E-commerce, Security, and Ethics

(10.1) Ecommerce concepts

Background

• had to have a browser(95) 

• World Wide Web (made in 91) set universal standards 

• E-commerce mid to late 90s didn’t take off til 2000’s

Features

•  ubiquity - always there all the time 

• global reach - it can be accessed at any time any place as long as you have internet connection

• Standards - set of universal standards 

• Richness - information that is complex (videos)

• Interactivity - we can have back and forth conversations 

• Info density - volume of information 

• Personalization - everyone can have a different experience styled to them specifically 

• SoCial tech -social media and can promote user content

Digital markets 

• reduce info asymmetry - buyer and the seller has the same information

• Reduce menu, search, & transaction costs - costs like with printing a new menu when prices update, search & transaction costs are lower bc you don’t need a person to do it 

• Enable price discrimination, dynamic pricing, and disintermediation - can base prices off of income of area, prices can change any second, 

• Cause delayed gratification - have to wait for product for convience

Digital goods 

• digital goods - a food itself that is delivered electronically over the internet 

Features 

• Costs lower - all costs with digital units are in the first unit, so everything else is inexpensive, don't have to store it anywhere so don't need staff, no delivery costs, marketing about the same

(10.2)Business and revenue models 

• types of e-commerce

  • B2C - a business to consumer 

  • B2B - business to business, they sell goods and services to each other (biggest one) 

  • C2C - consumer to consumer, 

• Business models - an abstraction of how you create wealth, how are you creating value for the customer in the thing that you do

  • e-tailer -  selling a physical good to a customer online

  • content provider - selling any kind of information like movies, articles, magazines, etc.

  • transaction broker -find you options for products (like houses or cars) and present you those options

  • market creator -  like a flea market, they provide the space to bring buyers and sellers together, in e-commerce would be like Etsy 

  • online service provider - provides a service like taxes (turbo tax)

  • community provider - online meet up spaces like Facebook, and you can make money off of it

  • portal - jumping off point onto the internet 

• Revenue modules - how are we generating revenue and creates profit 

  • unit sales - get it directly from distributors

  • subscription model - a recurring expense and continuing access to it (Spotify)

  •  advertising - stickiness (what sticks) most widely used revenue for e-commerce

  • fees / commissions - a flat rate paid for a service or access to it

  • Affiliate pricing - people get paid for linking a product

  • freemium - basic version is free but you have to pay for the better stuff

(10.3).  E-commerce & Marketing

• Internet effects

  • New ads formats - we have search, banner, and pop-up ads that we didn’t have before 

  • Long tail marketing - ability of firms to market goods profitability to very small online audiences, largely because of the lower costs of reaching very small market segments

•  Goals of marketing on social media 

  • leverage of influence - ex. Someone posting about a new car so people buy it

  •  target shared interests - ex. Groups 

  • influence - timelines, newsfeed, collaborative 

• Shopping 

  • social e-commerce - use of social networks to share knowledge about items of interest to other shoppers and, increasingly, to enable purchases directly via the social network 

  • wisdom of crowds - two heads are better than one mindset, belief that large numbers of people can make better decisions than one person

  • crowd sourcing - uses large internet audiences for advice, market feedback, new ideas, and solutions to business problems; allowing anyone to make a solution and pick the best one (ex. Doritos Super Bowl ad)

  • Behavioral targeting - tracking online behavior of individuals so we can understand & market to you better 

  • Cookies - small text files that allow this 

    •  allows for:

1. Personalized content 

2. Programmatic ad buying

3. Native ad (seems natural)

(10.4).  B2B E-commerce

• Electronic data interchange (EDI) -  enables the computer-to-computer exchange of standard transactions such as invoices, bills of lading, shipment schedules, or purchase orders, between two organizations

• New ways of B2B 

  • private networks - typically consist of a large firm using a secure website to link to its suppliers and other key business partners 

  • B2B market prices - provide a single, digital marketplace based on internet technology for many buyers and sellers 

  • exchanges - independently owned 3rd party B2B e-commerce marketplaces that connect thousands of suppliers and buyers for spot purchasing

(10.5).  M-commerce

•  m-commerce - involves the sales of goods and services via mobile devices, such as smartphones, tablets, and wearables

  • Areas of growth 

    • mass marketing retailing 

    • sales of digital content 

    • in-apps sales on mobile devices 

• Areas of application 

  • location-based services (geo social) - include geo social, geo advertising, and geo info. services

    • geosocial services - can tell you where friends are meeting 

• banking & finance  

  • mobile app payment systems - use mobile apps to replace credit cards and traditional banking services

  •  near - field communication (NFC) - driven systems enable NFC-enabled smartphones and other mobile devices to make contactless payments (Apple pay, google pay, etc)

  • QR Code payment systems - use a contactless payment method, its initiated by scanning a QR (quick response) code using a mobile app not the payers smartphone (Walmart pay)

  • Peer to peer (P2P)  payment systems - used for transferring money among individuals who have installed a proprietary app (Venmo or Zelle)

(8.1) chapter 8 - Security 

Reasons IS are vulnerable

• concepts 

  • security - those policies and measures that are used to prevent unauthorized access, alteration, or theft to your system 

  • controls - whatever policies we have that secures or ensures the safety of our assets 

• categories of vulnerability 

  • hardware & software -  dry hard to make secure with it being $

  • disasters - natural disasters that could harm our systems

  • mobile - more on the go data accessibility the higher the chances that you may lose it, drop it, or it may get stolen

  • interact/networks -all our devices are connected to a network, meaning that anyone anywhere could get into the system

  • wireless - much easier to hack the wireless network

• malicious software (malware)

  • malware - software that is written with the purpose to do harm

  • categories

    •  virus - designed to attach themselves to a specific file typically destroys files(get it from someone who already has it)

    • worm - spreads automatically installs itself once and looks for other computers to infect (replicates themselves)

    • Trojan - malicious programs that disguise themselves as something helpful but instead harms the computer (drive by download)

    •  spyware - loaded onto system that watches what you do

    • key logger-keeps track of what you do

    • ransomeware - unauth. access, hold info. hostage until pay

• cybercrime & cyber vandalism

  • hacker - unidentified person who gets unauthorized  access to someone info.

  • cyber vandalism - wants to create a scene or statement

  • botnet - have infected devices do an action together (like flood Ticketmaster for fake requests for purchases

  • Distributed denial-of-service attack (DDoS) - attack that uses numerous computers to inundate and overwhelm a network from many launch points 

  • cyber crime - trying to make money off of hacking efforts

  • ransomware - get unauthorized access to system and hold information hostage until you pay me for new passwords (org)

  •  identity theft -gets enough of your personal info. pretend to be you and spend money in your name

  •  spoofing - pretend to be someone else

  •  phishing - sending an email trying to get people to give them their personal info.

  • pharming - trying to get you to a website that is similar to the one you wanted but isn’t, trying to get your personal information

  • sniffing - easier to tap into wireless and uses a software to intercept signals and extract information

  • evil twin - looks like legitimate wireless network but it is not

•  internal threats - biggest threats, own employees

•  social engineering - biggest threat is employees, let them in because it’s nice or it looks ok

• software bugs - issues with security

(8.2) Business value of security 

• increased vulnerability due to:

  •  amount of data 

  • access to private info

  • security breach effects 

• electronic evidence & computer forensics

  • electronic evidence - information stored off transmitted in digital format that can be used as proof in legal proceedings like emails, documents, social media posts, and more

  • computer forensics - the scientific collection, examination, authentication, preservation, and analysis of electronically stored information (ESI) in such a way that the new info can be used aes evidence in a court of law

4/10 Online Classwork

(8.3)  Risk assessment and security policy

• Informations systems controls - both manual and automated and consist of general and application controls

  • general controls - overall control environment governing the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure 

  • software controls - monitor the use of system software and prevent the unauthorized access and use of software programs, systems software, and computer programs 

  • Hardware controls - ensure that computer hardware is physically secure and check for equipment malfunction

  • computer operations controls - oversee the work of the computer department to ensure that programmed procedures are consistently and correctly applied to the storage and processing of data 

  • data security controls - ensure that the valuable business files are maintained internally or by an external hosting service are not subject to unauthorized access, change, or destruction while they are in use or storage

  • implementation controls - audit the systems development process at various points to ensure that the process is properly controlled and manages 

  • administrative controls - formalized standards, rules, procedures, and control disciplines to ensure that the organization’s general and application controls are properly executed and enforced

• application controls - specific controls unique to each application that ensure that only authorized data are completely and accurately processed by that application

  • input controls - check data for accuracy and completeness when the data enters the system

  • processing controls - establish that data are completely and accurately processed during updating 

  • Output controls unique- ensure that the results of computer processing are accurate, complete, and properly distributed 

• Risk assessment - determine the level of risk to a firm if a specific activity or process is not properly controlled 

• Security policy - consists of statements ranking information risks -  identifying acceptable security goals, and identifying the mechanisms for achieving these goals 

• Acceptable use policy (AUP) - acceptable uses of the firms information resources and computing equipment and specifics consequences for noncompliance  (laptops, cell phones, and the internet) 

• Disaster recovery planning - devises plans for the restoration of disrupted computing and communications after they have been disrupted 

• Business continuity planning - focuses on how the company can restore business operations after a disaster strikes 

• Information systems audit - examines the firm’s overall security environment as well as the controls governing individual information systems

Worst passwords list answer this question :

• why are passwords so commonly used if they aren’t particularly effective? 

• Passwords are still comply used because they offer a simple and familiar way to protect information, they are also easy to implement, cost effective, and provide at least a basic level of security

(8.4)  Tools, encryption, system availability

• watch the figure 8.3 video on public key encryption in the textbook and complete the quick check objective in 8.4

• STOP AT PAGE 299 (securing transactions with blockchain)

• Identify and access management (IAM) - software that automates the process of keeping track of all these users and their system privileges, assigning each user a unique digital identity for accessing each system 

  • Zero trust - cybersecurity framework based on the principle of maintaining strict access controls and not trusting anyone or anything by default, even those behind a corporate firewall

  • Least privilege access - no user should have access to system resources beyond what is absolutely necessary to fullfill that user’s specified tasks 

  • Authenticaiton - the ability to know that people are who they claim to be 

  • Passwords - a word or number used for authenticating users so that they can access a resource 

  • Security token - a physical device that is designed to prove the identity of a single user 

  • Smart card - a device, shaped like a card, that contains a chip formatted to access permission and other data 

  • Biometric Authenticaiton - uses systems that read and interpret individual human traits, like face ID, finger prints, or voices, to grant or deny access 

• Multifactor authentication (MFA) - tools that increase security by validating users via a multistep process

  • Two-factor authentication - a subset of MFA that requires two credentials 

Firewalls, intrusion detection, and preservation systems, and anti-malware software 

• Firewalls - prevent unauthorized users from accessing private networks 

  • Static packet filtering - examines selected fields in the headers of data packets flowing back and forth between the trusted network and the internet, examining individual packets in isolation

  • Stateful inspection - provide additional security be determining whether packets are part of an ongoing dialogue between a sender and receiver

  • Network Address translation (NAT) - can provide another layer of protection when static packet filtering and stateful inspection are employed

  • Applicaiton proxy filtering - examines the application content of packets 

Intrustion detection and prevention systems 

• Intrustion detection systems (IDS)- tools to monitor the most vulnerable points in a network to detect and deter unauthorized intruders 

• Intrusion prevention system (IPS) - system that has all the functionality of IDS & can take steps to prevent and block suspicious activites 

• Anti-maleware software - software designed to detect, and often eliminate, malware from an information system 

• Unified threat management - comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software

Encryption and public key infrastructure  

• Encryption - the process of transforming plain text or data into cipher text that can’t be read by anyone other than the sender and the intended receiver

• Transport layer security (TLS) - enables client and server computers to manage encryption and decryption activities as they communicate with each other during a secure web session 

• HTTPS - secure version of HTTP protocol that uses TLS for encryption and authentication

• Public key encryption - encryption using two keys: one shared or public and one private 

• Digital certificates - method of establishing the identity of users and digital assets 

• Public key infrastructure (PKI) - the use of public key encryption working with a CA, is now widely used in e-commerce 

(4.1)  IS & Ethics 

• Tech trends that affect ethics 

  • Doubling of computing power - computer processors have gotten more powerful and cheaper as we begin to rely on them

  • Cheap data storage - since it is so inexpensive, we store basically everything forever 

  • Better network - can access information from anywhere

  • Increased use of mobile - can track location and the things you do 

  • Better data analysis (profiling) - as computer process we have better analysis that can tell us more, (profiling - storing info about you specifically) 

  • AI - no human data, judgement of data deciding if things have been taken too far (causing most ethical issues)

(4.2)  Ethical Principles 

• Concepts 

  • responsibility - someone accepts the obligations and rights for whatever decisions have been made 

  • Accountability - the ability and mechanisms in place to figure our who is responsible 

  • Liability - if there are damages from the decisions that are made, we can find a way to recover any damages done 

  • Legal - permissible conduct by the government standards

  • Ethics - principles of right and wrong that guide a persons behavior 

  • Morals - society and culture where you are raised and learn 

  • Ethical dilemma - no clear cut right or wrong, you are forced to take an action 

  • Analysis - response determined by:

    • Basic ethical structure - basic values and culture you were raised on 

    • Ethical principles 

      • Golden rule - do unto others as you would have them do unto you 

      • Categorical imperative - if an action is not right for everyone it is not right for anyone 

      • Rule of change - “slippery slope” if an action can’t be taken repeatedly then it can’t be taken at all

      • Utilitarian - you take the action that creates the greatest good 

      • Risk of aversion - create the outcome that creates the least harm

      • “No free lunch” - everything belongs to somebody and they are going to get paid 

(4.3)  IS Challenges

3 types of IS Challenges 

• Information rights 

• Property right and bligatios

• Quality of life issues 

Information rights 

• Privacy - the right to be left alone free from surveillance and interference (very easy to be invaded now)

• 1st amendment - freedom of speech (kind of covers it)

• 4th amendment - protect from the government searching and invading 

• Privacy act - what the gov can and cannot do with your information 

  • Fair information practices 

  • HIPAA - health informaiton privacy 

  • FERPA - education privacy 

  • COPPA - childrens online protection (what info websites and collect on kids)

  • FCRA - Fair credit reporting act (what financial institutions can do with infos)

  • GDPR - european union law

• IS Challenges 

  • Cookies - small text files that get put on you devices to put some essential info in it to recognize you the next time you login 

  • Spyware - monitoring online behavior without knowledge 

  • Google services/ behavioral targeting - google has rights to your information

  • AI 

  • Facial recognition

  • Regulation 

    • Self recognition via:

      • Privacy systems 

      • Opt in vs. opt out - opt in is stronger for protecting the consumers privacy 

        • Informed consent 

• Tech solutions to info being shared 

  • Email encryption 

  • Anonymity tools

  • “private “ browsing 

  • Cookie managers

  • Ad blockers 

• Property rights 

  • Intellectual property - intangible creative work 

  • IP Categories 

    • Copyright - covers the expression of an idea (books, movies, etc.) lasts as long as the life of the creator plus 70 years, just mark it as copyright and show you created it (nowhere to file) you have to be your own copyright police 

    • Patent - cover an invention, good for 20 years, file for it with US office of patent and trade 

    • Trademark - any identifying word, phrase, or symbol that identifies your work, lasts as long as the company protects it (forever, in propertuity), file for it 

    • Trade secret - an intellectual work product that is distinct to whatever you do “secret recipe”

• IS Challenges 

  • Digital works are easy to alter, replicate, and distribute 

  • Difficult to establish uniqueness 

  • Generative ai - calls employment into question since its taking jobs, very unclear who actually owns it

• Legislation 

  • 1998 DMCA - (digital millennium copyright act) put restrictions on what certain things are held accotnable for 

    • 1909 copyright act 

    • Fair use doctrine - can’t show things in class since its copyrighted but can show for education purposes not profit 

(4.4)  Quality of Life

• System of quality - can never be perfect 

  • What is an acceptable level? - cna never be 100% so we try to get as high as possible but is a constant battle due to updating technology 

    • Problems include:

      • Software bugs

      • Hardware failures 

      • Poor data input quality 

• Accountability and control 

  • Who is responsible? - how to find out who is accountable for whatever the unethical mistake or bug is 

  • Computer crime (illegal) vs. computer abuse (unethical, like spam) 

  • Spam - unsolicited emails or texts that is an overwhelming amount 

• Quality of life 

  • Dependence and vulnerability - the more we use and depend on technology, the more we are vulnerable to it 

  • Balancing power 

  • Equity and access - “digital divide” - a difference in people’s materials and accessibility to technology (such as high speed internet)

  • Boundaries - with increase in accessibility to work materials what are the boundaries of work/home life 

  • Employment - evolving tech is putting people out of jobs 

  • Health risks - Health issues that come with technology being used everyday and not everyone knows them (carpal tunnel, arthritis, eye strain, vision issues)