheaply. Tradesy (www.tradesy.com) lets users sell and buy used clothes from well-known brands. The service takes 9 percent of profits. JustPark (www.justpark.com) is a London startup that allows users to charge people to use their driveways as a safe, secure parking spot. Bla Bla Car (www.blablacar.com) lets you rent out extra seats in your car when you go on a trip. Leftover Swap (http://leftoverswap.com) is an app where users can find leftover food to share. This service is important in the United States, where we waste some 30 percent of our food. Streetbank (www.streetbank.com) allows users to lend things to your neighbors or borrow things you need to use for a set amount of time. Feastly (https://eatfeastly.com) gives users a way to share any type of meal with people in their area. Cookening (www.cookening.com), a service available throughout Europe and in New York City, allows travelers to pay to eat with a local person or family to make your trip more authentic. Marriott International (www.marriott.com) offers meeting spaces on LiquidSpace (https://liquidspace.com). LiquidSpace is an online marketplace that allows people to rent office space by the hour or the day. Hundreds of Marriott hotels now list meeting spaces, and the program has expanded the company's reach by attracting local businesspeople from surrounding areas. FLOOW2 (www.floow2.com), based in the Netherlands, calls itself a "business-to-business sharing marketplace where companies and institutions can share equipment, as well as the skills and knowledge of personnel." The company lists more than 25,000 types of equipment and services in industries such as construction, agriculture, transportation, real estate, and healthcare.

Section 7.2

Unintentional Threats to Information Systems

There are other innovative methods to advertise in social media. Consider the following:

Use a company Facebook page, including a store that attracts fans and lets them "meet" other customers. Then, advertise in your Facebook store. Tweet business success stories to your customers. Integrate ads into YouTube videos. Use native advertising. Native advertising is a sales pitch that fits into the flow of the information being shown. Many publishers view native advertising as risky because it has the potential to erode the public's trust. (See Closing Case 2).

Affiliate marketing

Vendors ask partners to place logos (or banners) on partner's site. If customers click on logo, go to vendor's site, and make a purchase, then the vendor pays commissions to the partners.

Expert ratings and reviews:

Views from an independent authority (e.g., Metacritic).

Purchasing a shirt at Walmart Online or a book from Amazon.com is an example of partial EC because the merchandise, although bought and paid for digitally, is physically delivered by FedEx or UPS. In contrast, buying an e-book from Amazon.com or a software product from Buy.com constitutes pure EC because the product itself as well as its delivery, payment, and transfer are entirely digital.

We use the term electronic commerce to denote both pure and partial EC.

Section 8.1

Web 2.0

TLS encrypts and decrypts data between a

Web server and a browser end to end.

Section 7.4

What Organizations Are Doing to Protect Information Systems

Opening Case: The St. Louis Cardinals Investigated for Hacking the Houston Astros

While Luhnow was working for the Cardinals, the team developed a computer system called Redbird. The system managed the team's baseball operations information. This valuable, highly secret information included scouting reports and player information. Then, in December 2011, the Astros hired Luhnow away from the Cardinals to be their general manager. When Luhnow joined the Astros, some of the Cardinals front-office personnel went with him. The Astros promptly developed a computer system called Ground Control. Similar to Redbird, Ground Control managed the team's baseball operations information. Specifically, the system analyzed a group of variables and weighted them according to the values determined by the team's statisticians, physicians, scouts, and coaches. Investigators uncovered evidence that Cardinals' employees illegally accessed an Astros database containing information concerning internal discussions about trades, proprietary player statistics, and scouting reports. Subpoenas have been served on the Cardinals and Major League Baseball for electronic correspondence. In July 2015, the Cardinals terminated the contract of their scouting director, who admitted hacking into the Astros' system. He maintained, however, that his sole objective was to determine whether the Astros had stolen proprietary data from the Cardinals. If the charges against the Cardinals are confirmed, then this attack would represent the first known case of corporate espionage in which a professional sports team hacked the network of another team.

Social computing is particularly useful for two marketing processes:

advertising and market research.

pure EC

all dimensions of the organization are digital

Store Value Money Cards

allow you to store a fixed amount of prepaid money and then spend it as necessary. Each time you use the card, the amount is reduced by the amount you spent.

Something the user knows

an authentication mechanism that includes passwords and passphrases.

Something the user has

an authentication mechanism that includes regular identification (ID) cards, smart ID cards, and tokens.

Something the user does

an authentication mechanism that includes voice and signature recognition.

Something the user is (Biometrics)

an authentication method that examines a person's innate physical characteristics. Common biometric applications are fingerprint scans, palm scans, retina scans, iris recognition, and facial recognition. Of these applications, fingerprints, retina scans, and iris recognition provide the most definitive identification. A huge biometric identification project in India provides an example of the power of biometrics.

Patent

an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.

Untrusted Network

any network external to your organization.

Trusted Network

any network within your organization.

Pop-up ad

appears in front of the current browser window

Pop-under ad

appears underneath the active window; when users close the active window, they see the ad. Many users strongly object to these ads, which they consider intrusive. Modern browsers let users block pop-up ads, but this feature must be used with caution because some Web sites depend on pop-up capabilities to present content other than advertising.

Electronic Checks (E-Checks)

are used primarily in B2B, are similar to regular paper checks. A customer who wishes to use e-checks must first establish a checking account with a bank. Then, when the customer buys a product or a service, he or she e-mails an encrypted electronic check to the seller. The seller deposits the check in a bank account, and the funds are transferred from the buyer's account into the seller's account.

Ratings, Reviews, and Recommendations

are usually available in social shopping. In addition to seeing what is already posted, shoppers have an opportunity to contribute their own ratings and reviews and to discuss ratings and reviews posted by other shoppers.

Permission Marketing

asks consumers to give their permission to voluntarily accept online advertising and e-mail.

auditing through the computer

auditors check inputs, outputs, and processing. They review program logic, and they test the data contained within the system.

two major functions of access controls:

authentication and authorization.

After the person is authenticated (identified), the next step is

authorization.

The most common online advertising methods are

banners, pop-ups, and e-mail.

Spam costs U.S. companies

billions of dollars every year.

For credit card companies, it is cheaper to

block a stolen credit card and move on than to invest time and money prosecuting cybercriminals.

Business to business electronic commerce

both the sellers and the buyers are business organizations. B2B comprises the vast majority of EC volume.

Social Apps

branded online applications that support social interactions and user contributions (e.g., Nike+).

Human resource managers know that the best strategy to enable, encourage, and promote employee development is to

build relationships with employees.

A basic security strategy for organizations is to be prepared for any eventuality. A critical element in any security system is a

business continuity plan, also known as a disaster recovery plan.

The major types of electronic commerce:

business-to-consumer (B2C), business-to-business (B2B), consumer-to-consumer (C2C), business-to employee (B2E), and government-to-citizen (G2C).

Private exchanges have one

buyer and many sellers.

businesses must respond to

customers quickly and appropriately.

The sell-side model is especially suitable to

customization.

A major advantage of banners is that they can be

customized to the target audience.

Two popular online shopping mechanisms are

electronic storefronts and electronic malls.

Many companies are taking a proactive approach to protecting their networks against what they view as one of their major security threats, namely,

employee mistakes.

Customers are now incredibly

empowered.

Electronic Payment Mechanisms

enable buyers to pay for goods and services electronically, rather than writing a check or using cash.

One more great online resource is Craigslist (www.craigslist.com). It is one site the aggregators do not tap. Craigslist focuses on local listings, and it is especially useful for

entry-level jobs and internships.

Whereas whitelisting allows nothing to run unless it is on the whitelist, blacklisting allows

everything to run unless it is on the blacklist.

Any entrepreneur or company that decides to practice electronic commerce must develop a strategy to do so effectively. The first step is to determine exactly

exactly why you want to do business over the Internet using a Web site.

Stronger authentication is also more

expensive, and, as with strong passwords, it can be irritating to users.

Copyright Law

a statutory grant that provides the creators or owners of intellectual property with ownership of the property, also for a designated period.

Direct Materials

inputs to the manufacturing process, such as safety glass used in automobile windshields and windows.

Tailgating

a technique designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry. The perpetrator follows closely behind a legitimate employee and, when the employee gains entry, the attacker asks him or her to "hold the door."

Bitcoin

a type of digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of any central bank.

Another reason why information resources are difficult to protect is that the online commerce industry is not particularly willing to

install safeguards that would make completing transactions more difficult or complicated.

There are two types of auditors and audits:

internal and external.

An external auditor reviews the findings of the

internal audit as well as the inputs, processing, and outputs of information systems.

IS auditing is usually a part of accounting

internal auditing, and it is frequently performed by corporate internal auditors.

Electronic banking, also known as cyberbanking

involves conducting various banking activities from home, at a place of business, or on the road instead of at a physical bank location.

E-mail

is emerging as an Internet advertising and marketing channel. It is generally cost-effective to implement, and it provides a better and quicker response rate than other advertising channels.

Two common types of spyware are

keystroke loggers and screen scrapers.

Companies typically base authorization policies on the principle of

least privilege.

Permission marketing is also extremely important for

market research.

Auditing with the computer

means using a combination of client data, auditor software, and client and auditor hardware. This approach enables the auditor to perform tasks such as simulating payroll program logic using live data.

Internet advertising redefines the advertising process, making it

media rich, dynamic, and interactive. It improves on traditional forms of advertising in a number of ways. First, Internet ads can be updated any time at minimal cost and therefore can be kept current. In addition, these ads can reach very large numbers of potential buyers all over the world. Furthermore, they are generally cheaper than radio, television, and print ads. Finally, Internet ads can be interactive and targeted to specific interest groups and/or individuals.

Two important ethical considerations:

privacy and job loss—as well as various legal issues arising from the practice of e-business.

In social computing, users, rather than organizations

produce, control, use, and manage content via interactive communications and collaboration. As a result, social computing is transforming power relationships within organizations.

Electronic catalogs consist of a

product database, a directory and search capabilities, and a presentation function. They are the backbone of most e-commerce sites.

warm site

provides many of the same services and options as the hot site. However, it typically does not include the actual applications the company needs. A warm site includes computing equipment such as servers, but it often does not include user workstations.

cold site

provides only rudimentary services and facilities, such as a building or a room with heating, air conditioning, and humidity control.

The majority of encryption systems use

public-key encryption.

The two major types of Web 2.0 sites:

social networking sites and mashups.

Adware

software that causes pop-up advertisements to appear on your screen. Adware is common because it works. According to advertising agencies, for every 100 people who close a pop-up ad, 3 click on it

Spyware

software that collects personal information about users without their consent.

Collaborative consumption is a broad term that includes many collaborative practices, such as

collaborative production, crowdfunding, peer-to-peer lending, and others.

Also, computer crimes can be

committed from anywhere in the world, at any time, effectively providing an international safe haven for cybercriminals. Computer-based crimes cause billions of dollars in damages to businesses each year, including the costs of repairing information systems and of lost business.

Corporate firewalls typically consist of software running on a

computer dedicated to the task.

To authenticate (identify) authorized personnel, an organization can use one or more of the following methods:

something the user is, something the user has, something the user does, and/or something the user knows.

Horizontal exchanges

connect buyers and sellers across many industries. They are used primarily for MRO materials. Examples of horizontal exchanges are TradersCity (www.traderscity.com), Globalsources (www.globalsources.com), and Alibaba (www.alibaba.com).

Vertical exchanges

connect buyers and sellers in a given industry. Examples of vertical exchanges are www.plasticsnet.com in the plastics industry and www.papersite.com in the paper industry.

Vertical exchanges are frequently owned and managed by a

consortium, a term for a group of major players in an industry.

Smart Cards

contain a chip that can store a large amount of information. Smart cards are frequently multipurpose—that is, you can use them as a credit card, a debit card, a stored-value money card, or a loyalty card. Smart cards are ideal for micropayments,

Banner

contains a short text or a graphical message to promote a product or a vendor.

To protect their information assets, organizations implement

controls, or defense mechanisms (also called countermeasures).

an increasing number of companies have created in-house, private social networks for their employees, former employees, business partners, and/or customers. Such networks are "behind the firewall" and are often referred to as

corporate social networks. Employees utilize these networks to create connections that allow them to establish virtual teams, bring new employees up to speed, improve collaboration, and increase employee retention by creating a sense of community.

Using Twitter for Market Research

Your customers, your prospects, and industry thought leaders all use Twitter, making it a rich source of instantly updated information. Consider the following examples: Visit Twitter Search (www.twitter.com/search). Enter a company's Twitter name. Not only can you follow what the company is saying, you can also follow what everyone is saying to them. Monitoring replies to your competitors and their employees will help you develop your own Twitter strategy by enabling you to observe (a) what your competitors are doing and, more importantly, (b) what people think about them. You can also follow the company's response to this feedback. Take advantage of the tools that enable you to find people in the industries in which they operate. Use search.twitter.com to monitor industry-specific keywords. Check out Twellow (www.twellow.com). This site automatically categorizes a Twitter user into one to three industries based on that person's bio and tweets. Do you want to know what topic is on most people's minds today? If so, then review the chart on TweetStats (www.tweetstats.com). It will show you the most frequently used words in all of Tweetdom, so you can be a part of those conversations. An increasing number of companies are utilizing Twitter to solicit information from customers and to interact with them. Examples are Dell (connecting with customers), JetBlue (learning about customers), Teusner Wines (gathering feedback, sharing information), and Pepsi (rapid response time in dealing with complaints).

electronic storefront

a Web site that represents a single store.

Electronic Marketplace (E-marketplace)

a central, virtual market space on the Web where many buyers and many sellers can conduct e-commerce and e-business activities. Electronic marketplaces are associated with B2B electronic commerce.

An electronic mall, also known as a cybermall or an e-mall

a collection of individual shops consolidated under one Internet address. Electronic storefronts and electronic malls are closely associated with B2C electronic commerce.

Auction

a competitive buying and selling process in which prices are determined dynamically by competitive bidding. Electronic auctions (e-auctions) generally increase revenues for sellers by broadening the customer base and shortening the cycle time of the auction.

hot site

a fully configured computer facility with all of the company's services, communications links, and physical plant operations. A hot site duplicates computing resources, peripherals, telephone systems, applications, and workstations.

All encryption systems use

a key, which is the code that scrambles and then decodes the messages.

The sell-side model is used by hundreds of thousands of companies. It is especially powerful for companies with superb reputations. The seller can be either

a manufacturer (e.g., Dell or IBM), a distributor (e.g., www.avnet.com), or a retailer (e.g., www.bigboxx.com).

Buy-side Marketplace

a model in which organizations attempt to procure needed products or services from other organizations electronically.

Virtual Private Network (VPN)

a private network that uses a public network (usually the Internet) to connect users. VPNs essentially integrate the global connectivity of the Internet with the security of a private network and thereby extend the reach of the organization's networks. virtual because they have no separate physical existence. They are created by using logins, encryption, and other techniques to enhance the user's privacy

Filter Bubble

a result of a search in which a Web site algorithm guesses what a user would like to see based on information about that user, such as location and past searches.

passphrase

a series of characters that is longer than a password but is still easy to memorize.

Swipely

a service that processes credit card transactions for merchants. The online software works with point-of-sale systems and terminals used by independent businesses, including restaurants, salons, boutiques, and grocers, without the need for additional hardware. Swipely's competitive advantage lies in giving vendors a clearer picture of their customers' buying habits. To protect customer information, Swipely deletes personally identifying data, and then presents the data to merchants in the form of customer dashboards that reveal which goods each card number purchased and when. Swipely's dashboards can display customer responses to e-mail or coupon offers—a service that often costs hundreds of dollars a month, which Swipely provides for free. wipely competes with numerous payment-processing services including Square (www.squareup.com), Heartland Payment Systems (www.heartlandpaymentsystems.com), and Chase Paymentech (www.chasepaymentech.com). Many companies are competing in this arena because consumer spending information is extremely valuable. Swipely's competitive advantage over Square, for now, is price. Swipely takes an average of 2.65 percent of its merchants' customer transactions, whereas Square's average charge is 2.75 percent. Furthermore, chances are good that merchants will not have to purchase additional equipment, as long as their registers are one of more than 50 systems that are compatible with the Swipely cloud-based service. In November 2014, Swipely announced that it was processing more than $4 billion of customer transactions annually with its participating merchants. In May 2015, Swipely CEO Angus David announced an unspecified number of layoffs for "organizational reasons." However, he added that Swipely had tripled its number of customers to 3,000 and also had tripled its recurring revenue.

Controls are intended to prevent

accidental hazards, deter intentional acts, detect problems as early as possible, enhance damage recovery, and correct problems.

LinkedIn's success comes from its ability to

accurately identify its market segment. LinkedIn targets the vast sweet spot between these two extremes, helping to fill high-skill jobs that pay anywhere from $50,000 to $250,000 or more per year.

Unintentional threats are

acts performed without malicious intent that nevertheless represent a serious threat to information security.

Traditional payment systems have typically involved

cash and/or checks.

Issues in E-Tailing

channel conflict and order fulfillment.

The complexity of B2C EC creates two major challenges for sellers:

channel conflict and order fulfillment.

These controls are designed to protect all of the components of an information system, including

data, software, hardware, and networks.

bitcoin's most important characteristic, which makes it different from conventional money, is that it is

decentralized. No single institution controls the bitcoin network

The third factor is that the computing skills necessary to be a hacker are

decreasing. The reason is that the Internet contains information and computer programs called scripts that users with few skills can download and use to attack any information system connected to the Internet.

As you see from these examples, the world is becoming more

democratic and reflective of the will of ordinary people, enabled by the power of social computing.

Electronic exchanges deal in both

direct and indirect materials

One of the most pressing EC issues relating to online services (as well as in marketing tangible products) is

disintermediation

Regular ID cards

dumb cards, typically have the person's picture and often his or her signature.

A large percentage of the time and expense of employee

education and learning management can be minimized by utilizing e-learning and interactive social learning tools.

An example of G2C electronic commerce is

electronic benefits transfer, in which governments transfer benefits, such as Social Security and pension payments, directly to recipients' bank accounts.

Banners are simply

electronic billboards

three types of electronic payment:

electronic checks, electronic cards, and digital wallets.

One of the most profound changes in the modern world of business is the emergence of

electronic commerce.

the two basic mechanisms that customers utilize to access companies on the Web:

electronic storefronts and electronic malls

There are two major types of auctions:

forward and reverse

The key mechanisms in the sell-side model are

forward auctions and electronic catalogs that can be customized for each large buyer.

Social computing not only generates faster and cheaper results than traditional focus groups but also

fosters closer customer relationships.

Information security is especially important to small businesses. Large organizations that experience an information security problem have

greater resources to bring to both resolve and survive the problem. In contrast, small businesses have fewer resources and therefore can be destroyed by a data breach.

E-procurement uses reverse auctions, particularly

group purchasing.

Smart ID cards

have an embedded chip that stores pertinent information about the user.

Tokens

have embedded chips and a digital display that presents a login number that the employees use to access the organization's network. The number changes with each login.

Social computing is exploding worldwide, with China

having the world's most active social media population. In one McKinsey survey, 91 percent of Chinese respondents reported that they had visited a social media site in the previous six months, compared with 70 percent in South Korea, 67 percent in the United States, and 30 percent in Japan.

The two industries with the highest per-record cost of a data breach are

healthcare ($359 per record) and education ($294 per record).

The direct costs of a data breach include

hiring forensic experts, notifying customers, setting up telephone hotlines to field queries from concerned or affected customers, offering free credit monitoring, and providing discounts for future products and services. Average costs per breach are in the millions.

n the event of a major disaster, organizations can employ several strategies for business continuity. These strategies include

hot sites, warm sites, and cold sites.

Onboarding

how new employees acquire the necessary knowledge, skills, and behaviors to become effective members of the organization. Through the use of social media, new hires can learn what to expect in their first few days on the job and find answers to common questions.

A major category of unintentional threats is

human error.

Employees in two areas of the organization pose especially significant threats to information security:

human resources and information systems (IS).

Social computing is focused on

improving collaboration and interaction among people and on encouraging user-generated content.

One shortcoming of physical controls is that they can be

inconvenient to employees. Guards deserve special mention because they have very difficult jobs, for at least two reasons. First, their jobs are boring and repetitive and generally do not pay well. Second, if guards perform their jobs thoroughly, the other employees harass them, particularly if they slow up the process of entering the facility.

Public Exchanges (Exchanges)

independently owned by a third party, and they connect many sellers with many buyers.

Traditional advertising on TV or in newspapers involves impersonal, one-way mass communication. In contrast, direct response marketing, or telemarketing, contacts

individuals by direct mail or telephone and requires them to respond in order to make a purchase.

Are all controls installed as intended? Are they effective? Has any breach of security occurred? If so, what actions are required to prevent future breaches? These questions must be answered by independent and unbiased observers. Such observers perform the task of

information systems auditing.

SCADA systems consist of

multiple sensors, a master computer, and communications infrastructure. The sensors connect to physical equipment. They read status data such as the open/closed status of a switch or a valve, as well as measurements such as pressure, flow, voltage, and current. They control the equipment by sending signals to it, such as opening or closing a switch or a valve or setting the speed of a pump. The sensors are connected in a network, and each sensor typically has an Internet address (Internet Protocol, or IP, address, discussed in Chapter 4). If attackers gain access to the network, they can cause serious damage, such as disrupting the power grid over a large area or upsetting the operations of a large chemical or nuclear plant. Such actions could have catastrophic results.

Communication Controls are also called

network controls

In reality, however, passwords by themselves can

no longer protect us, regardless of how unique or complex we make them.

Significantly, in social computing, social information is

not anonymous.

our personally identifiable, private data is

not secure.

Shoulder Surfing

occurs when a perpetrator watches an employee's computer screen over the employee's shoulder. This technique is particularly successful in public areas such as in airports and on commuter trains and airplanes.

Showrooming

occurs when shoppers visit a brick-and-mortar store to examine a product in person. They then conduct research about the product on their smartphones. Often, they purchase the product from the Web site of a competitor of the store they are visiting. Showrooming is causing problems for brick-and-mortar retailers, such as Target, Best Buy, and others. At the same time, showrooming benefits Amazon, eBay, and other online retailers.

Reverse Auctions

one buyer, usually an organization, wants to purchase a product or a service. The buyer posts a request for quotation (RFQ) on its Web site or on a third-party site. The RFQ provides detailed information on the desired purchase. Interested suppliers study the RFQ and then submit bids electronically. Everything else being equal, the lowest-price bidder wins the auction. The reverse auction is the most common auction model for large purchases (in terms of either quantities or price). Ex. Government Bids

customer reviews are emerging as prime locations for online shoppers to visit. Approximately

one-half of consumers consult reviews before making an online purchase, and almost two-thirds are more likely to purchase from a site that offers ratings and reviews.

Click-and-collect is similar to ship-from-store, except

online customers have to pick up their packages themselves at a John Lewis store—they are not shipped from the store. John Lewis charges two British pounds for click-and-collect orders valued at less than 30 pounds. Click-and-collect has been a tremendous success for John Lewis. In fact, for the 2014 holiday season, click-and-collect sales surpassed home deliveries. In addition, online sales increased by 19 percent, accounting for more than 30 percent of the retailer's gross revenue. Further, more than half the firm's online orders were of the click-and-collect type.

The second major issue confronting e-commerce is

order fulfillment. In the late 1990s, e-tailers faced continuous problems in order fulfillment, especially during the holiday season. These problems included late deliveries, delivering wrong items, high delivery costs, and compensation to unsatisfied customers. For e-tailers, taking orders over the Internet is the easy part of B2C e-commerce. Delivering orders to customers' doors is the hard part. In contrast, order fulfillment is less complicated in B2B. These transactions are much larger, but they are fewer in number. In addition, these companies have had order fulfillment mechanisms in place for many years.

Unfortunately, employee negligence caused many of the data breaches, meaning that

organizational employees are a weak link in information security.

Sell-side Marketplace

organizations attempt to sell their products or services to other organizations electronically from their own private e-marketplace Web site and/or from a third-party Web site.

All other combinations that include a mix of digital and physical dimensions are considered

partial EC (but not pure EC).

Interesting way to make a strong password that you can remember

passphrase can serve as a password itself, or it can help you create a strong password. You can turn a passphrase into a strong password in this manner. Starting with the last passphrase above, take the first letter of each word. You will have "gammd." Then, capitalize every other letter to create "GaMmD." Finally, add special characters and numbers to create "9GaMmD//*." You now have a strong password that you can remember.

Social advertising is the first form of advertising to leverage forms of social influence such as

peer pressure and friend recommendations and likes.

Word-of-mouth has always been one of the most powerful marketing methods—more often than not,

people use products that their friends like and recommend. Social media sites can provide this type of data for numerous products and services.

First, it is difficult, if not impossible, for organizations to provide

perfect security for their data. Second, there is a growing danger that countries are engaging in economic cyberwarfare among themselves. Third, it appears that it is impossible to secure the Internet.

Two important responses to spamming are

permission marketing and viral marketing.

Spamware

pestware that uses your computer as a launch pad for spammers.

Three major types of controls:

physical controls, access controls, and communications controls.

Viral Marketing

refers to online word-of-mouth marketing. The strategy behind viral marketing is to have people forward messages to friends, family members, and other acquaintances suggesting they "check this out."

Social Commerce

refers to the delivery of electronic commerce activities and transactions through social computing. Social commerce also supports social interactions and user contributions, allowing customers to participate actively in the marketing and selling of products and services in online marketplaces and communities.

Purchasing

refers to the process of ordering and receiving goods and services. It is a subset of the procurement process.

These attacks are grouped into three categories:

remote attacks requiring user action; remote attacks requiring no user action; software attacks initiated by programmers during the development of a system.

A major method of procuring goods and services in the buy-side model is the

reverse auction.

There are several risk mitigation strategies that organizations can adopt. The three most common are risk acceptance, risk limitation, and risk transference:

risk acceptance, risk limitation, and risk transference.

Risk management consists of three processes:

risk analysis, risk mitigation, and controls evaluation.

Dumpster Diving

rummaging through commercial or residential trash to find discarded information. Paper files, letters, memos, photographs, IDs, passwords, credit cards, and other forms of information can be found in dumpsters.

screen scrapers

screen grabbers. This software records a continuous "movie" of a screen's contents rather than simply recording keystrokes.

The major models are

sell-side marketplaces, buy-side marketplaces, and electronic exchanges.

Forward Auctions

sellers solicit bids from many potential buyers. ex. Ebay.com

This new order fulfillment model, called

ship-from-store, benefits customers by speeding up delivery. It benefits the retailers by reducing shipping costs and cutting down on sales-floor overstocks that result in big markdowns. Most importantly, it helps retailers go head to head with Amazon. Gap stores were the first to implement ship-from-store, and the retailer has added this service to the e-commerce systems of two Gap-owned chains, Banana Republic and Athleta. Not coincidentally, Gap's annual revenue increased by $500 million in 2013. Nearly 70 percent of Americans live within five miles of a Walmart. Therefore, the company is using its stores to fulfill online orders, along with its storage warehouses and specific fulfillment centers. By late 2015, roughly 10 percent of the items ordered on Walmart.com were shipped from 35 stores. Most of those orders were delivered within two days. Walmart charges a $10 fee for same-day delivery service. In some cases, the company uses third-party carriers to ship items from its stores. In addition, Walmart employees sometimes deliver products by car. This ship-from-store strategy exceeded expectations, and Walmart was planning to expand the service to hundreds of its stores.

Cookies are also necessary for online shopping because merchants use them for your

shopping carts.

The buy-side model uses EC technology to streamline the procurement process. The goal is to reduce both the costs of items procured and the administrative expenses involved in procuring them. In addition, EC technology can

shorten the procurement cycle time.

Multichanneling has created the opportunity for

showrooming.

Micropayments

small payments of a few dollars or less.

Most ads in social commerce consist of branded content paid for by advertisers. These ads belong to two major categories:

social advertisements (or social ads) and social apps.

so many organizations are competing to use social computing in as many new ways as possible that an inclusive term for the use of social computing in business has emerged:

social commerce.

Human resource (HR) departments in many organizations use

social computing applications outside their organizations (recruiting) and inside their organizations (employee development).

Traditional information systems

support organizational activities and business processes, and they concentrate on cost reductions and productivity increases.

Five Web 2.0 information technology tools:

tagging, Really Simple Syndication, blogs, microblogs, and wikis.

Two other social engineering techniques are

tailgating and shoulder surfing.

Overall, B2B complexities tend to be more business related, whereas B2C complexities tend to be more

technical and volume related.

Purchasing cards

the B2B equivalent of electronic credit cards. Unlike credit cards, where credit is provided for 30-60 days (for free) before payment is made to the merchant, payments made with purchasing cards are settled within a week.

business to business (B2B) e-commerce

the buyers and sellers are business organizations. B2B comprises about 85 percent of EC volume.

Web 1.0 was the first generation of the Web. We did not use this term in Chapter 4 because there was no need to say "Web 1.0" until Web 2.0 emerged. The key developments of Web 1.0 were

the creation of Web sites and the commercialization of the Web. Users typically had minimal interaction with Web 1.0 sites. Rather, they passively received information from those sites.

degree of digitization

the extent to which the commerce has been transformed from physical to digital. This concept can relate to both the product or service being sold and the delivery agent or intermediary. In other words, the product can be either physical or digital, and the delivery agent can also be either physical or digital.

There are two types of cybermalls:

the first type, known as referral malls (e.g., www.hawaii.com), you cannot buy anything. Instead, you are transferred from the mall to a participating storefront. In the second type of mall (e.g., http://shopping.google.com), you can actually make a purchase. At this type of mall, you might shop from several stores, but you make only one purchase transaction at the end. You use an electronic shopping cart to gather items from various vendors and then pay for all of them in a single transaction.

Spamming

the indiscriminate distribution of electronic ads without the permission of the receiver. Unfortunately, spamming is becoming worse over time.

Business Model

the method by which a company generates revenue to sustain itself.

Reach

the number of potential customers to whom the company can market its products.

Procurement

the overarching function that describes the activities and processes to acquire goods and services. Distinct from purchasing, procurement involves the activities necessary to establish requirements, sourcing activities such as market research and vendor evaluation, and negotiation of contracts.

Crowdfunding

the practice of funding a project by raising money from a large number of people, typically via the Internet.

Peer-to-peer lending

the practice of lending money to unrelated individuals without using a traditional financial institution such as a bank.

Risk

the probability that a threat will impact an information resource.

Marketing

the process of building profitable customer relationships by creating value for customers and capturing value in return.

Business to Consumer Electronic Commerce

the sellers are organizations, and the buyers are individuals.

Social networks can also be used to determine

the social capital of individual participants

E-government

the use of Internet technology in general and e-commerce in particular to deliver information and public services to citizens (called government-to-citizen or G2C EC) and to business partners and suppliers (called government-to-business or G2B EC). G2B EC is much like B2B EC, usually with an overlay of government procurement regulations. That is, G2B EC and B2B EC are similar conceptually. However, the functions of G2C EC are conceptually different from anything that exists in the private sector (e.g., B2C EC).

signature recognition

the user signs his or her name, and the system matches this signature with one previously recorded under controlled, monitored conditions. Signature recognition systems also match the speed and the pressure of the signature.

voice recognition

the user speaks a phrase (e.g., his or her name and department) that has been previously recorded under controlled conditions. The voice recognition system matches the two voice signals.

Public exchanges are open to all business organizations. They are frequently owned and operated by a

third party.

Indirect Materials

those items, such as office supplies, that are needed for maintenance, operations, and repairs (MRO).

The higher the level of employee, the greater the

threat he or she poses to information security.

The basic idea of an electronic mall is the same as that of a regular shopping mall:

to provide a one-stop shopping place that offers a wide range of products and services. A cybermall may include thousands of vendors.

To provide secure transmissions, VPNs use a process called

tunneling

Each storefront has a unique

uniform resource locator (URL), or Internet address, at which buyers can place orders. Some electronic storefronts are extensions of physical stores such as Hermes, The Sharper Image, and Walmart.

The two major categories of threats are

unintentional threats and deliberate threats.

spam

unsolicited e-mail

Spam

unsolicited e-mail, usually advertising for products and services. When your computer is infected with spamware, e-mails from spammers are sent to everyone in your e-mail address book, but they appear to come from you.

collaborative production

users sell the extra power generated from their solar panels back to the utility company's grid to help power someone else's home.

Auditing around the computer

verifying processing by checking for known outputs using specific inputs. This approach is most effective for systems with limited outputs.

There are three basic types of public exchanges:

vertical, horizontal, and functional.

Collaborative consumption is a

very old concept.

Spam can also carry

viruses and worms, making it even more dangerous.

B2B EC is much larger than B2C EC by

volume. but B2C EC is more complex. that B2C involves a large number of buyers making millions of diverse transactions per day from a relatively small number of sellers.

Common physical controls include

walls, doors, fencing, gates, locks, badges, guards, and alarm systems. More sophisticated physical controls include pressure sensors, temperature sensors, and motion detectors.

Tagging is the basis of folksonomies,

which are user-generated classifications that use tags to categorize and retrieve Web pages, photos, videos, and other Web content.


Related study sets

Macro test 1 (problem set 2 questions)

View Set

Chapter 10 Real Estate Taxes and other Liens

View Set

REAL ESTATE CONTRACTS AND AGENCY EXAM (7) TEST

View Set

Chapter 9 Sexual Reproduction and Meiosis

View Set

SUMMARY NOTES -MOTION, SPEED, VELOCITY & ACCELERATION

View Set

Managerial Accounting Exam Chapters 8 and 13

View Set