VI. e-Commerce & Risk Management

Mike Hammer has established a profitable lemon-growing business in Victoria. He operates a computer-supported client database that is regularly accessed, using a local area network, by his staff, both to develop marketing campaigns, and to process sales. He also operates a web-site, linked to the client database, where clients can login to place orders for lemon and make online payments.

Answer the following questions (bullet points are encouraged. Try to provide specific, detailed answers)

B6.1 (5 MARKS) Describe the benefits of the online ordering system to clients and to Mike’s company. (Describe at least 4 benefits)

To clients:
- convenience: order product any time, anywhere, check order details
- reduce cost: avoid travel cost to store
To Mike’s company:
- save cost: more store time without paying extra for staff, setup cost for physical store - more sales: more store time (24/7), reaching more customers
- expand market easily

B6.2 (7 MARKS) Mike Hammer has asked you to conduct a risk evaluation of the new e-Commerce site. Apply the 3-step risk management system to perform the security evaluation for the information available on the website.

3-step risk management includes Asset Identification, Risk Assessment, and Risk Prevention and Treatment. (Identify at least 3 information assets)

ASSET:
- customers’ information
- payment information (customer, payment details, credit card)
- product information, marketing information, sales figures
- the information can be stored on databases, computers to run the database

RISK/THREATS:
- hardware failure, theft --> loss of service, data integrity
- virus, hacker, human errors --> incorrect payment, loss of payment details - disaster: fire, flood --> destroy hardware, loss of store data on hardware

PREVENTION/TREATMENT
- HARDWARE CHECKUP, PHYSICAL CONTROL TO PROTECT AVAILABILITY, INTEGRITY OF DATA
- ANTIVIRUS, FIREWALL, AUTHENTICATION, TRAINING: protect confidentiality and integrity - backup: protect availability, integrity of data