7/30/2019 62_Yearly Q&A

1/18

P a g e | 1

1. Define e-commerce. Name any two areas which are reasons of worry in e-commerce.E-commerce, in the popular sense, can be defined as: the use of the Internet and the Web to conduct business transactions. A mo re

technical definition would be: e-commerce involves digitally enabled commercial transactions between and among organizations

and individuals.

Some reasons of worrying in e-commerce are:

several areas of security and safety against fraud taxation and state controls2. Explain the concept of Commerce and e-commerce. / How is commerce and e-commerce related?

Commerce is normally associated with the buying and selling of items. Commerce is one of the oldest activities of human beings and

the concept of traders selling and buying items is a part of history. Markets are a common place where the buyers and sellers meet

along with their products. Money is also an essential part of the market place. The concept of money, we have several concept of

banking, various methods of representing and transferring money like cheques, MOUs, Draft etc.

The key element of e-commerce is information processing. Every stage of commerce, except of route production of goods and their

physical delivery can be automated. The tasks that can be automated include information gathering, processing, and manipulation

and information distribution.

3. What are the categories of operations under e-commerce? Explain./Explain different operations carried out in e-commerce.

/Name a few operations performed by e-commerce. Explain.

/List the various activities carried out in E-Commerce.

The following are the categories of operation that come under e-commerce:

Transactions between a supplier/a shopkeeper and a buyer or between two companies over a public network like theservice provider network (like ISP).

Transactions with the trading partners or between the officer of the company located at different locations. Information gathering needed for market research. Information processing for decision making at different levels of management. Information manipulation for operations and supply chain management. Maintenance of records needed for legal purposes, including taxation, legal suits etc. Transactions for information distributions to different retailers, customers etc. including advertising, sales and marketing.4. List any three basic needs of consumer oriented e - commerce? Explain.

Three basic needs of consumer oriented e-commerce are:

Standard business practices and processes for buying and selling of products as well as services need to be established. Easy to use and well accepted software and hardware implementations of the various stages of e-commerce like order

taking, payment, delivery, after sales interactions etc. need to be established.

Secure commercial and transport practices that make the parties believe that they are not at the mercy of anybody else forthe safety of their information and goods need to be in place.

5. What is the role of encryption in e-commerce? Explain./What is the role of encryption in data transfer?

The success or failure of an e-commerce operation hinges on the security of data transmissions and storage. Data security has taken

on heightened importance since a series of high-profile "cracker" attacks have humbled popular Web sites, and the misuse of creditcard numbers of customers at business-to-consumer e-commerce destinations. Security is on the mind of every e-commerce

entrepreneur who solicits, stores, or communicates any information that may be sensitive if lost. An arms race is underway:

technologists are building new security measures while others are working to crack the security systems. One of the most effective

means of ensuring data security and integrity is encryption.

6. List and explain the various encryption techniques.There are three basic encryption methods: hashing, symmetric cryptography, and asymmetric cryptography. People use encryption

to change readable text, called plaintext, into an unreadable secret format, called ciphertext. Encrypting data protects the

confidentiality of a message and ensures that messages have not been altered during transit and verifying the identity of the sender.

7/30/2019 62_Yearly Q&A

2/18

P a g e | 2

Hashing Encryption

It creates a unique, fixed-length signature for a message or data set. Since a hash is unique to a specific message, even minor

changes to that message result in a dramatically different hash, thereby alerting a user to potential tampering. Once the data is

encrypted, the process cannot be reversed or deciphered.

Symmetric Methods

Symmetric cryptography, also called secret-key cryptography. The term "private key" comes from the fact that the key used to

encrypt and decrypt data must remain secure because anyone with access to it can read the coded messages. A sender encodes a

message into ciphertext using a key, and the receiver uses the same key to decode it.

Asymmetric Forms

Asymmetric or public key cryptography uses two keys, a "private" key and a "public key," to perform encryption and decryption.

The use of two keys overcomes a major weakness in symmetric key cryptography, since a single key does not need to be securely

managed among multiple users.

7. What is Cryptography?Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries).

More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and which are related to

various aspects in information security such as data confidentiality, data integrity, authentication, and non -repudiation. Applications

of cryptography include ATM cards, computer passwords, and electronic commerce.

8. What is movie on demand? Name any two concepts of TV based home entertainment.It is possible for a user to select a movie/CD online and make his cable operator play the movie exclusively for him, against payment.

Payment can be either online/ billed to his account. This is the concept ofmovie on demand.

Two concepts ofTV based home entertainment are:

Movie on Demand Playing interactive games online or after downloading9. List the activities of banking system for business.

/List any three basic banking activities?

/List the banking services.

/Which are the basic Banking services under E - Commerce?

The basic banking activities are:

Checking his accounts statements Round the clock banking (ATM) Payment of bills etc. Fund transfer and Updating of pass books etc.10. What is E-Banking? Explain.

Online banking (or Internet banking or E-banking) allows customers of a financial institution to conduct financial transactions on a

secure website operated by the institution, which can be a retail or virtual bank, credit union or building society. It may include of

any transactions related to online usage

11. Explain in detail the e-commerce architecture./Explain the architecture frame work of e-commerce?

/List the six layers of E-Commerce architecture.

The electronic commerce application architecture consists ofsix layers of functionality, or functionality, or services:

i. applications;ii. brokerage services, data or transaction management

iii. interface and support layersiv. secure messaging, security, and electronic document interchangev. middleware and structured document interchange

vi. network infrastructure and basic communications services

7/30/2019 62_Yearly Q&A

3/18

P a g e | 3

Electronic Commerce Application Services:This layer of e-commerce will be comprised of existing and future applications built on the innate architecture.

Three district classes of electronic commerce applications can be distinguished; customer-to-business, business-to-business, and

intra-organization.

Information Brokerage and Management:This layer provides service integration through the notion of information brokerages, the development of which is necessitated by

the increasing information resource fragmentation.

Interface and Support Services:This will provide interfaces for electronic commerce applications such as interactive catalogs and will support directory services

functions necessary for information search and access.

Secure Messaging and Structured Document Interchange Services:Messaging is the software that sits between the network infrastructure and the clients or electronic commerce applications, masking

the peculiarities of the environment.

Middleware Services:It is the ultimate mediator between diverse software programs that enables them talk to one another.

Transparency:Transparency implies that users should be unaware that they are accessing multiple systems. Transparency is essential for dealing

with higher-level issues than physical media and interconnection that the underlying network infrastructure is in charge of.

12. Explain block diagram depicting electronic commerce architecture./Explain the three stages of e-commerce architecture on web?

The architecture is made up ofthree primary entities:

client browser Web server third-party services

The client browser usually interacts with the WWW server, which acts as an intermediary in the interaction with third-party services

7/30/2019 62_Yearly Q&A

4/18

P a g e | 4

13. What are the four types of purchases?The four types of purchase are:

Specifically planned purchases: The need was recognized on entering the store and the shopper bought the exact itemplanned.

Generally planned purchases: The need was recognized, but the shopper decided in-store on the actual manufacturer ofthe item to satisfy the need.

Reminder purchases: The shopper was reminded of the need by some store influence. This shopper is influenced by in-store advertisements and can substitute products readily.

Entirely unplanned purchases: The need was not recognized entering the store.14. Name two stages of commerce that cannot be automated.

Two stages of commerce that cannot be automated are:

production of goods their physical delivery15. Significance of WWW on e-commerce

Electronic commerce depends on the unspoken assumption that computers cooperate efficiently for seamless information sharing.

Unfortunately, this assumption of interoperability has not been supported by the realities of practical computing.

The Web community of developers and users is tackling these complex problems. So the WWW is significant to e-commerce.

16. List four advantages of Internet for E - Commerce. It allows people from all over the world to get connected inexpensively and reliably. It is a global collection of networks, connected to share information using a common set of protocols. It allows businesses to showcase and sell their products and services online and gives potential customers, prospects, and

business partners access to information about these businesses and their products and services that would lead to

purchase.

Lower costs involved than previous methods. And it is based on open standards.17. Which is the key element of e-commerce?

The key element of e-commerce is information processing.

18. What are the security threats to E-commerce?The security threats to e-commerce are:

Intellectual property threats -- use existing materials found on the Internet without the owner's permission, e.g., musicdownloading, domain name (cybersquatting), software pirating

Client computer threats Trojan horse Active contents Viruses

Communication channel threats Sniffer program Backdoor Spoofing Denial-of-service

Server threats Privilege setting Server Side Include (SSI), Common Gateway Interface (CGI) File transfer Spamming

19. What are the desirable characteristics of e-commerce?The desirable characteristics of e-commerce are:

Standard business practices and processes for buying and selling of products as well as services need to be established. Easy to use and well accepted software and hardware implementations of the various stages of e-commerce like order

taking, payment, delivery, after sales interactions etc. need to be established.

Secure commercial and transport practices that make the parties believe that they are not at the mercy of anybody else forthe safety of their information and goods need to be in place.

7/30/2019 62_Yearly Q&A

5/18

P a g e | 5

20. What is EDI?EDI is defined as the interprocess communication (computer application to computer application) of business information in a

standardized electronic form. In short, EDI communicates information pertinent for business transactions between the computer

systems of companies, government organizations, small businesses, and banks.

21. Explain the four layers of EDI architecture and list the benefits of EDI (tangible).EDI architecture specifies four layers:

the semantic ( or application ) layer the standards translation layer the packing ( or transport) layer the physical network infrastructure layer

The EDI semantic layerdescribes the business application that is driving EDI.

To facilitate the transfer of computer files between two trading partners requires that the computer applications of both sender

and receiver use a compatible format for EDI document exchange. When the trading partner sends a document, the EDI translation

software converts the proprietary format into a standardmutually agreed on by the processing systems.

The EDI documents are more structured than e-mail and typically are manipulated or processed more than e-mail messages by the

sending and receiving software.

Benefits of EDI:

Reduced paper-based systems Improved problem resolution and customer service Expanded customer/supplier base Ability to exchange huge amounts of data in a fast and effective manner to speed up business processes22. Explain, how information flows with EDI?

7/30/2019 62_Yearly Q&A

6/18

P a g e | 6

Information flows through EDI via the following steps:

Step1: Buyers computer sends Purchase Order to sellers computer. Step2: Sellers computer sends Purchase Order Confirmation to buyers computer. Step3: Sellers computer sends Booking Request to transport companys computer. Step4: Transport companys computer sends Booking Confirmation to sellers Computer. Step5: Sellers computer sends Advance Ship Notice to buyers computer. Step6: Transport companys computer sends status to sellers computer. Step7: Buyers computer sends Receipt Advice to sellers computer. Step8: Sellers computer sends Invoice to buyers computer. Step9: Buyers computer sends Payment to sellers computer.23. Explain EDI business application layer with a diagram.

The working of Edi business layer application can be described with the following diagram:

And the preparation processes followed by the application process are:

24. What is EDI and electronic fund transfer (EFT)?Electronic Funds Transfer (EFT) is the automatic transfer of funds among banks and other organizations.

This was achieved by traditional EDI before but nowadays rapid transactions and processing are required so Open EDI is preferred.

7/30/2019 62_Yearly Q&A

7/18

P a g e | 7

25. What is the need for open EDI? Explain.The increased interest in open EDI is a result of dissatisfaction with traditional EDI. The big difference between the traditional EDI

model and the needs of today is that business today has a much larger component of rapid project based partnerships that are

created and dissolved in time scales too small to permit a full-blown standards process to play out its consensus building.

Open EDI facilitates revisions and aids in more speedy agreement on a final version.

26. Explain any four components of EDI implementation?/List the different layers of EDI implementation.

The different layers of EDI implementation are:

Common EDI standards dictate syntax and standardize on the business language. Translation software sends messages between trading partners, integrates data into and from existing computer

applications, and translates among EDI message standards.

Trading partners are a firms customers and suppliers with whom business is conducted. Banks facilitate payment and remittance. EDI Value Added Network services (VANs). Proprietary hardware and networking if it is a hub company.27. What is an Electronic Purse? Who is liable if an EDI network fails to deliver the message?

Banks, credit card companies, and even government institutions are racing to introduce electronic purses which are wallet-sized

smart cards embedded with programmable microchips that store sums of money for people to use instead of cash.

It is not decided as yet who will be liable if an EDI network fails to deliver the message.

28. What are the disadvantages of VANs for EDI?The disadvantage of EDI enabling VANs is that they are slow and high priced, charging by the number of characters transmitted.

With connect time and mailbox charges factored in, companies incur charges of many thousands of dollars.

29. List the main costs of VAN./Describe the VAN pricing system.

VANs bill in various ways for services rendered.

Account Start-UP CostsOpening an account with a VAN incurs start-up costs as well as other variable costs such as mailbox/network fees. The networkusage fee is a flat monthly rate that applies, whether or not the services are used.

VAN Usage or Variable CostsVANs charge session fees based on their services. Unlike the postal service, which charges only to send a letter, most VANs charge to

both send and receive data. The customer pays according to volume of usage. Usage is defined as the number of transactions sent

and received by the customer or the trading partner.

Interconnect CostsA company that exchanges EDI data with a trading partner that subscribes to a different VAN will pay a VAN interconnect fee. Most

VANs offer interconnects, but they often charge monthly fees for using them and may have other charges as well.

30.

What is value added networks (VAN)? Explain the functions of VAN.A VAN is a communications network that typically exchanges EDI messages among trading partners. It also provides other services,

including holding messages in electronic mailboxes, interfacing with other VANs and supporting many telecommunications modes

and transfer protocols.

VAN works much like residential personal mailboxes, and it allows everybody involved to be flexible and cost-effective. It acts as

middlemen between companies, They have allowed companies to automatically and securely exchange purchase orders, invoices,

and payments

7/30/2019 62_Yearly Q&A

8/18

P a g e | 8

31. Explain the legal and security aspects of EDI./What are the issues of EDI in Connection with security & privacy? Explain.

The legal, security and privacy aspects of EDI are:

Legal Status of EDI MessagesThere has been considerable debate concerning the legal status of EDI messages and electronic messages in general. No rules exist

that indicate how electronic messages may be considered binding in business or other related transactions.

Digital Signatures and EDIMessages are being time-stamped by digital signatures. If digital signatures are to replace handwritten signatures, they must havethe same legal status as handwritten signatures. The digital signature provides a means for a third party to verify that the notarized

object is authentic. They should have greater legal authority than handwritten signatures.

32. How does digital signature works?/Explain digital signature technique.

Integrity and authentication are ensured by the use of digital signatures.

Digital signatures: relationship of keysBecause of the mathematical relationship between the public and private keys, data encrypted with either key can only be

decrypted with the other. This allows the sender of a message to encrypt it using the senders private key.

Digital signatures: using message digestsWhen combined with message digests, encryption using the private key allows users to digitally sign messages. The recipient of the

digital signature can be sure that the message really came from the sender. And the recipient can be sure that the message was not

changed after the message digest was generated.

33. What is digital signature? Explain its importance in E-commerce.When combined with message digests, encryption using the private key allows users to digitally sign messages. Digital signatures are

a means by which messages might be time-stamped or digitally notarized to establish dates and times at which a recipient might

claim to have had access or even read a particular message.

Importance of digital signature:

Merchant authentication is ensured by the use of digital signatures

7/30/2019 62_Yearly Q&A

9/18

P a g e | 9

The recipient of a digitally signed message can be sure that the message really came from the sender. The recipient can alsobe sure that the message was not changed after the message digest was generated.

It is a way to digitally notarize messages to establish dates and time.34. Can the digital signature fully replace handwritten signature? Explain.

If digital signatures are to replace handwritten signatures, they must have the same legal status as handwritten signatures. The

digital signature provides a means for a third party to verify that the notarized object is authentic.

For instance, if a ten-page contract is signed by hand on the tenth page, one cannot be sure that the first nine pages have not been

altered. If the contract was signed by digital signatures, however, a their party can verify that not one byte of the contract has beenaltered.

35. What are the desirable characteristics of an electronic marketplace?Desirable characteristics of electronic marketplace are:

Critical mass of buyers and sellers.The trick is getting a critical mass of corporations and consumers to use electronic mechanisms.

Opportunity for independent evaluations and for customer dialogue and discussion.In the marketplace, not only do users buy and sell products or services, they also compare notes on who has the best

products and whose prices are outrageous.

Negotiation and bargaining.No market place is complete if it does not support negotiation.

36. Give the desirable characteristics of e-marketing.(Seamless connections / market place interacts / settling disputes)

Desirable characteristics of e-marketing:

A minimal size of the placeObviously for any such place to thrive there is a critical size, below which it is not profitable to operate.

A scope for interactionsInteractions include trial runs of the products, classifications of doubts on the part of the customers, details of after sales

services, ability to compare different products and of course scope for negotiations and bargaining.

Scope for designing new products.The customer need not buy only what is available. He can ask for modifications, upgradations etc. The supplier must be able

to accept these.

A seamless connection to the marketplace.It is obvious that each customer will be operating with a different type of computer, software, connectivity etc. This should

not be a hindrance.

Recourse for disgruntled usersThere should be a standard recourse to settle such disputes.

37. Describe the mercantile models from the merchants perspective. (List the OMCs generic steps)The order-to-delivery cycle from the merchants perspective has been managed with an eye toward standardization and cost. This is

the Order Management Cycle. OMC has the following generic steps:

Order Planning and Order GenerationThe business process begins long before an actual order is placed by the customer.

Cost Estimation and PricingPricing is the bridge between customer needs and company capabilities. Order Receipt and Entry

After an acceptable price quote, the customer enters the order receipt and entry phase of OMC.

Order Selection and PrioritizationCustomer service representatives are also often responsible for choosing which orders to accept and which to decline.

Order SchedulingDuring the ordering scheduling phase the prioritized orders get slotted into an actual production or operational sequence.

7/30/2019 62_Yearly Q&A

10/18

P a g e | 10

Order Fulfillment and DeliveryDuring the order fulfillment and delivery phase the actual provision of the product or service is made.

Order Billing and Account / Payment ManagementAfter the order has been fulfilled and delivered, billing is typically handled by the finance staff, who view their job as getting the bill

out efficiently and collecting quickly.

Post-sales ServiceThis phase plays an increasingly important role in all elements of a companys profit equation: customer value, price, and cost.

38. Explain mercantile models from the consumer's perspective. (Name three broad phases of consumers perspective)The business process model from a consumers perspective consists of seven activities that can be grouped into three phases: pre-

purchase phase, purchase consummation, and post-purchase interaction.

The pre-purchase preparation: searching and discovering product comparison of products based on various attributes negotiating terms

The purchase consummation: placing order authorizing payment receiving product

The post-purchase interaction phase includes customer service and support to address customer complaints, productreturns, and product defects.

7/30/2019 62_Yearly Q&A

11/18

P a g e | 11

39. What are the three types of electronic tokens? Explain. (Compare and contrast push and pull based supply chainmanagement)

Electronic tokens are the form of electronic cash/money or checks. Electronic tokens are designed as electronic analogs of various

forms of payment backed by a bank or financial institution. Simply stated, electronic tokens are equivalent to cash that is backed by

a bank.

Electronic tokens are of three types:

Cash or real-time.Transactions are settled with the exchange of electronic currency.

Debit or prepaid.Users pay in advance for the privilege of getting information.

Credit or postpaid.The server authenticates the customers and verifies with the bank that funds are adequate before purchase.

40. What is Supply Chain Management (SCM)? Explain main categories of SCM in detail.Supply chain management (SCM) is an integrating process based on the flawless delivery of basic and customized services. Simplyput, SCM optimizes information and product flows from the receipt of the order, to purchase of raw materials, to delivery and

consumption of finished goods.

There are two primary models of supply chain management: push versus pull. These models contain three primary elements:

Logistics and distribution (integrated logistics). Integrated marketing and distribution: Agile manufacturing.

7/30/2019 62_Yearly Q&A

12/18

P a g e | 12

Push based vs. pull passed SCM

41. What are the two approaches of virtual organization?Two major approaches are used to form virtual organizations: downward and lateral.

Downward networking is initiated by a large, vertically integrated company seeking to reduce its overhead by outsourcing.

The lateral approach is observed in small, specialized firms that, in the interest of seeking strategic alliances, form partnerships

along a value added chain.

7/30/2019 62_Yearly Q&A

13/18

P a g e | 13

42. Mention some hacking techniques.

43. Explain the SEPP in detail./Describe the (SEPP) Secure Electronic Payment Protocol.

IBM, Netscape, GTE, Cybercash, and mastercard have cooperatively developed SEPP- an open, vendor-neutral, nonproprietary,

license free specification for securing on-line transactions.

There are several major business requirements addressed by SEPP.

To enable confidentiality of payment information

To ensure integrity of all payment data transmitted. To provide authentication that a cardholder is the legitimate owner of a card account. To provide authentication that a merchant can accept mastercard, branded card payments with an acquiring member

financial institution.

SEPP is the electronic equivalent of the paper charge slip, signature, and submission process. SEPP takes input from the negotiation

process and causes the payment to happen via a three-way communication among the cardholder, merchant, and acquirer.

44. Give categories of consumers.In general, consumers can be categorized into three types:

Impulsive buyers, who purchase products quickly. Patient buyers, who purchase products after making some comparisons. Analytical buyers, who do substantial research before making the decision to purchase products or services.

7/30/2019 62_Yearly Q&A

14/18

P a g e | 14

45. Name any four issues addressed by e-payment systems./List the various issues in e-payment system.

/ Describe the steps involved in designing electronic payment systems.

Issues addressed by e-payment systems are:

PrivacyA user expects to trust in a secure system.

SecurityA secure system verifies the identity of two-party transaction through user authentication and reserves flexibility to restrictinformation / service through access control.

Intuitive interfaceThe payment interface must be as easy to use as a telephone.

Database integrationWith home banking, for example, a customer wants to play with all his accounts. To date, separate accounts have been stored on

separate databases. The challenge before banks is to tie these databases together and to allow customers access to any of them

while keeping the data up-to-date and error free.

BrokersA network banker someone to broker goods and services, settle conflicts, and facilitate financial transactions electronically

must be in place.

PricingOne fundamental issue is how to price payment system services.

StandardWithout standards, the welding of different payment users into different networks and different systems is impossible.

46. What are the risks in Electronic payment system? Explain.One essential challenge of e-commerce is risk management. Operation of the payment systems incurs three major risks: fraud or

mistake, privacy issues, and credit risk.

Risks from Mistake and Disputes Consumer Protection: All systems need to keep the records of the consumers safe.

Managing Information PrivacyThe electronic payment system must ensure and maintain privacy.

Managing Credit RiskCredit or systemic risk is a major concern in net settlement systems because a banks failure to settle its net position coul d lead to a

chain reaction of bank failures.

47. What is e-cash? Give the properties of e-cash.Electronic cash (e-cash) is a new concept in on-line payment systems because it combines computerized convenience with security

and privacy that improve on paper cash. E-cash focuses on replacing cash as the principal payment vehicle in consumer-oriented

electronic payments.

Specifically, e-cash must have the following four properties: monetary value interoperability retrievability security.48. What are the normal constraints put on e-cash?

The normal constraints put on e-cash are:

A validity limit the more amount that can be stored more no. of exchanges no. of exchanges within a time period.

7/30/2019 62_Yearly Q&A

15/18

P a g e | 15

49. What are the characteristics of SCM? An ability to source raw material or finished goods from anywhere in the world. A centralized, global business and management strategy with flawless local execution. On-line, real-time distributed information processing to the desktop, providing total supply chain information visibility. The ability to manage information not only within a company but across industries and enterprises. The seamless integration of all supply chain processes and measurements, including third-party suppliers, information

systems, cost accounting standards, and measurement systems.

The development and implementation of accounting models such as activity-based costing that link cost to performanceare used as tools for cost reduction.

A reconfiguration of the supply chain organization into high performance teams going from the shop floor to seniormanagement.

50. What are security strategies and list the security tools.There are basic security strategies that can be utilized to combat the threats:

access to control integrity confidentiality authentication

SECURITY TOOLS

Secure transport stacks KERBEROS UNIX SECURITY PASSWORD SECURITY SYSTEM51. What are the basic types of physical data security and threats to data?

Types of physical data security:

Data integrity Data availability

The threats to data are:

Active threats Passive threats52. What is non-repudiation?

Non-repudiation is the fact that a person cannot deny after having sent / received a message.

53. List the four basic goals of electronic security.The four basic goals of electronic security are:

Privacy Integrity Authentication Availability54. Explain reason for information security?

The requirements of information security in an organization have undergone major changes in the last several decades.

In an enterprise network, the security of an entire network can, in principle, be compromised by a single penetrable host. The

generic name for the collection of tools designed to protect data is computer security.

The second major change that affects security is the introduction of distributed systems and the use of networks and

communication facilities for transporting data between the user and computer (client and server) and between computers. Network

security measures are needed to protect data during its transmission.

Computer and network security can be defined as the protection of network-connected resources against unauthorized disclosure,

modification, utilization, restriction, incapacitation, or destruction. Security is needed for both external and internal threats. It

requires physical and administrative controls, as well as automated tools.

7/30/2019 62_Yearly Q&A

16/18

P a g e | 16

55. Security threats.Some of the threats that stimulated the upsurge of interest in security include the following.

Organized and internal attempts to obtain economic or market information from competitive organizations in the privatesector.

Organized and intentional attempts to obtain economic information from government agencies. Inadvertent acquisition of economic or market information Inadvertent acquisition of information about individuals Intentional fraud through illegal access to computer repositories including acquisition of funding data, economic data, law

enforcement data, and data about individuals. Government intrusion on the rights of individuals Invasion of individuals rights by the intelligence community.56. UNIX security.

Secure transport is of little use if the host from which the transmission originates can be broken into the credit card file or other

financial files can be stolen. UNIX provides various built-in security features, such as user passwords, file access, directory access, file

encryption, and security on password files. This is UNIX security.

57. Password Security System.Passwords are the most widely used security measure in existence today. Passwords and password information files are often the

target for many attackers. Once an attacker has obtained a password, there is little or no controlling what damage may be done or

what proprietary information could be leaked out.

One-time passwords: One time passwords provide greater security because they can only be used once, and then are nolonger valid. This is accomplished via an authentication scheme.

Smart Cards: A smart card is a portable device that contains some nonvolatile memory and a microprocessor. This cardcontains some kind of and encrypted key that is compared to a secret key contained on the users processor.

58. Explain secure socket layer. (SSL)The secure socket layer (SSL) protocol developed by Netscape communications is a security protocol that provides privacy over the

Internet. The protocol allows client/server applications to communicate in a way that data transmissions cannot be altered or

disclosed. Servers are always authenticated and clients are exchanged algorithms and hardware tokens. The strength of SSL is that it

is application independent.

59. What is the need for standardization? Explain.The biggest barrier to electronic trade is having all the pieces work together so that information can flow seamlessly from onesource to another. This requires standardization. On the corporate side, companies need compatible EDI software and network

services in order to send electronic purchase orders, invoices, and payments back and forth. This is achieved through Seamless

interface.

60. What are the three ways in which payment through credit cards can be made over the net? Explain.We can break credit card payment on on-line networks into three basic categories:

Payments using plain credit card detailsThe easiest method of payment is the exchange of unencrypted credit cards over a public network such as telephone lines or the

Internet.

Payments using encrypted credit card detailsIt would make sense to encrypt our credit card details before sending them out.

Payment using third party verificationOne solution to security and verification problems is the introduction of a third party; a company that collects and approves

payments from one client to another.

61. Explain horizontal & vertical organization with the help of a diagram./What is the main difference between horizontal and vertical organization?

The traditional approach views the organization as a collection of vertical departments or business units.

The vertical organization

7/30/2019 62_Yearly Q&A

17/18

P a g e | 17

The vertical approach to corporate management poses two problems to smooth operations. First, it creates boundaries that

discourage employees in different departments from interacting with one another. Second, departmental goals are typically set in a

way that could cause friction among departments.

The vertical organization allows gaps to exist between employees from different departments and lacks a channel to facilitate

interaction and communication.

Finally, three key ingredients are missing from the vertical organizations chart: The product, the process, and the customer.

Operating in a fast changing environment without a clear picture of such components, it would be difficult for top management to

run a business effectively.

The Horizontal OrganizationThe structure of a horizontal organization is two-tiered instead of multilayered, as seen in vertical organizations: a core group of

senior management responsible for strategic decisions and policies, and a stratum of employees in process teams. The objective of a

horizontal structure is to change the staffs focus from coordinating and reporting to improving flow managements and work quality

and increasing value for customers.

The principal goal of horizontal management is to facilitate the smooth transition of intermediate products and services through its

various functions to the customer. This is achieved by empowering employees, improving communication, and eliminating

unnecessary work.

62. What should be covered in the policy?The following is a list of topics that should be covered in the policy.

What guidelines you have regarding resource use What might constitute abuse Whether users are permitted to share accounts or let others use their accounts How users should keep their passwords secret How often users should change their passwords and any password restrictions or requirements. Restrictions on disclosure of information that may be proprietary. Statement or electronic mail privacy. Policy on electronic communications, mail forging, and so on. The organizations policy concerning controversial mail or postings to mailing lists or discussion groups.63. What is order selection? Explain.

Customer service representatives are also often responsible for choosing which orders to accept and which to decline. In fact , not all

customer orders are created equal; some are simply better for the business than others. This is order selection and prioritization.Companies that put effort into order selection and link it to their business strategy stand to make more money.

64. Why are information brokerages and management needed? Explain with an example.Information brokerages are needed for three reasons:

comparison shopping reduced search costs and integration

Today, many on-line information providers are moving to a consumer services model, where they provide not only inexpensive

access but lots of free information.

65. On what factors can negotiations take place?Negotiations take place:

over money over terms and conditions over delivery dates over evaluation criteria66. List the advantages of Internet.

Advantages of internet:

Flat pricing cheap access common standards secure

7/30/2019 62_Yearly Q&A

18/18

P a g e | 18

67. Explain software agent and middleware.Software agent is an encapsulation of users instructions.

Middleware is a mediator between diverse application programs that talk to each other.

68. What are the two desirable properties in any e-transaction?The two desirable properties in any e-transaction are:

anonymity security69. What is IP spoofing and Telnet?

IP spoofing is a tool that intruders use to take over an open terminal and login connections after they get root access.

Telnet enables users to log in to remote computers.

70. Explain the basic principle of keyboards.The basic principle of keyboards is that it provides authentication to messages in an open network.

71. What is meant by integrity (integration) of data? What is the encryption algorithm on which SSL depends?The specifications must guarantee that message content is not altered during the transmission between originator and recipient. It

means that the contents should not get changed.

SSL depends on the RSA algorithm

72. What are the seven major business requirements addressed by SET (Secure Electronic Transaction)?Seven major business requirements addressed by SET:

Provide for confidential payment information and enable confidentiality of order information that is transmitted withpayment information

Ensure integrity for all transmitted data Provide authentication that a buyer is a legitimate user of a branded (e.g. Visa, Master Card, American Express) bankcard

account.

Provide authentication that a merchant can accept bank card payments through its relationship with an appropriatefinancial institution.

Ensure the use of the best security practices and design techniques to protect all legitimate parties in an electroniccommerce transaction.

Ensure the creation of a protocol that is neither department on transport security mechanisms no prevents their use. Facilitate and encourage interoperability across software and network providers.73. What is the purpose of Kerberos?

Kerberos provides an authentication means in an open (unprotected) network. Kerberos performs authentication under these

conditions as a trusted third party authentication service by using conventional (shared-secret key) cryptography.

74. What does ATM stands for?ATM stands for Automated Teller Machine.