Title:
Electronic commerce relationships : trust by design
Personal Author:
Publication Information:
Upper saddle River : Prentice Hall, 2000
ISBN:
9780130170378
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000004407387 | HF5548.32 E53 2000 | Open Access Book | Book | Searching... |
Searching... | 30000005038405 | HF5548.32 E53 2000 | Open Access Book | Book | Searching... |
Searching... | 30000004407445 | HF5548.32 E53 2000 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
"This is the first book to focus on the challenge at the heart of the e-business revolution: building long-term relationships of trust between buyers, sellers, and partners. In Electronic Commerce Relationships: Trust by Design, four expert authors present today's best practices for designing trust into any e-commerce system. Start by understanding the key elements of trust in e-commerce - certainty, confidentiality, and privacy - and then learn to build systems that deliver all three. Discover no-nonsense, proven techniques for e-commerce risk mitigation, trust, control, audit, and security - along with specific recommendations and processes you can implement now."--BOOK JACKET.Title Summary field provided by Blackwell North America, Inc. All Rights Reserved
Author Notes
The authors are all recognized leaders in E-commerce, with distinguished histories of writing, consulting, and developing electronic business solutions for major corporations.
Table of Contents
| Acknowledgments | p. xiii |
| Introduction | p. xv |
| 1 Electronic Commerce and the Concept of Trust | p. 1 |
| Definition of Trust | p. 1 |
| The Basics of Trust | p. 4 |
| Trust as a Foundation for EC | p. 7 |
| The Trusted System | p. 9 |
| Complexity | p. 10 |
| Interdependency | p. 10 |
| The Trust Economy | p. 11 |
| Telecommunications Networks | p. 12 |
| Addressing New Risks | p. 14 |
| Action Items for it Managers | p. 16 |
| Understand the Business Environment | p. 16 |
| Categorize and Respond to Specific Areas of Concern | p. 17 |
| Monitor the Relationship | p. 17 |
| 2 The Dark Side of the Force: The Risks of Electronic Commerce | p. 19 |
| Risks Common to all Distributed Networks | p. 19 |
| Limitations of Traditional Risk Management | p. 21 |
| New Awareness | p. 22 |
| Technology-Induced Risks: What's New | p. 27 |
| Process-Oriented Technical Risks | p. 27 |
| Public Communications Paths | p. 28 |
| Automation Amplification | p. 31 |
| Risk-Reduction Measures to Consider | p. 33 |
| Uneven Quality of Black Box Processes | p. 35 |
| What Control Professionals and Auditors Say | p. 37 |
| Get the Big Picture | p. 37 |
| Put Risk in the Right Context | p. 38 |
| The Role of the it Manager in Risk Management | p. 39 |
| Beyond Technology Risk | p. 39 |
| 3 Gaining Control of Electronic Commerce | p. 43 |
| Control is More than Security | p. 43 |
| Benefits and Importance of Control | p. 43 |
| Control Objectives of a Trusted Commercial System | p. 45 |
| Criteria of Control | p. 46 |
| EC Controls: The Macro View | p. 47 |
| Control Is an Evolutionary Process | p. 48 |
| Steps to Create a Safe EC Environment | p. 53 |
| Identification of "Crown Jewels" | p. 53 |
| Management Controls: People and Process | p. 53 |
| Technology Dependent Controls (Tools) | p. 55 |
| Role of the IT Manager: Point--Counterpoint | p. 57 |
| 4 Maintaining the Trust Bond: Certainty, Confidentiality, and Privacy | p. 61 |
| Introduction | p. 61 |
| Definitions and Implications for EC | p. 62 |
| Protection | p. 63 |
| EC Information Flow | p. 69 |
| Corporate Data Flow and Interactions | p. 69 |
| Data Flows Between Trading Partners | p. 73 |
| Data-in-Transit | p. 75 |
| Data with ISP | p. 78 |
| Data at Client Sites, Server Site, and Outsourced Vendors | p. 80 |
| Trans-Border Information Flow | p. 81 |
| The Auditor's Perspective | p. 82 |
| Confidentiality/Privacy Regulations: An International Sample | p. 83 |
| Total Quality in the EC Transaction Factory | p. 86 |
| 5 Security: What Are You Protecting ... and Why? | p. 87 |
| Look After the Information First: Linking Security With Data Protection | p. 89 |
| Value and Approach for Public Key Versus Private Key | p. 90 |
| Framework for Building Confidence | p. 97 |
| Understanding the Risks of Distributed Systems | p. 98 |
| Cost of Risk Protection | p. 103 |
| Risk Management | p. 104 |
| Layers of Risk Protection | p. 106 |
| Perimeter | p. 106 |
| User Authentication | p. 109 |
| Public Key Infrastructure (PKI) | p. 111 |
| Other Authentication Techniques | p. 112 |
| Access Control and Authorization | p. 112 |
| Information Transformation Layers and Associated Security Schemes | p. 114 |
| Social Aspects of Security | p. 117 |
| Social Engineering | p. 117 |
| Removable Data | p. 119 |
| Legal Aspects | p. 119 |
| Retaining Expertise | p. 120 |
| 6 Looking After Business: The Core Components of Electronic Commerce | p. 123 |
| EC as a Catalyst for Change | p. 124 |
| EC Defined | p. 125 |
| Person to Person | p. 125 |
| Person to Computer | p. 126 |
| Computer to Computer | p. 126 |
| Edi as the Primary Business-to-Business EC Component | p. 127 |
| The EC Value Proposition | p. 128 |
| Sales | p. 128 |
| Customer Service | p. 129 |
| Procurement | p. 129 |
| Procurement Cards | p. 130 |
| Information Management and Dissemination to Internal Resources | p. 130 |
| Business Issues | p. 131 |
| Technical Issues | p. 132 |
| Communications | p. 132 |
| Data Storage and Retrieval | p. 133 |
| Message Conversion | p. 136 |
| Application Interface | p. 138 |
| EC in the Payments Business | p. 140 |
| Future Direction and Implications for it Managers | p. 141 |
| Extended Reach | p. 142 |
| Micropayments | p. 142 |
| Digital Cash | p. 143 |
| Smart Cards | p. 143 |
| Mondex | p. 143 |
| Encrypted Credit Cards | p. 144 |
| Electronic Checks | p. 144 |
| Electronic Bill Presentment | p. 145 |
| Implications of New EC Delivery Channels | p. 145 |
| Key EC Issues for the IT Manager | p. 146 |
| Factors for the IT Manager to Consider | p. 147 |
| Steps for EC Success | p. 148 |
| 7 Business First and Safety First: Protecting Electronic Commerce Relationships | p. 151 |
| From Systems Defense to Business Enhancement | p. 152 |
| Putting Both Safety and Service First | p. 154 |
| Key Players in EC Development | p. 155 |
| Business Policy as Big Rules | p. 155 |
| The Link Between Big Rules and Standards | p. 157 |
| Determining Compelling Reasons for the Big Rules | p. 159 |
| Questions for the Big Rule | p. 160 |
| Choosing the Big Rules | p. 161 |
| Relationship Design | p. 162 |
| Reputation and Performance in an Online Relationship | p. 165 |
| The Perfect EC Relationship | p. 166 |
| Front-Ending | p. 167 |
| Business Enhancement | p. 168 |
| 8 Auditing for a New Age, New Purpose, and New Commerce | p. 169 |
| The Changing Role of the Internal Auditor | p. 170 |
| Internal Control: Trends and Recent Developments | p. 171 |
| Internal Control: Integrated Framework, 1994 | p. 171 |
| Guidance on Assessing Control, 1999 | p. 172 |
| Guidance on Control, 1995 | p. 173 |
| Control Objectives for Information and Related Technology, 1998 (CobiT) | p. 174 |
| An Integrated Control Framework for EC | p. 176 |
| The EC Control Environment | p. 177 |
| The Payoff Idea | p. 183 |
| 9 External Audit Requirements and Regulatory Compliance | p. 189 |
| Overview | p. 189 |
| The External Auditor's Role | p. 190 |
| What External Auditors Look For | p. 190 |
| The Question of Corporate Governance: The Regulator's Role | p. 193 |
| FDIC Electronic Banking: Safety and Soundness Examination Procedures, 1998 (U.S.) | p. 194 |
| Independent Report on "Electronic Commerce and Canada's Tax Administration," 1998 | p. 195 |
| CDIC Standards of Sound Business and Financial Practices: Internal Control 1994 (Canada) | p. 196 |
| Financial Aspects of Corporate Governance, 1992 (U.K.) | p. 197 |
| External Requirements Harmonization | p. 198 |
| The Common Ground | p. 198 |
| Action Items for Control Designers | p. 199 |
| Apply Safety Tools | p. 199 |
| Add New Control Self-Assessment Topics | p. 200 |
| Promote Quality Documentation | p. 200 |
| Action Items for EC Professionals | p. 200 |
| 10 Trends to Follow and Opportunities to Take | p. 205 |
| How to Plan When You Can't Predict | p. 206 |
| The Near Term | p. 210 |
| Transforming the Nature of Security with Agents | p. 210 |
| ANSI and Internet/Extranet Growth | p. 212 |
| The Medium Term | p. 213 |
| Safe Payments | p. 214 |
| The Unknown Time Frame | p. 216 |
| Digital Cash | p. 216 |
| Changes in Payment Mechanisms | p. 216 |
| The Death of Copyright | p. 218 |
| Recommendations to Managers | p. 218 |
| Appendix Electronic Commerce in Action: The Case for Secure Electronic Transaction (SET) | p. 221 |
| 1. What is Set? | p. 222 |
| 2. Why Set at All? | p. 226 |
| 3. Risk Profile With Implementing a Set Payment System | p. 226 |
| Set Payment Cardholders | p. 226 |
| Set Merchants | p. 227 |
| Set Payment Gateways | p. 227 |
| 4. The Trust Dimension: The Public Key Infrastructure | p. 228 |
| 5. Set Implementation Issues | p. 228 |
| Vendor Products May Not Be Fully Certified at Time of Implementation or Self-Audit | p. 228 |
| Merchant Sign-Up Process Change | p. 230 |
| Certificate Management | p. 230 |
| Performance | p. 231 |
| Backup of Set-Sensitive Files | p. 231 |
| Managing Vendors and Outsourcing Partners | p. 231 |
| Self-Audits and Independent Audits | p. 232 |
| 6. What Set Does Not Cover | p. 232 |
| Index | p. 235 |
| The Authors | p. 245 |
