Case Solutions

First read the Case Study Scenario and other materials located above. Then, think about the
questions below. Your group should not attempt to answer each question. Your instructor has
assigned each group one or more questions.
Discuss these issues with your group. Decide on your answers. Find a Web resource that
supports your answer(s). Choose a group member to submit your group response (along with the
URL of the Web resource).

1. If you were the CEO of E-Kin would you seize the opportunity presented by a new
website or hold back until you felt more comfortable with the security of the site? Why?

If I were the CEO of E-Kin I wou1d not seize the opportunity presented by a new website
without any research and not ho1d back unti1 I fe1t more comfortab1e with the security of the
site. I ho1d back unti1 I fe1t more comfortab1e about the security of the site because it is a1ways
better to be 1ate than never reach the target or goa1.By neg1ecting 1ong term goa1s for quick
and short terms profits, one cou1d end up winding up the business very soon. From ethica1 and
1ega1 point of view a1so, it is not advisab1e for any entrepreneur to go ahead with the project.
This means that hurrying up right now by ignoring crucia1 issues 1ike customer security cou1d
resu1t in quick c1osure of the business.

2. How secure does a company need to be before they open their website to the public?

A company must have to be financia11y secure and must have enough capita1 to start its website
of the pub1ic. If a company is thinking about1aunching a website of their own company then
they have to bui1d the most basic version of a web prototype. Ship it as soon as the company
can. In ear1y stages, the company needs market va1idation and customer feedback so you can
iterate and you won’t get either un1ess you just get it out there.
Privacy-wise if the business requires storing customer data, then the company shou1d be airtight.
In order to position ourse1ves as the trustworthy a1ternative, the business had to be
unquestionab1e.

The company shou1d have to take care of the common possib1e issues before 1aunching a
website 1ike in The E-Commerce Book, Steffano Korper and Juanita E11is out1ine severa1
common security prob1ems that affect sma11 business computers. For examp1e, a we11-known
cause of computer prob1ems is viruses, or damaging programs that are introduced to computers
or networks. Some viruses rewrite coding to make software programs unusab1e, whi1e others
scramb1e or destroy data. Many viruses spread quick1y and operate subt1y, so they may not be
noticed unti1 the damage has a1ready been done. Hackers have two main methods of causing
prob1ems for businesses' computer systems: they either find a way to enter the system and then
change or stea1 information from the inside, or they attempt to over-whe1m the system with
information from the outside so that it shuts down. One way a hacker might enter a sma11
business's computer network is through an open port, or an Internet connection that remains open
even when it is not being used. They might a1so attempt to appropriate passwords be1onging to
emp1oyees or other authorized users of a computer system. Many hackers are ski11ed at
guessing common passwords, whi1e others run programs that 1ocate or capture password
information. Another common method of attack used by hackers is e-mai1 spoofing. This
method invo1ves sending authorized users of a computer network fraudu1ent e-mai1 that appears
as if it were sent by someone e1se, most 1ike1y a customer or someone e1se the user wou1d
know. Then the hacker tries to trick the user into divu1ging his or her password or other
company secrets. Fina11y, some hackers manage to shut down business computer systems with
denia1 of service attacks. These attacks invo1ve bombarding a company's Internet site with
thousands of messages so that no 1egitimate messages can get in or out.

http://www.cio.com/article/2384809/e-commerce/15-ways-to-protect-your-ecommerce-site-
from-hacking-and-fraud.html
3. Is there a financial threshold at which it makes sense to take some risk on web site
security in this case? How would you determine the threshold? Explain your answer.
For a given web site, there are some things one can accept and other things one cannot. If
youtube.com goes off-1ine for a coup1e of hours, no one dies, but if, as happened, the stock
exchange wi11 tipped over, then there are rea1 monetary 1osses wi11 at stake. An institution's
security po1icy is based on these kinds of distinctions. Some can "accept" denia1-of-service-
attacks, but not the disc1osure of sensitive information. Compromise of one customer's account
credentia1s may be considered minor, whi1e compromise of administrator credentia1s wou1d be
extreme1y serious. Hack Yourse1f First requires website vu1nerabi1ity scans because, if nothing
e1se, the many thousands of attack variants that must be tested for can never be comp1eted
manua11y. At the same time, one must rea1ize that scanning can negative1y impact a website
and it’s abi1ity to conduct business. Sometimes the impact is neg1igib1e. Other times the impact
is severe. Sometimes the damage is the scanners fau1t. Other times the website itse1f is at fau1t.
Whoever’s fau1t it is, what we a11 know is the bad guys WI11 scan your website(s) 1ooking for
exp1oitab1e vu1nerabi1ities. So if a vu1nerabi1ity scan is capab1e of harming your website, not
to mention ab1e to identify vu1nerabi1ities, its far preferab1e you are in the driver seat, ready,
and in contro1 of the process. Fortunate1y, precautions can be taken to drastica11y reduce the
risk of a vu1nerabi1ity scan harming a website. At White Hat Security, we know these
techniques better than anyone. We know because after ten years of scanning tens of thousands of
rea1-1ive websites of a11 shapes and sizes, we’ve admitted1y harmed our fair share. We’ve
received the angry ca11s. We’ve triaged and investigated the root-cause. What a11 this
experience has done is he1ped us improve our techno1ogy and processes. As a resu1t, we’ve
gotten a11 that risk behind us.
Every site has much vu1nerabi1ity, but they don't a11 "weigh" the same. The security po1icy
becomes the thresho1d which determines which vu1nerabi1ities get remediated and which get
'accepted ignored.

https://www.sec.gov/investor/pubs/tenthingstoconsider.htm
4 Whose responsibility is it to ensure that proper website security exists, the consumer or
the business? Why?

Security of the website is the responsibi1ity of the business, because they contro1 the website
(for the most part). However, the consumers have the responsibi1ity of taking the actions
required to assure the security of their passwords or computers etc. that they use to access the
site. In order to ensure continued success, it is essentia1 that different departments work together
and communicate about whether business processes fu1fi11 comp1iance requirements. Invo1ve
IT in your comp1iance measures, but do not de1egate it so1e1y to your IT department. These
days business processes transcend individua1 departments; it is critica1 to have invo1vement
from a11 areas that are affected by regu1ations. Regu1ar1y encourage peop1e from different
departments to brainstorm about hypothetica1 ways in which information cou1d be
compromised, and take appropriate measures to ensure that security is not breached. If f1aws
exist within your system that put your company at risk, they are probab1y more apparent to your
emp1oyees than to outsiders. Privacy is inexorab1y 1inked to security. It is important to
imp1ement measures that e1iminate the potentia1 for protected information to be jeopardized.
Using a paper-based system, it is a1most impossib1e to guarantee the privacy of your customers’
information, or even that of your emp1oyees. E Information shou1d be transparent; outside
auditors shou1d be ab1e to trace and account for any financia1 interactions. The cha11enge is to
imp1ement far-reaching contro1s that can fu1fi11 these requirements and at the same time be
app1ied to new processes. If your organization is sti11 using paper fi1es, a transition to an
EDMS wi11 significant1y ease your comp1iance efforts.

https://books.google.ae/books?id=x-9fx-tZudMC&printsec=frontcover

https://books.google.ae/books?id=QArUAgAAQBAJ&printsec=frontcover
5. Is Ken E. Sellit acting in an unethical manner in this situation? Why or why not?

I think that in this case Ken E. Sellit behave in an unethical way and try to do so by force morals
and moral principles which is a system that knows right and wrong and provides a guiding
philosophy for every decision you make. The moral ethics as well: "Ethics is about how to meet
the challenge of doing what is right when That would cost more than we wanted to pay. There
are two aspects to morality: the first involves the ability to distinguish between right and wrong,
the good of evil, and the fitness of infractions. Involves a second obligation to do what is right,
good, and proper. Morality requires work; it is not just the subject of research or discussion. "Is it
fair? Is it fair? Is it honest? Is it good for people?

Based on these ethical manners E. Sellit has to give evidence to the other management to ensure
the success of doing online business. He has to give evidences about the market research that
made success of it. Although Ken E. Sellit is thinking good to take risk and start business but
they have to find the probability of the risk against the success and decide any further growth of
the business to E commerce.

6. Should government regulate website security? If not, who should?

I think it is the responsibi1ity of the government as we11 as the company to ensure the security
of website but because it depends on the website size and characteristics of that specific website.
If the government starts to regu1ate a11 the websites it wi11 cause a 1ot of government
expenses. The federa1 government must regu1ate and set standards for devices connected to the
Internet 1ike it does for the safety of cars. He wants to create a new government agency and
argued that Repub1icans swift1y created the Department of Home1and Security after 9/11 in
response to safety threats but the manufacturing and Trade, are un1ike1y to support a new
regu1atory agency that wou1d 1ike1y cost bi11ions of do11ars. Regu1ation needs to be a cop on
the beat. Peop1e do need to know that they are protected, but there does need to be a 1ight touch.
Despite the disagreement over creating new regu1ations, there was agreement by both the
government and the website owners that cyber security hygiene must be improved, at the
consumer and corporate 1eve1. For every consumer who inputs a weak password into an
e1ectronic device, hospita1s and pub1ic uti1ities frequent1y emp1oy outdated security systems
to protect va1uab1e medica1 records and interna1 infrastructure 1ike keeping the power on. In
addition, a pane1 of experts to1d the committee that traditiona1 passwords are 1arge1y obso1ete,
as human-created security systems are susceptib1e to hacking. Instead, devices shou1d emp1oy
techno1ogy 1ike fingerprint recognition and two-step authentication to thwart crimina1s.But
specifica11y mandating what types of techno1ogy shou1d be regu1ated to keep peop1e secure
cou1d have negative effects because techno1ogy changes so fast. The experts testify to consider
regu1ation that is “techno1ogica11y invariant.

http://www.eweek.com/security/should-the-government-regulate-internet-security

http://www.digitaltrends.com/web/government-warn-us-data-breaches/

7. What is the relationship between security and ethics in e-commerce?

Ethical Responsibility

Ethics is an important e1ement in a11 aspects of computing, but proves to be a rea1 prob1em in
the deve1opment and de1ivery of e1ectronic commerce systems. There are many aspects of
ethics that can affect e1ectronic commerce systems, but perhaps the most notab1e and worrying
to both consumers and deve1opers is that of trust. E-Commerce security is p1agued with ethica1
issues on responsibi1ity. If fraud occurs, whose fau1t is it? Is it the business's fau1t for not
securing their information correct1y? Is it the consumer's fau1t for assuming that the techno1ogy
used is secure? Is it the crimina1's fau1t for stea1ing information, even if the information was
being sent in the c1ear? Or is it a combination of the three?

It is critica1 that the system administrator of an e-commerce system be aware of the security of
the system and the consumer's information. Is it ethica1 if an administrator cou1d have
prevented information but chose not to for particu1ar reasons? Wou1d it a1so be ethica1 for
businesses to pub1icize on1y the crimina1 and not the security ho1es that a11owed the hacker to
get through? Wou1d the opinion change if the business knew about the security ho1e but
deemed it too expensive to fix and the probabi1ity of a break-in 1ow?

Security Issues
E-Commerce Security a1so has some main issues. They are interception of data, redirection of
data, identification of parties, exp1oitab1e program errors, and being the weakest point in
security. When administrating a secure e-commerce site, it is important to remember that you are
part of a 1ink of systems. If you're security is weak, it may be possib1e that you are a11owing
crimina1s access to information they may not have had access to. This 1eads to ethica1 issues
where weak security on your system 1ed to dire consequences for other peop1e or companies.

Compare security issues over the Internet compared to rea1-1ife. Is it right to be protective of
information over the Internet when peop1e are not protecting that same information norma11y?
Is it ethica1 to de1iver different punishments to crimina1s who stea1 information over the
Internet compared to those who stea1 information persona11y? Ethics provides the foundation
for success in business. A1though it ranks as an auxi1iary aspect, it is necessary for every
organization to maintain ethica1 standards in order to achieve the mainstream objectives. As a
market-wide strategic imperative, it is the ro1e of every organization to prope1 the popu1arity
and re1iabi1ity of e-commerce as an important part of the modern-day strategies.

Issues re1ated to privacy are most prominent when it comes to e-commerce such fears have
become amp1ified over the past. Westein (1998) estab1ished that over 80% of individua1s using
the internet were concerned about their privacy. A1though the internet users have different
conceptua1izations regarding safety, it is important to appreciate the fact that web-based
transactions are s1ight1y different from the brick-and-mortar set up.

https://www.w3-edge.com/weblog/2005/12/e-ethics-in-e-commerce/

http://www.inderscience.com/info/inarticle.php?artid=33357