testing?
Testing is when you carry out an action to secure that the website carries out what it should do without failing. Testing helps the organization as they can double check if there website is working to a standard that meets the customers needs. It is important to test a website as you can see where the website goes wrong and then quickly mend it, so no problems can incur later on.
Viruses and lost of customers could be a conquences by not testing, without testing this could lead to virsus being written to attack the computers, and causes a lost of customer in the long run.
Monday 18 February 2008
HMRC problems with not testing
What was the Problem?
Problem was that the taxpayers weren’t submitting their returns on the online service and there fore getting fined for not getting them in on time.
This is due to the online service failing, due to congestion on the server, and their system could not handle the pressure of everyone getting their returns in last minute.
The HMRC covered up by saying it was a technical difficultly; they were offline for several hours, causing more frustration for taxpayers to get their returns in on time before the deadline.
The consequences where that the taxpayers where occurring fines for not submitting their returns in and it wasn’t their fault, fines where placed at £100 with interest.
Testing could have prevented this, by testing this website the HMRC could stop the system failing under pressure, and they could have tested it days in advance, they should have expected this as they know many would leave it to the last minute to file their returns in. develop and test their system to cope with the amount of people using the online service at one time.
Problem was that the taxpayers weren’t submitting their returns on the online service and there fore getting fined for not getting them in on time.
This is due to the online service failing, due to congestion on the server, and their system could not handle the pressure of everyone getting their returns in last minute.
The HMRC covered up by saying it was a technical difficultly; they were offline for several hours, causing more frustration for taxpayers to get their returns in on time before the deadline.
The consequences where that the taxpayers where occurring fines for not submitting their returns in and it wasn’t their fault, fines where placed at £100 with interest.
Testing could have prevented this, by testing this website the HMRC could stop the system failing under pressure, and they could have tested it days in advance, they should have expected this as they know many would leave it to the last minute to file their returns in. develop and test their system to cope with the amount of people using the online service at one time.
Thursday 31 January 2008
Security report of Amazon.co.uk
Security report of Amazon.co.uk
E-commerce is a method of commerce but using the internet to buy or sell products or even your can purchase services from some websites like tesco.com. Also the internet allows you to transfer funds through online banking. There are many websites that dominant the e-commerce market websites like Amazon.co.uk and Play.com have dominated the market due to the amount of different goods they offer and the website being the easy to use. All these websites offers different goods and services to the user. There are many negatives points of using e-commerce websites; one of those points is that there is no face-to-face contact with customer and company, and so the company need to gain the customer details via different methods. The company can collect the details of these customers and use them for a number of reasons from market research, updating stock levels and keeping the customers records. With the e-commerce sites, they can store the data of a customer through an account; this is an advantage over a shop in a high street as the customer information is readily available. The company can look at the products they brought and use this data effectively for different purposes; this is compared to loyalty cards in shop like Tesco, HMV, and other high street stores. The customer can purchase a good with this loyalty card and their details can be link of the item they purchased. Some websites allows the user to use the card for both the online and in the shop which they can maximise their rewards from these cards, as they can receive more points and then more benefits, and then the company can use this information for customer details to be processed. But E-commerce is more open to threats than a normal commerce through physical shops, the main reason for this is because their have been and increasing number of hackers that are on the internet which they want to obtain details of customer like address details and then use payments methods like debit card details and then spend your money, but fraud has also be reduced to and extent, as more banks have protection programs and offer full refunds on the money stolen which will satisfy the customer.
The e-commerce website must obtain specific details of the customer which the customer provides such as name, address so that the purchase can be delivered also the customer must provide the payment which the organisation must be bale to obtain, the customer must know about the goods and services and the customer must be persuaded to purchase.
The website must attract their customers to give their personal details, so the company could issue on the website competition to win a prize. This makes the customer input their details as they get the incentive to give their details as they think that they will win a prize. Cookies are data that the company issues on the customer hard drive which stores data about the customer actions and can track ID’s, usernames, passwords, and all e-commerce website must have them as they help to update the virtual shopping basket of the customer. Companies that place cookies on the website must abide by certain rules for doing this to the user’s computer. E-commerce website like Amazon use legal spyware to track the actions of the customer and where they have been on the website which then they can relate this data to your customer records. But many hackers use spyware to gain access to see what you do on your computer and where have you been on that particular website. Many e-commerce websites use many different types of methods that can be used for market research, and this can be used to maintain or gain over its competitors in the same field, like Tesco offers many different goods that can be delivered to you doorstep and they also offer many different services for the customer needs, but Waitrose don’t offer the amount of goods or services that Tesco have and so Tesco can take a lead in the market. Websites like Tesco and Amazon create a service for the user which no on else can view, for example an account this is password protected and this is a personal service, Website do this by using the data that they have collect in the form of cookies and spyware and other methods, and then provide information that the customer can use, for example the e-commerce website Amazon that I have looked at, uses this information by telling your “Recommendations”, Amazon have traced on what you have looked on previously or brought and provides the customer with items that the customer might intend to buy. This is a way of getting customer to buy the items and also enhances the customer to use the website more frequently, and it also appear that the website is helping you to find more products, which reflects on the virtual help you get in a physical shop. You can also change these items by either rating them which then instructs Amazon to change the items in your recommendations to the choice you have made. Amazon can also send email out to the customer about their recent purchase and other items that they may be interested in. the data which is collect from the user, can be used to interpretate the market and where the market is going to go, and big businesses do this to gain the competitive advantage over its rivals, this allows them to see where products are popular and this will help to reduce costs of the business. The business therefore can order more stock as they can see how many are selling and order accordingly. There are many threats that the data can be inflicted by on E-commerce website such as Amazon.co.uk. These threats include terrorism, hackers, viruses, spyware, hardware failure, human error, natural disasters, theft, flood and fire, dishonest employees. All these threats can affect the data in any way. But there are many ways to prevent these threats. These ways are training, backup, firewalls, risk analysis, passwords, and access levels, anti-viruses, physical security, secure electronic transactions and encryption.
By having well trained staff, they will be able to notify about viruses and types of threats that can damage your system. This enables the trained staff to act quickly and reduce the threat of the computer being disrupted. Amazon must provide a programme that new employees must be trained on to train them on how to use the system that they operate and how to meet all the legislation laws, there have been very few frauds in the Amazon organization the reason for this may because that the staff have a understanding in the data and what they do with it.
Back-up files should always be stored away from the computers, and should always be up-to-date copies of the important files, the organization should have suitable back-up strategy that works for them this includes how often a back up is carried out, the media used and how much of the data is back up. Amazon requires great amount of storage space for their main computers to keep back up copies of their website which prevents it form any hackers that could break in and steal these copies, these copies must be kept away from the main computers, as someone could break in and steal them, but these back up copies could help the company if they lose certain information. Also there are different types of storage that a organization like Amazon could use, they could use USB pens but these are too small, they can use extras hard drives externally and DVD’s discs that can hold more data.
Firewalls are to prevent hackers from obtaining passwords and other details they are a combination of hardware and software that can be configured to block access to a network or individual computer to all except known IP addresses, firewalls can also be configured to block outward access thereby controlling the websites that employees can visit.
Above is the header to the article below which states about how existing firewalls will not protect them from any threats and so they need to update them, and hackers are looking in ways to break into a network by doing this.
http://tinyurl.com/2jxt2n
A website like Amazon must have firewalls linked to their website which prevents any hackers from obtaining customer information if a hacker breaks into these firewalls then Amazon will lost many customers and over the news there has been little information about any hackers that could get into Amazon and so you know that it has firewalls that can protect your details.
The company is set out questions to answer on how safe their computer system is, and if they have measures of security then their website is deem safe use this is part of the program of risk analysis as the organization has to keep up-to-date with new risks, this allows the trained staff to then interact with the organization and to up date the software.
Passwords allows the user to “padlock” their accounts, these passwords reduce the number of hackers as it is quite hard to guess passwords, these passwords can be put on many different things to account online or to server accounts. Many website now have password checkers, these allows the user to see if the password that they have chosen is strong or weak and this is done on a scale bar, weak passwords only contain text in, but stronger passwords contain text, number and symbols. Some websites also allows a number of characters and they also instruct the user to include a number or symbol aswell to prevent hackers from obtaining the passwords. On Amazon there is no gauge that states how strong your password is and this could be very useful as Amazon is dealing with your card details and you personal details and this could get broken into your account. But Amazon is such a large company there haven’t been many cases in where people have tried to gain access to accounts, by guessing passwords.
Access levels are a way of restricting people and there options in the ability to access files on a computer system and they have different levels according to their status, in school teachers can open staff files on the server system but students are restricted from doing this the reason for this as this is way of preventing any hackers and also prevent the students from going into the teachers files. In Amazon’s case only different level staff could access different data, and also different people who are assigned to different jobs could also only access the information they required and this is their job so they have to.
Anti-virus software prevents any threats from attacking your system, anti-virus software can be brought or downloaded from the internet or you can just go to your nearest computer store to buy the software, Norton anti-virus is one of the well known software to prevent viruses and also guards our internet from others threats, and these options can be customized by the users needs like if they don’t want internet security on they can just turned it off. But some of these virus software’s can slow down your system, and it is better to look around first and to see if there is any on the internet which will not slow down your computer.
Below are two different articles that include information about Norton and the new updates for 2008. Below is a quote from the article that states what Symantec have done and what they focus on doing in 2008.
“Symantec today announced the release of Norton AntiVirus 2008 and Norton Internet Security 2008, the latest versions of its antivirus and computer security software. With this release, Symantec continues to focus on performance as much as detection and prevention, addressing one of the biggest knocks on NAV: it was slow and a system hog.”
http://tinyurl.com/248gwd
Below is another article about Norton and what it intends to do for the 2008software and how it will tackle new threats that are becoming popular across our computers.
http://tinyurl.com/2thram
Anti-virus only cover you for a certain amount of threats, and sometimes fail for covering against new threats, but sometimes hackers notice a newer way to get your data and details form these websites. The article below show how new hackers that are finding new way to get to your computer and your details.
Physical security is way of protecting a file server system from any damage if someone was to smash it up.
By equipping a premise with an alarm system this prevents and unauthorized personnel in these, also by keeping computer out of customer view this prevents any vandalism and theft from going ahead, by locating the server in a room with controlled access to essential personnel only, by storing back up tapes from the server and padlocking projectors and server boxes to prevent any access from unauthorized personnel.
Above is a part of the article which is found below in the link this article states how newer physical security like biometric reader are being installed to computer rooms which contain important information about the company and its customers.
http://tinyurl.com/ysgffx
Biometric reader have become new technology in the past 5 years the reason for this is because more people are started to purchase laptops with them built in which enhance their detail even more. They scan your fingerprint and then once they identify who you are if you are the user then grants you access to the laptop. The reason why they have brought this out this is due to more hackers are over the internet and more hackers are among us and to obtain further protection they have installed them in laptops. A website like Amazon would install these readers in rooms tat contain computers, and others places that have customer data on.
Secure electronic transactions is a way of securing credit card transactions over insecure networks like the internet SET is not payment system but is a set of security protocols what enables the user to employ the existing credit card payment infrastructure on an open network in a secure fashion.
http://tinyurl.com/2k48w9
-this link shows how SET has adapted to let you make transaction through your mobile phone either its e-commerce or online banking, also they have come up with a new system called SafePass which allows you to make transactions through your bank accounts.
Below is a quote from the article
“This option comes as part of a new service called SafePass, which the bank unveiled last month. Customers will be able to sign up for SafePass to add an extra level of security for some banking transactions.”
Encryption is way of translating of data into a secret code; encryption is the effective way of data security. To read an encrypted file you must have access to a secret key and password that enables you to decrypt it. Unencrypted data is called plain text, and encrypted data is referred to as cipher text. There are two main types of encryption public key encryption and symmetric encryption. Encrypting data provides more privacy, and credit card and other details are normally encrypted and these details are scrambled according to an algorithm and it can only be translated back to original by a computer that has the correct unscrambling software.
This image shows a padlock and 128 bit encryption key on the Amazon signing screen, here shows you data will be encrypted and so prevents any hackers from obtaining it as it goes through.
http://tinyurl.com/2n7grx this is a link on how Marks & Spencer have encrypted their laptops so that this will prevent any hackers from going into their files, they have been given two months to do this as hackers could quickly obtain their files and then cause destruction within in the organization.
“Mick Gorrill, assistant commissioner at the ICO, said: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information, for example, password protection and encryption”
There are many legislation act that protects the computer users, the two main types of acts are the computer misuse act and the data protection act. The computer misuse act is a legislation act against hacking this act was passed in 1990 by the UK parliament and defined three main offences,
Unauthorized access to computer material: this covers offences such as guessing passwords and having a look at confidential files. This offence carries a term of three months imprisonment can be imposed for this.
Unauthorized access with intent to commit further offences: this offence includes situation like where someone transfers money from one account to another unauthorized account, this offence can carry up to five years imprisonment.
Unauthorized modification of computer material: this includes deleting files and introducing viruses, this offence can carry up to a prison term of five years.
Also breaking these set out laws can carry prisons terms and also big fines to these person breaking them.
http://tinyurl.com/2nf8j8 -this link show a case where a man has been arrested due to accessing the internet through a WiFi connection from an unsecured access point of someone else connection. This quote below show a summary of the investigation and a brief note on what happened and how the police dealt with it.
“A 39-year-old man was arrested on Tuesday morning by two police community support officers (PCSOs) from Hounslow, as he sat on a wall outside a house in Chiswick, west London. He admitted to police that he had used a third party's unsecured Wi-Fi access point to gain access to the internet.”
The data protection act is another legislation law that was introduced in the 1998; the data protection act regulates how personal information is used and protects you from misuse of your personal details. The data protection provides a set of rules which prohibit misuse of your personal information without stopping it being used for legitimate or beneficial purposes. There are eight rules that you should abide by:
Data should be fairly and lawfully processed
Data should be processed for limited purposes adequate
Data should not be kept longer than necessary
Data should be kept secure
Data must not be transferred abroad without adequate protection.
Data should be processed in accordance with your rights.
Data should be must be relevant and not excessive.
Data should be accurate.
There are some weaknesses in the data protection legislation; some of the personal information in the public domain cannot be called back as there is no obvious owner. It is very easy to obtain name and addresses of people. Also it is very easy to track down a lot of information about people by searching into Google or other search engines.
Below are two links of Marks & Spencer encrypting their laptops.
http://tinyurl.com/2n7grx -this link shows how Marks & Spencer encrypting their laptops to prevent any hackers from obtaining data from their employees and then data from their customers aswell.
“The order, from the Information Commissioner's Office (ICO), follows the theft last May of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
The laptop contained details of the pension arrangements of M&S employees and was stolen from the home of an M&S contractor. “
http://tinyurl.com/2h6o6k - this link then shows how Marks & Spencer has breached the Data Protection Act. Below is quote from the link where it states how they have breached the Act and what the effects have been.
“Marks and Spencer has breached the Data Protection Act in not encrypting employee data held on a laptop, according to the Information Commissioner's Office (ICO).The system contained pension details for 26,000 employees and was stolen from the home of a contractor. Protecting such information is crucial, according to ICO assistant commissioner Mick Gorrill.”
Above is part of the article which is linked below, this article is about phishing which is a very common case in E-commerce website like Amazon which allows hackers to send email that can mislead the customer to be actual Amazon but when they aren’t and they are trying to get the details of their recipients of these letters.
http://tinyurl.com/3agoqs
More companies nowadays have to follow the rules of the consumer protection regulation which will cover the guidelines that was set out from the Office of Fair Trading. The OFT is the UK's consumer and competition authority. Our mission is to make markets work well for consumers.
They pursue this goal by:
Encouraging businesses to comply with competition and consumer law and to improve their trading practices through self-regulation
Acting decisively to stop hardcore or flagrant offenders
Studying markets and recommending action where required
Empowering consumers with the knowledge and skills to make informed choices and get the best value from markets, and helping them resolve problems with suppliers through Consumer Direct.
The OFT is a non-ministerial government department established by statute in 1973.
The data of the customer can be protected both on the customer’s computers and the organization computers by installing software like firewalls and viruses this can protect you from any threats that can occur and that can take your data away and hack into it and use it without any authorization to do so. Software has to be updated weekly due to the amount of hackers that there are and how many new threats that get into our systems and so to prevent this a new updated version comes out and the user can then download it and update the system. The customer can not leave it down to the organization to keep its details and data safe they can also do simple things like not passing any passwords or sign details on to another user, shredding bank statements and other invoices that they are sent in the post, this will reduce the risk of identity fraud and other types of fraud that could occur.
E-commerce is a method of commerce but using the internet to buy or sell products or even your can purchase services from some websites like tesco.com. Also the internet allows you to transfer funds through online banking. There are many websites that dominant the e-commerce market websites like Amazon.co.uk and Play.com have dominated the market due to the amount of different goods they offer and the website being the easy to use. All these websites offers different goods and services to the user. There are many negatives points of using e-commerce websites; one of those points is that there is no face-to-face contact with customer and company, and so the company need to gain the customer details via different methods. The company can collect the details of these customers and use them for a number of reasons from market research, updating stock levels and keeping the customers records. With the e-commerce sites, they can store the data of a customer through an account; this is an advantage over a shop in a high street as the customer information is readily available. The company can look at the products they brought and use this data effectively for different purposes; this is compared to loyalty cards in shop like Tesco, HMV, and other high street stores. The customer can purchase a good with this loyalty card and their details can be link of the item they purchased. Some websites allows the user to use the card for both the online and in the shop which they can maximise their rewards from these cards, as they can receive more points and then more benefits, and then the company can use this information for customer details to be processed. But E-commerce is more open to threats than a normal commerce through physical shops, the main reason for this is because their have been and increasing number of hackers that are on the internet which they want to obtain details of customer like address details and then use payments methods like debit card details and then spend your money, but fraud has also be reduced to and extent, as more banks have protection programs and offer full refunds on the money stolen which will satisfy the customer.
The e-commerce website must obtain specific details of the customer which the customer provides such as name, address so that the purchase can be delivered also the customer must provide the payment which the organisation must be bale to obtain, the customer must know about the goods and services and the customer must be persuaded to purchase.
The website must attract their customers to give their personal details, so the company could issue on the website competition to win a prize. This makes the customer input their details as they get the incentive to give their details as they think that they will win a prize. Cookies are data that the company issues on the customer hard drive which stores data about the customer actions and can track ID’s, usernames, passwords, and all e-commerce website must have them as they help to update the virtual shopping basket of the customer. Companies that place cookies on the website must abide by certain rules for doing this to the user’s computer. E-commerce website like Amazon use legal spyware to track the actions of the customer and where they have been on the website which then they can relate this data to your customer records. But many hackers use spyware to gain access to see what you do on your computer and where have you been on that particular website. Many e-commerce websites use many different types of methods that can be used for market research, and this can be used to maintain or gain over its competitors in the same field, like Tesco offers many different goods that can be delivered to you doorstep and they also offer many different services for the customer needs, but Waitrose don’t offer the amount of goods or services that Tesco have and so Tesco can take a lead in the market. Websites like Tesco and Amazon create a service for the user which no on else can view, for example an account this is password protected and this is a personal service, Website do this by using the data that they have collect in the form of cookies and spyware and other methods, and then provide information that the customer can use, for example the e-commerce website Amazon that I have looked at, uses this information by telling your “Recommendations”, Amazon have traced on what you have looked on previously or brought and provides the customer with items that the customer might intend to buy. This is a way of getting customer to buy the items and also enhances the customer to use the website more frequently, and it also appear that the website is helping you to find more products, which reflects on the virtual help you get in a physical shop. You can also change these items by either rating them which then instructs Amazon to change the items in your recommendations to the choice you have made. Amazon can also send email out to the customer about their recent purchase and other items that they may be interested in. the data which is collect from the user, can be used to interpretate the market and where the market is going to go, and big businesses do this to gain the competitive advantage over its rivals, this allows them to see where products are popular and this will help to reduce costs of the business. The business therefore can order more stock as they can see how many are selling and order accordingly. There are many threats that the data can be inflicted by on E-commerce website such as Amazon.co.uk. These threats include terrorism, hackers, viruses, spyware, hardware failure, human error, natural disasters, theft, flood and fire, dishonest employees. All these threats can affect the data in any way. But there are many ways to prevent these threats. These ways are training, backup, firewalls, risk analysis, passwords, and access levels, anti-viruses, physical security, secure electronic transactions and encryption.
By having well trained staff, they will be able to notify about viruses and types of threats that can damage your system. This enables the trained staff to act quickly and reduce the threat of the computer being disrupted. Amazon must provide a programme that new employees must be trained on to train them on how to use the system that they operate and how to meet all the legislation laws, there have been very few frauds in the Amazon organization the reason for this may because that the staff have a understanding in the data and what they do with it.
Back-up files should always be stored away from the computers, and should always be up-to-date copies of the important files, the organization should have suitable back-up strategy that works for them this includes how often a back up is carried out, the media used and how much of the data is back up. Amazon requires great amount of storage space for their main computers to keep back up copies of their website which prevents it form any hackers that could break in and steal these copies, these copies must be kept away from the main computers, as someone could break in and steal them, but these back up copies could help the company if they lose certain information. Also there are different types of storage that a organization like Amazon could use, they could use USB pens but these are too small, they can use extras hard drives externally and DVD’s discs that can hold more data.
Firewalls are to prevent hackers from obtaining passwords and other details they are a combination of hardware and software that can be configured to block access to a network or individual computer to all except known IP addresses, firewalls can also be configured to block outward access thereby controlling the websites that employees can visit.
Above is the header to the article below which states about how existing firewalls will not protect them from any threats and so they need to update them, and hackers are looking in ways to break into a network by doing this.
http://tinyurl.com/2jxt2n
A website like Amazon must have firewalls linked to their website which prevents any hackers from obtaining customer information if a hacker breaks into these firewalls then Amazon will lost many customers and over the news there has been little information about any hackers that could get into Amazon and so you know that it has firewalls that can protect your details.
The company is set out questions to answer on how safe their computer system is, and if they have measures of security then their website is deem safe use this is part of the program of risk analysis as the organization has to keep up-to-date with new risks, this allows the trained staff to then interact with the organization and to up date the software.
Passwords allows the user to “padlock” their accounts, these passwords reduce the number of hackers as it is quite hard to guess passwords, these passwords can be put on many different things to account online or to server accounts. Many website now have password checkers, these allows the user to see if the password that they have chosen is strong or weak and this is done on a scale bar, weak passwords only contain text in, but stronger passwords contain text, number and symbols. Some websites also allows a number of characters and they also instruct the user to include a number or symbol aswell to prevent hackers from obtaining the passwords. On Amazon there is no gauge that states how strong your password is and this could be very useful as Amazon is dealing with your card details and you personal details and this could get broken into your account. But Amazon is such a large company there haven’t been many cases in where people have tried to gain access to accounts, by guessing passwords.
Access levels are a way of restricting people and there options in the ability to access files on a computer system and they have different levels according to their status, in school teachers can open staff files on the server system but students are restricted from doing this the reason for this as this is way of preventing any hackers and also prevent the students from going into the teachers files. In Amazon’s case only different level staff could access different data, and also different people who are assigned to different jobs could also only access the information they required and this is their job so they have to.
Anti-virus software prevents any threats from attacking your system, anti-virus software can be brought or downloaded from the internet or you can just go to your nearest computer store to buy the software, Norton anti-virus is one of the well known software to prevent viruses and also guards our internet from others threats, and these options can be customized by the users needs like if they don’t want internet security on they can just turned it off. But some of these virus software’s can slow down your system, and it is better to look around first and to see if there is any on the internet which will not slow down your computer.
Below are two different articles that include information about Norton and the new updates for 2008. Below is a quote from the article that states what Symantec have done and what they focus on doing in 2008.
“Symantec today announced the release of Norton AntiVirus 2008 and Norton Internet Security 2008, the latest versions of its antivirus and computer security software. With this release, Symantec continues to focus on performance as much as detection and prevention, addressing one of the biggest knocks on NAV: it was slow and a system hog.”
http://tinyurl.com/248gwd
Below is another article about Norton and what it intends to do for the 2008software and how it will tackle new threats that are becoming popular across our computers.
http://tinyurl.com/2thram
Anti-virus only cover you for a certain amount of threats, and sometimes fail for covering against new threats, but sometimes hackers notice a newer way to get your data and details form these websites. The article below show how new hackers that are finding new way to get to your computer and your details.
Physical security is way of protecting a file server system from any damage if someone was to smash it up.
By equipping a premise with an alarm system this prevents and unauthorized personnel in these, also by keeping computer out of customer view this prevents any vandalism and theft from going ahead, by locating the server in a room with controlled access to essential personnel only, by storing back up tapes from the server and padlocking projectors and server boxes to prevent any access from unauthorized personnel.
Above is a part of the article which is found below in the link this article states how newer physical security like biometric reader are being installed to computer rooms which contain important information about the company and its customers.
http://tinyurl.com/ysgffx
Biometric reader have become new technology in the past 5 years the reason for this is because more people are started to purchase laptops with them built in which enhance their detail even more. They scan your fingerprint and then once they identify who you are if you are the user then grants you access to the laptop. The reason why they have brought this out this is due to more hackers are over the internet and more hackers are among us and to obtain further protection they have installed them in laptops. A website like Amazon would install these readers in rooms tat contain computers, and others places that have customer data on.
Secure electronic transactions is a way of securing credit card transactions over insecure networks like the internet SET is not payment system but is a set of security protocols what enables the user to employ the existing credit card payment infrastructure on an open network in a secure fashion.
http://tinyurl.com/2k48w9
-this link shows how SET has adapted to let you make transaction through your mobile phone either its e-commerce or online banking, also they have come up with a new system called SafePass which allows you to make transactions through your bank accounts.
Below is a quote from the article
“This option comes as part of a new service called SafePass, which the bank unveiled last month. Customers will be able to sign up for SafePass to add an extra level of security for some banking transactions.”
Encryption is way of translating of data into a secret code; encryption is the effective way of data security. To read an encrypted file you must have access to a secret key and password that enables you to decrypt it. Unencrypted data is called plain text, and encrypted data is referred to as cipher text. There are two main types of encryption public key encryption and symmetric encryption. Encrypting data provides more privacy, and credit card and other details are normally encrypted and these details are scrambled according to an algorithm and it can only be translated back to original by a computer that has the correct unscrambling software.
This image shows a padlock and 128 bit encryption key on the Amazon signing screen, here shows you data will be encrypted and so prevents any hackers from obtaining it as it goes through.
http://tinyurl.com/2n7grx this is a link on how Marks & Spencer have encrypted their laptops so that this will prevent any hackers from going into their files, they have been given two months to do this as hackers could quickly obtain their files and then cause destruction within in the organization.
“Mick Gorrill, assistant commissioner at the ICO, said: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information, for example, password protection and encryption”
There are many legislation act that protects the computer users, the two main types of acts are the computer misuse act and the data protection act. The computer misuse act is a legislation act against hacking this act was passed in 1990 by the UK parliament and defined three main offences,
Unauthorized access to computer material: this covers offences such as guessing passwords and having a look at confidential files. This offence carries a term of three months imprisonment can be imposed for this.
Unauthorized access with intent to commit further offences: this offence includes situation like where someone transfers money from one account to another unauthorized account, this offence can carry up to five years imprisonment.
Unauthorized modification of computer material: this includes deleting files and introducing viruses, this offence can carry up to a prison term of five years.
Also breaking these set out laws can carry prisons terms and also big fines to these person breaking them.
http://tinyurl.com/2nf8j8 -this link show a case where a man has been arrested due to accessing the internet through a WiFi connection from an unsecured access point of someone else connection. This quote below show a summary of the investigation and a brief note on what happened and how the police dealt with it.
“A 39-year-old man was arrested on Tuesday morning by two police community support officers (PCSOs) from Hounslow, as he sat on a wall outside a house in Chiswick, west London. He admitted to police that he had used a third party's unsecured Wi-Fi access point to gain access to the internet.”
The data protection act is another legislation law that was introduced in the 1998; the data protection act regulates how personal information is used and protects you from misuse of your personal details. The data protection provides a set of rules which prohibit misuse of your personal information without stopping it being used for legitimate or beneficial purposes. There are eight rules that you should abide by:
Data should be fairly and lawfully processed
Data should be processed for limited purposes adequate
Data should not be kept longer than necessary
Data should be kept secure
Data must not be transferred abroad without adequate protection.
Data should be processed in accordance with your rights.
Data should be must be relevant and not excessive.
Data should be accurate.
There are some weaknesses in the data protection legislation; some of the personal information in the public domain cannot be called back as there is no obvious owner. It is very easy to obtain name and addresses of people. Also it is very easy to track down a lot of information about people by searching into Google or other search engines.
Below are two links of Marks & Spencer encrypting their laptops.
http://tinyurl.com/2n7grx -this link shows how Marks & Spencer encrypting their laptops to prevent any hackers from obtaining data from their employees and then data from their customers aswell.
“The order, from the Information Commissioner's Office (ICO), follows the theft last May of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
The laptop contained details of the pension arrangements of M&S employees and was stolen from the home of an M&S contractor. “
http://tinyurl.com/2h6o6k - this link then shows how Marks & Spencer has breached the Data Protection Act. Below is quote from the link where it states how they have breached the Act and what the effects have been.
“Marks and Spencer has breached the Data Protection Act in not encrypting employee data held on a laptop, according to the Information Commissioner's Office (ICO).The system contained pension details for 26,000 employees and was stolen from the home of a contractor. Protecting such information is crucial, according to ICO assistant commissioner Mick Gorrill.”
Above is part of the article which is linked below, this article is about phishing which is a very common case in E-commerce website like Amazon which allows hackers to send email that can mislead the customer to be actual Amazon but when they aren’t and they are trying to get the details of their recipients of these letters.
http://tinyurl.com/3agoqs
More companies nowadays have to follow the rules of the consumer protection regulation which will cover the guidelines that was set out from the Office of Fair Trading. The OFT is the UK's consumer and competition authority. Our mission is to make markets work well for consumers.
They pursue this goal by:
Encouraging businesses to comply with competition and consumer law and to improve their trading practices through self-regulation
Acting decisively to stop hardcore or flagrant offenders
Studying markets and recommending action where required
Empowering consumers with the knowledge and skills to make informed choices and get the best value from markets, and helping them resolve problems with suppliers through Consumer Direct.
The OFT is a non-ministerial government department established by statute in 1973.
The data of the customer can be protected both on the customer’s computers and the organization computers by installing software like firewalls and viruses this can protect you from any threats that can occur and that can take your data away and hack into it and use it without any authorization to do so. Software has to be updated weekly due to the amount of hackers that there are and how many new threats that get into our systems and so to prevent this a new updated version comes out and the user can then download it and update the system. The customer can not leave it down to the organization to keep its details and data safe they can also do simple things like not passing any passwords or sign details on to another user, shredding bank statements and other invoices that they are sent in the post, this will reduce the risk of identity fraud and other types of fraud that could occur.
Wednesday 30 January 2008
Security report of Amazon.co.uk
Security report of Amazon.co.uk
E-commerce is a method of commerce but using the internet to buy or sell products or even your can purchase services from some websites like tesco.com. Also the internet allows you to transfer funds through online banking. There are many websites that dominant the e-commerce market websites like Amazon.co.uk and Play.com have dominated the market due to the amount of different goods they offer and the website being the easy to use. All these websites offers different goods and services to the user. There are many negatives points of using e-commerce websites; one of those points is that there is no face-to-face contact with customer and company, and so the company need to gain the customer details via different methods. The company can collect the details of these customers and use them for a number of reasons from market research, updating stock levels and keeping the customers records. With the e-commerce sites, they can store the data of a customer through an account; this is an advantage over a shop in a high street as the customer information is readily available. The company can look at the products they brought and use this data effectively for different purposes; this is compared to loyalty cards in shop like Tesco, HMV, and other high street stores. The customer can purchase a good with this loyalty card and their details can be link of the item they purchased. Some websites allows the user to use the card for both the online and in the shop which they can maximise their rewards from these cards, as they can receive more points and then more benefits, and then the company can use this information for customer details to be processed. But E-commerce is more open to threats than a normal commerce through physical shops, the main reason for this is because their have been and increasing number of hackers that are on the internet which they want to obtain details of customer like address details and then use payments methods like debit card details and then spend your money, but fraud has also be reduced to and extent, as more banks have protection programs and offer full refunds on the money stolen which will satisfy the customer.
The e-commerce website must obtain specific details of the customer which the customer provides such as name, address so that the purchase can be delivered also the customer must provide the payment which the organisation must be bale to obtain, the customer must know about the goods and services and the customer must be persuaded to purchase.
The website must attract their customers to give their personal details, so the company could issue on the website competition to win a prize. This makes the customer input their details as they get the incentive to give their details as they think that they will win a prize. Cookies are data that the company issues on the customer hard drive which stores data about the customer actions and can track ID’s, usernames, passwords, and all e-commerce website must have them as they help to update the virtual shopping basket of the customer. Companies that place cookies on the website must abide by certain rules for doing this to the user’s computer. E-commerce website like Amazon use legal spyware to track the actions of the customer and where they have been on the website which then they can relate this data to your customer records. But many hackers use spyware to gain access to see what you do on your computer and where have you been on that particular website. Many e-commerce websites use many different types of methods that can be used for market research, and this can be used to maintain or gain over its competitors in the same field, like Tesco offers many different goods that can be delivered to you doorstep and they also offer many different services for the customer needs, but Waitrose don’t offer the amount of goods or services that Tesco have and so Tesco can take a lead in the market. Websites like Tesco and Amazon create a service for the user which no on else can view, for example an account this is password protected and this is a personal service, Website do this by using the data that they have collect in the form of cookies and spyware and other methods, and then provide information that the customer can use, for example the e-commerce website Amazon that I have looked at, uses this information by telling your “Recommendations”, Amazon have traced on what you have looked on previously or brought and provides the customer with items that the customer might intend to buy. This is a way of getting customer to buy the items and also enhances the customer to use the website more frequently, and it also appear that the website is helping you to find more products, which reflects on the virtual help you get in a physical shop. You can also change these items by either rating them which then instructs Amazon to change the items in your recommendations to the choice you have made. Amazon can also send email out to the customer about their recent purchase and other items that they may be interested in. the data which is collect from the user, can be used to interpretate the market and where the market is going to go, and big businesses do this to gain the competitive advantage over its rivals, this allows them to see where products are popular and this will help to reduce costs of the business. The business therefore can order more stock as they can see how many are selling and order accordingly. There are many threats that the data can be inflicted by on E-commerce website such as Amazon.co.uk. These threats include terrorism, hackers, viruses, spyware, hardware failure, human error, natural disasters, theft, flood and fire, dishonest employees. All these threats can affect the data in any way. But there are many ways to prevent these threats. These ways are training, backup, firewalls, risk analysis, passwords, and access levels, anti-viruses, physical security, secure electronic transactions and encryption. By having well trained staff, they will be able to notify about viruses and types of threats that can damage your system. This enables the trained staff to act quickly and reduce the threat of the computer being disrupted. Back-up files should always be stored away from the computers, and should always be up-to-date copies of the important files, the organization should have suitable back-up strategy that works for them this includes how often a back up is carried out, the media used and how much of the data is back up. Firewalls are to prevent hackers from obtaining passwords and other details they are a combination of hardware and software that can be configured to block access to a network or individual computer to all except known IP addresses, firewalls can also be configured to block outward access thereby controlling the websites that employees can visit. The company is set out questions to answer on how safe their computer system is, and if they have measures of security then their website is deem safe use this is part of the program of risk analysis as the organization has to keep up-to-date with new risks, this allows the trained staff to then interact with the organization and to up date the software. Passwords allows the user to “padlock” their accounts, these passwords reduce the number of hackers as it is quite hard to guess passwords, these passwords can be put on many different things to account online or to server accounts. Many website now have password checkers, these allows the user to see if the password that they have chosen is strong or weak and this is done on a scale bar, weak passwords only contain text in, but stronger passwords contain text, number and symbols. Some websites also allows a number of characters and they also instruct the user to include a number or symbol aswell to prevent hackers from obtaining the passwords. Access levels are a way of restricting people and there options in the ability to access files on a computer system and they have different levels according to their status, in school teachers can open staff files on the server system but students are restricted from doing this the reason for this as this is way of preventing any hackers and also prevent the students from going into the teachers files. Anti-virus software prevents any threats from attacking your system, anti-virus software can be brought or downloaded from the internet or you can just go to your nearest computer store to buy the software, Norton anti-virus is one of the well known software to prevent viruses and also guards our internet from others threats, and these options can be customized by the users needs like if they don’t want internet security on they can just turned it off. But some of these virus software’s can slow down your system, and it is better to look around first and to see if there is any on the internet which will not slow down your computer. Physical security is way of protecting a file server system from any damage if someone was to smash it up. By equipping a premise with an alarm system this prevents and unauthorized personnel in these, also by keeping computer out of customer view this prevents any vandalism and theft from going ahead, by locating the server in a room with controlled access to essential personnel only, by storing back up tapes from the server and padlocking projectors and server boxes to prevent any access from unauthorized personnel. Secure electronic transactions is a way of securing credit card transactions over insecure networks like the internet SET is not payment system but is a set of security protocols what enables the user to employ the existing credit card payment infrastructure on an open network in a secure fashion.
http://tinyurl.com/2k48w9 -this link show how SET has adapted,
Encryption is way of translating of data into a secret code; encryption is the effective way of data security. To read an encrypted file you must have access to a secret key and password that enables you to decrypt it. Unencrypted data is called plain text, and encrypted data is referred to as cipher text. There are two main types of encryption public key encryption and symmetric encryption. Encrypting data provides more privacy, and credit card and other details are normally encrypted and these details are scrambled according to an algorithm and it can only be translated back to original by a computer that has the correct unscrambling software.
http://tinyurl.com/2n7grx this is a link on how Marks & Spencer have encrypted their laptops so that this will prevent any hackers from going into their files, they have been given two months to do this as hackers could quickly obtain their files and then cause destruction within in the organization. “Mick Gorrill, assistant commissioner at the ICO, said: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information, for example, password protection and encryption”
There are many legislation act that protects the computer users, the two main types of acts are the computer misuse act and the data protection act. The computer misuse act is a legislation act against hacking this act was passed in 1990 by the UK parliament and defined three main offences,
Unauthorized access to computer material: this covers offences such as guessing passwords and having a look at confidential files. This offence carries a term of three months imprisonment can be imposed for this.
Unauthorized access with intent to commit further offences: this offence includes situation like where someone transfers money from one account to another unauthorized account, this offence can carry up to five years imprisonment.
Unauthorized modification of computer material: this includes deleting files and introducing viruses, this offence can carry up to a prison term of five years.
Also breaking these set out laws can carry prisons terms and also big fines to these person breaking them.
http://tinyurl.com/2nf8j8 -this link show a case where a man has been arrested due to accessing the internet through a WiFi connection from an unsecured access point of someone else connection. This quote below show a summary of the investigation and a brief note on what happened and how the police dealt with it.
“A 39-year-old man was arrested on Tuesday morning by two police community support officers (PCSOs) from Hounslow, as he sat on a wall outside a house in Chiswick, west London. He admitted to police that he had used a third party's unsecured Wi-Fi access point to gain access to the internet.”
The data protection act is another legislation law that was introduced in the 1998; the data protection act regulates how personal information is used and protects you from misuse of your personal details. The data protection provides a set of rules which prohibit misuse of your personal information without stopping it being used for legitimate or beneficial purposes. There are eight rules that you should abide by:
Data should be fairly and lawfully processed
Data should be processed for limited purposes adequate
Data should not be kept longer than necessary
Data should be kept secure
Data must not be transferred abroad without adequate protection.
Data should be processed in accordance with your rights.
Data should be must be relevant and not excessive.
Data should be accurate.
There are some weaknesses in the data protection legislation; some of the personal information in the public domain cannot be called back as there is no obvious owner. It is very easy to obtain name and addresses of people. Also it is very easy to track down a lot of information about people by searching into Google or other search engines.
Below are two links of Marks & Spencer encrypting their laptops.
http://tinyurl.com/2n7grx -this link shows how Marks & Spencer encrypting their laptops to prevent any hackers from obtaining data from their employees and then data from their customers aswell.
“The order, from the Information Commissioner's Office (ICO), follows the theft last May of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
The laptop contained details of the pension arrangements of M&S employees and was stolen from the home of an M&S contractor. “
http://tinyurl.com/2h6o6k - this link then shows how Marks & Spencer has breached the Data Protection Act. Below is quote from the link where it states how they have breached the Act and what the effects have been.
“Marks and Spencer has breached the Data Protection Act in not encrypting employee data held on a laptop, according to the Information Commissioner's Office (ICO).The system contained pension details for 26,000 employees and was stolen from the home of a contractor. Protecting such information is crucial, according to ICO assistant commissioner Mick Gorrill.”
More companies nowadays have to follow the rules of the consumer protection regulation which will cover the guidelines that was set out from the Office of Fair Trading. The OFT is the UK's consumer and competition authority. Our mission is to make markets work well for consumers.
They pursue this goal by:
encouraging businesses to comply with competition and consumer law and to improve their trading practices through self-regulation
acting decisively to stop hardcore or flagrant offenders
studying markets and recommending action where required
empowering consumers with the knowledge and skills to make informed choices and get the best value from markets, and helping them resolve problems with suppliers through Consumer Direct.
The OFT is a non-ministerial government department established by statute in 1973.
E-commerce is a method of commerce but using the internet to buy or sell products or even your can purchase services from some websites like tesco.com. Also the internet allows you to transfer funds through online banking. There are many websites that dominant the e-commerce market websites like Amazon.co.uk and Play.com have dominated the market due to the amount of different goods they offer and the website being the easy to use. All these websites offers different goods and services to the user. There are many negatives points of using e-commerce websites; one of those points is that there is no face-to-face contact with customer and company, and so the company need to gain the customer details via different methods. The company can collect the details of these customers and use them for a number of reasons from market research, updating stock levels and keeping the customers records. With the e-commerce sites, they can store the data of a customer through an account; this is an advantage over a shop in a high street as the customer information is readily available. The company can look at the products they brought and use this data effectively for different purposes; this is compared to loyalty cards in shop like Tesco, HMV, and other high street stores. The customer can purchase a good with this loyalty card and their details can be link of the item they purchased. Some websites allows the user to use the card for both the online and in the shop which they can maximise their rewards from these cards, as they can receive more points and then more benefits, and then the company can use this information for customer details to be processed. But E-commerce is more open to threats than a normal commerce through physical shops, the main reason for this is because their have been and increasing number of hackers that are on the internet which they want to obtain details of customer like address details and then use payments methods like debit card details and then spend your money, but fraud has also be reduced to and extent, as more banks have protection programs and offer full refunds on the money stolen which will satisfy the customer.
The e-commerce website must obtain specific details of the customer which the customer provides such as name, address so that the purchase can be delivered also the customer must provide the payment which the organisation must be bale to obtain, the customer must know about the goods and services and the customer must be persuaded to purchase.
The website must attract their customers to give their personal details, so the company could issue on the website competition to win a prize. This makes the customer input their details as they get the incentive to give their details as they think that they will win a prize. Cookies are data that the company issues on the customer hard drive which stores data about the customer actions and can track ID’s, usernames, passwords, and all e-commerce website must have them as they help to update the virtual shopping basket of the customer. Companies that place cookies on the website must abide by certain rules for doing this to the user’s computer. E-commerce website like Amazon use legal spyware to track the actions of the customer and where they have been on the website which then they can relate this data to your customer records. But many hackers use spyware to gain access to see what you do on your computer and where have you been on that particular website. Many e-commerce websites use many different types of methods that can be used for market research, and this can be used to maintain or gain over its competitors in the same field, like Tesco offers many different goods that can be delivered to you doorstep and they also offer many different services for the customer needs, but Waitrose don’t offer the amount of goods or services that Tesco have and so Tesco can take a lead in the market. Websites like Tesco and Amazon create a service for the user which no on else can view, for example an account this is password protected and this is a personal service, Website do this by using the data that they have collect in the form of cookies and spyware and other methods, and then provide information that the customer can use, for example the e-commerce website Amazon that I have looked at, uses this information by telling your “Recommendations”, Amazon have traced on what you have looked on previously or brought and provides the customer with items that the customer might intend to buy. This is a way of getting customer to buy the items and also enhances the customer to use the website more frequently, and it also appear that the website is helping you to find more products, which reflects on the virtual help you get in a physical shop. You can also change these items by either rating them which then instructs Amazon to change the items in your recommendations to the choice you have made. Amazon can also send email out to the customer about their recent purchase and other items that they may be interested in. the data which is collect from the user, can be used to interpretate the market and where the market is going to go, and big businesses do this to gain the competitive advantage over its rivals, this allows them to see where products are popular and this will help to reduce costs of the business. The business therefore can order more stock as they can see how many are selling and order accordingly. There are many threats that the data can be inflicted by on E-commerce website such as Amazon.co.uk. These threats include terrorism, hackers, viruses, spyware, hardware failure, human error, natural disasters, theft, flood and fire, dishonest employees. All these threats can affect the data in any way. But there are many ways to prevent these threats. These ways are training, backup, firewalls, risk analysis, passwords, and access levels, anti-viruses, physical security, secure electronic transactions and encryption. By having well trained staff, they will be able to notify about viruses and types of threats that can damage your system. This enables the trained staff to act quickly and reduce the threat of the computer being disrupted. Back-up files should always be stored away from the computers, and should always be up-to-date copies of the important files, the organization should have suitable back-up strategy that works for them this includes how often a back up is carried out, the media used and how much of the data is back up. Firewalls are to prevent hackers from obtaining passwords and other details they are a combination of hardware and software that can be configured to block access to a network or individual computer to all except known IP addresses, firewalls can also be configured to block outward access thereby controlling the websites that employees can visit. The company is set out questions to answer on how safe their computer system is, and if they have measures of security then their website is deem safe use this is part of the program of risk analysis as the organization has to keep up-to-date with new risks, this allows the trained staff to then interact with the organization and to up date the software. Passwords allows the user to “padlock” their accounts, these passwords reduce the number of hackers as it is quite hard to guess passwords, these passwords can be put on many different things to account online or to server accounts. Many website now have password checkers, these allows the user to see if the password that they have chosen is strong or weak and this is done on a scale bar, weak passwords only contain text in, but stronger passwords contain text, number and symbols. Some websites also allows a number of characters and they also instruct the user to include a number or symbol aswell to prevent hackers from obtaining the passwords. Access levels are a way of restricting people and there options in the ability to access files on a computer system and they have different levels according to their status, in school teachers can open staff files on the server system but students are restricted from doing this the reason for this as this is way of preventing any hackers and also prevent the students from going into the teachers files. Anti-virus software prevents any threats from attacking your system, anti-virus software can be brought or downloaded from the internet or you can just go to your nearest computer store to buy the software, Norton anti-virus is one of the well known software to prevent viruses and also guards our internet from others threats, and these options can be customized by the users needs like if they don’t want internet security on they can just turned it off. But some of these virus software’s can slow down your system, and it is better to look around first and to see if there is any on the internet which will not slow down your computer. Physical security is way of protecting a file server system from any damage if someone was to smash it up. By equipping a premise with an alarm system this prevents and unauthorized personnel in these, also by keeping computer out of customer view this prevents any vandalism and theft from going ahead, by locating the server in a room with controlled access to essential personnel only, by storing back up tapes from the server and padlocking projectors and server boxes to prevent any access from unauthorized personnel. Secure electronic transactions is a way of securing credit card transactions over insecure networks like the internet SET is not payment system but is a set of security protocols what enables the user to employ the existing credit card payment infrastructure on an open network in a secure fashion.
http://tinyurl.com/2k48w9 -this link show how SET has adapted,
Encryption is way of translating of data into a secret code; encryption is the effective way of data security. To read an encrypted file you must have access to a secret key and password that enables you to decrypt it. Unencrypted data is called plain text, and encrypted data is referred to as cipher text. There are two main types of encryption public key encryption and symmetric encryption. Encrypting data provides more privacy, and credit card and other details are normally encrypted and these details are scrambled according to an algorithm and it can only be translated back to original by a computer that has the correct unscrambling software.
http://tinyurl.com/2n7grx this is a link on how Marks & Spencer have encrypted their laptops so that this will prevent any hackers from going into their files, they have been given two months to do this as hackers could quickly obtain their files and then cause destruction within in the organization. “Mick Gorrill, assistant commissioner at the ICO, said: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information, for example, password protection and encryption”
There are many legislation act that protects the computer users, the two main types of acts are the computer misuse act and the data protection act. The computer misuse act is a legislation act against hacking this act was passed in 1990 by the UK parliament and defined three main offences,
Unauthorized access to computer material: this covers offences such as guessing passwords and having a look at confidential files. This offence carries a term of three months imprisonment can be imposed for this.
Unauthorized access with intent to commit further offences: this offence includes situation like where someone transfers money from one account to another unauthorized account, this offence can carry up to five years imprisonment.
Unauthorized modification of computer material: this includes deleting files and introducing viruses, this offence can carry up to a prison term of five years.
Also breaking these set out laws can carry prisons terms and also big fines to these person breaking them.
http://tinyurl.com/2nf8j8 -this link show a case where a man has been arrested due to accessing the internet through a WiFi connection from an unsecured access point of someone else connection. This quote below show a summary of the investigation and a brief note on what happened and how the police dealt with it.
“A 39-year-old man was arrested on Tuesday morning by two police community support officers (PCSOs) from Hounslow, as he sat on a wall outside a house in Chiswick, west London. He admitted to police that he had used a third party's unsecured Wi-Fi access point to gain access to the internet.”
The data protection act is another legislation law that was introduced in the 1998; the data protection act regulates how personal information is used and protects you from misuse of your personal details. The data protection provides a set of rules which prohibit misuse of your personal information without stopping it being used for legitimate or beneficial purposes. There are eight rules that you should abide by:
Data should be fairly and lawfully processed
Data should be processed for limited purposes adequate
Data should not be kept longer than necessary
Data should be kept secure
Data must not be transferred abroad without adequate protection.
Data should be processed in accordance with your rights.
Data should be must be relevant and not excessive.
Data should be accurate.
There are some weaknesses in the data protection legislation; some of the personal information in the public domain cannot be called back as there is no obvious owner. It is very easy to obtain name and addresses of people. Also it is very easy to track down a lot of information about people by searching into Google or other search engines.
Below are two links of Marks & Spencer encrypting their laptops.
http://tinyurl.com/2n7grx -this link shows how Marks & Spencer encrypting their laptops to prevent any hackers from obtaining data from their employees and then data from their customers aswell.
“The order, from the Information Commissioner's Office (ICO), follows the theft last May of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
The laptop contained details of the pension arrangements of M&S employees and was stolen from the home of an M&S contractor. “
http://tinyurl.com/2h6o6k - this link then shows how Marks & Spencer has breached the Data Protection Act. Below is quote from the link where it states how they have breached the Act and what the effects have been.
“Marks and Spencer has breached the Data Protection Act in not encrypting employee data held on a laptop, according to the Information Commissioner's Office (ICO).The system contained pension details for 26,000 employees and was stolen from the home of a contractor. Protecting such information is crucial, according to ICO assistant commissioner Mick Gorrill.”
More companies nowadays have to follow the rules of the consumer protection regulation which will cover the guidelines that was set out from the Office of Fair Trading. The OFT is the UK's consumer and competition authority. Our mission is to make markets work well for consumers.
They pursue this goal by:
encouraging businesses to comply with competition and consumer law and to improve their trading practices through self-regulation
acting decisively to stop hardcore or flagrant offenders
studying markets and recommending action where required
empowering consumers with the knowledge and skills to make informed choices and get the best value from markets, and helping them resolve problems with suppliers through Consumer Direct.
The OFT is a non-ministerial government department established by statute in 1973.
Tuesday 8 January 2008
back offices processes continued
8. A cookie is a small text file that is stored on the user's hard disk by the web server. It is a way for a server or a website to place information on the client computer. Cookies contain information about the user, normally in the form of an identification. A transactional wesbite needs cookies to store the user identity and a the website can see how many times the user has gone to the website.
9. Customers who are logged in may be tracked anoymously by using a random number sent in a cookie. other tables in the database will track the customer's actions. The best way of tracking a customer is to see whether he/she is logged in. Actions can trigger data being written to the database. this information can be used in a variety of ways. Loyal cutsomers can be rewarded by special offers.
A list showing the customers actions
Wishlist wapcarts
visits stock
shipments related products
products payments
orders options
emails discounts
customers creditcards
categoriesproducts
admins
10. HTTPS encrytion is used when a payment is made throught a transactional website, the website will need to use secure data transfer method and the details stored in the database then the table of field holding the data need to be encrypted aswell. This way if the database is accessed by unauthorised people, the card details cannot be read.
11. By using the HTTPS method of encrytion this prevents anyone from intercepting the details of your card and the user needs to have the encrytion key and the software routine, and the ctransaction website will have to contact the cardprovider to sheck the details on the credit card.
12. A stolen card will not be used on a transactional website the reason for this is the address needs to be checked and first time orders must always be delivered to the address held by the card company, payments cannot be stopped unless the card has been stolen.
13. Stock Control is a term which refers to all the processes involved in ordering, storing and selling goods, real-time stock control is an important part of the back office process. A website stock control system runs on a computer system. the onjective is to ensure that there is always enough stock to meet the demand, but too much stock will tie up money that could be used for other purposes in the business. When these is a need to order relpacements the webiste could have links to the supplier via the internet so that replacements goods can be ordered automatically. Careful analysis of sales cna help with the prediction of sales volume so that a minium level of stock is maintained.
14. Despatch and Delivery- this part of the process is largely a manual process. address labels nmeed to be printed along with dispatch notes and invoices. The gods needs to be packaged and collected by courier. At this point, the organisation will hand the tracking over to them. the customers can be infromaed via emaiil or by logging into the courier tracking system so that the suer can see where his or hers products is and whats status its in either dispatch, processing, compeleted, delivery.
9. Customers who are logged in may be tracked anoymously by using a random number sent in a cookie. other tables in the database will track the customer's actions. The best way of tracking a customer is to see whether he/she is logged in. Actions can trigger data being written to the database. this information can be used in a variety of ways. Loyal cutsomers can be rewarded by special offers.
A list showing the customers actions
Wishlist wapcarts
visits stock
shipments related products
products payments
orders options
emails discounts
customers creditcards
categoriesproducts
admins
10. HTTPS encrytion is used when a payment is made throught a transactional website, the website will need to use secure data transfer method and the details stored in the database then the table of field holding the data need to be encrypted aswell. This way if the database is accessed by unauthorised people, the card details cannot be read.
11. By using the HTTPS method of encrytion this prevents anyone from intercepting the details of your card and the user needs to have the encrytion key and the software routine, and the ctransaction website will have to contact the cardprovider to sheck the details on the credit card.
12. A stolen card will not be used on a transactional website the reason for this is the address needs to be checked and first time orders must always be delivered to the address held by the card company, payments cannot be stopped unless the card has been stolen.
13. Stock Control is a term which refers to all the processes involved in ordering, storing and selling goods, real-time stock control is an important part of the back office process. A website stock control system runs on a computer system. the onjective is to ensure that there is always enough stock to meet the demand, but too much stock will tie up money that could be used for other purposes in the business. When these is a need to order relpacements the webiste could have links to the supplier via the internet so that replacements goods can be ordered automatically. Careful analysis of sales cna help with the prediction of sales volume so that a minium level of stock is maintained.
14. Despatch and Delivery- this part of the process is largely a manual process. address labels nmeed to be printed along with dispatch notes and invoices. The gods needs to be packaged and collected by courier. At this point, the organisation will hand the tracking over to them. the customers can be infromaed via emaiil or by logging into the courier tracking system so that the suer can see where his or hers products is and whats status its in either dispatch, processing, compeleted, delivery.
Monday 7 January 2008
Back offices processes
Explain what Back Office Processes are and why your organisation needs them
Back office processes ensure the smooth ordering payment and reporting of transactions on the web site. The processes are accessible and visible to the public. Some back office function include accounting, record keeping of clients orders, stock control and the management of the public facing website. Are organisation need this as then it prevents the ordering processing from going crazing
What processes are involved in Stock Control? What is at the centre of this type of system?
The process involved in stock control is to make sure that there are enough products to meet the customers needs and to make sure that a n item is not sold twice. The centre of this type of system is a database because they can have all of the items listed and the information about the item and the supplier of the item and updates all the item and everything about them.
Explain what ASPs, and how it can update a database.
ASP (active server pages) the code contained in the webpage to allow the database to be read and updated, it changes the amount in stock as they are purchased.
How do organisations maintain the virtual shopping basket for a customer, what processes are involved?
As a customer moves through an online store ordering goods, it is necessary to hold the details of the items to be purchased. The idea is rather like a supermarket trolley on a computer screen. Items are placed in the trolley but until the customer is finished shopping.
The following processes are involved in maintaining the trolley
Items are added
Prices are totalled
Stock is reserved so that it is not sold twice
Items can be removed
Delivery costs may be added.
Draw an example flowchart for your organisation to illustrate these processes.
P143, Explain briefly the difference between, HTTP authentication, and cookie identification.
HTTP- this type of authentication produces the familiar login/password browser sequence. This is where a user is asked for a password and an ID to access the server.
Cookie-these can be placed on the customer’s computer but are typically set using an HTML form and common gateway interface script. Many users due to privacy concerns often view cookies with suspicion and they may reject them.
What advantage do cookies have over HTTP authentication?
Cookie is a automated way of tracking who’s on your website even if they aren’t logged in.
Back office processes ensure the smooth ordering payment and reporting of transactions on the web site. The processes are accessible and visible to the public. Some back office function include accounting, record keeping of clients orders, stock control and the management of the public facing website. Are organisation need this as then it prevents the ordering processing from going crazing
What processes are involved in Stock Control? What is at the centre of this type of system?
The process involved in stock control is to make sure that there are enough products to meet the customers needs and to make sure that a n item is not sold twice. The centre of this type of system is a database because they can have all of the items listed and the information about the item and the supplier of the item and updates all the item and everything about them.
Explain what ASPs, and how it can update a database.
ASP (active server pages) the code contained in the webpage to allow the database to be read and updated, it changes the amount in stock as they are purchased.
How do organisations maintain the virtual shopping basket for a customer, what processes are involved?
As a customer moves through an online store ordering goods, it is necessary to hold the details of the items to be purchased. The idea is rather like a supermarket trolley on a computer screen. Items are placed in the trolley but until the customer is finished shopping.
The following processes are involved in maintaining the trolley
Items are added
Prices are totalled
Stock is reserved so that it is not sold twice
Items can be removed
Delivery costs may be added.
Draw an example flowchart for your organisation to illustrate these processes.
P143, Explain briefly the difference between, HTTP authentication, and cookie identification.
HTTP- this type of authentication produces the familiar login/password browser sequence. This is where a user is asked for a password and an ID to access the server.
Cookie-these can be placed on the customer’s computer but are typically set using an HTML form and common gateway interface script. Many users due to privacy concerns often view cookies with suspicion and they may reject them.
What advantage do cookies have over HTTP authentication?
Cookie is a automated way of tracking who’s on your website even if they aren’t logged in.
Monday 17 December 2007
The Goods and Services it Offers
Many transactional websites offers different services and goods, but some of the websites focus on mainly on either goods or services, but websites like Tesco mainly focus on both and this helps the customers as they can do everything online with just a few click away which saves time aswell. Amazon also offers thousands of goods online and also offers a few services for the customers, as now customers aren’t looking for goods they are looking for services like credit cards and memberships which are beneficial to them.
Above is a image that shows the range of different topics that Amazon sells and in those topics and sub-topics which allows the user to access with ease by clicking on them. Amazon mainly sells electronic goods which is good as they are sometimes cheaper on Amazon than in high street stores.
The Product Information Provided
a website can use multimedia techniques to provide information about a product. it is important for a website to provide as much information as possible since the customer cannt see or handle the goods before they are delivered. by law the information proivided mst be honest and not make false claims.
Pictures are often used. clicking on them can enlarge small images, and short versions of th eitem description can be ex[anded to give detailed specifications. the idea is to provide a brief overview for the person in a hurry but allow the more discerning shopper to obtain further details. Amazon provide relavnt information for a product, and the information is normally little but not broing which play a big part in capturing customer attention, as the customer doenst want to read boring paragraphs, and they can just scan through the item quickly and eventually make the transaction quickly, which benefit the company greatly.
Above is a image of the muiltmedia feature of amazon which allows te user to scroll through images which are larger than the image on the product screen, heer you can pick a range for different types of pictures, this allows the user to look at the item as if it was in a real shop and they can see it from different angles.
Many transactional websites offers different services and goods, but some of the websites focus on mainly on either goods or services, but websites like Tesco mainly focus on both and this helps the customers as they can do everything online with just a few click away which saves time aswell. Amazon also offers thousands of goods online and also offers a few services for the customers, as now customers aren’t looking for goods they are looking for services like credit cards and memberships which are beneficial to them.
Above is a image that shows the range of different topics that Amazon sells and in those topics and sub-topics which allows the user to access with ease by clicking on them. Amazon mainly sells electronic goods which is good as they are sometimes cheaper on Amazon than in high street stores.
The Product Information Provided
a website can use multimedia techniques to provide information about a product. it is important for a website to provide as much information as possible since the customer cannt see or handle the goods before they are delivered. by law the information proivided mst be honest and not make false claims.
Pictures are often used. clicking on them can enlarge small images, and short versions of th eitem description can be ex[anded to give detailed specifications. the idea is to provide a brief overview for the person in a hurry but allow the more discerning shopper to obtain further details. Amazon provide relavnt information for a product, and the information is normally little but not broing which play a big part in capturing customer attention, as the customer doenst want to read boring paragraphs, and they can just scan through the item quickly and eventually make the transaction quickly, which benefit the company greatly.
Above is a image of the muiltmedia feature of amazon which allows te user to scroll through images which are larger than the image on the product screen, heer you can pick a range for different types of pictures, this allows the user to look at the item as if it was in a real shop and they can see it from different angles.
Subscribe to:
Posts (Atom)