top-rated free essay

Exam Final ECOM 320

By Jacksmith1984 Mar 28, 2015 3983 Words
Lesson 7: E-commerce security and controls Access control: Mechanism that determines who can legitimately use a network resource. Active tokens: Access token Authentication: Process to verify the real identify of an individual, computer, computer program, or EC website. Authorization: Determines whether a buyers card is active and whether the customer has sufficient funds. Biometric systems: Authentication systems that identify a person by measurement of biological characteristic, such as fingerprints, iris patterns, facial features, or voice. Biometric control: An automated method for verifying the identity of a person based on physical or behavioral characteristics. Botnet: A huge number of hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet. Business continuity plan: A plan that keeps the business running after a disaster occurs. Each function in the business should have a valid recovery capability plan. Certificate authority (CA): Third parties that issue digital certificates. Ciphertext: a plaintext message after it has been encrypted into a machine-readable form. Confidentiality: Assurance data privacy and accuracy. Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes. Cybercrime: Intentional crimes carried out on the Internet. Cybercriminal: A person who intentionally carries out crimes over the Internet. Crackers: A malicious hacker who may represent a serious problem for a corporation. Cryptography: is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Data breach: A security incident in which sensitive, protected, or confidential, data is copied transmitted, viewed, stolen, or used by an individual unauthorized to do so. Denial-of-service (DoS) attack: An attack on a website in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources. Deterring measures: Actions that will make criminals abandon their idea of attacking a specific system. Detection measures: Ways to determine whether intruders attempted to break into the EC system: whether they were successful and what they may have done. Digital envelope: The combination of the encrypted original message and the digital signature, using the recipient’s public key. Digital signature: Validates the sender and time stamp of a transaction so it cannot be later claimed that the transaction was unauthorized or invalid. Domain Name System: Translates domain names to their numeric IP addresses. Exposure: The estimated cost, loss, or damage that can result if a threat exploits vulnerability. EC security strategy: A strategy that views EC security as the process of preventing and detecting unauthorized use of the organization’s brand, identity, website, e-mail, information, or other asset and attempts to defraud the organization, its customers and employees. Encryption: The process of scrambling a message in such a way that it is difficult, expensive, or time consuming for an unauthorized person to unscramble it. Firewall: A single point between two or more networks here all traffic must pass the device authenticates, controls, and logs all traffic. Hacker: Someone who gains unauthorized access to a computer system. Hash function: A mathematical computation that is applied to a message, using a private key, to encrypt the message. Honeynet: A network of honeypots. Production systems that looks like it does real work, but that acts as a decoy and is watched to study how network intrusions occur. Identity theft: Fraud that involves stealing an identify of a person and then the use of that identity by someone pretending to be someone else in order to steal money or get other benefits. Information security: Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Integrity: Assurance that stored data has not been modified without authorization; a message that was sent is the same message as that which was received. Ip Address: AN address that uniquely identifies each computer connected to a network or the Internet. Integrity: Assurance that stored data has not been modified without authorization; a message that was sent is the same message as that which was received. Internet fraud: he use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them; Internet underground economy: E-markets for stolen information made up of thousands of websites that sell credit card numbers, social security numbers, other data such as umbers of bank accounts, social network IDs, passwords, and much more. Intrusion detection system (IDS): A special category of software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it sees. Keystroke logging: a method of capturing and recording user keystrokes. Macro virus: A macro virus or macro worm is executed when the application object that contains the macro is opened or a particular procedure is executed. Malware: A generic term for malicious software. Nonrepudiation: Assurance that online costumer or trading partners cannot falsely deny their purchase or transaction. Penetration test: A method of evaluating the security of a computer system or a network by simulating an attack from a malicious source. Phishing: A crimeware technique to steal the identity of a target company to get the identities of its customer. Public key encryption: Method of encryption that use a pair of matched keys – a public key to encrypt a message and a private key to decrypt it, or vice versa. Public key infrastructure (PKI): A scheme for securing e-payments using public key encryption and various technical components. Secure socket layer (SSL): is a computer networking protocol that manages server authentication, client authentication and encrypted communication between servers and clients. Spam: The electronic equivalent of junk mail. Social engineering: A type of nontechnical attack that uses some ruse to trick users into revealing information or performance an action that compromises a computer or network. Splog: A short for spam blog. A site created solely for marketing purposes. Spyware: Software that gathers user information over an Internet connection without the users knowledge. Trojan horse: A program that appears to have a useful function but that contains a hidden function that presents a security risk. Virus: A piece of software code that inserts itself into a host, including the operating systems, in order to propagate; it requires that its host program be run to activate it. Virtual private network (VPN): A network that uses the public internet to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identify of anyone using the network. Vulnerabilities: Weakness in software or other mechanism that threatens the confidentiality, integrity, or availability of an asset. It can be directly used by a hacker to gain access to a system or network. Worm: A software program that runs independently , consuming the resources of its host in order to maintain itself onto another machine. Zombies: Computer infected with malware that are under control of a spammer, hacker or other criminal. Lesson 8: Electronic Payment Systems

Address verification system (AVS): Detects fraud by comparing the address information on file with the cardholder’s issuing bank. Automatic vehicle location (AVL): A means for automatically determining the geographic location of a vehicle and transmitting the information to a request. Card verification number: Detects fraud by comparing the verification number printed on the signature strip on the back of the card with the information on file with the cardholder-issuing bank. Contact card: A smart card containing a small gold plate on the face that when inserted in a smart card reader makes contact and passes data to and from the embedded microchip. Contactless (proximity) card: A smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device without contact between the card and the card reader. e-billing: electronic bill e-cheque: a legally valid electronic version or representation of a paper check. e-micropayments: small online payments typically under $10 Enterprise invoice presentment and payment (EIPP): Presenting and paying B2B invoices online. Letter of credit: A written agreement by a bank to pay the seller, on account of the buyer, a sum of money upon presentation of certain documents. Payment card: Electronic card that contains information that can be used for payment purposes. Payment service Provider PSP: A third-party service connecting a merchants EC system to the appropriate acquiring bank or financial institution. PSP must be registered with the various card associations they support. Public key encryption: is a class of cryptographic algorithms, which requires two separate keys, one of which is secret (or private) and one of which is public. Purchasing card: Special-purpose payment cards issued to a company<s employees to be used solely for purchasing nonstrategic materials and services up to a preset dollar limit. Smart Card: An electronic card containing an embedded microchip that enables predefined operations or the audition, deletion, or manipulation or information on the card. Smart Card operating system: Special system that handles file management, security, input/output, and command execution and provides an application programming interface for a smart card. Settlement: Transferring money from the buyers to the merchants account. secure socket layer (SSL): fdsfd Smart card: is a device that includes an embedded integrated circuit that can be either a secure microcontroller or equivalent intelligence with internal memory or a memory chip alone. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface. Stored-value card: A card that has monetary value added onto it and that is usually rechargeable. Virtual credit card: a technology that allows a user to set up a new credit account with a bank on the Internet and then use this account number to purchase goods, also on the Internet Lesson 9: Mobile Computing an Commerce and Pervasive Computing Bluetooth: A set of telecommunications standards that enables wireless devices to communicate with each other over short distance. Context-aware computing: Application’s ability to detect and react to a set of environmental variables that is described as context. Geolocation: This process of automatically identifying a Web user’s physical location without that user having to provide any information. Geographical information system (GIS): A computer system capable of integrating, storing editing, analyzing, sharing and displaying geographically referenced spatial information. Global positioning system (GPS): A world wide satellite based tracking system that enables users to determine their position anywhere on the earth. Interactive voice response (IVR): A voice system that enables users to request and receive information and to enter and change data through a telephone to a computerized system. Location-based m-commerce: Delivery of m-commerce transactions to individuals in a specific location at a specific time. Location-based service (LBS): An information service accessible from and to mobile devices through a mobile network utilizing the ability to make use of the geographical position of the mobile device to deliver a service to the user. Mobile browser (microbrowser): Web browser designed for use on a mobile device optimized to display web content most effectively for small screens on portable devices. Mobile banking: Performing banking activities such as balance check, account transactions, payments, credit applications etc. via mobile device. Mobile commerce (m-commerce): Any business activity conducted over a wireless telecommunications network or from mobile devices. Mobile computing or Wireless mobile computing: Computing that connects a mobile device to a network or another computing device, anytime, anywhere. Mobile portal: A gateway to the Internet optimized for mobility that aggregates and provides content and services for mobile users. Mobile enterprise: Application of mobile computing inside the enterprise. Multimedia messaging service (MMS): The emerging generation of wireless messaging; MMS is able to deliver rich media. Mobile entertainment: Any type of leisure activity that utilizes wireless telecommunication network, interacts with service providers, and incurs a cost upon usage. Mobile worker: any employee who away from this of her primary workspace at least 10 hours a week or 25 percent of the time. Network-based positioning: Relies on base stations to find the location of a mobile device sending a signal or sensed by the network. Personal area network (PAN): A wireless telecommunications network for device-to-device connection within a very short range. Personal digital assistant (PDA): A stand-alone handheld computer principally used for personal information management. Pervasive computing: Computing capabilities embedded in the environment but typically not mobile. Radio frequency identification (RFID): A short-range frequency communication technology for remotely storing and retrieving data using devices called RFID tags and RFID readers. Real-time location systems (RTLS): Systems used to track and identify the location of objects in real time. Sensor network: A collection of nodes capable of environmental sensing, local computation, and communication with its peers or with other higher performance nodes. Social location-based marketing: Marketing activities that are related to social behavior and are related to social networking activities. Smartphone: A mobile phone with PC-like capabilities. Smart grid: An electricity network managed by utilizing digital technology. Ubiquitous computing: Computing capabilities that are being embedded into the objects around us, which may be mobile or stationary. Short message service (SMS): A service that supports the sending and receiving of short text message on mobile phones. Terminal-based positioning: Calculating the location of a mobile device from signals sent by the device to base stations. Voice portal: A website with an audio interface that can be accessed through a telephone call. Wireless application protocol (WAP): is a technical standard for accessing information over a mobile wireless network. A WAP browser is a web browser for mobile devices such as mobile phones that uses the protocol. Wireless local area network (WLAN): A telecommunications network that enables users to make short-range wireless connections to the Internet or another network. Wi-fi (wireless fidelity): The common name used to describe the IEEE 802.11 standard used on most WLANs. WiMAX: A wireless stand for making broadband network connections over medium-size area such as a city. Wireless wide area network (WWAN): a telecommunications network that offers wireless coverage over a large geographical area, typically over a cellular phone network. Lesson 10: Legal and Ethical Issues in E-commerce Business ethics: A form of applied ethics that examines ethical principles and moral or ethical problems that arise in a business environment. Personal Information Protection and Electronic Documents Act (PIPEDA) was implemented in January 2001. Part 1, Protection of Personal Information in the Private Sector, helps businesses and consumers understand and meet their new obligations. It provides guidelines on how to protect privacy on the Internet and how to protect personal information. Canadian Internet Registration Authority (CIRA) is a not-for-profit Canadian corporation. CIRA operates the dot-ca Internet country code Top Level Domain. Computer crimes: law deals with the broad range of criminal offenses committed using a computer or similar electronic device. Nearly all of these crimes are perpetrated online. The Internet provides a degree of anonymity to offenders, as well as potential access to personal, business, and government data. Compliance data: Data pertaining to the enterprise included in the law that can be used for the purpose of implementing or validating compliance. Computer Fraud and Abuse Act (CFAA): Major computer crime law to protect government computers and other Internet-connected computers. Cookie: also known as an HTTP cookie, web cookie, Internet cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items in a shopping cart) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited by the user as far back as months or years ago). Copyright: An exclusive right of the author or creator of a book movie musical composition, or other artistic property to print copy sell license distribute transform to another medium translate record perform or otherwise use. Cyberbullying: The use of information and communication technologies to support deliberate, repeated and hostile behavior by an individual or group that is intended to harm others. Cyberbashing: Domain name that criticizes an organization or person. Digital divide: is a term that refers to the gap between demographics and regions that have access to modern information and communications technology, and those that don't or have restricted access. This technology can include the telephone, television, personal computers and the Internet. Digital rights management (DRM): An umbrella term for any several arrangements that allow a vendor of content in electronic form to control the material and restrict its usage. Digital divide: The gap that has emerged between those who have and those who do not have the ability to use the technology. Domain name: is an identification string that defines a realm of administrative autonomy, authority or control within the Internet. Domain names are formed by the rules and procedures of the Domain Name System (DNS). Any name registered in the DNS is a domain name. Electronic discovery: (or e-discovery or ediscovery) refers to discovery in civil litigation or government investigations which deals with the exchange of information in electronic format (often referred to as electronically stored information or ESI). Ethics: The branch of philosophy that deals with what is considered to be right and wrong. Electronic Product Environmental Assessment Tool (EPEAT) A searchable database of computer hardware that meets a strict set of environmental criteria. Fair use: the legal use of copy righted material for noncommercial purposes without paying royalties or getting permission. Green computing: The study and practice of eco-friendly computing resources is now a key concern of businesses in all industries not just environmental organizations. Green IT: Begins with manufacturers producing environmentally friendly products and encouraging IT departments to consider more friendly options like virtualization, power management, and proper recycling habits. Infringement: Use of the work without permission or contracting for payment of a royalty. Intellectual property: Creations of the mind such as inventions, literacy and artistic works, and symbols names images and designs used in commerce. Intellectual property law: Area of the law that includes patent law copy right law trademark la trade secret law and other branches of the law such as licensing and unfair competition. Internet censorship: The control or suppression of the publishing or accessing of information on the Internet. Legal precedent: A judicial decision that may be used as a standard in subsequent similar cases. Opt-out: Business practice that gives consumers the opportunity to refuse sharing information about themselves. Opt-in: Agreement that requires computer users to take specific steps to allow the collection of personal information. Patent: A document that grants the holder exclusive rights to an invention for fixed number of years. Platform for Privacy Preferences Project (P3P): A protocol allowing websites to declare their intended use of information they collect about browsing users. Privacy: The right to be left alone and free of unreasonable personal intrusions. Regulatory compliance: Systems or departments in an organization whose job is to ensure that personnel are aware of and take steps to comply with relevant laws, standards, policies, and regulations. Spamming: is the use of electronic messaging systems to send unsolicited messages (spam), especially advertising, as well as sending messages repeatedly on the same site. Spyware: all unwanted software programs designed to steal proprietary information or that target data stores containing confidential information. Telecommuting: Working at home using a PC and the Internet. Trademark: A symbol used by business to identify their goods and services; government registration of the trademark confers exclusive legal right to its use. Trademark dilution: The use of famous trademarks in public that diminishes the capacity of the mark to distinguish goods or services, or tarnishes the mark in the eyes of the consumer. Taxation: The process whereby charges are imposed on individuals or property by the legislative branch of the federal government and by many state governments to raise funds for public purposes. Lesson 11: Social Commerce and Other Issues in E-Commerce Business social network: A social network whose primary objective is to facilitate business connections and activities. Crowdsourcing: The act of outsourcing tasks traditionally performed by an employee or contractor, o an undefined, large group of people or community through an open call. Collective intelligence: The capacity of human communities to evolve toward higher order complexity and harmony, through such innovation mechanisms as variation feedback-selection differentiation integration transformation and competition cooperation coopetition Communal shopping: A method of shopping where the shoppers enlist others to participate in the purchase decision. Customer relationship management (CRM): A customer service approach that focuses on building long-term and sustainable customer relationships that add value both to the customer and the merchants. Geosocial networking: A type of social networking in which geographic services and capabilities such as geocoding and geotagging are used to enable additional social dynamics. Geolocation: The identification of the real-world geographic location of an Internet-connected computer, mobile device, website, visitor or other. Mobile social networking: Members converse and connect with one another using cell phones or other mobile devices. Social capital: A sociological concept that refers to connections within and between social networks. The core idea is that social networks have value. Just as physical capital or human capital, so do social contacts affect the productivity of individuals and groups. Social commerce: the delivery of e-commerce activities and transactions through social network and/or via Web 2.0 software. Social CRM: A customer engagement strategy in support of companies’ defined goals and objectives toward optimizing the customer experience. Success required focus on people, processes, and technology associated with customer touchpoints and interactions. Social customers: Members of social networks who do social shopping and understand their rights and how to use the wisdom and power of crowdsourcing and communities to their benefits. Social marketplace: An online community that harnesses the power of one’s social networks for the introduction, buying and selling of products, services, and resources, including one’s own creations. Also may refer to a structure that resembles a social network but is focused on individual members. Social marketing: A combination of social policy and marketing practices to achieve a set of social behavioral goals within a target audience. Social media: The online platform and tools that people use to share opinions, experiences, insights, perceptions, and various media, including photo, videos, and music with each other. Social media marketing: A term that describes use of social media platforms such as networks, online communities, blogs wikis, ro any other online collaborative media for marketing, market research, sales, CRM and costumer service. It may incorporate ideas and concepts from social capital, Web 2.0, social media and social marketing. Social Graph: A term coined by Mark Zuckerberg of Facebook which originally referred to the social network of relationships between users of the social networking service provided by Facebook. The idea was for Facebook to benefit from the social graph by taking advantage of the relationships between individuals that facebook provide, to offer a richer online exprience. This definition was expanded to refer to a social graph of all Internet users. Social shopping: A method of e-commerce where shoppers’ friends become involved in the shopping experience. Social shopping attempts to use technology to mimic the social interactions found in physical malls and stores. User-generated content (UGC): Various kind of media content that is produced by end users and are publicly available. Viral marketing: Word-of-mouth (WOM) method by which customers promote a product by telling others about it. Viral blogging: Viral marketing done by bloggers.

Cite This Document

Related Documents

  • ECOM final exam

    ...ECOM210 Final Exam Study Guide YOU MAY WANT TO PRINT THIS GUIDE. 1. The Final Exam is open book, open notes. The maximum time you can spend in the exam is 3 hours, 30 minutes. If you have not clicked the Submit for Grade button by then, you will be exited from the exam automatically. In the final exam environment, the Windows clipboard is d...

    Read More
  • HRM 595 Final Exam

    ...CLICK TO DOWNLOAD HRM 595 Final Exam 1. Joe McDonald is the HR manager of ACME chemicals. His boss, Bill Jacobs, is concerned that the interactions between the various departments of the company are inconsistent and that there is too much competition between departments rather than cooperation. Bill has asked you about ways to improve...

    Read More
  • Accounting Final Exam

    ... DOWNLOADACC 349 Final Exam 1) What is the best way to handle manufacturing overhead costs in order to get the most timely job cost information? 2) At the end of the year, manufacturing overhead has been over applied. What occurred to create this situation?3) Luca Company over applied manufacturing overhead during 2006. Which one of the follow...

    Read More
  • ACC 544 Final Exam

    ...ACC 544 Final Exam Copy this link to your browser and download 1) Which is NOT one of the AICPA's Code of Professional Conduct principles?   2) The ethical philosophy that considers the consequences of similar persons acting under similar circumstances is called   3) The ...

    Read More
  • MGT 330 Final EXAM

    ..._____________ plans might be referred to as "what-if" plans. A. Contingency B. Strategic C. Standing D. Single-use 15) A plan that focuses on ongoing activities and may become a more permanent policy or rule is a: A. Strategy B. Single-use plan C. Mission statement D. Standing plan 16) The moral principles and standards that guide behavior i...

    Read More
  • PROJ 586 Final Exam

    ...CLICK TO DOWNLOAD PROJ 586 Final Exam Page 1 1. (TCO A) In a _____ organization, the project manager does not have complete authority over the project team. 2. (TCO H) What is the longest phase of the project life cycle? 3. (TCO B) A(n) _____ is defined as a piece of work that consumes time. 4. (TCO D) All of the following are ...

    Read More
  • ECO 550 Final Exam

    ...CLICK TO DOWNLOAD ECO 550 Final Exam 1. The degree of operating leverage is equal to the ____ change in ____ divided by the ____ change in ____. 2. In the linear breakeven model, the difference between selling price per unit and variable cost per unit is referred to as: 3). Break-even analysis usually assumes all of the following except: ...

    Read More
  • ECO 550 Final Exam

    ...CLICK TO DOWNLOAD ECO 550 Final Exam 1. In making promises that are not guaranteed by third parties and in imposing penalties that are not enforced by third parties, all of the following are credibility-enhancing mechanisms except 2. Essential components of a game include all of the following except: 3. A key to analyzing subgame ...

    Read More

Discover the Best Free Essays on StudyMode

Conquer writer's block once and for all.

High Quality Essays

Our library contains thousands of carefully selected free research papers and essays.

Popular Topics

No matter the topic you're researching, chances are we have it covered.