Monday, 17 March 2008
chapter 3.4: notes and activities
Data: Can be given meaning if put into context
Knowledge: Processing information and interpreting it produces knowledge
You might need to gather knowledge to help with a decision, make reccomendations or give yourself better knowledge.
You need to consider what relevant knowledge you already have. You need to try and work out the rules governing the model, and this turns information into knowledge.
It is important to strike a balance between too much knowledge and too little.
Activity. (missing information, how vital is it? how easy can find out?)
Price of materials needed, vital, very easy
Hours worked at night, important, easy
Charge to the customer, vital, easy
Profits made, important, easy
You need to deal with missing information using a strategy. Write down the information thats missing. Then decide how important that item is to your model. Ask the questions;
Can the model work without it?
Does it make a significant difference to the decision you have to make?
How big of a difference would it make?
Then try to find out how easy it is to find out the information; you don't want to waste time.
Make a list where information is to be found. You can make diagrams, tables or bullet point lists.
Before searching for additional information you should establish clear objectives and the extent of existing information.
Sources of information need to be assessed for reliability. Ask yourself if the information is:
accurate?
relevant?
complete?
detailed enough?
Remember GarbageIn,GarbageOut (GIGO). If the data is wrong then your end results will be wrong.
Thursday, 13 March 2008
Understanding a Situation
A non-recurring decision; the decision is a one off, start with new resources.
Before handling a situation you should write down the most important aspects described to you. For example, looking at the company Livewire.
1. The computer installs computer cables.
2. It uses a system based on the number of sockets required.
3. It charges a fixed cost for each point.
4. The market is competitive and it is important to get the right balance for profit.
5. They want a new system that charges according to the materials used and time taken to complete.
6. Profits are lower than for others.
You must consider all viewpoints. After looking at the file LivewiresStart.xls I think there are a few more cells needed. 'Time taken to visit the site', 'problems and challenges' would also be useful as it encorporates what the staff wanted.
I believe that the rates paid to the engineers is fairly important. They will think it only fair that if the company has increased profit that they get better wages, and they are an essential part of the company. It is only fair that they should earn more at night than day.
I do think the model could be adapted to take this into consideration. For example, there could be two seperate fields to calculate hours worked at night and hours worked at day, before adding them together to give us the total cost of labour.
Tuesday, 11 March 2008
Improvements to unit 1 & 2
Unit 1.
• Check all pages of eBook to ensure that they are all completed
• Make mini evaluations for each online service; clear, balanced picture
• Make mini evaluation of the internet so far; what you can do and what limitations there are
• Reduce the larger pictures to smaller JPEG files and reinsert them
• Three more aspects of how IT is affecting people’s lives
• A paragraph on the benefits and drawbacks of the Information Age overall, and life in the Information Age
• On the digital divide page: Examples of current situation globally and locally, (especially globally)
• Have a small paragraph as an introduction to the website saying ‘in 100 years time, I understand that our internet may seem basic to you...’ etc
• Smaller font size
• Links up/down pages to reduce scrolling, or separate pages
• Do an evaluation of the eBook as a whole
Unit 2.
• More evaluation on the sites overall effectiveness, giving ways of how it could be improved
• Finish database work; reports –trends, advice for company
• Evaluation; See list posted on blogger
Monday, 10 March 2008
Evaluation exemplar
Things to mention:
1. Are there suitable primary keys in the tables? Could either table be improved with
the addition of extra primary keys?
2. Did the relationship you created work well in the database?
3. Would an extra table improve the database eg an orders table? Why?
4. Comment from at least one 3rd party about the tables and if they found them usable.
5. Are the field sizes suitable?
6. Are the field types suitable?
7. Does the validation do an effective job?
8. Could you add extra validation?
9. Did the database perform effectively? Was it fast to use?
10. Are the queries and reports logical and easy to follow?
11. Did the queries extract the data that you needed for the business? How?
12. Where your recommendations that you made relevant to the business? Would they
be useful?
13. Comment from at least one 3rd party about the reports and if they found them
usable.
14. Would any other data be useful in the database eg Cd price? Why?
15. What feedback did you get from the teacher, write down any comments you have had
and explain how they relate to your work.
16. How did you work on the task, did you work effectively or were you hampered by any
factors, eg laziness, distractions, problems, crashes?
17. How well did you present the work, could the coursework be presented in a better
way?
18. What personal improvements can you put into place for the future?
Friday, 1 February 2008
Finalll
Natasha Dillow
E-commerce is shopping over the internet. It may be to buy goods or a service. All transactional websites face certain threats, including Joe Browns. Companies need to be aware of this and protect themselves appropriately.
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing, which is when your details are taken and used to hack your account.
When making a purchase, the customer gives their credit card details and other personal information to the website. This isn’t the only data given to the website. Joe Browns and other transactional websites also collect data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
There are several threats to a company/person using the computer and internet. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the Joe Browns system may get passed on to your computer if you download anything from them. It is important that Joe Browns are aware of these hazards and protect themselves in a particular way. For example, anti-virus software seeks out any viruses on your computer and deletes them. This is the main and most effective way of curing viruses, but prevention is better than cure. To prevent them, you should be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. However, anti-virus software is getting worse, according to the German computing magazine c’t. They studied 17 different pieces of anti-virus software and found that most of them could not track newer viruses as the creators are getting better at disguising them. Anti-virus software needs to be updated often to be effective. Firewalls are also a good way of the prevention of viruses. (See below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers, and this protection must be updated regularly to keep up with the new threats.
Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked. Firewalls should be installed on computers which are used for personal use, computers in the workplace and computers in a business. Joe Browns definitely has firewalls as it is essential that any transactional business does to keep data safe.
Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software; it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download. Spyware may be purposely installed into your computer too. You may install a key-logger to see what is being written in emails etc. This records the strokes of the keyboard rather than what is on screen, so it is harder to prevent as somebody has intentionally put it there. Unless you know it’s there, you probably wouldn’t think to look for it. This has been an issue brought up recently about how spyware may be used in domestic abuse as a way for a person to control and monitoring their partner. However, there is one recent situation where installing spyware into a person’s computer without them knowing proved helpful. A mother was suspicious of her 12-year old daughter’s internet habits when she started behaving oddly, so installed a program to monitor everything. She found that her daughter was having a relationship with a 21-year-old man from Bristol. It began because her daughter pretended to be older than she was, and after a sexual encounter she admitted her age but the young man still wanted to continue with the relationship and admitted to police that they were going to have intercourse again. This is a positive use of spyware, but generally spyware is an infringement of privacy and a threat to the computer user.
Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in. Joe Browns has all of their customers’ personal data on computer record, and cannot afford to lose this essential information. They should ensure that they back-up their records regularly, and that this information is encrypted and password protected in case of hackers.
Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems.
Dishonest employees can cause your business to lose money or become bankrupt. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees. Training about being honest is not the only type of training that is important, but training your employees about the other dangers and threats mentioned here is essential. It is important that you train all of your employees to look out for your company and make sure that everybody tries their best to keep their company safe.
Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted. Joe Browns is a secure site that uses Thawte as a way of keeping the data safe while it is transferred. Thawte uses SSL certificates to ensure that data is kept as best protected as possible.
Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company or requests to a server so it crashes. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site.
Fire is a problem to your hardware. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly
There is some legislation in place to protect us from some of the internet dangers.
Computer misuse act, 1990: Hacking and the introduction of viruses are illegal under this act. Any person who deliberately tries to access data (knowing that they are not authorised to) can be persecuted under this act. It they then intend to use this data further for misuse, the crime is worsened. It is also illegal to modify anything on the computer without the permission of the data holder. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking. An example of past prosecution under this act is of a teenager who bombarded an ex-employer’s mail server with five million emails. He pleaded guilty and was sentenced to a two month curfew and had an electronic tag installed. Joe Browns must ensure that no unauthorised person can access or manipulate the data held by the company, but this legislation is in place just in case somebody manages it.
Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown. Joe Browns must comply with this legislation and ensure that the personal data held is not kept longer than necessary, and is kept safe and secure.
There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998. America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract. This means that Joe Browns must cancel any transaction of non-perishable goods within seven days of the transaction if the customer so wishes.
There are several reasons I can tell that JoeBrowns.co.uk is a safe website. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information. Also, information is encrypted when transferred and the website is secure. This is expected for many large and popular transactional websites. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary. However, there is always a risk when transferring any data over the internet.
The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use. There are many threats to your files and personal data when using your computer, especially the internet. With the right protection, preventative methods and backing up methods, your identity and your files should be safe. It is also essential that you keep your protective methods updated, for example have a new version of an anti-virus programme and back-up your work regularly. It is important that the law keeps up to date with the dangers to us over the internet. For example, a woman in America posed as a young male and sent abusive messages over the social networking site, ‘Myspace’, which drove a young girl to suicide. This behaviour is obviously wrong, but in America it is not illegal. All countries need to make sure that they have legislation in place to prevent people from being tempted to do damaging things, and punish those who do. With the right preventative methods and legislation in place, we can suppress crime via the internet and keep ourselves, our files and our computer safe. Not only individually, but transactional websites and employers also have to comply with these safety precautions.
Thursday, 31 January 2008
Security Report.
Natasha Dillow
E-commerce is shopping over the internet. It may be to buy goods or a service.
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing, which is when your details are taken and used to hack your account.
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
There are several threats to a company/person using the computer and internet. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers. However, anti-virus software is getting worse, according to the German computing magazine c’t. They studied 17 different pieces of anti-virus software and found that most of them could not track newer viruses as the creators are getting better at disguising them. Anti-virus software needs to be updated often to be effective.
Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software; it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download. Spyware may be purposely installed into your computer too. You may install a key-logger to see what is being written in emails etc. This records the strokes of the keyboard rather than what is on screen, so it is harder to prevent as somebody has intentionally put it there. Unless you know it’s there, you probably wouldn’t think to look for it. This has been an issue brought up recently about how spyware may be used in domestic abuse as a way for a person to control and monitoring their partner. However, there is one recent situation where installing spyware into a person’s computer without them knowing proved helpful. A mother was suspicious of her 12-year old daughter’s internet habits when she started behaving oddly, so installed a program to monitor everything. She found that her daughter was having a relationship with a 21-year-old man from Bristol. It began because her daughter pretended to be older than she was, and after a sexual encounter she admitted her age but the young man still wanted to continue with the relationship and admitted to police that they were going to have intercourse again. This is a positive use of spyware, but generally spyware is an infringement of privacy and a threat to the computer user.
Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems. Personal data should not be kept for any longer than is necessary.
Dishonest employees can cause your business to lose money or become bankrupt. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site.
Fire is a problem to your hardware. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly
There is some legislation in place to protect us from some of the internet dangers.
Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking. An example of past prosecution under this act is of a teenager who bombarded an ex-employer’s mail server with five million emails. He pleaded guilty and was sentenced to a two month curfew and had an electronic tag installed.
Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data, or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.
There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998. America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.
There are several reasons I can tell that JoeBrowns.co.uk is a safe website. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information. Also, information is encrypted when transferred and the website is secure. This is expected for many large and popular transactional websites. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary. However, there is always a risk when transferring any data over the internet.
The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use. There are many threats to your files and personal data when using your computer, especially the internet. With the right protection, preventative methods and backing up methods, your identity and your files should be safe. It is also essential that you keep your protective methods updated, for example have a new version of an anti-virus programme and back-up your work regularly. It is important that the law keeps up to date with the dangers to us over the internet. For example, a woman in America posed as a young male and sent abusive messages over the social networking site, ‘Myspace’, which drove a young girl to suicide. This behaviour is obviously wrong, but in America it is not illegal. All countries need to make sure that they have legislation in place to prevent people from being tempted to do damaging things, and punish those who do. With the right preventative methods and legislation in place, we can suppress crime via the internet and keep ourselves, our files and our computer safe. Not only individually, but transactional websites and employers also have to comply with these safety precautions.
Wednesday, 30 January 2008
:)
TO DO LIST:
1) Re-read; makes sense?
2) Add more real-life accounts about prosecution etc
3) Add detail to conclusion
4) Make more relevant to JoeBrowns.co.uk
5) Add more detail to the legislation part.
NOTES:
Applied ICT Data Security Report plan:
What is E-Commerce?
E-commerce is shopping over the internet. It may be to buy goods or a service.
Why is E- Commerce more susceptible to threats than normal commerce?
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing which is when your details are taken and used to hack your account.
What information has the customer given to the website?
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
What are the threats to Data Security for E-Commerce?
1. Viruses. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them.
2. Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details.
3. Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users.
4. Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem.
5. Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do.
6. Dishonest employees can cause your business to lose money or become bankrupt.
7. Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions.
8. Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account.
9. Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes.
10. Fire is a problem to your hardware.
What are the preventative methods for these threats?
1. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers.
2. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
3. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software, it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download.
4. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
5. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems.
6. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
7. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
8. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
9. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site..
10. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly.
Describe the legislation that the business should be aware of:
1. Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
2. Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data, or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
3. There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998.
4. Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
5. Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.
How effective are these pieces of legislation?
1. Computer misuse act, 1990: This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking.
2. Data protection act, 1998: This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.
3. Identity Theft & Assumption Deterrence Act, 1998, America: America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
4. Regulation of Investigatory Powers Act, 2000: ddsfs
5. Consumer Protection (distance selling) Regulations 2000: sdfsdf
Overall conclusions:
Is data secure on this website – yes:
1. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information.
2. Information is encrypted when transferred.
3. Website is secure when transactions are made.
4. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary.
Is data insecure on this website – no:
1. There is always a risk when transferring your personal information over the internet.
2.
3.
Overall conclusion:
1. The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use.
2.
3.
Macintosh HD:Users:mhighmore:Documents:Report plan y12.docx Created on 21/01/2008 13:33
F
Applied ICT Data Security Report plan:
What is E-Commerce?
E-commerce is shopping over the internet. It may be to buy goods or a service.
Why is E- Commerce more susceptible to threats than normal commerce?
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing which is when your details are taken and used to hack your account.
What information has the customer given to the website?
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
What are the threats to Data Security for E-Commerce?
1. Viruses. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them.
2. Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details.
3. Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users.
4. Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem.
5. Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do.
6. Dishonest employees can cause your business to lose money or become bankrupt.
7. Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions.
8. Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account.
9. Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes.
10. Fire is a problem to your hardware.
What are the preventative methods for these threats?
1. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers.
2. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
3. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software, it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download.
4. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
5. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems.
6. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
7. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
8. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
9. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site..
10. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly.
Describe the legislation that the business should be aware of:
1. Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
2. Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data, or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
3. There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998.
4. Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
5. Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.
How effective are these pieces of legislation?
1. Computer misuse act, 1990: This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking.
2. Data protection act, 1998: This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.
3. Identity Theft & Assumption Deterrence Act, 1998, America: America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
4. Regulation of Investigatory Powers Act, 2000: ddsfs
5. Consumer Protection (distance selling) Regulations 2000: sdfsdf
Overall conclusions:
Is data secure on this website – yes:
1. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information.
2. Information is encrypted when transferred.
3. Website is secure when transactions are made.
4. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary.
Is data insecure on this website – no:
1. There is always a risk when transferring your personal information over the internet.
2.
3.
Overall conclusion:
1. The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use.
2.
3.
Macintosh HD:Users:mhighmore:Documents:Report plan y12.docx Created on 21/01/2008 13:33
1st DRAFT:
Security Report
Natasha Dillow
E-commerce is shopping over the internet. It may be to buy goods or a service.
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing, which is when your details are taken and used to hack your account.
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
There are several threats to a company/person using the computer and internet. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers.
Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software; it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download.
Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems. Personal data should not be kept for any longer than is necessary.
Dishonest employees can cause your business to lose money or become bankrupt. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site.
Fire is a problem to your hardware. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly
There is some legislation in place to protect us from some of the internet dangers.
Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data.
This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated. An example of prosecution under this act is of a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking.
Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data. There are 8 data principles under this act.
1. Personal data shall be processed fairly and lawfully.
2. Personal data should only be used for one or more specified purposes, and not used for any other purposes.
3. Personal data should be relevant and not used for anything else then the purposes it was collected for.
4. Personal data should be accurate and up-to-date.
5. Personal data should not be kept for any longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects.
The next two points relate directly to the security issues I am talking about in this report;
7. Appropriate preventative measures should be taken against unauthorized processing of personal data, or accidental loss/destruction/damage to personal data.
8. Personal data shall not be transferred to a country which is exempt to the data protection act or one similar with a high level of security.
This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.
There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998. America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.
There are several reasons I can tell that JoeBrowns.co.uk is a safe website. [picture here] This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information. Also, information is encrypted when transferred. This is expected for many
Tuesday, 29 January 2008
NOTES
What is E-Commerce?
E-commerce is shopping over the internet. It may be to buy goods or a service.
Why is E- Commerce more susceptible to threats than normal commerce?
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing which is when your details are taken and used to hack your account.
What information has the customer given to the website?
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
What are the threats to Data Security for E-Commerce?
1. Viruses. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them.
2. Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details.
3. Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users.
4. Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem.
5. Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do.
6. Dishonest employees can cause your business to lose money or become bankrupt.
7. Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions.
8. Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account.
9. Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes.
10. Fire is a problem to your hardware.
What are the preventative methods for these threats?
1. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers.
2. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
3. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software, it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download.
4. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
5. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems.
6. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
7. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
8. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
9. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site..
10. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly.
Describe the legislation that the business should be aware of:
1. Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data. An example of this is a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking.
2. Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data.
3. There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998.
4. Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
5. Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.
How effective are these pieces of legislation?
1. Computer misuse act, 1990: This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated.
2. Data protection act, 1998: This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.
3. Identity Theft & Assumption Deterrence Act, 1998, America: America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
4. Regulation of Investigatory Powers Act, 2000: ddsfs
5. Consumer Protection (distance selling) Regulations 2000: sdfsdf
Overall conclusions:
Is data secure on this website – yes:
1. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information.
2. Information is encrypted when transferred.
3. Website is secure when transactions are made.
4. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary.
Is data insecure on this website – no:
1. There is always a risk when transferring your personal information over the internet.
2.
3.
Overall conclusion:
Overall conclusion:
1. The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use.
2.
3.
to do:
* Relate to Joe Browns more
* Include more stories
* Improve conclusion
DUE: Friday1st February.
Tuesday, 8 January 2008
Question 9 onwards
9.) It is useful to get a customer to log in to the website so we can track how many times a customer uses the site even when they don't purchase anything. They can track whereabouts in the world the customer is logging on from, and what pages are particular favourites of the customer. This allows the company to get a better idea of who uses the website often and can reward their loyal customers.
Activity
Make a list of the tables you think might be involved in tracking customers' actions.
* Categories
* Categories_products
* Customers
* Discounts
* Emails
* Newsletter
* Orders
* Payments
* Products
* Wishlist
10.) HTTPS encryption is used when the site needs to be secure; e.g. when the customer is giving their credit card details to make a payment. If the details are stored in a database, then the data needs to be encrypted too, so that nobody else could access/understand the data. HTTPS is a version of HTTP but using SSL to make it secure. SSL stands for secure socket layer, which secures communication because it encrypts the data when you transfer it.
11.) This method is safe (even if someone intercepts the website) because the data is encrypted while it is sent, and anyone who intercepted the data would not understand and could not decrypt the data.
12.) A stolen card is unlikely to be used for online shopping because the transactional company usually have contact with the major card issuers. When something is purchased for the first time, the address details can be checked, and first time orders sometimes have to be delivered to the address of the cardholder. Also, transactional websites record the I.P. address of their customers, so the location of the theif could be tracked.
13.) Stock control refers to ordering, storing and selling goods. It is important that stock control is real-time, so that no customers order something that is not in stock. Getting too much stock means that money is tied up which could be spent in other areas of the business, but you don't want customers to be disappointed when something is out of stock. Therefore it is important to have a minimum level of stock at all times. A business can work out what this minimum level should be by analysing past sales and working out an estimate for future sales.
14.) The processes involved in despatch and the delivery of goods are as follows:
Once the customer has ordered, credit cards have been checked etc...
Amend stock database
Print despatch note
Print address labels
Print invoices
Goods packaged
Goods sent/collected by courier
Courier delivers to home address
These processes can often be tracked by the customer. JoeBrowns allows you to track your order, and many transactional websites do. This way, if the website says your package is due to arrive and it doesn't, you can phone up and enquire about where your goods are.
15.) see diagram (on the back of the other diagram)
Bibliography
http://www.eggheaddesign.co.uk/glossary.aspx
Monday, 7 January 2008
Back Office Processes page 140
2.) Stock control is a real-time process, making sure that the company always has enough of an item and not too much. This is controlled by a database to keep record of what is in stock, the stock demand etc. They can have all the other fields necessary in the same place too, e.g. who the supplier is, what the item description is etc.
3.) Active Server Pages (ASPs) access a database to keep the website up to date. These pages show up everytime you wish to access information about a product; (checking it's in stock so you can buy it) the ASP code is sent to the database, which then sends back the data to the webpage to tell you whether a product is in stock or not.
4.) Organisations can maintain a virtual shopping basket for a customer so that you're aware of how many items you have in your basket as you browse the site. You can also see the total cost of the basket, and this helps customers to stay aware of how much they are planning to spend. You can add/subtract items from this virtual shopping basket. To add/remove items, the totals need to be refreshed. Stock is reserved so that while it is in your trolly, the item cannot be bought by someone else. Delivery costs are not always included in the trolley, but you can check it later.
5.) [see flow diagram of virtual shopping basket system]
6.) The difference between HTTP authentication and cookie identification is that HTTP authentication is when the user logs in using a username and password, which checks you are who you say are, wheras cookie identification is cookies on your computer for websites to check how much you visit the website, how long you've spent on it etc. You can block cookies, but some websites need these to work.
7.) The advantage that cookies have over HTTP authentication is that it's an automatic way of checking how long the customer is on for etc, even if they don't log in.
8.) Wikipedia says:
HTTP cookies, sometimes known as web cookies or just cookies, are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts. The term "cookie" is derived from "magic cookie," a well-known concept in UNIX computing which inspired both the idea and the name of HTTP cookies.