Applied ICT Data Security Report plan:
What is E-Commerce?
E-commerce is shopping over the internet. It may be to buy goods or a service.
Why is E- Commerce more susceptible to threats than normal commerce?
There are threats online which aren’t threats in real life. For example, data can be intercepted and if it is not encrypted then identity fraud is a problem. Other problems include phishing which is when your details are taken and used to hack your account.
What information has the customer given to the website?
They give their credit card details and other personal information to the website. However, the website also collects data that the customer is not aware of; cookies are stored on the customer’s computer which gives the company an idea of what their customers are like. Some companies also log the I.P. address of their customers to see where they are logging in from, and whereabouts in the world the company is most popular.
What are the threats to Data Security for E-Commerce?
1. Viruses. Viruses are software programs which are designed to damage your computer. They often attach themselves to files which are then downloaded, and the virus begins to infect your computer. Viruses in the JoeBrowns system may get passed on to your computer if you download anything from them.
2. Hackers are people who have a good knowledge about computers and so abuse this to get into other peoples computers, usually to find out personal details.
3. Spyware is software that follows what you are looking at over the internet. This is usually used for advertising purposes, but it can gather information like your email address, password and credit card details. Spyware may infest itself in your computer after visiting a certain site. Joe Browns need to be careful otherwise their company gets a bad reputation for giving spyware to their users.
4. Hardware failure is when a piece of your hardware (e.g. monitor, mouse and keyboard) does not function properly. Unlike spyware, viruses and hackers, this is a physical problem.
5. Human errors occur because nobody is perfect and everybody makes mistakes. Joe Browns employees can cause the company to lose a lot of money if they are not careful with what they do.
6. Dishonest employees can cause your business to lose money or become bankrupt.
7. Natural disasters are unavoidable; they include things like earthquakes, storms and volcanic eruptions.
8. Theft is an issue whenever money is involved. Identity theft is the main problem, as hackers and spyware can get your personal details and then use them to ‘steal’ your identity and make purchases from your bank account.
9. Terrorism is a problem when a group of people decide to hack or steal money from a company, or crash a company’s website. Computers can be set up to constantly send hate mail to a company, or requests to a server so it crashes.
10. Fire is a problem to your hardware.
What are the preventative methods for these threats?
1. Anti-virus software seeks out any viruses on your computer and deletes them. This is the main effective way of curing viruses, but to prevent them it is better to be careful of what you download, especially attachments on emails as this is a common way of spreading viruses. Firewalls are also a good way of the prevention of viruses. (see below). The Joe Browns administrator needs to ensure the company is protected against viruses, so that they don’t corrupt the company’s computers or their customer’s computers.
2. Firewalls are the most appropriate for the prevention of virus’ and hackers. Firewalls put up a barrier which stops things coming into your computer without your permission. You can make automatic responses for some things, because it can become quite irritating having to allow a program to access the internet when it is something you do regularly. Any unknown requests are denied, and attacks at your computer from other people are blocked.
3. To get rid of spyware you can download anti-adware & spyware software. This is like anti-virus software, it tracks and deletes any spyware you may have on your computer. To prevent spyware, you should use a firewall and be careful with what you download on the computer. It is a good idea to check for viruses/adware/spyware immediately after any download.
4. Hardware failure cannot be prevented in itself, but you can prevent losing all your files by backing up all work regularly somewhere other than your computer, for example an external hard drive or the internet. It is too difficult to prevent hardware failure, it is more important to prevent a loss of files rather than a loss of hardware. Hardware itself can be replaced, but depending on the size of the file, months or years could be needed in order to return the work to the state it was once in.
5. Human errors can be prevented via proof reading, data validation and verification. Alternatively, machines rarely make errors, so a computer would be much more effective than a human would be. Joe Browns employees must be vigilant for mistakes to avoid mistakes which may lead to bigger problems.
6. Dishonesty of employees can not be fully prevented as everybody has their own free will and we cannot control other people. However, when joining the company, you should ask all employees to sign in agreement to a terms and conditions contract. Also, you can prevent problems with employees by restricting their access and use of the internet. Training of your staff is important, and is given to all Joe Browns employees.
7. Prevention of natural disasters is impossible. Like with hardware failure, preventing physical problems cannot be achieved, so it is important to back-up all of your files regularly.
8. Preventing theft physically is hard, so as long as you have a burglar alarm that is all you can do. This again, means you need to back up your files regularly. To prevent identity theft, you should ensure that you only ever give out your credit card details over a secure connection, and be careful with personal documents and protecting your passwords etc. Secure websites encrypt your data as you send it, making it difficult to read if it is intercepted.
9. Terrorism can be prevented by having a secure website. The more secure a site is, the less likely it is that anyone could hack into the site..
10. Floods and fire cannot be prevented, although a fire alarm might be a good idea. Like with natural disasters and hardware failure, files can be saved if backed up regularly.
Describe the legislation that the business should be aware of:
1. Computer misuse act, 1990: Hacking and the introduction of viruses are illegal. Punishments include 6 months in prison and a £2,000 fine. It is an offence to access anything that is unauthorized, whether it’s a program or data. It is also an offence to access a computer system with the intent to commit a crime, for example accessing financial records with the intent to use someone else’s details to make a purchase. Also to modify computer material is an offence, deleting files, creating a virus or introducing a virus or doing something with the deliberate intention of causing problems in the data. An example of this is a man who created and released a virus programme which was designed for hackers to access home computers. Under the Computer Misuse Act, he could be sentenced up to five years in prison. The worm (W32-Leave worm) helps a hacker break into a victim’s computer and steal or delete files and use the computer for further hacking.
2. Data protection act, 1998: Data collected from a person must only been used in the way that they intended to. Consent must be given and if a person wants to see the information collected about them, they are allowed to (but may have to pay a small fee). This is usually quite successful, except recently the Government lost thousands of people’s personal data.
3. There is currently no legislation against identity theft, despite 80,000 victims in 2006. However, the government is considering the introduction of identity cards, which are thought to be more accurate. The USA has the Identity Theft & Assumption Deterrence Act, 1998.
4. Regulation of Investigatory Powers Act, 2000: Allows the authorities to watch what you’re doing on the internet. It means that if the authorities ask for protected data or encrypted data, it has to be given to them.
5. Consumer Protection (distance selling) Regulations 2000: This is to protect anyone shopping over the phone, internet digital TV or mail order. It gives the customer the right to receive clear information about the goods and services before deciding to buy, confirmation of this information in writing, protection from credit card fraud and a cooling off period of seven working days in which the consumer can withdraw from the contract.
How effective are these pieces of legislation?
1. Computer misuse act, 1990: This is obviously not very successful, as hackers and viruses are still a large problem on PCs. Technology has developed a lot in the last 18 years, perhaps this piece of legislation needs to be updated.
2. Data protection act, 1998: This is usually quite successful. However, recently the Government lost two discs which contained the personal data of 25 million citizens in the post. They contained names, addresses, date of birth, national insurance number and credit card details. These discs were not encrypted but were password protected. ”I profoundly regret and apologise for the inconvenience caused”, said Gordon Brown.
3. Identity Theft & Assumption Deterrence Act, 1998, America: America has the biggest problem with identity theft and are the most advanced nation of trying to prevent it. It is still a huge issue but it is being dealt with.
4. Regulation of Investigatory Powers Act, 2000: ddsfs
5. Consumer Protection (distance selling) Regulations 2000: sdfsdf
Overall conclusions:
Is data secure on this website – yes:
1. ß This symbol indicates that the website is safe to use. Thawte is a company that allows safe transfer of information.
2. Information is encrypted when transferred.
3. Website is secure when transactions are made.
4. It is stated that your email address and telephone number will not be passed on to third parties and are solely collected so that Joe Browns can contact you if necessary.
Is data insecure on this website – no:
1. There is always a risk when transferring your personal information over the internet.
2.
3.
Overall conclusion:
Overall conclusion:
1. The website is very safe to use. Although there are still many problems related to e-commerce and using the internet generally, there is legislation in place and preventative methods that can be used to reduce these risks and punish the abusers of the internet. Joe Browns is a safe website to use, as your details are kept solely by that company. The website is secure and data is encrypted when transferred. One disadvantage of Joe Browns is that there is no way to read their Terms & Conditions, which may make some people feel nervous or wary of using the site. Although this seems a bit suspicious, it is still a safe website to use.
2.
3.
to do:
* Relate to Joe Browns more
* Include more stories
* Improve conclusion
DUE: Friday1st February.
Tuesday, 29 January 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment