6 Jun 2013

E-COMMERCE EBAY

MENU IN EBAY WEBSITE











HOW TO BUY A PRODUCT IN EBAY


1. Sign In


2. choose the category (ex : fashion women's)


3. Page of fashion women


4. Choose the product that you will buy


5. Choose the colour, size and etc. and klik "buy" button


6. The information of product Prize, shipping. delivery estimate etc. 


7. Payment




E-COMMERCE EBAY


         The company manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide. In addition to its auction-style sellings, the website has since expanded to include "Buy It Now" standard shopping, Changing Traditional Methods  of Consumption people can connect to others in faraway geographical  locations Sellers and buyers do not have to know each other, nor do  they need to meet physically Hardly any negotiations on item prices, buyers pay what  they can afford (winning price on an auction) A huge community that enables all members to trade items.

Information management system  maintenance: 22-hour outage that  occurred in June 1999, costing $5  million in lost revenue and driving the  company’s share value down 26% in  five days
·         Protecting  sellers
possibility of default by the sellers  Feedback rating system, eg. “PowerSeller” means the seller  have maintained a 98% positive feedbacks and provided a high level of service to the buyers  SafeHarbor: eBay’s “comprehensive safety resource and protective arm”: dedicated to preventing and rectifying fraud,  monitoring the types of items being sold, and investigating  trading offenses. Bidding histories allow buyers to evaluate his or her ‘competition’ by listing the other users interested in that  particular item.

·         Protecting buyers
defaulting buyers, or “deadbidders”
buyer collaboration, bidding history
SafeHarbor, to report suspicious bidders

·         Protecting eBay itself
Take down unethical sellers (low price, high shipping cost  to avoid final value fee)
More than 114 million registered users, need to protect  confidential information from hacking activities
spoofing attempts, has to invoke Digital Millennium  Copyright Act


www.ebay.com
www.wikipedia.com
Santy Arlieza Wijayanti
C1L011021


30 Mei 2013

Encryption and Decryption


Encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can. In an encryption scheme, the message or information (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable ciphertext (ibid.). This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Any adversary that can see the ciphertext should not be able to determine anything about the original message. An authorized party, however, is able to decode the ciphertext using a decryption algorithm, that usually requires a secret decryption key, that adversaries do not have access to. For technical reasons, an encryption scheme usually needs a key generation algorithm to randomly produce keys.
There are two basic types of encryption schemes:  Symmetric key and public key encryption. In symmetric-key schemes, the encryption and decryption keys are the same. Thus communicating parties must agree on a secret key before they wish to communicate. In public-key schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key and is capable of reading the encrypted messages. Public-key encryption is a relatively recent invention: historically, all encryption schemes have been symmetric-key (also called private-key) schemes.

Encryption has long been used by militaries and governments to facilitate secret communication. It is now commonly used in protecting information within many kinds of civilian systems. For example, the Computer Security Institute reported that in 2007, 71% of companies surveyed utilized encryption for some of their data in transit, and 53% utilized encryption for some of their data in storage. Encryption can be used to protect data "at rest", such as files on computers and storage devices (e.g. USB flash drives). In recent years there have been numerous reports of confidential data such as customers' personal records being exposed through loss or theft of laptops or backup drives. Encrypting such files at rest helps protect them should physical security measures fail. Digital rights management systems which prevent unauthorized use or reproduction of copyrighted material and protect software against reverse engineering (see also copy protection) is another somewhat different example of using encryption on data at rest.

Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks.

Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature. Standards and cryptographic software and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single slip-up in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption. See, e.g., traffic analysis, TEMPEST, or Trojan horse.

One of the earliest public key encryption applications was called Pretty Good Privacy (PGP). It was written in 1991 by Phil Zimmermann and was purchased by Symantec in 2010.

Digital signature and encryption must be applied at message creation time (i.e. on the same device it has been composed) to avoid tampering. Otherwise any node between the sender and the encryption agent could potentially tamper it. It should be noted that encrypting at the time of creation only adds security if the encryption device itself has not been tampered with.



Strengths
The private keys used in symmetric-key cryptography are robustly resistant to
brute force attacks. While only the one-time pad, which combines plaintext with a
random key, holds secure in the face of any attacker regardless of time and computing
power, symmetric-key algorithms are generally more difficult to crack than their publickey
counterparts. Additionally, secret-key algorithms require less computing power to be
created than equivalent private keys in public-key cryptography.

Weaknesses
The biggest obstacle in successfully deploying a symmetric-key algorithm is the
necessity for a proper exchange of private keys. This transaction must be completed in a
secure manner. In the past, this would often have to be done through some type of faceto-
face meeting, which proves quite impractical in many circumstances when taking
distance and time into account. If one assumes that security is a risk to begin with due to
the desire for a secret exchange of data in the first place, the exchange of keys becomes
further complicated .
Another problem concerns the compromise of a private key. In symmetrickey
cryptography, every participant has an identical private key. As the number of
participants in a transaction increases, both the risk of compromise and the consequences
of such a compromise increase dramatically. Each additional user adds another potential
point of weakness that an attacker could take advantage of. If such an attacker succeeds
in gaining control of just one of the private keys in this world, every user, whether there
are hundreds of users or only a few, is completely compromised.






References 
www.csc.villanova.edu
www.wikipedia.com


Santy Arlieza Wijayanti
C1L011021



16 Mei 2013

Management Information Systems : Assigment Related data used Microsoft Acces






Group Members :
Indah Purnamasari Eroika      C1L011007
Handhika Tiyakusuma           C1L011010
Parama Anisa Fajariko          C1L011016
Santy Arlieza Wijayanti         C1L011021





4 Apr 2013

CASE STUDY QUESTION FROM CHAPTER 8 SECURING INFORMATION SYSTEMS




 CASE:



  1. What management, organization, and technology factors were responsible for McAfee’s software problem?
  2. What was the business impact of this software problem, both for McAfee and for its customers?
  3.  If you were a McAfee enterprise customer, would you consider McAfee’s response to the problem be acceptable? Why or why not?
  4. What should McAfee do in the future to avoid similar problems? 
 
ANSWER:

1.       Management Factor which causing the McAfee’s software is when the test simulation     were done, management didn’t run these for windows XP with service pack 3. Users using the McAfee Virus Scan were using Widows XP service pack 3 and the viruse scan version 8.7, these affected to faulty update download.

Organization Factor is when the staff didn’t work efficiently. McAfee update  the virus scan that was intended to deal with the new virus named ‘w32/wecorl.a”. but the company doesnt detect the problem that this virus could make itself appears as the name svchost.exe, which a windows file that is critical to PC’s performance.

Technology problem is without the svchost.exe, windows can’t boot properly. McAfee determined that the majority of affected machines were using windows XP  service pack 3 combined with MCAfee Virus scan 8.7. they also noted that  the “Scan Process on Enable” opyion of virus scan, off by default in most Virus scan installation, was turned on in the majority of effected computers.

 

2.      The business impact is the reputation to the McAfee company was dropped. Besides that, the customer also get the impact because the users’ computer were crippled or totally not functional.

 

3.      If i were an enterprise customer, I would consider McAfee’s response to the problem is not be acceptable. Because the slipup caused the system becomes unsecured. McAfee also makes a mistake that without the svchost.exe, windows can’t boot properly. Virus scan users applied the update, tried rebooting their systems, and were powerless to act as their systems went haywire, repeatedely rebooting, losing their network capabilities and their ability to detect USB drivrs, which is the only way of fixing affected computers.

 

4.     
They should implement the additional QA protocols for any releases that directly impact critical system files. McAfee is also rolling out additional capabilities in Artemis that will provide another level of protection against false positives by leveraging an expensive whitelist of critical system files and their associated cryptographic hashes.

Goupt Assigment:
  • Indah Purnamasari Eroika    C1L011007
  • Handhika Tiyakusuma          C1L011010
  • Parama Anisa Fajariko        C1L011016 
  • Santy Arlieza Wijayanti        C1L011021 

21 Mar 2013

INFORMATION SYSTEMS


Transaction processing systems
Process data resulting from business transactions , update operational database, and produce business documents. Examples : sales and inventory processing and accounting systems. Transaction processing system provide three functional areas:
  • System runtime functions, transaction processing system provide an execution environment that ensures the integrity, availabiliti, and securiti of data.
  • System administration functions, transaction processing system provide administrative support that lets user configure, monitor, and manage their transaction systems.
  • Application development functions, transaction processing systems provide functions for use in custom business application, including functions to acces data, to perform intercomputer communications, and to design and manage the user interface.

Process control systems
Monitor and Control industrial processes. Process control system also monitors the manufacturing environment and electronically controls the process or manufacturing flow nbsed on the various set-points given by the user. Examples : petroleum refining, power generation and steel production systems. 

Enterprise collaboration systems (ECS)
Support team, workgroup and enterprise communications and collaborations. ECS is also combination of groupware, tools, internet, extranets and other networks needed to support enterprise wide communications. Examples : e-mail, chat, and video conferencing groupware systems. 

Management Information systems (MIS)
Provide information in the form of prespecified reports and display to support business decision making.  MIS also are distinctfrom other information systems, in that they are used to analyze and facilitate strategic and operational activities. Examples : sale analysis, production performance, and cost trend reporting systems.

Decision support systems (DSS)
Provide interactive ad hoc support for the decision making processes of managers and other business professionals. serve the management, operations, amd planning levels of an organization and help to make decisions, which may be rapidly changing and not easily specified in advance. Examples : product pricing, profitability forecasting and risk analysis systems.

Executive information systems
provide critical information from MIS, DSS, and other sources tailored to the information needs of executives. Examples : systems for easy acces to analyses of business performance, actions of competitors, and economic developments to support strategic planning.

Expert systems
Knowledge based system that provide expert advice and act as expert consultants to users. ES are designed to solve complex problems by reasoning about knowledge, like an expert, and not following the procedure of a developer. Examples : credit application advisor, process monitor and diagnostic maintenance systems.

Knowledge management systems
Knwoledge based systems that support the creation, organization  and dissemination of business knowledge within the enterprise. Examples : intranet acces to best business practices, sales proposal strategies and customers problem resolution systems.

Strategic information systems
Support operations or management processes that provide a firm with strategic products, services, and capabilities for comptitie advantage.  Examples : online stock trading, shipment tracking and e-comerce web  systems.

Functional business systems
Support a variety of operational and managerial application  of the basic business function of a company, provide decision-makers feedback and information on the daily operation of the business. Example : information system that support applications in accounting, finance, marketing, operation management and human resources management.


REFERENCES:
Global  edition management information systems by O'brien Marakas
www.publib.ibm.com
www. brighthubengineering.com
www.webopedia.com
www.en.wikipedia.org