Abstract
In this report, the author endeavours to present the how the security issues generally presented on the B2C web sites can assured by technical controls and educating customers. The report presents levels of end-to-end security components that include: physical system security, operating system security and network security. With advent of web applications that are now being used extensively for deploying e-commerce applications, author also presented the web security threat profile of web services that is currently an active research topic. All of the discussed components are attached with advice that can be provided to customers that may not apparent to them, but can help reduce security issues.
Keywords: B2C websites Security Issues, Technical Controls, Customer Education
Table of Contents
Abstract 2
Table of Contents 3
1 Introduction 4
2 Levels of End-to-End Security Components 4
2.1 Physical System Security 4
2.1.1 Server Side Aspects 4
2.1.2 Client Side Aspects 5
2.2 Operating System Security 5
2.3 Network Security 6
2.4 Web Application/Service Security 8
3 Conclusions 10
4 References and Bibliography 11
How the security of B2C web-sites can be assured through technical controls and customer education
1 Introduction
The primary goal of Business to Consumer (B2C) websites is to attract traffic / consumers such that the virtual store front is available to the potential consumer 24 hrs a day and all year around. More traffic to B2C websites means increased revenues and a pull-type membership model for consumer whereby they “pulled” kept engaged with different type of activity on the web sites (Sarner, 2009). With advent of these virtual shop fronts and increased audience the security model used to ...
... middle of paper ...
...end by validation of client end along with validation of received message on server end.
3 Conclusions
In this report author has presented various levels of end to end security on B2C web site. Number of security threats has been informed along with recommended technical controls that can be put in place in order to provide counter measures against web security threats to B2C web sites. Further, customer side measures have also been informed, that can be easily monitored and setup by the customer in order to protect themselves while using B2C web site. Finally, author wants to add that security issues do occur and they clearly a threat but by performing security threat analysis and but educating customer regularly about changes on website and additional protection features, trust in shopping on B2C web site can be maintained that eventually generates revenues.
The growth of online business has grown enormously over the years. Cliptomania is a family operated and owned small e-business that primarily sells clip on earrings (Brown, DeHayes, Hoffer, Martin, & Perkins, 2012, p. 308). Cliptomania early developments were very modest, and as such the company experienced copious strategic dilemmas. An initial strategic dilemma that the company encountered when establishing and building their new e-business undertaking was to create a website for the business operations and essentially to have it fully operable. The owners, Jim and Candy elected to hire a vendor to host the website and additionally utilize the IT systems resources of the vendor to sustain their business. At the very beginning they exploited the offerings of the Yahoo Store. However, continuing down this avenue of using the services of the Yahoo Store inevitably became too costly. By using the services and business offerings of a vendor made it convenient and effortless for Jim and Candy to start their e-business store. Unfortunately the couple did not have much in the way of professional help, and so they had to create and put together the website by themselves. Additionally they also had to deal with establishing their online credibility as many customers preferred to call in their orders just to talk with a real person before being comfortable enough to place their orders via the webpage.
d)The information is not contained in a any http message formatted can cannot say depending on the Http messages exchanges alone.
If a random person came over to you on the street, would you give him your personal information? Would you allow him to follow and record your activities? Most certainly not. Although this answer may be obvious in the physical world, the general populations’ behavior on the Internet is strikingly different. Websites like Facebook, Twitter, and Google retain vast amounts of personal information of their users. Although this practice benefits the user as well, unrestricted profiling can be quite unnerving. Since regulation from the government may impede Internet use, and unless the threat to internet users privacy are shown to exceed the benefits, the government will not regulate the internet, rather we should educate the public how to be more responsible themselves.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
It’s also designed to secure organizations payment and billing system and secure organizations information. As most of the company’s operations are web based, considering all the factors this risk management plan will provide a detailed framework in
The problem causes the harm to companies’ image, the troublesome to consumers, the loss of confidence in the rule of law and the increase in the awareness on privacy and respective solutions are provided to tackle the consequences. Consumer privacy is an essential element in e-business. To further expand the utilization of e-business, each party should bear the responsibility to respect the privacy and to respect human rights.
Privacy means that the control over data and security of one is the attempt to access the data by other unauthorized . These are two critical issues facing by both consumers and e-commerce sites alike. Since the invention of the World Wide Web , electronic commerce based on the Internet has grown from a simple idea into reality. Consumers browse through catalogs , finding the best deals, order goods and pay electronically . Information services can be subscribed online, and many newspapers and journals are still legible on the Internet . Most financial institutions have some sort of online presence, allowing customers to access and manage their accounts , financial transactions , commercial activities , etc. . E-mails exchanged within and between enterprises, and often replace copies and fax . He soon left may not discard any company that has an Internet presence, if only for reasons of publicity. In early 1998 more than 2 million Web servers were connected to the Internet, and more than 300 million host computers. And even if the actual internet business remains marginal: expectations are high
C. What important lessons can the e-business community learn from these events? Companies must ensure that tight security measures are taken to prevent cyber-crimes. First of all companies need physical security systems to prevent attackers posing as vendors or service providers from installing unauthorized software on the servers. (Lee-Fong,
...A framework for analyzing e-commerce security. Information Management & Computer Security, 10(4), 149-158. Retrieved from http://search.proquest.com/docview/212327693?accountid=14541
Businesses today understand the importance and financial gains of e-commerce. That is why business invests heavily to ensure the consumers safety and build confidence in e-commerce. Dispute the numerous security measures and protocols, it is essential for business and consumers to stay aware of potential risks. The sad reality is that e-commence risk prevention is more reactive and proactive in nature. The safeguards in place are usually reactions to successful breaches.
Most of the organizations are possibly taking benefits of web enabled business applications. This consists nearly every type of business application, from simple information sharing to complex monetary levels that puts together countless back-end systems. The optimistic advantages of web enabling applications are many and significant, as well as the ability for improved revenue creation and controlled costs. Nevertheless, the advantages of web applications are always on risks. A lot of simple targets to achieve unauthorized access and ultimately sensitive information are stolen by malicious users and criminals.
Within the past decade, there has been a tremendous growing need for web servers and databases; also their related service and the two concepts have hit the headlines as the most researched knowledge domains in the technology sphere. Subsequently, this has revolutionized the way many people interact with one another through effective information sharing. This rapid spread and the management effectiveness of advanced technologies are establishing great opportunities for development of distributed system at a large scale. Although, this remarkable growth has also come with some security concerns which need to be carefully handled because some of data available in these platforms is really vulnerable as well as sensitive. For instance business now days have turned to ecommerce platforms to tap the increasing number of Internet user but the industry need to address several security concerns to ensure the safety of their customer and transaction as well. Customers credit cards used for online payments are highly exposed to online attacks such as hacking and needs to be secured.
Electronic commerce, most commonly referred to as e-commerce, is a term used to describe business transactions which involve the transfer of information and goods using the power of the computer networks such as the internet and the World Wide Web. E-commerce is classified into five different categories depending on the relationship among the participants; the most common examples are business-to-business (B2B), business-to-consumer (B2C), or business-to-government (B2G). (Schneider, 2015) E-commerce has evolved drastically over the past years and this has dramatically changed the way businesses are run today. While there have been constraints and barriers which companies such as Amazon have had to be overcome, currently e-commerce is a key
Businesses and people are using Internet for entertainment, e-business and e-commerce, social networking, and communication to the people and business, but there have always been threats to the Internet Security. Internet security is major concern in field of technology, because there are various personal, business and government data on the Internet. Today every businesses and organizations have their own security systems to reach their goals of information security. Internet security systems are created to reduce cyber attack risks, reliability, maintain confidentiality, and compliance with privacy laws and national security laws. However security standard that has been made, and laws brought by government are not more enough to protect Internet Security, so more advanced security and more strict law by government should be brought in action to protect Internet Security.
In Any form of communication, there is a sender and receiver of the message. The question of whether the message is sent and how the message is received is of vital importance in communication. Communication is successful only when the receiver receives the intended message of the sender.