August 2011 Bachelor of Science in Information Technology (BScIT) Semester 5 BT8902 E-Commerce 4 Credits

(Book ID: B1186)

Assignment Set 2 (60 Marks)

Answer all questions

10 x 6 = 60

1. Explain the four areas of concern as far as internet security is concerned .

Security Solutions There are several groups interested in developing standards and security for clouds and cloud security. The Cloud Security Alliance (CSA) is gathering solution providers, non-profits and individuals to enter into discussion about the current and future best practices for information assurance in the cloud (Cloud Security Alliance (CSA) security best practices for cloud computing, 2009) The Cloud Standards web site is collecting and coordinating information about cloud-related standards under development by other groups (CloudsStandards, 2010). The Open Web Application Security Project (OWASP) maintains a top 10 list of vulnerabilities to cloud-based or Software as a Service deployment models which is updated as the threat landscape changes (OWASP, 2010). The Open Grid Forum publishes documents to containing security and infrastructural specifications and information for grid computing developers and researchers . Web Application Solutions The best security solution for web applications is to develop a development framework that shows and teaches a respect for security. Tsai, W., Jin, Z., & Bai, X. (2009) put forth a four-tier framework for webbased development that though interesting, only implies a security facet in the process (Tsai, Jin, & Bai, 2009, p. 1). Towards best practices in designing for the cloud by Berre, Roman, Landre, Heuvel, Skr, Udns, Lennon, & Zeid (2009) is a road map toward cloud-centric development (Berre et al., 2009), and the X10 language is one way to achieve better use of the cloud capabilities of massive parallel processing and concurrency .(Saraswat, Vijay, 2010) Accessibility Solutions The value of filtering a packet-sniffer output to specific services as an effective way to address security issues shown by anomalous packets directed to specific ports or services (Krgel et al., 2002) An often-ignored solution to accessibility vulnerabilities is to shut down unused services, keep patches updated, and reduce permissions and access rights of applications and users.

Authentication Solutions Halton and Basta suggest one way to avoid IP spoofing by using encrypted protocols wherever possible. They also suggest avoiding ARP poisoning by requiring root access to change ARP tables; using static, rather than dynamic ARP tables; or at least make sure changes to the ARP tables are logged.

2. Explain Denial-of-Service Attacks.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.[1] One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations

3. What do you mean by Electronic funds transfer? What are the different requirements for the same?
Electronic funds transfer (EFT) is the electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions, through computer-based systems. The term covers a number of different concepts: Cardholder-initiated transactions, where a cardholder makes use of a payment card

Direct deposit payroll payments for a business to its employees, possibly via a payroll service bureau Direct debit payments, sometimes called electronic checks, for which a business debits the consumer's bank accounts for payment for goods or services Electronic bill payment in online banking, which may be delivered by EFT or paper check Transactions involving stored value of electronic money, possibly in a private currency Wire transfer via an international banking network (carries a higher fee in North America) Electronic Benefit Transfer

4. List out the benefits, which digital tokens offer to buyers and sellers.
The intermediary acts as an electronic bank that converts legal tender currency into a private currency system (using tokens or digital currency) which is circulated within electronic commerce markets. A DCP system does not transmit sensitive or payment information between buyers and sellers, but instead transmit a digital token that represents monetary values, that is, a digital currency. The nature of digital currency mirrors that of paper money as a means of payment. This is similar to sending a $10 bill in the mail. As such, digital currency EPS's have the same advantages as paper currency payments, namely anonymity and acceptance of micro-payments. Depending on implementation, a possible feature of DCP's is the capability to make peer-to-peer transactions, where two individuals can exchange money without involving a third party.

5. Define CRM.
Customer relationship management (CRM) is a widely implemented strategy for managing a companys interactions with customers, clients and sales prospects. It involves using technology to organize, automate, and synchronize business processesprincipally sales activities, but also those for marketing, customer service, and technical support.[1] The overall goals are to find, attract, and win new clients, nurture and retain those the company already has, entice former clients back into the fold, and reduce the costs of marketing and client service. Customer relationship management describes a company-wide business strategy including customerinterface departments as well as other departments. Measuring and valuing customer relationships is critical to implementing this strategy.

6. Explain the five interactive areas of CRM.

There are five principles that have proven to be successful in leveraging social media as part of an interactive marketing effort: 1. 2. 3. 4. 5. Fit the right tactic to the right goal Listen first Have a measurable goal Evaluate your ability to generate content Recognize your limitations

Fit the Right Tactic to the Right Goal Social media or Web 2.0 tactics are extensions of the interactive marketing efforts that include Web 1.0 technologies. It's the same way a virtual Web seminar can be an extension of a live seminar in a physical location. In both instances, you're pursuing the tactic to achieve an end. For many marketers, social media is meant only to generate buzz which, in Web terms, means traffic. Social media can certainly do that, but you should first assess your resource spend and any slightly moretraditional interactive tactics. Listen to the Conversation Around You Before you start holding your own conversations in social media, visit other blogs in your industry or your product niche. Visit Twitter. Listen to respected industry influencers. Take the pulse of your client community through newsgroups, user forums, and product-support sites. Simply through participation in the conversations, you'll get a better sense of the issues at stake for your business, enabling you to perhaps proactively prevent challenges from becoming headaches. By listening and responding as an expert, it's possible to effect positive change on your brand and also to influence others. You may discover you don't need to create your own community, and that it's sufficient to work with existing traffic. This route is a good initial approach for smaller companies limited by budget and resources. Have a Measurable Goal "If you don't know where you're going, you can never be lost." This may seem to be a logical sentiment, but it's definitely not the mantra for marketers in a social media environment or in the current economic

downturn. With finite marketing resources, it's crucial to clearly define your social media objectives as an integral part of your marketing strategy. You'll need to evaluate how those objectives match up with your existing demand generation programs, search engine optimization efforts, podcasts, blogging, and other online tactics. Detailing how specific tactics can be applied to generate Web-site traffic and why you consider them to be most effective in creating sales leads will help establish the proper foundation for your program. You can link social media efforts with other marketing tactics. For example, with a traditional product launch, conduct blogger outreach to share your story. For topline traffic growth, you can also create a podcast channel on iTunes to reach a new audience through RSS. Evaluate Your Ability to Generate Content The cardinal rule on the Web is "Content is King." People don't browse to your site or read your feeds unless valuable information is delivered (or at least promised). To start using social media within marketing, you need to ensure you have a strong pipeline of content. This includes having a coherent story to tell; and people to tell it in an engaging way.

First, you have to evaluate your ability to create and package content. For instance, assess whether you can provide a regular newsletter and use that as your content "litmus" test. For real success, content must be original and not repackaged. While blogs are alluring, is it better for your company to deliver a regular and lively newsletter to your customers and prospects? Promoting offers or events are generally no-nos in blogs, but you can safely have ads in a newsletter. With a strong newsletter in place, marketers have the opportunity to offer exclusives or select stories as a means of syndicating their own content. The creation of trackable inbound links will help build bettertargeted Web traffic, for stronger search engine optimization. This process helps build brand and sales over time. In parallel with the newsletter effort, consider podcasting as a way to leverage multimedia to get your message across. Recognize Your Limitations Your resources are far from boundless. Understand that there's no easy way to have an extremely effective social media strategy across all areas. It's best to not enter marketing arenas in which you know you can't do well. For example: Don't host a blog if you don't have the original content to keep it fresh. Social media comes with its own rules, practices, and behaviors. Make sure you understand them, because you can damage your brand by taking an old-school approach to new-school tactics.

7. Define Supply chain management.

Supply chain management (SCM) is the management of a network of interconnected businesses involved in the ultimate provision of product and service packages required by end customers (Harland, 1996). Supply chain management spans all movement and storage of raw materials, work-in-process inventory, and finished goods from point of origin to point of consumption (supply chain). Another definition is provided by the APICS Dictionary when it defines SCM as the "design, planning, execution, control, and monitoring of supply chain activities with the objective of creating net value, building a competitive infrastructure, leveraging worldwide logistics, synchronizing supply with demand and measuring performance globally."

8. Define WAP.
Wireless Application Protocol (WAP) is a technical standard for accessing information over a mobile wireless network. A WAP browser is a web browser for mobile devices such as mobile phones (called "cellular phones" in some countries) that uses the protocol. Before the introduction of WAP, mobile service providers had limited opportunities to offer interactive data services, but needed interactivity to support Internet and Web applications such as: Email by mobile phone Tracking of stock-market prices Sports results News headlines Music downloads

9. What is knowledge management? Explain its goals.

Knowledge management (KM) comprises a range of strategies and practices used in an organization to identify, create, represent, distribute, and enable adoption of insights and experiences. Such insights and experiences comprise knowledge, either embodied in individuals or embedded in organizations as processes or practices.

An established discipline since 1991 (see Nonaka 1991), KM includes courses taught in the fields of business administration, information systems, management, and library and information sciences (Alavi & Leidner 1999). More recently, other fields have started contributing to KM research; these include information and media, computer science, public health, and public policy.

Many large companies and non-profit organizations have resources dedicated to internal KM efforts, often as a part of their business strategy, information technology, or human resource management departments (Addicott, McGivern & Ferlie 2006). Several consulting companies also exist that provide strategy and advice regarding KM to these organizations.

Knowledge management efforts typically focus on organizational objectives such as improved performance, competitive advantage, innovation, the sharing of lessons learned, integration and continuous improvement of the organization. KM efforts overlap with organizational learning, and may be distinguished from that by a greater focus on the management of knowledge as a strategic asset and a focus on encouraging the sharing of knowledge.

10. Explain the meaning of eBay and the three processes associated with it.
Internet marketing, also known as digital marketing, web marketing, online marketing, search marketing or e-marketing, is referred to as the marketing (generally promotion) of products or services over the Internet. iMarketing is used as an abbreviated form for Internet Marketing[1] Internet marketing is considered to be broad in scope[1] because it not only refers to marketing on the Internet, but also includes marketing done via e-mail and wireless media.[2] Digital customer data and electronic customer relationship management (ECRM) systems are also often grouped together under internet marketing.[3]

Internet marketing ties together the creative and technical aspects of the Internet, including design, development, advertising, and sales.[4] Internet marketing also refers to the placement of media along many different stages of the customer engagement cycle through search engine marketing (SEM), search engine optimization (SEO), banner ads on specific websites, email marketing, mobile advertising, and Web 2.0 strategies