Planning Your Business Web Site

IIIINTRAPRISENTRAPRISENTRAPRISENTRAPRISETTTTECHECHECHECHKKKKNOWLOGIESNOWLOGIESNOWLOGIESNOWLOGIES LLCLLCLLCLLC

September 21, 2009

Presented by

Donny C. Shimamoto, CPA.CITP

Planning Your Planning Your Planning Your Planning Your Business Web SiteBusiness Web SiteBusiness Web SiteBusiness Web Site

Planning Your Business Web SitePlanning Your Business Web SitePlanning Your Business Web SitePlanning Your Business Web Site

� Today’s Goal

– Provide a framework for starting and managing your Business Web Site

� Session Objectives

– Define the different types of Web sites

– Identify key success factors for Web sites

– Understand the risks of e-commerce

– Overview of compliance requirements

– Outline a basic project plan for a Web site

Donny C. Shimamoto, Donny C. Shimamoto, Donny C. Shimamoto, Donny C. Shimamoto, CPA.CITPCPA.CITPCPA.CITPCPA.CITP

Background & Experience� BBA from University of Hawaii at Manoa

– Accounting & Management Information Systems

� Alumni of PricewaterhouseCoopers LLP– Strategic Technology Group

– Financial Audit and IT Audit

– Washington Consulting Practice

� Founder of IntrapriseTechKnowlogies LLC– Technology Planning, Management, and Support for small businesses and middle market organizations

� Focus on risk management, compliance, and business intelligence

– Functional Web sites supporting customer transaction and information management

Donny C. Shimamoto, Donny C. Shimamoto, Donny C. Shimamoto, Donny C. Shimamoto, CPA.CITPCPA.CITPCPA.CITPCPA.CITP

Background & Experience� Assn of IT Professionals (AITP) – Honolulu Chapter

– Board Member (2008-present), Treasurer (2009)

� American Institute of CPAs (AICPA)– TECH+ Conference Steering Committee (2007-present)

– Chairman, Business Intelligence Working Group (2009)

– IT Executive Committee (2006-2009)

� Hawaii Society of CPAs– Technology Advocate (2005–2008)

– Chairman, Technology Advocacy Committee (2009)

� Awards & Recognition– “40 Under 40” Accounting Technology Professionals in the US

� 2007 & 2009, CPA Technology Advisor Magazine

– Top High Tech Leaders in Hawaii� 2004, Pacific Technology Foundation & Technology News Network

Business Web Site BasicsBusiness Web Site BasicsBusiness Web Site BasicsBusiness Web Site Basics

� Why do I need a Web site?

– Not having a Web site will cause people to questions whether you exist

– Even just a “placeholder” Web site is better than no Web site or an “under construction” site

– Get your business “out there”

� What does my Web site need to do?

– Create enough interest so that potential customers, employees, business partners, and vendors will take the next step and contact or interact with you

Business Web Site BasicsBusiness Web Site BasicsBusiness Web Site BasicsBusiness Web Site Basics

� Objectives of a Business Web Site

– Information Distribution

� “Basic” Web site = get information into the marketplace

� Can get complex depending on the type/volume of information and security requirements

– Business Process Support

� Information Exchange with Customers/Partners

� Transaction Processing without e-Commerce support

� Transaction Processing with e-Commerce support

– Relationship Building/Maintenance

� Customer Relationship Management

� Community Building

Business Web Site Basics Business Web Site Basics Business Web Site Basics Business Web Site Basics –––– the “Social Web”the “Social Web”the “Social Web”the “Social Web”

� Objectives of a Business Web Site

– Information Distribution

� The “Social Web” can help to get information out there and bring people to your site


� The “Social Web” can help initiate or feed processes

– Relationship Building/Maintenance

� The “Social Web” has totally transformed this area

– Customer Relationship Management

– Community Building

� In the “Social Web” this often has a

life of its own and can’t be controlled

– This can be good and bad…

Key Success Factors for Web SitesKey Success Factors for Web SitesKey Success Factors for Web SitesKey Success Factors for Web Sites

� Information Distribution Sites

– Accuracy of information

� Information presented must be reasonably accurate

� Especially important when you are not the only provider of that information

– Completeness of information

� Lack of complete information causes frustration

� At least provide a way to obtain complete information

– Timeliness of information

� Stale information = non-returning Web site visitor

� Perception of timeliness varies with type of information

� If you’re not going to have time to update it regularly, don’t put time-contextual information on your site


� Information Exchange Sites

– Transmission Security (i.e. SSL Certificate)

� Authentication = Web site is who they say they are

� Data Transmission Encryption = Protect data transmitted between browser and Web server

– Server Security

� Intrusion Protection = protection from hackers/attacks

� Standing Data Encryption = Protect data while it is sitting on the server


� Customer Facing Sites

– Branding and Identity

� Web site is often the “first impression”

� An unprofessional Web site = unfavorable impression

– Usability and Consistency

� To allow for wide range of customer technology usage

� Good intuitive design reduces customer frustration and results in lower level of support calls

– Customer Privacy

� Web site Privacy Policy – manage expectations

� You MUST live up to the policy you publish

– Expect 24/7 Activity and Plan Accordingly


� Business Partner Facing Sites

– Communication & Collaboration

� Make sure you understand what your business partner’s needs are, success depends on BOTH parties getting value from the site


� Make sure that the functionality you provide matches the business process you’re trying to support

– Integration into back-end systems

� Must be done carefully to ensure integrity of data

� Business process controls must be put in place to prevent system abuse or unintentional errors

– Provide clear lines for Support and Escalation


� Community Sites

– Focus on the Community and its Members

� What need in the community is being served?

� Why would someone come to the site?

� Why would someone continue to participate in the site?

– Moderation of Site Content

� Clear Terms of Use and Appropriate Conduct Policies

� Monitor site for abuse/violations

� However, “Big Brother” syndrome can kill the site

– Member Privacy

� Web site Privacy Policy – manage expectations

� You MUST live up to the policy you publish

Risks of eRisks of eRisks of eRisks of e----CommerceCommerceCommerceCommerce

� Financial Loss

– Cost of contacting affected customers

– Fines / Damages

– Credit reports for affected customers

– Repayment of customer losses

� Loss of ability to handle credit card transactions

� Loss of Credibility and Future Business

� Imprisonment

– possible when there is gross negligence

Information Risks and Losses are IncreasingInformation Risks and Losses are IncreasingInformation Risks and Losses are IncreasingInformation Risks and Losses are Increasing

� 2008 CSI/FBI Computer Crime and Security Survey2008 CSI/FBI Computer Crime and Security Survey2008 CSI/FBI Computer Crime and Security Survey2008 CSI/FBI Computer Crime and Security Survey

– Greatest source of financial loss

� Financial Fraud moved to the top in 2007

– Displaced Viruses, which has been top for last 7 yrs

� Financial Fraud stayed at the top in 2008

– Average loss per respondent: $463,100

� 2007 Losses relevant to e-Commerce

� $21,174,750 – Financial Fraud

� $6,875,000 - System penetration by outsider

� $6,365,900 - Other Web site related



� ID Theft is fastest growing crime in the nation

– Expected to overtake drug trafficking

– 19 people become new victims every minute

– Bureau of Justice Statistics

� 2004 = 7.2 million victims

� 2006 = 10 million victims

Source: Identity Theft Resource Center

Extrapolated 2008 = 13.9 million victims


Hawaii was 25th in ID Theft instances per Capita in 2005

Overview of Compliance RequirementsOverview of Compliance RequirementsOverview of Compliance RequirementsOverview of Compliance Requirements

� If you are selling to a customer in another nation or state you generally must comply with the laws of their place of residence

– International Laws

– Federal Laws

– State Laws

� If you accept credit/debit cards you must comply with PCI DSS

– Payment Card Industry Data Security Standards

– Processing online transactions increases your compliance requirements


� Federal Requirements– Freedom of Information Act 1966

– Privacy Act 1974

– Electronic Freedom of Information Act 1996

– Gramm-Leach-Bliley Act

– Health Insurance Portability and Accountability Act (HIPAA)

– Children’s Online Privacy Protection Act (COPPA)

� California: SB 1386

� European Union– EU Directive 95/46/EC

– EU Directive 2002/58/EC


� Hawaii’s ID Theft Laws

– Act 135: Notification of Security BreachesAct 135: Notification of Security BreachesAct 135: Notification of Security BreachesAct 135: Notification of Security Breaches

�Went into effect January 1, 2007

– Act 136: Secured Disposal of PIIAct 136: Secured Disposal of PIIAct 136: Secured Disposal of PIIAct 136: Secured Disposal of PII

�Went into effect January 1, 2007

– Act 137: SSN Use ProhibitionsAct 137: SSN Use ProhibitionsAct 137: SSN Use ProhibitionsAct 137: SSN Use Prohibitions

�Went into effect July 1, 2007



� Hawaii’s ID Theft Laws

– Internal Costs

� $197 per compromised record2007 estimate by Ponemon Institute

(per Journal of Accountancy, January 2009)

– State Penalties

�Up to $2,500 for EACH violation/record

– Additional Costs

� Liability to injured parties for actual damages sustained


� 12 PCI DSS Requirements– Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

– Protect Cardholder Data

3. Protect stored data

4. Encrypt transmission of cardholder data and sensitive information across public networks

– Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications


� 12 PCI DSS Requirements– Implement Strong Access Control Measures

7. Restrict access to data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

– Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

– Maintain an Information Security Policy

12. Maintain a policy that addresses information security

You Must Protect Your DataYou Must Protect Your DataYou Must Protect Your DataYou Must Protect Your Data

� Businesses have a duty to protect their customer’s data

– Fiduciary Duty

– Legal Duty

� Businesses can fulfill these duties by

– Understanding the risks

– Assessing your exposure

– Take action to reduce exposure/manage risks

� Internal: Implementing controls to safeguard data

� External: Select vendors that maintain compliance

– Monitoring compliance

Basic Outline of a Web Site InitiativeBasic Outline of a Web Site InitiativeBasic Outline of a Web Site InitiativeBasic Outline of a Web Site Initiative

Phases in a Web Site Project Plan

1. Vision

2. Design

3. Build

4. Test

5. Deploy

6. Maintenance

7. Refine Design

8. Repeat from phase 3


Vision Design

Build Test Deploy

MaintenanceRefinement


� Vision Phase

– What will the site look like when you’re done with it (focus on long term, end-point goal)

� Section/Content Map – what will be on the site?

� Functionality – what does the site have to do?

� Phases – building iteratively allows you to get something out there sooner and get feedback

– What is the purpose of the site at each phase?

� May drive what sections/content/functionality the site has at each phase

� Identify critical path, dependent site elements


� Design Phase

– Create one primary design that can fit each phase but also accommodate your entire vision

� Web site design is different from print, make sure your Graphic Designer knows how to design for Web

� Make sure your Graphic Designer knows the phases so that they can ensure that the design can stand alone at each phase

� Before finalizing the design, make sure that the Web Developer (the person building the site) has reviewed the design and is able to implement it in HTML

– Survey other Web sites (especially those of competitors) to see what you like/don’t like


� Design Phase (continued)

– Determine your technology and hosting options

� Technology: HTML, PHP, Java, .Net, Flash, etc.

� Hosting: in-house, outsourced

– Remember to look at the long term functionality and integration to back-end systems needed

� Select the technology that will best support integration in the long term

� Select the hosting platform that will support the technologies you plan to use and that will be able to support the integration that may be needed later

– Work with a marketing/branding specialist to create or carry your brand to the Web


� Build Phase

– Convert the design into an actual Web Template

� Identify the skills needed for the project

– Web Design = visual elements, graphics, fonts, etc.

– Web Development = HTML, application programming

– Database Development = database programming and data exchange/integration

� Identify the browsers and versions that the Web site will need to support (and you will need to test)

– Internet Explorer, Netscape, Firefox, Chrome, Safari,

– Browser types: desktop, mobile

– Work with a Search Engine Optimization (SEO) specialist� Each search engine has different criteria – SEO is a specialization and requires constant monitoring to maintain ranking


� Build Phase (continued)

– Develop the content for the site

� This is not the job of the Web Designer or Developer!

� Writing for Web is different from writing a report or on paper

– Take into account shorter reader attention span

– Allow for screen size and scrolling

� Identify graphics and other visual elements to include

� Identify things that should be linked

– Either internally to another page on your site

– Or externally to another Web site

� Remember to obtain copyrights or permission for any material that you do not own


� Build Phase (continued)

– Place content into Web Template

� Can be done graphically by Web Designer then transferred to HTML by Web Developer

� Or can be done by Web Developer if simple

– Develop functionality for the site

� Primarily done by a Web Developer

– Flash and other non-programming tasks may be done by a Web Designer

� Use “use cases” to describe the functionality that you want the site to have and what you want the user experience to be like


� Test Phase

– Review the completed Web site for content completeness, accuracy, correctness, and performance

� Check EVERY page to ensure that the display of content doesn’t distort the design

� Overall proofread for spelling, grammar, etc.

� Check that images are displaying correctly and at the correct size

� Make sure all links open to the correct sites and in the correct window (e.g. same or new)

� Check that pages load within a reasonable amount of time


� Test Phase (continued)

– Test that the site functions as expected

� Develop scenarios for different things that Web site visitors may try to do and walk through each scenario or combination of scenarios

� Verify that any data that is presented is being drawn from the right source(s) and displayed correctly

� Verify that totals and other computed elements of pages are being computed correctly

� Verify that data being submitted through the site is captured correctly

– And fed into the appropriate back end systems

� Test that security is being properly enforced

– Test user/URL spoofing and other common exploits


� Deploy Phase

– Prepare for go-live

� Setup the necessary DNS entries with your domain manager/hosting provider

� Determine a cut over/go-live date

– Remember that it can take up to 48 hours for DNS changes to propagate through the Internet

� On the go-live date, make sure the following people are available for unforeseen circumstances

– Web Developer to address any unforeseen errors in functionality

– Hosting provider staff to address any potential system issues

– Launch the site


� Maintenance Phase

– Monitor site usage

� Page hits, visitors, length of stay

� User logins and use of functionality

– Monitor search engine placement

� Does content need to be adjusted? Work with your SEO specialist to refine as necessary

– Keep content fresh and accurate to keep people coming back

– A Web site is like a living thing…it needs constant feeding and attention to keep it current and relevant


� Refinement Phase

– Revisit vision and design based on site usage and feedback

– Make adjustments to design and/or functional specifications as necessary

– Revisit phases and determine if anything needs to be changed, added, removed

– Determine what should be built next

– Develop the detailed design

– Pass it to the Web Development Team to build

Basic Outline of a Web Site Initiative Basic Outline of a Web Site Initiative Basic Outline of a Web Site Initiative Basic Outline of a Web Site Initiative ---- PhasesPhasesPhasesPhases

Vision Design

Build Test Deploy

MaintenanceRefinement

Basic Outline of a Web Site Initiative Basic Outline of a Web Site Initiative Basic Outline of a Web Site Initiative Basic Outline of a Web Site Initiative ---- RolesRolesRolesRoles

� Marketing Strategist

– Branding

– Social Web

� Graphic Designer

� Copy Writer

� SEO Specialist

- - -

� Content Manager

� Promotions Manager

� Information Analyst

� Technology Strategist

– Platform/Integration

– Functionality

� Project Manager

� Web Developer

� Database Developer

� Quality Control Analyst

- - -

� System Manager

� Data Analyst

Project

Roles

Operations

Roles

Web Site Initiative SummaryWeb Site Initiative SummaryWeb Site Initiative SummaryWeb Site Initiative Summary

� Figure out the objective(s) of your Web site

� Develop a strategy for achieving the business objectives of the Web site

– Leverage Marketing & Technical Experts

– Balance short-term and long-term value

� Establish or carry your brand to the site

� Build the site in stages—iterate to success

� Keep the site current and relevant to keep your audience engaged

– Leverage the “Social Web” to extend your reach

IIIINTRAPRISENTRAPRISENTRAPRISENTRAPRISETTTTECHECHECHECHKKKKNOWLOGIESNOWLOGIESNOWLOGIESNOWLOGIES LLCLLCLLCLLC

Feedback and questions are welcome

Donny C. Shimamoto, CPA.CITP

[email protected]

(808) 735-8324

Thank you for yourThank you for yourThank you for yourThank you for yourattention and participation!attention and participation!attention and participation!attention and participation!