Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000004407387 | HF5548.32 E53 2000 | Open Access Book | Book | Searching... |
Searching... | 30000005038405 | HF5548.32 E53 2000 | Open Access Book | Book | Searching... |
Searching... | 30000004407445 | HF5548.32 E53 2000 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
"This is the first book to focus on the challenge at the heart of the e-business revolution: building long-term relationships of trust between buyers, sellers, and partners. In Electronic Commerce Relationships: Trust by Design, four expert authors present today's best practices for designing trust into any e-commerce system. Start by understanding the key elements of trust in e-commerce - certainty, confidentiality, and privacy - and then learn to build systems that deliver all three. Discover no-nonsense, proven techniques for e-commerce risk mitigation, trust, control, audit, and security - along with specific recommendations and processes you can implement now."--BOOK JACKET.Title Summary field provided by Blackwell North America, Inc. All Rights Reserved
Author Notes
The authors are all recognized leaders in E-commerce, with distinguished histories of writing, consulting, and developing electronic business solutions for major corporations.
Table of Contents
Acknowledgments | p. xiii |
Introduction | p. xv |
1 Electronic Commerce and the Concept of Trust | p. 1 |
Definition of Trust | p. 1 |
The Basics of Trust | p. 4 |
Trust as a Foundation for EC | p. 7 |
The Trusted System | p. 9 |
Complexity | p. 10 |
Interdependency | p. 10 |
The Trust Economy | p. 11 |
Telecommunications Networks | p. 12 |
Addressing New Risks | p. 14 |
Action Items for it Managers | p. 16 |
Understand the Business Environment | p. 16 |
Categorize and Respond to Specific Areas of Concern | p. 17 |
Monitor the Relationship | p. 17 |
2 The Dark Side of the Force: The Risks of Electronic Commerce | p. 19 |
Risks Common to all Distributed Networks | p. 19 |
Limitations of Traditional Risk Management | p. 21 |
New Awareness | p. 22 |
Technology-Induced Risks: What's New | p. 27 |
Process-Oriented Technical Risks | p. 27 |
Public Communications Paths | p. 28 |
Automation Amplification | p. 31 |
Risk-Reduction Measures to Consider | p. 33 |
Uneven Quality of Black Box Processes | p. 35 |
What Control Professionals and Auditors Say | p. 37 |
Get the Big Picture | p. 37 |
Put Risk in the Right Context | p. 38 |
The Role of the it Manager in Risk Management | p. 39 |
Beyond Technology Risk | p. 39 |
3 Gaining Control of Electronic Commerce | p. 43 |
Control is More than Security | p. 43 |
Benefits and Importance of Control | p. 43 |
Control Objectives of a Trusted Commercial System | p. 45 |
Criteria of Control | p. 46 |
EC Controls: The Macro View | p. 47 |
Control Is an Evolutionary Process | p. 48 |
Steps to Create a Safe EC Environment | p. 53 |
Identification of "Crown Jewels" | p. 53 |
Management Controls: People and Process | p. 53 |
Technology Dependent Controls (Tools) | p. 55 |
Role of the IT Manager: Point--Counterpoint | p. 57 |
4 Maintaining the Trust Bond: Certainty, Confidentiality, and Privacy | p. 61 |
Introduction | p. 61 |
Definitions and Implications for EC | p. 62 |
Protection | p. 63 |
EC Information Flow | p. 69 |
Corporate Data Flow and Interactions | p. 69 |
Data Flows Between Trading Partners | p. 73 |
Data-in-Transit | p. 75 |
Data with ISP | p. 78 |
Data at Client Sites, Server Site, and Outsourced Vendors | p. 80 |
Trans-Border Information Flow | p. 81 |
The Auditor's Perspective | p. 82 |
Confidentiality/Privacy Regulations: An International Sample | p. 83 |
Total Quality in the EC Transaction Factory | p. 86 |
5 Security: What Are You Protecting ... and Why? | p. 87 |
Look After the Information First: Linking Security With Data Protection | p. 89 |
Value and Approach for Public Key Versus Private Key | p. 90 |
Framework for Building Confidence | p. 97 |
Understanding the Risks of Distributed Systems | p. 98 |
Cost of Risk Protection | p. 103 |
Risk Management | p. 104 |
Layers of Risk Protection | p. 106 |
Perimeter | p. 106 |
User Authentication | p. 109 |
Public Key Infrastructure (PKI) | p. 111 |
Other Authentication Techniques | p. 112 |
Access Control and Authorization | p. 112 |
Information Transformation Layers and Associated Security Schemes | p. 114 |
Social Aspects of Security | p. 117 |
Social Engineering | p. 117 |
Removable Data | p. 119 |
Legal Aspects | p. 119 |
Retaining Expertise | p. 120 |
6 Looking After Business: The Core Components of Electronic Commerce | p. 123 |
EC as a Catalyst for Change | p. 124 |
EC Defined | p. 125 |
Person to Person | p. 125 |
Person to Computer | p. 126 |
Computer to Computer | p. 126 |
Edi as the Primary Business-to-Business EC Component | p. 127 |
The EC Value Proposition | p. 128 |
Sales | p. 128 |
Customer Service | p. 129 |
Procurement | p. 129 |
Procurement Cards | p. 130 |
Information Management and Dissemination to Internal Resources | p. 130 |
Business Issues | p. 131 |
Technical Issues | p. 132 |
Communications | p. 132 |
Data Storage and Retrieval | p. 133 |
Message Conversion | p. 136 |
Application Interface | p. 138 |
EC in the Payments Business | p. 140 |
Future Direction and Implications for it Managers | p. 141 |
Extended Reach | p. 142 |
Micropayments | p. 142 |
Digital Cash | p. 143 |
Smart Cards | p. 143 |
Mondex | p. 143 |
Encrypted Credit Cards | p. 144 |
Electronic Checks | p. 144 |
Electronic Bill Presentment | p. 145 |
Implications of New EC Delivery Channels | p. 145 |
Key EC Issues for the IT Manager | p. 146 |
Factors for the IT Manager to Consider | p. 147 |
Steps for EC Success | p. 148 |
7 Business First and Safety First: Protecting Electronic Commerce Relationships | p. 151 |
From Systems Defense to Business Enhancement | p. 152 |
Putting Both Safety and Service First | p. 154 |
Key Players in EC Development | p. 155 |
Business Policy as Big Rules | p. 155 |
The Link Between Big Rules and Standards | p. 157 |
Determining Compelling Reasons for the Big Rules | p. 159 |
Questions for the Big Rule | p. 160 |
Choosing the Big Rules | p. 161 |
Relationship Design | p. 162 |
Reputation and Performance in an Online Relationship | p. 165 |
The Perfect EC Relationship | p. 166 |
Front-Ending | p. 167 |
Business Enhancement | p. 168 |
8 Auditing for a New Age, New Purpose, and New Commerce | p. 169 |
The Changing Role of the Internal Auditor | p. 170 |
Internal Control: Trends and Recent Developments | p. 171 |
Internal Control: Integrated Framework, 1994 | p. 171 |
Guidance on Assessing Control, 1999 | p. 172 |
Guidance on Control, 1995 | p. 173 |
Control Objectives for Information and Related Technology, 1998 (CobiT) | p. 174 |
An Integrated Control Framework for EC | p. 176 |
The EC Control Environment | p. 177 |
The Payoff Idea | p. 183 |
9 External Audit Requirements and Regulatory Compliance | p. 189 |
Overview | p. 189 |
The External Auditor's Role | p. 190 |
What External Auditors Look For | p. 190 |
The Question of Corporate Governance: The Regulator's Role | p. 193 |
FDIC Electronic Banking: Safety and Soundness Examination Procedures, 1998 (U.S.) | p. 194 |
Independent Report on "Electronic Commerce and Canada's Tax Administration," 1998 | p. 195 |
CDIC Standards of Sound Business and Financial Practices: Internal Control 1994 (Canada) | p. 196 |
Financial Aspects of Corporate Governance, 1992 (U.K.) | p. 197 |
External Requirements Harmonization | p. 198 |
The Common Ground | p. 198 |
Action Items for Control Designers | p. 199 |
Apply Safety Tools | p. 199 |
Add New Control Self-Assessment Topics | p. 200 |
Promote Quality Documentation | p. 200 |
Action Items for EC Professionals | p. 200 |
10 Trends to Follow and Opportunities to Take | p. 205 |
How to Plan When You Can't Predict | p. 206 |
The Near Term | p. 210 |
Transforming the Nature of Security with Agents | p. 210 |
ANSI and Internet/Extranet Growth | p. 212 |
The Medium Term | p. 213 |
Safe Payments | p. 214 |
The Unknown Time Frame | p. 216 |
Digital Cash | p. 216 |
Changes in Payment Mechanisms | p. 216 |
The Death of Copyright | p. 218 |
Recommendations to Managers | p. 218 |
Appendix Electronic Commerce in Action: The Case for Secure Electronic Transaction (SET) | p. 221 |
1. What is Set? | p. 222 |
2. Why Set at All? | p. 226 |
3. Risk Profile With Implementing a Set Payment System | p. 226 |
Set Payment Cardholders | p. 226 |
Set Merchants | p. 227 |
Set Payment Gateways | p. 227 |
4. The Trust Dimension: The Public Key Infrastructure | p. 228 |
5. Set Implementation Issues | p. 228 |
Vendor Products May Not Be Fully Certified at Time of Implementation or Self-Audit | p. 228 |
Merchant Sign-Up Process Change | p. 230 |
Certificate Management | p. 230 |
Performance | p. 231 |
Backup of Set-Sensitive Files | p. 231 |
Managing Vendors and Outsourcing Partners | p. 231 |
Self-Audits and Independent Audits | p. 232 |
6. What Set Does Not Cover | p. 232 |
Index | p. 235 |
The Authors | p. 245 |