The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software (T/F)
True
Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties
False
Phishing attacks rely on browser parasites
False
The U.S. federal government has historically not been in favor of the development and export of strong encryption systems.
True
In order to accept payments by credit card, online merchants typically must have a merchant account established with a bank or financial institution
True
________ refers to the ability to ensure that messages and data are only available to those authorized to view them
Confidentiality
All of the following statements about public key encryption are true except:
. public key encryption uses two mathematically related digital keys.
. public key encryption ensures authentication of the sender.
. public key encryption does not ensure message integrity.
. public key encryption is based on the idea of irreversible mathematical functions.
public key encryption does not ensure message integrity.
Which of the following countries has been found to have engaged in cyberespionage against Google?
China
An intrusion detection system can perform all of the following functions except:
Blocking suspicious activity
Which of the following is not an example of a PUP?
. adware
. browser parasite
. drive-by download
. spyware
Drive-by download
Which of the following did Dropbox implement after a series of security snafus in 2011 and 2012?
a. firewall

b. SSL/TLS

c. two-factor authentication

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

d. anti-virus software

Two-Factor Authentication
Proxy servers are also known as
Dual-home Systems
Online bill payments are believed to cost ________ to process compared to ________ for paper bills.
20 to 30 cents, $3 to $7
All the following statements about symmetric key encryption are true except:
. in symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt a message.
. the Data Encryption Standard is a symmetric key encryption system.
. symmetric key encryption is computationally slower.
. symmetric key encryption is a key element in digital envelopes.
symmetric key encryption is computationally slower.
P2P payment systems are a variation on what type of payment system?
stored value payment system
Which of the following is not an example of an access control?
. firewalls
. proxy servers
. digital signatures
. login passwords
Digital signatures
None of the following payment systems offers immediate monetary value except:
A) personal checks.
B) credit cards.
C) stored value/debit card.
D) accumulating balance.
stored value/debit card.
Reventon is an example of:
Ransomware
Which of the following dimensions of e-commerce security is not provided for by encryption?
. confidentiality
. availability
. message integrity
. nonrepudiation
Availability
Spoofing involves attempting to hide a true identity by using someone else’s e-mail or IP address
True
TLS does not guarantee server-side authentication
False
A worm does not need to be activated by a user in order for it to replicate itself
True
Smishing attacks exploit SMS messages
True
Rustock is an example of which of the following?
Botnet
An example of a privacy violation of e-commerce security is:
your online purchasing history being sold to other merchants without your consent.
Which of the following is an example of an integrity violation of e-commerce security?

A) A Web site is not actually operated by the entity the customer believes it to be.
B) A merchant uses customer information in a manner not intended by the customer.
C) A customer denies that he or she is the person who placed the order.
D) An unauthorized person intercepts an online communication and changes its contents.

. An unauthorized person intercepts an online communication and changes its contents.
Which of the following is the current standard used to protect Wi-Fi networks?
WPA2
The overall rate of online credit card fraud is ________ % of all online card transactions.
Less than 1%
All of the following are limitations of the existing online credit card payment system except:
. poor security.
. cost to consumers.
. cost to merchant.
. social equity.
Cost to consumers
A digital certificate contains all of the following except the:
. subject’s private key.
. subject’s public key.
. digital signature of the certification authority.
. digital certificate serial number.
Subject’s private key
Which of the following is a set of short-range wireless technologies used to share information among devices within about 2 inches of each other?
NFC
All of the following statements about PKI are true except
. The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties.
. PKI is not effective against insiders who have a legitimate access to corporate systems including customer information.
. PKI guarantees that the verifying computer of the merchant is secure.
. The acronym PKI stands for public key infrastructure.
. PKI guarantees that the verifying computer of the merchant is secure.
All of the following are factors in contributing to the increase in cybercrime except:
. the ability to remotely access the Internet.
. the Internet’s similarity to telephone networks.
. the ability to anonymously access the Internet.
. the Internet is an open, vulnerable design.
The Internet’s similarity to telephone networks
Linden Dollars, created for use in Second Life, are an example of:
Virtual Currency
. Insiders present a greater security threat to e-commerce sites than outsiders
True
. Most of the world’s spam is delivered via which of the following?
Botnets
The research firm Cybersource estimated that online credit card fraud in the United States amounted to about ________ in 2012.
$3.5 Billion
The Data Encryption Standard uses a(n) _____ bit key.
56
Symmetric key encryption is also known as:
Secret Key Encryption
Which dimension(s) of security is spoofing a threat to?
Integrity and Authenticity
Software that is used to obtain private user information such as a user’s keystrokes or copies of e-mail is referred to as:
Spyware
All of the following are methods of securing channels of communication except:
A) SSL.
B) S-HTTP.
C) VPN.
D) FTP.
FTP
Prior to the development of e-commerce, Web sites primarily delivered static content. T/F
True
Upgrading a server from a single processor to multiple processors is an example of scaling a site horizontally. T/F
True
Mobile Web apps are typically built using HTML5 and Java.
True
Apache Web server software is based on Microsoft’s Windows operating system.
False
The annual maintenance cost for a Web site is likely to be as high as its development cost.
True
4 kinds of e-commerce presence
Web sites
e-mail
social media
offline media
Which of the following typically includes a data flow diagram to describe the flow of information for an e-commerce site?
. physical design
. logical design
. testing plan
. co-location plan
Logical design
A system design has two main components:
a logical design and a physical design
All of the following are basic functionality provided by Web servers except:
A) a product catalog.
B) marketing software
C) a shopping cart.
D) credit card processing.
A shopping cart
All of the following are simple steps for optimizing Web page content that can reduce response times except:
reducing unnecessary HTML comments.
Using more efficient graphics.
Avoiding unnecessary links to other pages on the site.
Segmenting computer servers to perform dedicated functions.
– segmenting computer servers to perform dedicated functions
Offline media is typically used for all of the following marketing activities except:
education.exposure.conversation.branding
conversation
All of the following are methods of improving the processing architecture of a Web site except:
a) separating static content from dynamic content
b) optimizing ASP code
c) optimizing database schema
d) adding web servers
Adding web servers
Which of the following technologies could you use to place the content of your Web site in a database so that you can then dynamically generate requests for pages?
-Apache web server
-proxy server
-shopping cart
-CMS
CMS
Which of the following is not a main factor in determining overall demand for an e-commerce site?
-static file sizes
-number of items in inventory
-user profiles
-type of content
Static File Size
________ verifies that the business objectives of the system as originally conceived are in fact working.
Acceptance testing
In order from beginning to end, the major steps in the SDLC, are:
systems analysis/planning;
systems design;
building the system;
testing;
implementation.
Which of the following is an example of a CMS?
WordPress
What are the two most important management challenges in building a successful e-commerce presence?
-developing a clear understanding of business objectives -knowing how to choose the right technology to achieve those objectives
Which of the following details the actual hardware components to be used in a system?
Physical Design
One of the most important challenges in developing an e-commerce presence is understanding that the technology must drive the business. T/F
False
The systems development life cycle methodology is useful when creating an e-commerce Web site.
True
Storing HTML pages in RAM rather than on a server’s hard drive is an inexpensive way to fine-tune the processing architecture of a Web site. T/F
True
All of the following are basic information requirements for a product database except:
.product descriptions
.stock numbers
.customer ID numbers
.inventory levels
Customer ID number
Which of the following is the least expensive path to creating a mobile Internet presence?
Resizing a website for mobile use
The term stateless refers to the fact that:
the server does not have to maintain an ongoing dedicated interaction with the client computer.
Most of the time required to maintain an e-commerce site is spent on:
general administration and making changes and enhancements to the system.
The cost of hardware, software, and telecommunications services needed to build a Web site have ________ over the last decade.
Decreased drastically
Advantages of dynamic page generation include all of the following except:
a) lowered menu costs
b)market segmentation
c) nearly cost-free price discrimination
d) client-side execution of programming
Client-side execution of programming
Which of the following is used to process certificates and private/public key information?
A) HTTP
B) SSL
C) FTP
D) data capture tools
SSL
An e-commerce Web site that processes orders requires, at minimum, a ________ system architecture.
Two-tier
The leading Web server software is
Apache
All of the following are important factors in Web site optimization except:
.selecting keywords and page titles
.identifying market niches for your services or products
.buying search engine ads
.adhering to accessibility guidelines.
Adhering to accessibility guidelines
Using prebuilt templates is typically one of the most cost-effective choices when building a Web
True
The Web server software used does not significantly impact how a Web site’s Web pages look on users’:
True
________ involves testing a site program’s modules one at a time.
Unit testing
All of the following might be part of a Web site’s middle-tier layer except:
.a database server
.an ad server
.legacy corporate applications
.a mail server.
Legacy corporate applications
The structure of a market is described in terms of:
Direct competition, suppliers and substitute products
Which system functionality must your Web site have in order to be able to personalize or customize a product for a client?
an ad server
a site tracking and reporting system
an inventory management system
customer on-site tracking
customer on-site tracking
The primary way a Web site is able to personalize the content presented to a visitor is through the use of:
Cookies nom
Which of the following helps you understand the marketing effectiveness of your e-commerce site?
shopping cart
product database
site tracking and reporting system
inventory management system
Site tracking and reporting system
Database
Organized collection of logically related data;
self-describing collection of integrated tables
File
Group of records of same type
Record
Group of related fields
Field
Group of characters as word(s) or umber
Hierarchy in Database
Field, Record, File, Database
Data
Stored representations of meaningful objects and events
Structured Data
Numbers, text, dates
Unstructured Data
Images, video, documents
Information
Data processed to increase knowledge in the person using the data
Metadata
descriptions of the properties or characteristics of the data, including data types, field sizes, allowable values and data context (limit of what data can be..gpa can be 0-4 and 3 number places)
Context
Helps us understand the data
Problems with traditional file environment (maintained separately by different departments)
Data redundancy
Data inconsistency
Program-data dependence (change program requires change in data)
Lack of flexibility
Poor security
Lack of data sharing and availability
Database Management System (DBMS)
Interfaces between applications and physical data files
Separates logical and physical views of data
Solves problems of traditional file environment
Components of DBMS
Users > Database application > SQL > DBMS > Database UASMD
What is the Dominant Database System?
Oracle
SQL
Sequential Query Language
JET (joint engine technology)
Joint Engine Technology
Database that is used as underlying database engine for Access
Components of Databases
Entity
Attribute
Relationship
Entity
Person, place, thing that we identify (people, cars)
Can be tangible or abstract
Attribute
Each characteristic, or quality, describing the entity
(name, address, DL number)
Relationships
Exist between entities
One-to-one
One-to-many
Many-to-many
Entity Instance
Occurrence of an entity (Human is entity, Spencer is instance)
Form
Efficient way to capture data, imply entities, attributes and relationships
Data Definition Capability
Specifies structure of database content, used to create tables and define characteristics of fields
Data Dictionary
Automated or manual file storing definitions of data elements and their characteristics
Data Manipulation Language
Used to add, change, delete, retrieve data from database (SQL)
Entity Relationship Diaram
Used by database designers to document the data model and illustrate relationships between entities
Distributing databases
Storing database in more than one place
Partitioned Database
Separate locations store different parts of database
Replicated Database
Central database duplicated in entirety at different locations
3 Key techniques Database Approach
1. Data warehousing
2. Data mining (looking for relationships)
3. Tools for accessing internal databases throughout the web
Business Intelligence
Tools for consolidating, analyzing and providing access to vast amounts of data to help users make better business decisions
Principle tools of business intelligence include:
Software for database query and reporting
Online analytical processing (OLAP)
Data mining
Online Analytical Processing (OLAP)
Supports multidimensional data analysis (each aspect of info is different dimension) and enables rapid, online answers to ad hoc queries
Data Mining
Finds hidden patterns, relationships in large databases and infers rules to predict future behavior (discovery driven)
Predictive Analysis
Uses data mining techniques, historical data and assumptions about future conditions to predict outcomes of events (prob customer will respond to offer)
Text Mining
Extracts key elements from large, unstructured data sets (stored e-mails)
Advantages of using web for database access
Ease of use of browser software
Web interface requires few or no changes to database
Inexpensive to add web interface to system
Information Policy
Firm’s rules, procedures, roles for sharing, managing, standardizing data
Data Administration
Firm function responsible for specific policies and procedures to manage data
Data governance
Policies and processes for managing availability, usability, integrity and security of enterprise data, especially as it relates to gov regulations
Database Administration
Defining, organizing, implementing, maintaining database; performed by database design and management group
Before new database is in place, need to:
Identify and correct faulty data
Est. better routines for editing data once database in operation
Data Quality Audit
Structured survey of the accuracy and level of completeness of the data in an info system
Data Cleansing
Software to detect and correct data that are incorrect, incomplete, improperly formatted or redundant
(enforces consistency)
System Functionalities
Types of info systems capabilities you will need to achieve your business objectives
Information Requirements
Info elements that they system must produce in order to achier the business objectives
System Design Specification
Description of the main components in a system and relationship to one another
CMS
Organizes, stores and processes web site content
Co-location
When a firm purchases or leases a web server (and has total control over its operation) but locates it in a vendor’s physical facility. Vendor maintains the facility, communications lines and machinery
System Testing
Testing site as a whole, in way typical user will use it
System Architecture
Arrangement of software, machinery and tasks in an info system needed to achieve a specific functionality
Two-tier Architecture
E-commerce system in which a web server responds to requests for web pages and a database server provides backend data storage
Multi-tier architecture
Web server is linked to a middle-tier layer that includes series of application servers that perform specific tasks as well as a backend layer of existing corporate systems
Site management tools
Verify that links on pages are still valid and also identify orphan files
Dynamic Page generation
Contents of page are stored as objects in a database, rather than being hard coded in HTML. When user requests a web page, contents for that peg are fetched from database
Web application Server
Software program that provide specific business functionality required of a web site
E-commerce merchant server software
Software that provides the basic functionality needed for online sales, including catalog, order taking, shopping cart and credit card processing
Merchant Server Softwarer Package
Offers integrated environment that provides most or all of functionality and capabilities needed to develop a sophisticated customer-centric site
Open Source Software
Developed by community of programmers and designers and free to use and modify
Hardware Platform
All underlying computing equipment that the system uses to achieve its functionality
I/O Intensive
Requires input/output operations rather than heavy-duty processing power
Vertical Scaling
Increasing processing power of individual components
Horizontal Scaling
Employing multiple computers to share the workload
CGI (common gateway interface)
set of standards for communication between a browser and program running on a server that allows for interaction between user and server
Active Server Pages
Software development tool that enables programmers using Microsoft’s IIS package to build dynamic pages
Java
Programming language that allows programmers to create interactivity and active content on client computer, saving considerable load on the server
Java Server Pages
Web page coding standard that allows developers to dynamically generate web pages in response to user requests
JavaScript
programming language invented by Netscape that is used to control the objects on an HTML page and handle interactions with the browser
Widget
Small, prebuilt chunk of code that executes automatically in your html web page
privacy Policy
A set of public statements declaring to your customers how you treat their personal info
Accessibility Rules
Set of design objectives that ensure disabled users can effectively access your sight (handicapped)
Mobile Web Site
Version of a regular desktop web site that is scaled down in content and navigation (most basic)
Responsive Web design
Tools and design principles that automatically adjust the layout of a web site depending on user screen resolution
Mobile Web App
App built to run on the mobile web browser built into a smartphone or tablet computer
Native App
App designed specifically to operate using the mobile devices hardware and operating system
Integrity
Ability to ensure that info being displayed on a website or transmitted or received over the Internet has not been altered in any way by an unauthorized party
Nonrepudiation
Ability to ensure that e-commerce participants do not deny their online actions
Authenticity
Ability to identify the identify of a person or entity with whom you are dealing on the internet
Confidentiality
Ability to ensure that messages and data are available only to those who are authorized to view them
Privacy
Ability to control the use of info about oneself
Availability
Ability to ensure that an e-commerce site continues to function as intended
Malware
Viruses, worms, ransomware, Trojan horses and bots
Drive-by download
Malware that comes with a downloaded file that a user requests
Virus
Computer program that has the ability to replicate itself and spread to other files
Worm
Designed to spread from computer to computer
ransomware (scareware)
Prevents you from accessing your computer or files and demands you pay a fine
Trojan horse
Appears to be benign, but then does something other than expected
Backdoor
Feature of malware that allows attacker to remotely access a comprised computer
Bot
type of malicious code that can be covertly installed on a computer when connected to the internet, then responds to external commands sent by attacker
PUP (potentially unwanted program)
Installs itself on computer without user’s informed consent
Adware
PUP that serves pop-up ads to your computer
Browser Parasite
program that can monitor and change the settings of a user’s browser
Social Engineering
Type of phishing that relies on human curiosity, greed, gullibility in order to trick into taking action that will result in downloading malware
White Hats
Good hackers who help orbs locate and fix security flaws
Black hats
bad hackers
Grey hats
Hackers who believe they are pursuing good by breaking in and revealing system flaws
Pharming
Automatically redirecting a web link to an address different than the intended one, with a site masquerading as the intended desination
Spam (junk) web sites
Link fams, promise to offer products or services, but really just collections of ads
DoS (denial of service)
flooding web site with useless traffic to inundate and overwhelm the network
DDoS (distributed denial of serve)
Using numerous computers to attack the target network from numerous launch points
Sniffer
type of eavesdropping program that monitors info traveling over anetwork
SQL InjectionAttack
takes advantage of poorly coded web app software that fails to properly validate or filter data entered by a user on a web page
Zero-day vulnerability
software vulnerability that has been previously unreported and for which no patch yet exists
Encryption
process of transforming plain text or data into cipher text that can’t be read by anyone other than the sender and receiver
Key (cipher)
any method for transforming plain text to cipher text
Symmetric Key Encryption
Both sender and receiver use same key to encrypt and decrypt the message
Public Key Cryptography
2 mathematically related digital keys are used; a public key and a private key.
Private is kept secret by owner and public is widely disseminated. Both can be used to encrypt and decrypt, however once key is used to encrypt message, same key can’t be used to unencrypted message
Hash Function
Algorithm that produces a fixed-length number called a has or message digest
Digital Envelop
Technique that uses symmetric encryption for large documents but public key encryption to encrypt and send the symmetric key
PKI (public key infrastructure)
CAs and digital certificate procedures that are accepted by all parties
PGP (pretty good privacy)
widely used email public key encryption software program
Secure negotiated session
Client-server session in which URL of the requested doc, along with contents, contents of forms and cookies exchanged are encrypted
Firewall
Hardware or software that filters communication packets and prevents some packets from entering the network based on a security policy
Proxy Server
Software server that handles all communications originating from or vein sent to the Internet, acting as a spokesperson or bodyguard for the org
Security Token
physical device or software that generates an identifier that can be used in addition to or in place of a password
CERT coordination center
monitors and tracks online criminal activity reported to it by private corporations and gov agencies that seek out it is help
Float
period of time between purchase and actual payment
Stored Value Payment System
Account created by depositing funds into an account and from which funds are paid out or withdrawn as needed (Starbucks)
x

Hi!
I'm Niki!

Would you like to get a custom essay? How about receiving a customized one?

Check it out