Professional Documents
Culture Documents
403 - Mis
403 - Mis
Commerce
Table of Contents
Unit-1: Management Information Systems ........................................................................ 5
What is MIS? ............................................................................................................................ 5
MIS Meaning ............................................................................................................................ 5
Components of MIS ................................................................................................................. 5
Objectives of MIS ..................................................................................................................... 6
Data Capturing ............................................................................................................................................ 7
Processing of Data ...................................................................................................................................... 7
Storage of Information ............................................................................................................................... 7
Retrieval of Information ............................................................................................................................. 7
Dissemination of Information .................................................................................................................... 7
Characteristics of MIS ............................................................................................................. 7
System Approach ........................................................................................................................................ 8
Management Oriented ................................................................................................................................ 8
Need-Based ................................................................................................................................................. 8
Exception Based .......................................................................................................................................... 8
Future Oriented .......................................................................................................................................... 8
Integrated .................................................................................................................................................... 9
Long Term Planning ................................................................................................................................... 9
Sub-System Concept ................................................................................................................................... 9
Central Database ......................................................................................................................................... 9
Functions of MIS ...................................................................................................................... 9
To Improve Decision-Making................................................................................................................... 10
To Improve Efficiency .............................................................................................................................. 10
To Provide Connectivity ........................................................................................................................... 10
Data Processing......................................................................................................................................... 10
Prediction .................................................................................................................................................. 10
Planning ..................................................................................................................................................... 10
Control ....................................................................................................................................................... 10
Assistance .................................................................................................................................................. 11
Advantage of MIS ...................................................................................................................11
MIS Need for Information Systems ....................................................................................11
Contemporary Approaches to MIS ....................................................................................12
Information as a strategic resource - Use of information for competitive advantage .................15
MIS as an instrument for the organizational change..................................................................17
Unit-2: Information, Management and Decision Making ................................................. 19
HERBERT SIMON MODEL...........................................................................................................19
The Rational/Classical Model: ...................................................................................................20
Features of Classical Model: ...................................................................................................................... 20
PUBLIC 1
THE ADMINISTRATIVE MODEL: .................................................................................................21
Characteristics of information for decision making ...................................................................24
MIS - Classification of Information ............................................................................................26
Classification by Characteristic ................................................................................................................... 27
Classification by Application ....................................................................................................................... 27
PUBLIC 2
Traditional Commerce vs E-commerce .............................................................................58
Traditional Commerce..........................................................................................................58
E-Commerce ..........................................................................................................................58
Comparison Table: ................................................................................................................................ 58
E-Commerce: Concepts, Definitions, and Benefits & Impact ......................................................59
How does e-commerce work?.........................................................................................59
Most common types of e-commerce businesses and examples of how they
work .......................................................................................................................................60
Following are the most common types of e-commerce businesses and examples of what they
mean:......................................................................................................................................................... 60
Advantages of e-commerce................................................................................................61
Disadvantages of e-commerce ..........................................................................................62
What are the benefits of using an e-Catalogue? ................................................................................ 62
What are the key features of e-Catalogues? ...................................................................................... 62
What Is E Supply Chain Management? ............................................................................................ 64
Benefits of E Supply Chain Management ........................................................................................ 64
How Does E Supply Chain Management Work? ........................................................................... 65
PUBLIC 3
Network Layer vs. Application Layer Inspection ................................................................75
The Importance of NAT and VPN ..........................................................................................75
Next Generation Firewalls and Beyond ...............................................................................76
WHAT IS TRANSACTIONAL SECURITY?................................................................................77
WHO TYPICALLY HANDLES TRANSACTIONAL SECURITY?.................................................77
WHAT ARE SOME SUCCESSFUL EXAMPLES OF TRANSACTIONAL SECURITY? ..................77
Cryptography Digital signatures ................................................................................................78
Model of Digital Signature ...................................................................................................78
Importance of Digital Signature .........................................................................................79
Encryption with Digital Signature ......................................................................................80
What is public key cryptography? ......................................................................................80
What is a cryptographic key? .............................................................................................81
How does TLS/SSL use public key cryptography? .........................................................81
Electronic Mail Security,............................................................................................................82
Email Security Definition .....................................................................................................82
How Secure Is Email? ..........................................................................................................82
Email Security Policies ........................................................................................................83
Email Security Best Practices ............................................................................................83
Email Security Tools ............................................................................................................84
Security Protocol for web Commerce. .......................................................................................84
Measures to ensure Security ..............................................................................................85
Security Protocols in Internet .............................................................................................85
Secure Socket Layer (SSL) .................................................................................................85
Secure Hypertext Transfer Protocol (SHTTP) ................................................................................ 85
Secure Electronic Transaction........................................................................................................... 85
PUBLIC 4
Unit-1: Management Information Systems
What is MIS?
MIS is an organized integration of hardware and software technologies, data,
processes, and human elements. It is a software system that focuses on the
management of information technology to provide efficient and effective
strategic decision making.
What is MIS? MIS is the acronym for Management Information Systems. MIS is
a set of procedures which, when executed, provides information to support
decision making.
MIS Meaning
MIS Meaning: A management information system is an acronym of three words,
viz., Management, information, system. In order to fully understand the term MIS,
let us try to understand these three words.
1. Management: Management is the art of getting things done through
and with the people in formally organised groups.
2. Information: Information is data that is processed and is presented in a
form which assists decision-making. It may contain an element of
surprise, reduce uncertainty or provoke a manager to initiate an action.
3. System: A system is an orderly grouping of interdependent components
linked together according to a plan to achieve a specific goal. The term
system is the most loosely held term in management literature because
of its use in different contexts.
Components of MIS
The major components of MIS are:
Components of MIS
• People Resources: People are required for the operation of all
information system.
• Data Resources: Database holds processed and organized data.
PUBLIC 5
• Software Resources: It includes all sets of information processing
instruction.
• Hardware Resources: Include all physical devices and materials used
in information processing.
• Process: is a step undertaken to achieve a goal.
As, We have covered the basic concept of management information system which
includes what is MIS, MIS definition, MIS meaning, MIS components.
Now, let us move further and try to understand MIS objectives, MIS
characteristics, MIS advantages, MIS role, MIS challenges, MIS limitations etc
Objectives of MIS
What is MIS objective: MIS has five major objectives which include:
1. Data Capturing
2. Processing of Data
3. Storage
4. Retrieval
5. Dissemination
Objectives of MIS
PUBLIC 6
These MIS objective are discussed below in detail.
Data Capturing
MIS capture data from various internal and external sources of the organization.
Data capturing may be manual or through computer terminals.
Processing of Data
The captured data is processed to convert into the required information.
Processing of data is done by such activities as calculating, sorting, classifying,
and summarizing.
Storage of Information
MIS stores the processed or unprocessed data for future use. If any information is
not immediately required, it is saved as an organization record, for later use.
Retrieval of Information
MIS retrieves information from its stores as and when required by various users.
Dissemination of Information
Information, which is a finished product of MIS, is disseminated to the users in
the organization. It is periodic or online through a computer terminal.
Characteristics of MIS
What is MIS Characteristic? MIS plays a very important role in every aspect of an
organization. These characteristics are generic in nature.
Following are the characteristics of MIS:
1. System Approach
2. Management Oriented
3. Need-Based
4. Exception Based
5. Future Oriented
6. Integrated
7. Long Term Planning
8. Sub-System Concept
9. Central Database
PUBLIC 7
Characteristics of MIS
System Approach
The information system follows a System’s approach. The system’s approach
implies a holistic approach to the study of system and its performance in the light
for the objective for which it has been constituted.
Management Oriented
The top-down approach must be followed while designing the MIS. The top-down
approach suggests that the system development starts from the determination of
management needs and overall business objectives.
The MIS development plan should be derived from the overall business plan.
Management oriented characteristic of MIS also implies that the management
actively directs the system development efforts.
Need-Based
MIS design and development should be as per the information needs of managers
at different levels, strategic planning level, management control level and
operational control level. In other words, MIS should cater to the specific needs
of managers in an organization’s hierarchy.
Exception Based
MIS should be developed on the exception-based reporting principle, which
means an abnormal situation, i.e. the maximum; minimum or expected values
vary beyond tolerance limits. In such situations, there should BE exception
reporting to the decision-maker at the required level.
Future Oriented
Besides exception-based reporting, MIS should also look at the future. In other
words, MIS should not merely provide past or historical information; rather it
PUBLIC 8
should provide information, on the basis of projections based on which actions
may be initiated.
Integrated
Integration is a necessary characteristic of a management information system.
Integration is significant because of its ability to produce more meaningful
information.
Sub-System Concept
The process of MIS development is quite complex and one is likely to lose insight
frequently. Thus, the system, though viewed as a single entity, must be broken
down into digestible sub-systems which are more meaningful at the planning
stage.
Central Database
A central database is a mortar that holds the functional systems together. Each
system requires access to the master file of data covering inventory, personnel,
vendors, customers, etc. It seems logical to gather data once, validate it properly
and place it on a central storage medium, which can be accessed by any other
subsystem.
Functions of MIS
The broad functions of MIS are as follows:
• To Improve Decision-Making
• To Improve Efficiency
• To Provide Connectivity
• Data Processing
• Prediction
• Planning
• Control
• Assistance
PUBLIC 9
To Improve Decision-Making
The Management Information System (MIS) furnishes relevant information on
diverse matters, thereby enhancing the decision-making prowess of the
management. By utilizing the speedy and precise data provided by the MIS,
managers can make prompt and informed decisions, which ultimately enhances
the quality of decision-making and contributes to the company’s value.
To Improve Efficiency
The Management Information System (MIS) facilitates managers in executing
their duties with enhanced ease and efficiency, resulting in improved
productivity.
To Provide Connectivity
The MIS provides managers with better connectivity with the rest of the
organization.
Therefore, the main functions of MIS may vary depending on the specific tasks
performed by an organization.
Data Processing
Data processing involves collecting, transmitting, storing, and processing data to
generate an output. Prediction involves analyzing data using modern
mathematics, statistics, or simulation to anticipate future scenarios.
Prediction
By utilizing methods of modern mathematics, statistics, or simulation, data
analysis is conducted to predict potential future scenarios.
Planning
The analysis of data of a regular nature may give many indications on likely
future events or situations and this can be utilized in planning or reviewing the
plan already made earlier.
Control
By examining records of daily, monthly, quarterly, or annual activities, certain
factors that require management and control can be identified. If these factors
are identified in a timely manner, they can be managed relatively easily.
However, some factors may require the attention of senior management to
PUBLIC 10
remain under control. It is essential to note that ignoring smaller factors at the
beginning may have the potential to disrupt other factors as well.
Assistance
One of the principal functions of MIS is to support senior management by
analyzing regular records and drawing inferences about various factors related
to the company’s operational performance, such as human resources, financial
resources, material resources, and more.
Advantage of MIS
• Generate Competitive Advantages
• Implementation of Management by Objectives Techniques
• Fast Reaction to Market Changes
• MIS as Strategic Resource
• Change in Industry Structure
• Functional Use
• External and Internal Change
• Availability of Customer Data
PUBLIC 11
• It emphasizes on the management decision making, not only processing
of data generated by business operations.
• It emphasizes on the systems framework that should be used for
organizing information systems applications.
PUBLIC 12
PUBLIC 13
PUBLIC 14
Information as a strategic resource - Use of information for
competitive advantage
PUBLIC 15
PUBLIC 16
MIS as an instrument for the organizational change.
PUBLIC 17
PUBLIC 18
Unit-2: Information, Management and Decision Making
I. Intelligence: raw data collected, processed and examined, Identifies a problem calling for
a decision.
II.Design: inventing, developing and analyzing the different decision alternatives and testing
the feasibility of implementation. Assess the value of the decision outcome.
III. Choice: select one alternative as a decision, based on the selection criteria.
In the intelligence phase, the MIS collects the data. The data is scanned, examined, checked,
and edited. Further, the data is sorted and merged with other data and computations are
made, summarized, and presented. In this process, the attention of the manager is drawn to
all problem situations by highlighting the significant differences between the actual and the
expected, the budgeted or the targeted.
In the design phase, the manager develops a model of the problem situation on which he
can generate and test the different decision alternatives, he then further moves into phase
of selection called as choice. In the phase of choice, the manager evolves selection criteria
such as maximum profit, least cost, minimum wastage, least time taken and highest utility.
The criterion is applied to the various decision alternatives and the one which satisfies the
most is selected. In these phases, if the manager fails to reach a decision, he starts the
process all over again and again. An ideal MIS is supposed to make a decision for the
PUBLIC 19
manager. An example of the Simon model would illustrate further its use in the MIS. For
example, a manager finds on collection and through the analysis of the data that the
manufacturing plant is underutilized and the products which are being sold are not
contributing to the profits as desired.
The problem identified, therefore, is to find a product mix for the plant, whereby the plant is
fully utilized within the raw material and the market constraints, and the profit is
maximized. The manager having identified this as the problem of optimization, now
examines the use of linear programming (LP) model.
The model is used to evolve various decision alternatives. However, selection is made first
on the basis of feasibility and then on the basis of maximum profit. The product mix so given
is examined by the management committee. It is observed that the market constraints were
not realistic in some cases and the present plant capacity can be enhanced to improve the
profit. The same model is used again to tool the revised position. Therefore, additional data
is collected and an analysis is made to find out whether the average 20 percent utilization of
the capacity can be increased. A market research for some products is made and it is found
that some constraints need to be removed and reduced. Based on the revised data linear
programming model is used and a better optimum solution is obtained
PUBLIC 20
i. They are not biased in recognizing problems.
iv. They search for all alternatives that maximizes the desired
results.
Herbert Simon (1947) was the first to introduce an administrative model of decision making
to provide a more accurate description of the way administrators both do and should make
organizational decisions. The basic approach is satisficing—that is, finding a satisfactory and
sufficient solution rather than the best one. The satisficing decision-action-cycle includes the
following steps.
3. Before proceeding: Establish criteria for success—outcomes that are satisfactory and
sufficient.
6. Evaluate the implemented plan in terms of the criteria you have established for a
satisfactory solution.
PUBLIC 21
[These steps are summarized in an action cycle in Figure 1.]
There are some similarities between the classic model (optimizing) and the administration
model (satisficing). The major difference is that the administrative model calls for a decision
that is satisfactory rather than the ultimate best solution. This difference comes into play
early in the decision-making cycle. After the problem has been defined and analyzed, and
before proceeding with the generation of alternatives, the decision maker confronts the
issue of the criteria for a satisfactory outcome. What is the minimum that is acceptable as
an outcome? What is satisfactory in this circumstance? What is sufficient? These questions
are answered before developing a plan of action. If time is short, the process may be limited
to a short list of alternatives, the socalled truncated model of statisficing
In Simon’s work, rationality becomes a variable and he was aware of the limitations of human
rationality as well which are not static but depend on the environment of the organization in which the
decisions take place.
According to Simon, the task of the administration should be to design such an environment in which
the individual approach becomes as rational as practicably be possible.
PUBLIC 22
The Economic Man is all about the ideal and rational model of decision making. In an organization
the decisions are made on empirical and normative elements, these premises can also be called the
factual or the value premises.
The factual premise is nothing but all the information and knowledge regarding the organization and
its environment.
The value premises on the other hand are the morals and legal constraints.
A rational decision is to choose those alternatives which are appropriate to reach the desired end.
The means and ends have to be connected in the organizational hierarchy.
The Administrative Man depicts the objective rationality, determining whether the selected
alternative’s course of action is good enough. The administrative man’s approach to the world is
simplistic and would take into account only a few most relevant and critical factors unlike the
economic man for whom knowing all the alternatives and its consequences is a complex task.
Lastly, the Organization Perspective criticizes the earlier established principles of administration
which were:
• Specialization
• Hierarchy
• Span of control
Simon argues that the applicability of administrative principles needs to be based on an underlying
understanding of the administrative decision making. Organization manifests its influence through five
mechanisms as identified by Simon. These are:
• Authority - It is defined as the decision making power which in turn guides the actions
of other people. This kind of relational transaction happens in case of a superior and a
subordinate in the organization.
• Communication - It comprises of both the formal and informal communication in an
organization.
• Training - This is to enable individuals to reach satisfactory decisions without constant
authority and guidance. This can be both pre service (educational qualification) and in
service (day to day supervision at work).
• The Criterion of Efficiency - This basically suggests that out of two alternatives which
would bear same cost, the one which shall attain more organizational goals should be
chosen and if the two alternatives are achieving the same degree of organizational
objectives, then the one which does so in lesser cost should be chosen.
• Organizational Identification and Loyalty - An organization consists of several
groups and a person thinks himself to be part of group when in the process of
PUBLIC 23
evaluating alternatives he/she weighs the option in terms of its consequences on the
entire group.
Therefore, the decision making within an organization is a complex process which is influenced by
several factors. It is advisable to the readers to study more about Herbert Simon and his work on
decision making to be able to appreciate the vastness and complexity of the decision making process
in administrative organizations and economy.
1. Accurate
2. Complete
3. Reliable
4. Relevant
5. Timely
PUBLIC 24
whatever reports your business’s information systems provide, rather than
considering what information is really useful in the decision making process
and trying to obtain it. If information is not provided in a timely manner,
managers may not be able to react to the changes in the industry or moves
by competitors quickly enough – resulting in lost customer share, declining
revenues and declining profits.
1) Timeliness
Timeliness means that information must reach the recipients within the prescribed
time frame. Timely information can ensure correct executive action at an early stage.
The characteristic of timeliness, to be effective, should also include current
information.
2) Accuracy
Accuracy is another key-attribute of management information. It means that
information is free from mistakes and errors, is clear and accurately reflects the
meaning of data on which it is based. It conveys an accurate picture to the recipient,
who may require a presentation in graphical form rather than tabular form.
3) Relevance
Relevance is yet another key attribute of management information. Information is said
to be relevant if it answers specifically for the recipient what, why, where, who and
why? In other words, the MIS should serve reports to managers, which are useful,
and the information helps them make decisions.
4) Adequacy
Adequacy means information must be sufficient in quantity. MIS must provide reports
containing information, which is required in deciding processes of decision-making.
5) Completeness
The information, which is provided to a manager, must be complete and should meet
all his needs. Incomplete information may result in wrong decisions and thus may
prove costly to the organization.
6) Explicitness
A report is said to be of good quality if it does not require further analysis by the
recipient for decision-making. Thus the reports should be such that a manager does
not waste any time on the processing of the report, rather he should be able to extract
the required information directly.
7) Security:
Information should be secure so its not leaked to damaging groups like terrorist, etc.
PUBLIC 25
8) Coherence:
Information should be in such a format that it is uncomplicated and easily understood
by end user.
9) Exception based.
Top managers need only exception reports regarding the performance of the
organization. Exception reporting principle states that only those items of information,
which will be of particular interest to a manager, are reported. This approach results
in saving precious time of the top management and enables the managers to devote
more time in pursuit of alternatives for the growth of the organization.
10) Unambiguity:
Information can be classified in a number of ways and in this chapter, you will learn
two of the most important ways to classify information.
PUBLIC 26
Classification by Characteristic
Based on Anthony's classification of Management, information used in business for
decision-making is generally categorized into three types −
• Strategic Information − Strategic information is concerned with long
term policy decisions that defines the objectives of a business and
checks how well these objectives are met. For example, acquiring a new
plant, a new product, diversification of business etc, comes under
strategic information.
• Tactical Information − Tactical information is concerned with the
information needed for exercising control over business resources, like
budgeting, quality control, service level, inventory level, productivity level
etc.
• Operational Information − Operational information is concerned with
plant/business level information and is used to ensure proper conduction
of specific operational tasks as planned/intended. Various operator
specific, machine specific and shift specific jobs for quality control checks
comes under this category.
Classification by Application
In terms of applications, information can be categorized as −
• Planning Information − These are the information needed for
establishing standard norms and specifications in an organization. This
information is used in strategic, tactical, and operation planning of any
activity. Examples of such information are time standards, design
standards.
• Control Information − This information is needed for establishing
control over all business activities through feedback mechanism. This
information is used for controlling attainment, nature and utilization of
important processes in a system. When such information reflects a
deviation from the established standards, the system should induce a
decision or an action leading to control.
• Knowledge Information − Knowledge is defined as "information about
information". Knowledge information is acquired through experience and
learning, and collected from archival data and research studies.
• Organizational Information − Organizational information deals with an
organization's environment, culture in the light of its objectives. Karl
Weick's Organizational Information Theory emphasizes that an
organization reduces its equivocality or uncertainty by collecting,
managing and using these information prudently. This information is
used by everybody in the organization; examples of such information are
employee and payroll information.
• Functional/Operational Information − This is operation specific
information. For example, daily schedules in a manufacturing plant that
refers to the detailed assignment of jobs to machines or machines to
operators. In a service oriented business, it would be the duty roster of
various personnel. This information is mostly internal to the organization.
• Database Information − Database information construes large
quantities of information that has multiple usage and application. Such
information is stored, retrieved and managed to create databases. For
PUBLIC 27
example, material specification or supplier information is stored for
multiple users.
IT Capability
This capability can be, and is usually, attributed to the IT function within an
organization. More appropriately, it should be attributed to the organization as a whole
because no function within an organization is an island. Each gain from the other and, in
turn, enriches them. This value “bleed” from one function to another cannot be
quantified meaningfully. However, it exists. It can be positive or negative. When the
organization plays as a team, i.e., the functions collaborate, positive value passes
between functions. In this case, the organization’s capability is greater than the sum of
its parts. The functions are better off together. Conversely, when the organization does
not play as a team, i.e., is dysfunctional, the value bleed is negative. In this case, the
organization’s capability is less than the sum of its parts. It follows that the functions are
better off not being with each other! The net of this phenomenon is that no function
PUBLIC 28
within an organization would create the same value within another organization. For
example, suppose an IT organization is moved from one company to another. In that
case, it will deliver more or less but never the same value as it was created in the
original company. This is true of any team. You may have noticed that a player is
successful or more successful on one team versus the other.
• IT Strategy
• IT Processes and Metrics
• IT Organization
o Skills
o Structure
o Knowledge/“know-how”
• Assets/Infrastructure
o Hardware
o Software
o Application
o Network
PUBLIC 29
o Database
o Tools
An organization creates value by utilizing a unique combination and configuration of
these components.
PUBLIC 30
and others, draw that at the bottom of the sheet across the whole enterprise value
chain.
PUBLIC 31
In a computer network, there are mainly six types of physical
topology, they are:
1. Bus Topology
2. Ring Topology
3. Star Topology
4. Mesh Topology
5. Tree Topology
6. Hybrid Topology
Now let us learn these topologies one by one:
Bus Topology
Bus topology is the simplest kind of topology in which a
common bus or channel is used for communication in the
network. The bus is connected to various taps and
droplines. Taps are the connectors, while droplines are the cables
connecting the bus with the computer. In other words, there is
only a single transmission line for all nodes.
PUBLIC 32
When a sender sends a message, all other computers can hear it,
but only the receiver accepts it(verifying the mac address attached
with the data frame) and others reject it. Bus technology is mainly
suited for small networks like LAN, etc.
PUBLIC 33
For Example Ethernet cable, etc.
Ring Topology
Ring topology is a topology in which each computer is
connected to exactly two other computers to form the
ring. The message passing is unidirectional and circular in nature.
PUBLIC 34
This network topology is deterministic in nature, i.e., each
computer is given access for transmission at a fixed time interval.
All the nodes are connected in a closed-loop. This topology mainly
works on a token-based system and the token travels in a loop in
one specific direction.
In a ring topology, if a token is free then the node can capture the
token and attach the data and destination address to the token,
and then leaves the token for communication. When this token
reaches the destination node, the data is removed by the receiver
and the token is made free to carry the next data.
1. Easy Installation.
PUBLIC 35
2. Less Cabling Required.
3. Reduces chances of data collision(unidirectional).
4. Easy to troubleshoot(the faulty node does not pass the
token).
5. Each node gets the same access time.
Following are the disadvantages of Ring topology:
Star Topology
Star topology is a computer network topology in which all the
nodes are connected to a centralized hub. The hub or switch
acts as a middleware between the nodes. Any node requesting for
service or providing service, first contact the hub for
communication.
PUBLIC 36
The central device(hub or switch) has point to point
communication link(the dedicated link between the devices which
can not be accessed by some other computer) with the devices.
The central device then broadcast or unicast the message based on
the central device used. The hub broadcasts the message, while
the switch unicasts the messages by maintaining a switch table.
Broadcasting increases unnecessary data traffic in the network.
In a star topology, hub and switch act as a server, and the other
connected devices act as clients. Only one input-output port and
one cable are required to connect a node to the central device.
This topology is better in terms of security because the data does
not pass through every node.
PUBLIC 37
1. Centralized control.
2. Less Expensive.
3. Easy to troubleshoot(the faulty node does not give response).
4. Good fault tolerance due to centralized control on nodes.
5. Easy to scale(nodes can be added or removed to the network
easily).
6. If a node fails, it will not affect other nodes.
7. Easy to reconfigure and upgrade(configured using a central
device).
Following are the disadvantages of Star topology:
Mesh Topology
Mesh topology is a computer network topology in which
nodes are interconnected with each other. In other words,
direct communication takes place between the nodes in the
network.
PUBLIC 38
There are mainly two types of Mesh:
PUBLIC 39
For Example, the Internet(WAN), etc.
5. Tree Topology:
Tree topology is a computer network topology in which all
the nodes are directly or indirectly connected to the main bus
cable. Tree topology is a combination of Bus and Star topology.
PUBLIC 40
In a tree topology, the whole network is divided into segments,
which can be easily managed and maintained. There is a main hub
and all the other sub-hubs are connected to each other in this
topology.
PUBLIC 41
1. Cabling and hardware cost is high.
2. Complex to implement.
3. Hub cabling is also required.
4. A large network using tree topology is hard to manage.
5. It requires very high maintenance.
6. If the main bus fails, the network will fail.
Hybrid Topology:
A Hybrid topology is a computer topology which is a
combination of two or more topologies. In practical use, they
are the most widely used.
PUBLIC 42
Following are the advantages of Hybrid topology:
1. Complex design.
2. Expensive to implement.
3. Multi-Station Access Unit(MSAL) required.
Hence, after learning the various computer network topologies,
we can conclude that some points need to be considered when
selecting a physical topology:
• Ease of Installation.
• Fault Tolerance.
• Implementation Cost.
• Cabling Required.
• Maintenance Required.
• Reliable Nature.
• Ease of Reconfiguration and upgradation.
Information Technology Enabled Services (ITeS)
Information Technology that enables the business by improving the quality of service is
IT-enabled services. The most important aspect is the Value addition of IT-enabled
PUBLIC 43
service. The value addition could be in the form of - Customer relationship
management, improved database, improved look and feel, etc. The outcome of an IT-
enabled service is in two forms:
source: IT Info
Information Technology Enabled Services (ITeS) Processes and Services[3]
ITeS provide a range of IT-intensive processes and services, which includes business
process outsourcing (BPO) and knowledge process outsourcing (KPO), provided
from a distant location and delivered over telecom networks. ITeS focus on verticals
such as content management, finance and accounts, research, and analytics segment.
ITeS includes:
• Telemarketing
• Helpdesk
• Customer Support Centers
• Data Ware House
• Transcription Centers
• GIS Mapping for Transport tracking
• Electronic Distribution.
PUBLIC 44
Opportunities and Challenges of Information Technology Enabled Services
(ITES)[4]
The changing economic and business conditions, rapid technological innovation, the
proliferation of the internet, and globalization are creating an increasingly competitive
environment. The role of technology has evolved from supporting corporations to
transforming them. Global companies are increasingly turning to offshore technology
service providers in order to meet their need for high-quality and cost-competitive
technology solutions. As such a company can encounter a wide variety of risks and
challenges in its endeavor to create and maintain a seamless, successful, sustainable,
and scalable business. Some of the challenges faced include:
Data mining is a process of extracting useful information and data patterns from data,
whereas a data warehouse is a database management system developed to support
the management functions. Read this article to learn more about Data Mining and
Data Warehousing and how they are different from each other.
PUBLIC 45
from a set of data. In the data mining process, data is analyzed repeatedly to find
patterns.
Data mining is generally done by business entrepreneurs and engineers to extract
meaningful data. It uses many techniques that includes pattern recognition to identify
patterns in data. It also helps to detect unwanted errors that may occur in the system.
The major advantage of data mining is that it is cost-efficient in comparison to other
statistical data processing techniques. However, it is not completely accurate since
nothing is ideal in the real-world.
Data mining extracts useful information and Data warehousing combines a large
Function
insights from a large amount of data. about of related data.
Advantages The major advantages of data mining include The advantages of data warehousing
helpful in prediction of trends, financial include easy data access, consistent
PUBLIC 46
analysis, marketing analysis, and recognition data storage, and enhanced response
of fraudulent. time.
The following table highlights all the major differences between data mining and data
warehousing −
Conclusion
The most significant difference between the two is that data mining is carried out to
identify relationships, patterns, and extracting useful information from different data
sets; while data warehousing is carried out to combine extremely large sets of related
data.
PUBLIC 47
facilitator and the participants can both project digital text and
images onto this screen.
PUBLIC 48
users at different locations to make decisions as a group
resulting in better decisions.
• Emphasis on Semi-structured and Unstructured
Decisions: It provides important information that
assists middle and higher-level management in making
semi-structured and unstructured decisions.
• Specific and General Support: The facilitator controls
the different phases of the group decision support
system meeting (idea generation, discussion, voting and
vote counting, etc.) what is displayed on the central
screen and the type of ranking and voting that takes
place, etc. In addition, the facilitator also provides
general support to the group and helps them to use the
system.
• Supports all Phases of the Decision Making: It can
support all the four phases of decision making, viz
intelligence, design, choice, and implementation.
• Supports Positive Group Behavior: In a group
meeting, as participants can share their ideas more
openly without the fear of being criticized, they display
more positive group behavior towards the subject matter
of the meeting.
PUBLIC 49
• Idea Organizer: It helps in bringing together, evaluating
and categorizing the ideas that are produced during the
brainstorming activity.
• Tools for Setting Priority: It includes a collection
of techniques, such as simple voting, ranking in order
and some weighted techniques that are used for voting
and setting priorities in a group meeting.
• Policy Formation Tool: It provides the necessary
support for converting the wordings of policy statements
into an agreement.
PUBLIC 50
Note, too, that each executive specializes in a particular business area. As
such, an ideal EIS should have drill-down capabilities that will enable them
to zoom in on areas that fall under their responsibility.
• Hardware
• Software
• User interface (UI)
• Telecommunications capability
Hardware
An EIS’s hardware should include input devices that executives can use to
enter, check, and update data; a central processing unit (CPU) that controls
the entire system; data storage for saving and archiving useful business
information; and output devices (e.g., monitors, printers, etc.) that show
visual representations of the data executives need to keep or read.
Software
PUBLIC 51
executives to pick from predetermined choices for their needs. And since
not all executives are tech-savvy, it’s ideal for the UI to accept inputs and
produce outputs using programming (i.e., for the tech-savvy) and natural
language (i.e., for the not tech-savvy).
Telecommunications capability
PUBLIC 52
• Limited functionality
• Hard to quantify the benefits
• Possible information overload on an executive’s part
• System may become slow over time
• May lead to system insecurities
• May be too expensive for small companies
Executive support systems are intended to be used by the senior managers directly to
provide support to non-programmed decisions in strategic management.
These information are often external, unstructured and even uncertain. Exact scope
and context of such information is often not known beforehand.
This information is intelligence based −
• Market intelligence
• Investment intelligence
• Technology intelligence
• External databases
• Technology reports like patent records etc.
• Technical reports from consultants
• Market reports
• Confidential information about competitors
• Speculative information like market conditions
• Government policies
• Financial reports and information
PUBLIC 53
Features of Executive Information System
Advantages of ESS
• Easy for upper level executive to use
• Ability to analyze trends
• Augmentation of managers' leadership capabilities
• Enhance personal thinking and decision-making
• Contribution to strategic control flexibility
• Enhance organizational competitiveness in the market place
• Instruments of change
• Increased executive time horizons.
• Better reporting system
• Improved mental model of business executive
• Help improve consensus building and communication
• Improve office automation
PUBLIC 54
• Reduce time for finding information
• Early identification of company performance
• Detail examination of critical success factor
• Better understanding
• Time management
• Increased communication capacity and quality
Disadvantage of ESS
• Functions are limited
• Hard to quantify benefits
• Executive may encounter information overload
• System may become slow
• Difficult to keep current data
• May lead to less reliable and insecure data
• Excessive cost for small company
Expert System
1. User Interface:
It contains a computerized system between the user and the machine
for friendly communication. This system provides an interface to the
user in a graphical way.
PUBLIC 55
2. Interference Engine:
It regains & determines the data process. It performs this task to deduce
new facts which are subsequently used to draw further conclusions.
This component is associated with an expert system as the brain of the
expert system.
3. Knowledge Base:
This is the most important element of an expert system because it holds
the expert's knowledge of problem-solving. It is here that the expert's
elicited knowledge is stored. It contains the rules, facts and object
descriptions, etc. The knowledge base is always stored in the data with
the newest expert system products. The knowledgebase information is
all that is needed to understand & formulate the problem, and then
solve it.
4. Data Acquisition Subsystem:
The specialist has to learn the information reflected in the knowledge
base. Information acquisition software is used by a person who has
problem experience to build, incorporate or modify the base of
knowledge. Potential knowledge sources include human experts,
research reports, textbooks, databases and the experience of the user
himself.
PUBLIC 56
Unit-6: Introduction to E-Commerce
Traditional Vs. E-Commerce Transactions,
PUBLIC 57
Traditional Commerce vs E-commerce
Overlooked are the days when business activities such as the exchange of goods and services
for money, between 2 parties, had to take place in a traditional environment. The consumer
going to the market, checking out a variety of goods, picking needed items, buying them and
then paying the precise amount is what distinguishes traditional commerce. However, now with
the advent of technological innovations, modern techniques of selling goods and services have
arisen. For example, e-commerce, where people purchase and sell commodities via the Internet.
Both modes have their own merits and demerits, here, the students can learn the meaning of
traditional commerce and e-commerce.
Traditional Commerce
Traditional commerce includes the exchange of goods and services between 2 people. As stated
in the introduction, it is one of the traditional methods of purchasing goods and services. It is
followed by everyone across the globe.
E-Commerce
E-commerce i.e., electronic commerce is similar to traditional commerce. It also includes the
exchange of goods and services. The solitary difference is that it is handled online through an
electronic network – the Internet. Now it has spread across to online social networks. With e-
commerce, support, transactions and communication are done via the use of electronic
communication. All trading activities including selling, ordering, buying, payments are executed
over the internet.
This article is a ready reckoner for the students to learn the comparison between Traditional
Commerce vs Ecommerce.
Comparison Table:
BASIS FOR
TRADITIONAL COMMERCE E-COMMERCE
COMPARISON
Meaning Traditional commerce is a branch e-Commerce means
of business which focuses on the carryng out commercial
exchange of products and transactions or
services, and includes all those exchange of information,
activities which encourages electronically on the
exchange, in some way or the internet.
other.
Processing of Manual Automatic
Transactions
Accessibility Limited Time 24×7×365
Physical Goods can be inspected physically Goods cannot be
inspection before purchase. inspected physically
before purchase.
Customer Face-to-face Screen-to-face
interaction
PUBLIC 58
BASIS FOR
TRADITIONAL COMMERCE E-COMMERCE
COMPARISON
Scope of Limited to particular area. Worldwide reach
business
Information No uniform platform for exchange Provides a uniform
exchange of information. platform for information
exchange.
Resource focus Supply side Demand side
Business Linear End-to-end
Relationship
Marketing One way marketing One-to-one marketing
Payment Cash, cheque, credit card, etc. Credit card, fund
transfer etc.
Delivery of Instantly Takes time
goods
E-commerce is the buying and selling of goods or services via the internet,
and the transfer of money and data to complete the sales. It’s also known as
electronic commerce or internet commerce.
Online selling has changed tremendously since it began; the evolution and
history of e-commerce is fascinating – and it’s advancing at an even quicker
pace today.
The customer places the order via the online store using a web browser; the
order details are then relayed to a central backend system – an e-commerce
platform, which facilitates or performs several tasks, including:
PUBLIC 59
• Updating stock or inventory levels and confirming if there’s
sufficient stock
• Processing the payment for the order
• Confirming adequate funds were received to fulfill the order
• Notifying the customer that the order was successfully processed.
• Notifying the shipping department for the order to be shipped to
the customer, or access to the service to be granted.
PUBLIC 60
directly to their end customer without going through a retailer,
distributor, or wholesaler. Subscriptions are a popular D2C item,
and social selling via platforms like InstaGram, Pinterest, TikTok,
Facebook, SnapChat, etc. are popular platforms for direct to
consumer sales.
Advantages of e-commerce
PUBLIC 61
Disadvantages of e-commerce
While there are many benefits of ecommerce, there are some potential downsides
as well. Below are some common disadvantages:
Electronic Catalogues
PUBLIC 62
Secure customisable access control
The B2BE e-Catalogue has customisable access so you’re able to provide content based on
the type of user visiting the catalogue and presents pricing and content for public users, or
specific content and pricing for account users via a login.
Attribute management
The B2BE e-Catalogue solution enables you to design the way you wish to set up and
manage products based on key attributes. That is, you can build a logical and uniform way
in which products can be categorised regardless of the actual data managed in the
background and extracted from your ERP environment. Consequently, this means users can
search for your products logically.
Electronic Auctions
An eAuction is a transaction between sellers (the auctioneers) and bidders (suppliers
in the business-to-business scenarios) in an electronic marketplace.
PUBLIC 63
It can occur business-to-business, business-to-consumer, or consumer-to-consumer,
and allows suppliers to bid online against each other for contracts against a
published specification.
PUBLIC 64
How Does E Supply Chain Management Work?
ESCM is a comprehensive approach to managing the entire supply chain
process. It involves the use of technology, processes, and people to
ensure that goods and services are delivered to customers in a timely and
cost-effective manner. The technology used in ESCM includes software,
hardware, and networks that enable businesses to track and manage their
supply chain processes. Additionally, ESCM involves the use of processes
and people to ensure that goods and services are delivered to customers
in a timely and cost-effective manner.
PUBLIC 65
Individuals, businesses, and governments must invest in cybersecurity to
protect their data and assets from criminals. The importance of
cybersecurity in this progressively internet-centered world is supreme. To
understand what cyber security is and its importance, you can apply for
specialized IT Security certifications online. These courses will upgrade your
intuitive skills and allow you to engage with experts in the industry.
PUBLIC 66
Software vulnerabilities are weaknesses in software that can
be exploited by malicious actors to gain access to a system
or network. These vulnerabilities can be caused by a variety
of factors, including coding errors, design flaws, and
inadequate security measures. Understanding the sources of
software vulnerabilities is essential for organizations to
protect their systems and networks from attack.
Third-Party Software
Third-party software is another source of software vulnerabilities. This can
include software libraries, frameworks, and other components that are
used in the development of a software application. Third-party software
PUBLIC 67
can contain vulnerabilities that can be exploited by malicious actors. It is
important for organizations to ensure that any third-party software they
use is secure and up-to-date.
Outdated Software
Outdated software is another source of software vulnerabilities. As
software applications are updated, new security vulnerabilities can be
discovered and patched. If an organization fails to keep their software up-
to-date, they may be vulnerable to attack. It is important for organizations
to ensure that their software is regularly updated to the latest version.
Insufficient Testing
Insufficient testing is another source of software vulnerabilities. If a
software application is not thoroughly tested before it is released, it may
contain security vulnerabilities that can be exploited by malicious actors. It
is important for organizations to ensure that their software is thoroughly
tested before it is released.
Human Error
Human error is another source of software vulnerabilities. This can include
mistakes made by developers, administrators, and users. For example, a
developer may make a coding error that leads to a security vulnerability, or
an administrator may configure a system incorrectly, leading to a security
vulnerability. It is important for organizations to ensure that their staff are
properly trained and aware of security best practices.
Malicious Actors
Malicious actors are another source of software vulnerabilities. Malicious
actors can exploit vulnerabilities in software applications to gain access to
a system or network. It is important for organizations to ensure that their
PUBLIC 68
systems and networks are secure and that any vulnerabilities are patched
as soon as possible.
A company's security policy may include an acceptable use policy. These describe
how the company plans to educate its employees about protecting the company's
assets. They also include an explanation of how security measurements will be
carried out and enforced, and a procedure for evaluating the effectiveness of the
policy to ensure that necessary corrections are made.
Physical security policies are aimed at protecting a company's physical assets, such
as buildings and equipment, including computers and other IT equipment. Data
security policies protect intellectual property from costly events, like data
breaches and data leaks.
PUBLIC 69
Physical security policies include the following information:
Security guards, entry gates, and door and window locks are all used to protect
physical assets. Other, more high-tech methods are also used to keep physical
assets safe. For example, a biometric verification system can limit access to a
server room. Anyone accessing the room would use a fingerprint scanner to verify
they are authorized to enter.
Protect valuable assets. These policies help ensure the confidentiality, integrity
and availability -- known as the CIA triad -- of data. They are often used to protect
sensitive customer data and personally identifiable information.
PUBLIC 70
In today's Digital World, the Internet revolutionized, and everyone is
shifting business online. People are proving their presence on the
Internet to reach as many people as possible and increase revenue.
According to Netcraft, as of September 2014, there were over 1
billion websites on the web, and present statics show around 2
billion sites are on the Internet which means it will become
necessary in the upcoming years. The sites increasing day by day,
but lots of people do not care about the security initially, and such
sites are prone to lots of vulnerabilities, which gives hackers or
attackers a chance to compromise the data.
PUBLIC 71
Then a copy of the SSL certificate is sent by the webserver to the
browser/server. The browser/server checks to see whether it should
trust the SSL certificate or not. And according to it sends messages
to the webserver. If the certificate looks good, the web server sends
back a digitally signed acknowledgment for starting an SSL
encrypted session. Now the exchange of data proceeds in the
encrypted ways between the browser/server and the webserver.
A Website Scanner
A cyber attack costs more the longer it takes to be found, so time
becomes an essential factor in safeguarding the website. A website
scanner looks for malware, vulnerabilities, and other security issues
so that organizations can moderate them appropriately.
What is a Firewall?
A Firewall is a network security device that monitors and filters incoming
and outgoing network traffic based on an organization’s previously
established security policies. At its most basic, a firewall is essentially the
barrier that sits between a private internal network and the public Internet.
A firewall’s main purpose is to allow non-threatening traffic in and to keep
dangerous traffic out.
Firewall History
Firewalls have existed since the late 1980’s and started out as packet
filters, which were networks set up to examine packets, or bytes,
transferred between computers. Though packet filtering firewalls are still in
use today, firewalls have come a long way as technology has developed
throughout the decades.
• Gen 1 Virus
PUBLIC 72
• Gen 2 Networks
• Gen 3 Applications
• Gen 4 Payload
• Gen 5 Mega
Back in 1993, Check Point CEO Gil Shwed introduced the first stateful
inspection firewall, FireWall-1. Fast forward twenty-seven years, and a
firewall is still an organization’s first line of defense against cyber attacks.
Today’s firewalls, including Next Generation Firewalls and Network
Firewalls support a wide variety of functions and capabilities with built-in
features, including:
• Scalable Performance
PUBLIC 73
Types of Firewalls
• Packet filtering
• Proxy service
• Stateful inspection
PUBLIC 74
prevention system (IPS), these Next Generation Firewalls are able to react
quickly and seamlessly to detect and combat attacks across the whole
network. Firewalls can act on previously set policies to better protect your
network and can carry out quick assessments to detect invasive or
suspicious activity, such as malware, and shut it down. By leveraging a
firewall for your security infrastructure, you’re setting up your network with
specific policies to allow or block incoming and outgoing traffic.
PUBLIC 75
of the packets are protected while traversing the Internet. This enables
users to safely send and receive data across shared or public networks.
PUBLIC 76
works, we will also delve into examples of our offerings to illustrate what is
possible when keeping your branch safe.
WHAT IS TRANSACTIONAL SECURITY?
PUBLIC 77
these products will always play an major role in offering security for any
valuable stored items.
PUBLIC 78
• Verifier feeds the digital signature and the verification key into the
verification algorithm. The verification algorithm gives some value as
output.
• Verifier also runs same hash function on received data to generate hash
value.
• For verification, this hash value and output of verification algorithm are
compared. Based on the comparison result, verifier decides whether the
digital signature is valid.
• Since digital signature is created by ‘private’ key of signer and no one
else can have this key; the signer cannot repudiate signing the data in
future.
It should be noticed that instead of signing data directly by signing algorithm, usually
a hash of data is created. Since the hash of data is a unique representation of data, it
is sufficient to sign the hash in place of data. The most important reason of using hash
instead of data directly for signing is efficiency of the scheme.
Let us assume RSA is used as the signing algorithm. As discussed in public key
encryption chapter, the encryption/signing process using RSA involves modular
exponentiation.
Signing large data through modular exponentiation is computationally expensive and
time consuming. The hash of the data is a relatively small digest of the data,
hence signing a hash is more efficient than signing the entire data.
PUBLIC 79
Encryption with Digital Signature
In many digital communications, it is desirable to exchange an encrypted messages
than plaintext to achieve confidentiality. In public key encryption scheme, a public
(encryption) key of sender is available in open domain, and hence anyone can spoof
his identity and send any encrypted message to the receiver.
This makes it essential for users employing PKC for encryption to seek digital
signatures along with encrypted data to be assured of message authentication and
non-repudiation.
This can archived by combining digital signatures with encryption scheme. Let us
briefly discuss how to achieve this requirement. There are two possibilities, sign-
then-encrypt and encrypt-then-sign.
However, the crypto system based on sign-then-encrypt can be exploited by receiver
to spoof identity of sender and sent that data to third party. Hence, this method is not
preferred. The process of encrypt-then-sign is more reliable and widely adopted. This
is depicted in the following illustration −
The receiver after receiving the encrypted data and signature on it, first verifies the
signature using sender’s public key. After ensuring the validity of the signature, he
then retrieves the data through decryption using his private key.
PUBLIC 80
be decrypted with the private key. Because of this use of two keys instead of one,
public key cryptography is also known as asymmetric cryptography. It is widely
used, especially for TLS/SSL, which makes HTTPS possible.
For example, suppose we take a plaintext message, "hello," and encrypt it with a
key; let's say the key is "2jd8932kd8." Encrypted with this key, our simple "hello"
now reads "X5xJCSycg14=", which seems like random garbage data. However, by
decrypting it with that same key, we get "hello" back.
PUBLIC 81
publicly, contains the public key, and the private key is installed on the origin
server — it's "owned" by the website.
TLS handshakes use public key cryptography to authenticate the identity of the
origin server, and to exchange data that is used for generating the session keys. A
key exchange algorithm, such as RSA or Diffie-Hellman, uses the public-private key
pair to agree upon session keys, which are used for symmetric encryption once the
handshake is complete. Clients and servers are able to agree upon new session
keys for each communication session, so that bad actors are unable to decrypt
communications even if they identify or steal one of the session keys from a
previous session.
Email security is a term for describing different procedures and techniques for
protecting email accounts, content, and communication against unauthorized access,
loss or compromise. Email is often used to spread malware, spam and phishing attacks.
Attackers use deceptive messages to entice recipients to part with sensitive
information, open attachments or click on hyperlinks that install malware on the
victim’s device. Email is also a common entry point for attackers looking to gain a
foothold in an enterprise network and obtain valuable company data.
How Secure Is Email?
Because email is an open format, it can be viewed by anyone who can intercept it,
causing email security concerns. This became an issue as organizations began
sending confidential or sensitive information through email. An attacker could easily
PUBLIC 82
read the contents of an email by intercepting it. Over the years, organizations have
been increasing email security measures to make it harder for attackers to get their
hands on sensitive or confidential information.
These email security policies can be as simple as removing all executable content from
emails to more in-depth actions, like sending suspicious content to a sandboxing tool for
detailed analysis. If email security incidents are detected by these policies, the
organization needs to have actionable intelligence about the scope of the attack. This
will help determine what damage the attack may have caused. Once an organization has
visibility into all the emails being sent, they can enforce email encryption policies to
prevent sensitive email information from falling into the wrong hands.
One of the first best practices that organizations should put into effect is implementing a
secure email gateway. An email gateway scans and processes all incoming and outgoing
email and makes sure that threats are not allowed in. Because attacks are increasingly
sophisticated, standard security measures, such as blocking known bad file
attachments, are no longer effective. A better solution is to deploy a secure email
gateway that uses a multi-layered approach.
It’s also important to deploy an automated email encryption solution as a best practice.
This solution should be able to analyze all outbound email traffic to determine whether
the material is sensitive. If the content is sensitive, it needs to be encrypted before it is
emailed to the intended recipient. This will prevent attackers from viewing emails, even
if they were to intercept them.
PUBLIC 83
The security of email can depend on the user. Training employees on appropriate email
usage and knowing what is a good and bad email is also an important best practice for
email security. Users may receive a malicious email that slips through the secure email
gateway, so it’s critical that they understand what to look for. Most often they are
exposed to phishing attacks, which have telltale signs. Training helps employees spot
and report on these types of emails.
A secure email gateway, deployed either on-premises or in the cloud, should increase
the security of email by offering multi-layered protection from unwanted, malicious and
BEC email; granular visibility; and business continuity for organizations of all sizes.
These controls enable security teams to have confidence that they can secure users
from email threats and maintain email communications in the event of an outage.
An email encryption solution reduces the risks associated with regulatory violations,
data loss and corporate policy violations while enabling essential business
communications. The email security solution should work for any organization that
needs to protect sensitive data, while still making it readily available to affiliates,
business partners and users—on both desktops and mobile devices. An email
encryption solution is especially important for organizations required to follow
compliance regulations, like GDPR, HIPAA or SOX, or abide by security standards like
PCI-DSS.
PUBLIC 84
• Non-Repudiability − It is the protection against the denial of order or
denial of payment. Once a sender sends a message, the sender should
not be able to deny sending the message. Similarly, the recipient of
message should not be able to deny the receipt.
• Encryption − Information should be encrypted and decrypted only by an
authorized user.
• Auditability − Data should be recorded in such a way that it can be
audited for integrity requirements.
Measures to ensure Security
Major security measures are following −
• Encryption − It is a very effective and practical way to safeguard the
data being transmitted over the network. Sender of the information
encrypts the data using a secret code and only the specified receiver can
decrypt the data using the same or a different secret code.
• Digital Signature − Digital signature ensures the authenticity of the
information. A digital signature is an e-signature authenticated through
encryption and password.
• Security Certificates − Security certificate is a unique digital id used to
verify the identity of an individual website or user.
Security Protocols in Internet
We will discuss here some of the popular protocols used over the internet to ensure
secured online transactions.
• Authentication
• Encryption
• Integrity
• Non-reputability
"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for HTTP
urls without SSL.
Secure Hypertext Transfer Protocol (SHTTP)
SHTTP extends the HTTP internet protocol with public key encryption, authentication,
and digital signature over the internet. Secure HTTP supports multiple security
mechanism, providing security to the end-users. SHTTP works by negotiating
encryption scheme types used between the client and the server.
Secure Electronic Transaction
It is a secure protocol developed by MasterCard and Visa in collaboration.
Theoretically, it is the best security protocol. It has the following components −
• Card Holder's Digital Wallet Software − Digital Wallet allows the card
holder to make secure purchases online via point and click interface.
PUBLIC 85
• Merchant Software − This software helps merchants to communicate
with potential customers and financial institutions in a secure manner.
• Payment Gateway Server Software − Payment gateway provides
automatic and standard payment process. It supports the process for
merchant's certificate request.
• Certificate Authority Software − This software is used by financial
institutions to issue digital certificates to card holders and merchants, and
to enable them to register their account agreements for secure electronic
commerce.
PUBLIC 86