Chapter 12 - Accounting and Information Systems Department
Download
Report
Transcript Chapter 12 - Accounting and Information Systems Department
Chapter 12
Electronic
Commerce
Systems
COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star logo, and SouthWestern are trademarks used herein under license
1
Objectives for Chapter 12
Topologies that are employed to achieve connectivity across
the Internet
Protocols and understand the specific purposes served by
several Internet protocols
Business benefits associated with Internet commerce and be
aware of several Internet business models
Risks associated with intranet and Internet electronic
commerce
Issues of security, assurance, and trust pertaining to
electronic commerce
Electronic commerce implications for the accounting
profession
Internet Technologies
Packet switching
messages are divided into small packets
each packet of message takes different route
Virtual private network (VPN)
a private network within a public network
you may connect to UTEP via a VPN
Extranets
password controlled network for private users – often outside
the company, but includes trading partners (vendors &
customers)
World Wide Web
an Internet facility that links users locally and globally
Internet addresses
e-mail address
URL address
IP address
What is E-Commerce?
The electronic processing and
transmission of business data
electronic buying and selling of goods and
services
on-line delivery of digital products
electronic funds transfer (EFT)
electronic trading of stocks
direct consumer marketing
electronic data interchange (EDI)
the Internet revolution
Benefits of E-Commerce
Access to worldwide customer and/or
supplier base
Reductions in inventory investment and
carrying costs
Reductions in procurement costs
Better customer service
Rapid creation of business partnerships to fill
emerging market niches
Reductions in retail prices through lower
marketing costs
5
Risks Associated with
E-commerce
6
General Concerns
Data Security: Are stored and transmitted data
adequately protected?
Business Policies: Are policies publicly stated
and consistently followed?
Privacy: How confidential are customer and
trading partner data?
Business Process Integrity: How accurately,
completely, and consistently does company
process its transactions?
7
Intranet Risks
Intercepting Network Messages
sniffing: interception of user IDs, passwords,
confidential e-mails, and financial data files
Accessing Corporate Databases
connections to central corporate databases increase
risk that data will be viewed, corrupted, changed, or
copied by employees
Uncontrolled Expansion
ill-conceived network decisions create serious threat
8
Internet Risks to Businesses
IP Spoofing: masquerading to gain access to
Web server and/or to perpetrate unlawful act
without revealing one’s identity
Technology Failures: disruption caused by
hardware failure causes e-business to lose
customer credibility and sales revenues
Malicious Programs: viruses, worms, logic
bombs, and Trojan horses pose threats to both
Internet and Intranet users
9
DOS Attack
Receiver
Sender
Step 1: SYN messages
Step 2: SYN/ACK
Step 3: ACK packet code
In a DOS Attack, the sender sends hundreds of messages, receives the
SYN/ACK packet, but does not response with an ACK packet. This leaves the
receiver with clogged transmission ports, and legitimate messages cannot be
received.
Controls
11
Network Control
Objectives
establish communications session
between sender and receiver
manage flow of data across network
detect errors in data caused by line
failure or signal degeneration (static)
detect and resolve
data collisions between
competing nodes
12
POLLING METHOD OF CONTROLLING DATA COLLISIONS
SLAVE
MASTER
Locked
Locked
SLAVE
WAN
Polling Signal
SLAVE
Data Transmission
Locked
SLAVE
The “master” polls “slave” sites to determine if they have data to transmit.
If a slave responds in affirmative, Master locks network while data are transmitted.
Allows priorities to be set for data communications across the network
Token
Ring
Central Files
Server
Node
Local Files
Node
Local Files
Contains data
Empty token
Node
Local Files
Carrier Sensing
Random access technique that detects collisions
when they occur (stepping out in traffic)
Widely used--found on Ethernets.
Node wishing to transmit “listens” to line to determine if it is
in use. If line is busy, it waits a pre-specified amount of time
(seconds) to transmit.
Collisions occur when two nodes listen, hear no messages
transmitting, and then simultaneously begin transmitting.
Data collides and two nodes are instructed to hang up and
try again.
Disadvantage: Becomes a problem as network traffic
increases. Line may not be used optimally when multiple
nodes are trying to transmit simultaneously.
15
Encryption Techniques
In general --Private Key (less secure)
Public Key (more secure)
16
Data Encryption
Private Key
Company A
Cleartext
Message
Encryption
Program
Ciphertext
Communication
System
Company B
Cleartext
Message
Encryption
Program
Ciphertext
Communication
System
17
Public Key Encryption
Two keys
Sender encodes message with Public key
Recipient decrypts with Private key
After encryption, Sender cannot decrypt
Company A
Company B
18
E-Commerce Security:
Digital Authentication
Digital signature: electronic authentication
technique that ensures that transmitted message
originated with authorized sender and that it was
not tampered with after the signature was applied
Digital certificate: like an electronic
identification card that is used in conjunction with
a public key encryption system to verify
authenticity of the message sender
E-Commerce Security:
Firewalls
Firewalls - software and hardware that provide
focal point for security by channeling all network
connections through controlled gateway
Network level firewalls - low cost/low security access
control. Uses screening router to its destination. This
method does not explicitly authenticate outside users.
Hackers may penetrate system using an IP spoofing
technique.
Application level firewalls - high level/high cost
customizable network security. Allows routine services
and e-mail to pass through, but can perform
sophisticated functions such as logging or user
authentication for specific tasks.
20
Assurance
“Trusted” third-party organizations offer
seals of assurance that businesses can
display on their Web site home pages:
BBB
TRUSTe
Veri-Sign, Inc
ICSA
AICPA/CICA WebTrust
AICPA/CICA SysTrust
Implications for Accounting
Privacy violation
major issues:
a stated privacy policy
consistent application of stated privacy policies
what information is the company capturing
sharing or selling of information
ability of individuals and businesses to verify and
update information on them
1995 Safe Harbor Agreement
establishes standards for information transmittal
between US and European companies
Implications for Accounting
Audit implication for XBRL
taxonomy creation: incorrect taxonomy
results in invalid mapping that may cause
material misrepresentation of financial data
validation of instance documents:
ensure that appropriate taxonomy and tags
have been applied
audit scope and timeframe: impact on
auditor responsibility as a consequence of
real-time distribution of financial statements
Implications for Accounting
Continuous process auditing
auditors review transactions at frequent
intervals or as they occur
intelligent control agents: heuristics that
search electronic transactions for anomalies
Electronic audit trails
electronic transactions generated without
human intervention
no paper audit trail
Implications for Accounting
Confidentiality of data
open system designs allow mission-critical
information to be at the risk to intruders
Authentication
in e-commerce systems, determining the
identity of the customer is not a simple task
Nonrepudiation
repudiation can lead to uncollected revenues
or legal action
use digital signatures and digital certificates
Implications for Accounting
Certification authority (CA) licensing
trusted 3rd party vouches for identity
Data integrity
determine whether data has been
intercepted and altered
Access controls
prevent unauthorized access to data
Changing legal environment
provide client with estimate of legal exposure
Protocols
27
Protocol Functions
Facilitate physical connection between
network devices.
Synchronize transfer of data between
physical devices.
Provide basis for error checking and
measuring network performance.
Promote compatibility among network
devices.
Promote network designs that are
flexible, expandable, cost-effective. 28
Internet Protocols
Transfer Control Protocol/Internet Protocol
(TCP/IP) - controls how individual packets of data
are formatted, transmitted, received
Hypertext Transfer Protocol (HTTP) - controls
web browsers – not the same as HTML
File Transfer Protocol (FTP) - used to transfer
files across Internet
Simple Network Mail Protocol (SNMP) - e-mail
Secure Sockets Layer (SSL) and Secure
Electronic Transmission (SET) - encryption
schemes
29
HTML: Hyper Text Markup
Language
Format used to produce Web pages
Defines page layout, fonts, and graphic elements
used to lay out information for display in an appealing
manner like one sees in magazines and newspapers
using both text and graphics (including pictures)
appeals to users
Hypertext links to other documents on the
Web
Even more pertinent is HTML’s support for hypertext
links in text and graphics that enable the reader to
‘jump’ to another document located anywhere on World
Wide Web.
XML: eXtensible Markup
Language
XML is meta-language for describing markup
languages.
Extensible means that any markup language can
be created using XML.
Includes creation of markup languages capable of
storing data in relational form, where tags
(formatting commands) are mapped to data values
can be used to model the data structure of an
organization’s internal database
Comparing HTML and XML
XBRL: eXtensible Business
Reporting Language
XBRL is an XML-based language for standardizing
methods for preparing, publishing, and exchanging
financial information, e.g., financial statements.
XBRL taxonomies are classification schemes.
Advantages:
Business offer expanded financial information to all
interested parties virtually instantaneously.
Companies that use XBRL database technology can
further speed the process of reporting.
Consumers import XBRL documents into internal
databases and analysis tools to greatly facilitate their
decision-making processes.
Networks
34
Local Area Network (LAN)
Computers located close together (in
same building/campus) linked together to
share data/software/hardware
Physical connection of workstations to LAN is
achieved through network interface card
(NIC)
Server stores network operating system,
application programs, and data to be shared.
35
Topologies
36
Star Topology
Network of workstations with large
central computer (host)
Host computer has direct
connections to workstations
All communications must go
through host computer. Can do local
processing even if host is down.
37
Star Network
Topeka
St. Louis
Local Data
Local Data
Kansas
City
Tulsa
Central Data
Dallas
Local Data
Local Data
Ring Topology
Configuration eliminates central site.
All nodes are of equal status (peers).
Responsibility for managing
communications is distributed among
nodes.
Common resources shared by all nodes
can be centralized/managed by file server
that is also node.
39
Ring
Topology
Central
Files
Server
Local
Files
Local
Files
Local
Files
Local
Files
Local
Files
Bus Topology
Nodes are all connected to common
cable - the bus.
Communications and file transfers
between workstations are controlled by
server.
Generally less costly to install than ring
topology.
41
Bus Topology
Print Server
Node
Node
Local Files
Local Files
Node
Server
Local Files
Central
Files
Node
Local Files
Node
Local Files
Client-Server Topology
This configuration distributes the
processing between user’s (client’s)
computer and central file server.
Both types of computers are part of
network, but each is assigned functions
that it best performs.
This approach reduces data
communications traffic, thus reducing
queues and increasing response time.
Client-Server Topology
Client
Data Manipulation
Capabilities
Client
Data Manipulation
Capabilities
Server
Record
Searching
Capabilities
Client
Data Manipulation
Capabilities
Common
Files
Client
Data Manipulation
Capabilities
Client
Data Manipulation
Capabilities
Wide Area Network (WAN)
WAN is network dispersed over wider
geographic area than LAN. Typically
requires use of:
gateways to connect different types LANs
bridges to connect same type LANs
WANs may use common carrier facilities
telephone lines or Value Added
Network (VAN).
45
WAN
Bridge
LAN
LAN
Gateway
Gateway
LAN
LAN
Gateway
Electronic Data
Interchange (EDI)
Exchange of business transaction
information:
between companies
in standard format
via computerized information system
In “pure” EDI systems, human involvement is
not necessary to approve transactions. (Very
few pure EDI systems.)
47
EDI System
Our Company
Wal-Mart
Application Purchases
Software System
Sales Order
System
EDI
Translation
Software
Communications
Software
EDI
Translation
Software
Direct Connection
Application
Software
Direct
Connection for
Many
Transactions
Communications
Software
Other
Mailbox
Wal-Mart’s
mailbox
VAN
Other
Mailbox
Our Company’s
mailbox
VAN for Few
Transactions
Advantages of EDI
Reduction or elimination of data entry
Reduction (not elimination) of
errors
paper
paper processing and postage
inventories (via JIT systems)
49
50