Thursday 21 February 2008

miss edmunds questions

What is testing?
Testing is where a company carries out different tests onto their product/service/database etc to ensure that there are no problems and it works efficiently. They test every aspect of their product/service/database etc. and many companies even employ people to test them.

Why is it important?
The cost and time of fixing something that does not work properly would be more than testing it in the first place. Also, the company does not want to create a bad reputation for themselves if they release products etc that are faulty and have to recall them and fix them.


Give 2 possible consequences to a company of not testing.
They might have to spend a lot of money after the product/service/database etc. does not work properly. They would need to spend time and money on testing it to see where the problem is and then spending time and using employees to fix it. They would most likely receive a bad name for their product/service/database etc. not working efficiently and putting customer's personal information at risk and would need to spend money advertising themselves again to regain their customers and gain new ones.


Give 2 reasons why it is important to have a test plan.
It is important to have a test plan because to test something efficiently there needs to be a plan of who is doing what, when they tested it and where they are going to record the findings. To save time and money they do not want to have more than the needed people testing a certain aspect of what they are testing. With a test plan there can be assigned tasks and every employee knows what they are doing.

Monday 18 February 2008

what is testing

What is testing?

Testing is where a company carries out different tests onto their product/service/database etc to ensure that there are no problems and it works efficiently. They test every aspect of their product/service/database etc. and many companies even employ people to test them as the cost and time of fixing something that does not work properly would be more than testing it in the first place. Also, the company does not want to create a bad reputation for themselves if they release products etc that are faulty and have to recall them and fix them.

Consequences of not Testing

Consequences of not Testing

What was the problem?


The company Protx that deals with online payments was upgrading and a problem occurred which meant that thousands of retailers lost business because orders were failing.


What were the consequences?

People could not pay for products so businesses lost money and possibly future trade. The customers did not get the products when they wanted them and Protx has given itself a bad name. Transactions would not be secure so hackers would be able to get hold of customer information – crimes such as identity theft and fraud could occur


How could testing have prevented this?

They could have tested it on one company first and then could have identified problems and see if it worked efficiently. If a problem was identified it could have been solved and avoided the situation.

Wednesday 30 January 2008

security report

SECURITY REPORT

Electronic Commerce is often referred to as E-Commerce or eCommerce. E-Commerce entails a person buying or selling products and/or services over an electronic system such as the Internet. It specifically refers to the buying and selling of goods by transferring funds from one account to another. Transactions made with a customer and ASOS.com are part of the E-Commerce process.
With the rapid growth and spread of the Internet, E-Commerce has become a part of many people’s everyday lives. However, creating a revolutionary way of purchasing goods has also brought about many new threats and dangers that online customers are now at risk of.
Although, there are many advantages of purchasing goods online; someone that is housebound can get their food shopping delivered to their house via the Internet, someone that is time-poor can order Christmas presents, birthday presents, food shopping etc. online and get it delivered the next day etc. and someone that does not have the sufficient money to pay for petrol to pick up a product that is only stored in a certain area of the country can buy it online and get it delivered to their house, there are many disadvantages of purchasing goods this way.
E-commerce is more susceptible to threats than normal commerce as confidential details are needed when buying something online. For example you always need to write your address, your full name, date of birth, delivery address, billing address and your credit card details (unless you have a PayPal account). Whereas buying a product in a shop, you do not need to give any of these details, you only need to place your credit card into a machine and the company and your credit card company are the only people that are able to see this information. Whereas shopping online, in unfortunate cases, hackers and viruses can enable your information to be broadcasted.
There are many problems that have arisen from the evolvement of the Internet – allowing us to purchase products online, however, there are methods to help prevent these threats and dangers occurring.
Viruses are a computer program that can copy itself and infect a computer without the permission or knowledge of a user. Viruses normally attach themselves to computers that do not have up-to-date virus software and also, can be uploaded to your computer via opening an email with an ‘infected’ attachment in. As E-Commerce has evolved, virus makers have realised an easy way to get onto someone’s computer is by sending fake emails from online shops etc. urging them to open a very important attachment about their most recent purchase. People that are not aware of the dangers of opening emails that they do not know who are from or do not know how to tell between fake emails and real emails open these attachments and without realising, upload viruses to their computer which can be fatal. Information can be deleted or taken for harmful purposes. A way of preventing viruses from getting onto computers is by installing Anti-Virus software. There are many different types of anti-virus software, however, the most popular one is Norton Anti-Virus Software. This piece of software gives your computer protection against viruses and this software also includes protection against spyware. Regular updates and renewals are available from the website so the websites can always make sure their computers are safe from viruses and spyware.







Hackers are individuals that try to gain access to computer systems or networks without the user’s knowledge or consent in an attempt to steal sensitive and confidential information. E-Commerce websites such as ASOS.com have to be extremely careful that all of their computers and systems have sufficient methods to prevent hackers gaining access to their databases as websites keep personal information about their customers such as addresses and credit card details, which hackers could use to thieve someone’s identity or commit fraud. Hackers often create software that try to guess passwords by guessing millions of different combinations. There are methods to prevent hackers from gaining unauthorised access to networks and computer systems such as Firewalls. Firewalls are a combination of hardware and software that can be configured to block access to a network or individual computer to all except known IP addresses. Also, firewalls can be configured to block outward access thereby controlling the web sites that employees can visit.





This piece of software protects against hackers, spyware and viruses. It is easily installed and enables rapid automatic updates to come to your computer without user intervention and can be as regular as every hour. This software would be very beneficial to ASOS.com as there are hundreds of thousands of hackers that are trying to get into different computers and networks everyday, so therefore they need good protection and regular updates to ensure their computers are safe from hackers and other threats.




Spyware are programs that are installed into your computer without the user’s knowledge. Spyware is often found on most computers however some computers that hold very confidential information need to protect themselves against spyware. Spyware is installed onto your computer when a user goes onto different websites. It then sends back information to where it came from about activities on the computer and it can also open your files and send back any information it thinks is relevant. This can be extremely dangerous for computers at ASOS.com as they hold information about the website, its customers and their products and if this confidential information was sent off to the wrong person via spyware, there could be severe consequences. Websites such as ASOS.com need to protect all of their computers from spyware as although a lot of the time it can be harmful, it can also bring about major problems for its customers if their details are stolen.


This Anti-Spyware software is available to download from this company. It uploads frequent and advanced updates to the computer. It also detects and removes all spyware and adware programs that are uploaded to your computer. ASOS.com is a large company so downloading this software will be too time consuming so they would be advised to use something like McAfee's Secure Web Gateway as caters for a larger network.

An External Hard Drive When hardware fails, it can be very annoying as a user may lose the work they were currently working on. If their hardware cannot be fixed and a backup of the information kept on that computer was not made, then the user will lose all of that work and information. A way of preventing loss of information is by backing it up. Every large organisation like ASOS.com should back up their data as important information about customers that could bring in more business for them, such as email addresses and address, could be lost permanently. The most beneficial way of backing up information for ASOS.com would be a full then incremental back up. This is where a full backup of all files is taken and then at regular intervals after that new or altered information is backed up, this is less time consuming and uses less space when backing up as only information that has changed or has been added is backed up. This information can be stored on any memory apparatus but the best one would be an external hard drive as these can be easily transported and can hold a lot of information.




Also, when hardware is being fixed, care should be taken with what company the technicians are from and their work should be overseen, as although their intentions are most likely to be just to help fix the computers, they may be able to see confidential and sensitive information of their customer’s. Their information could be taken secretly and used to their own advantage.
There are many reasons why information should be backed up. Including the above, another important reason why data should be backed up is that natural disasters happen unfortunately and are increasing with the rise in global warming. In America, hurricanes are not unusual and tsunamis are now occurring which can completely destroy hardware and information. Flood and fires are also very common so therefore a back up copy should be made and kept away from the original source is.

To improve security systems within a company, it is also a good idea for organisations to carry out a risk assessment along with the above methods or preventing danger and threats. Doing this will help to identify potential risks faced by the organisation’s systems. The first step is to identify any possible threats, which could be human error – an employee accidentally deleting the wrong files etc., unauthorised access via wireless links, whether employees work off-site or travel with laptops etc. Once these risks have been identified, they are classified as high, medium and low and spending on protection can be prioritised.
Threats can come from inside an organisation as well as outside and although human error is accidental, it can have very bad repercussions.
However, there can be dishonest employees working for ASOS.com and therefore the company needs to make sure that they ensure the correct and sufficient methods to prevent these employees from getting sensitive information and using it to their advantage. Most companies allow employees to have a different amount of access to their databases and files. If a specific person is not allowed access to certain files then they will be denied access and a dialogue box on the computer should appear explaining how they are not authorised to view these files. An example of this at ASOS.com is that some employees do not have access to financial files and databases but the finance department do etc.
This method can also be used with preventing employees going onto dangerous and potentially harmful websites.

A Dialogue Box Explaining How Access Has Been Denied


Also, if passwords are allocated to certain files and databases and only authorised people are told the passwords then this is another way of preventing unauthorised employees gaining access to files they are not allowed to see.



Biometric Security Although data in a computer can be secured with passwords, encryption and different access levels etc. it is always a good idea to have physical security on computers. Locking rooms whenever they are unattended, having relevant padlocks to make sure hard drives do not go missing. Some organisations install biometric security locks that a fingerprint or similar has to be presented before the lock will open.



Terrorist attacks are becoming more frequent unfortunately and companies such as ASOS.com need to make sure that their information is encrypted so that no information can be stolen and used whilst it’s travelling across the Internet. Information can be scrambled according to an algorithm and it can only be translated back to the original by a computer that has the correct unscrambling software. So therefore if there are hackers and terrorists that are trying to take information to cause harm, they will not be able to understand the data as it will not be readable or make sense. Personal data such as credit card numbers are often encrypted to prevent the threat of identity theft and fraud etc.

Another preventative method of securing a safe transaction between a customer and an E-Commerce website. Secure Electronic Transaction (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the existing credit card payment infrastructure on an open network in a secure fashion. Websites such as ASOS.com should make sure SET is occurring when customers are purchasing off of their website.

As the Internet has evolved and things like E-Commerce have been created, the government have realised that necessary legislation has to be made to make sure that people are protected when they give personal information to companies such as ASOS.com.
The Data Protection Act is an act that first became a law in 1984 and was updated in 1998. The Act was the consequence of increasing concern about the number of computer-based systems that stored personal data. ASOS.com have a database with thousands of people’s personal information in such as their addresses, post codes, full name etc. so need to abide by the laws set out in this act.
Some people become very worried at the ease of transmitting data and to what purposes it is being used. Although there are exemptions from the act; when data is required for medical or state security purposes, any company or organisation that does not comply with the laws within the Data Protection Act will be prosecuted.

The DPA established the concept of;
· Data Controllers – those who held the personal data.
· Data Processors – those who process the data on behalf of a data controller.
· Data Subjects – those whom the personal data is held.
· The Information Commissioner – a government controlled office that keeps details of and regulates the data controllers.

The Data Protection Act principles:
· Personal data shall be processed fairly and lawfully.
· Personal data shall be obtained only for one or more specified purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
· Personal data shall be adequate, relevant and not excessive and not excessive in relation to the purpose or purposes for which they are processed.
· Personal data shall be accurate and where necessary kept up to date.
· Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
· Personal data shall be processed in accordance with the rights of data subjects under this Act.
· Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
· Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

However, there have been some criticisms of the Data Protection Act.

Tuesday 29 January 2008

security report

SECURITY REPORT

Electronic Commerce is often referred to as E-Commerce or eCommerce. E-Commerce entails a person buying or selling products and/or services over an electronic system such as the Internet. It specifically refers to the buying and selling of goods by transferring funds from one account to another. Transactions made with a customer and ASOS.com are part of the E-Commerce process.
With the rapid growth and spread of the Internet, E-Commerce has become a part of many people’s everyday lives. However, creating a revolutionary way of purchasing goods has also brought about many new threats and dangers that online customers are now at risk of.
Although, there are many advantages of purchasing goods online; someone that is housebound can get their food shopping delivered to their house via the Internet, someone that is time-poor can order Christmas presents, birthday presents, food shopping etc. online and get it delivered the next day etc. and someone that does not have the sufficient money to pay for petrol to pick up a product that is only stored in a certain area of the country can buy it online and get it delivered to their house, there are many disadvantages of purchasing goods this way.
E-commerce is more susceptible to threats than normal commerce as confidential details are needed when buying something online. For example you always need to write your address, your full name, date of birth, delivery address, billing address and your credit card details (unless you have a PayPal account). Whereas buying a product in a shop, you do not need to give any of these details, you only need to place your credit card into a machine and the company and your credit card company are the only people that are able to see this information. Whereas shopping online, in unfortunate cases, hackers and viruses can enable your information to be broadcasted.
There are many problems that have arisen from the evolvement of the Internet – allowing us to purchase products online, however, there are methods to help prevent these threats and dangers occurring.
Viruses are a computer program that can copy itself and infect a computer without the permission or knowledge of a user. Viruses normally attach themselves to computers that do not have up-to-date virus software and also, can be uploaded to your computer via opening an email with an ‘infected’ attachment in. As E-Commerce has evolved, virus makers have realised an easy way to get onto someone’s computer is by sending fake emails from online shops etc. urging them to open a very important attachment about their most recent purchase. People that are not aware of the dangers of opening emails that they do not know who are from or do not know how to tell between fake emails and real emails open these attachments and without realising, upload viruses to their computer which can be fatal. Information can be deleted or taken for harmful purposes. A way of preventing viruses from getting onto computers is by installing Anti-Virus software. There are many different types of anti-virus software, however, the most popular one is Norton Anti-Virus Software. This piece of software gives your computer protection against viruses and this software also includes protection against spyware. Regular updates and renewals are available from the website so the websites can always make sure their computers are safe from viruses and spyware.







Hackers are individuals that try to gain access to computer systems or networks without the user’s knowledge or consent in an attempt to steal sensitive and confidential information. E-Commerce websites such as ASOS.com have to be extremely careful that all of their computers and systems have sufficient methods to prevent hackers gaining access to their databases as websites keep personal information about their customers such as addresses and credit card details, which hackers could use to thieve someone’s identity or commit fraud. Hackers often create software that try to guess passwords by guessing millions of different combinations. There are methods to prevent hackers from gaining unauthorised access to networks and computer systems such as Firewalls. Firewalls are a combination of hardware and software that can be configured to block access to a network or individual computer to all except known IP addresses. Also, firewalls can be configured to block outward access thereby controlling the web sites that employees can visit.





This piece of software protects against hackers, spyware and viruses. It is easily installed and enables rapid automatic updates to come to your computer without user intervention and can be as regular as every hour. This software would be very beneficial to ASOS.com as there are hundreds of thousands of hackers that are trying to get into different computers and networks everyday, so therefore they need good protection and regular updates to ensure their computers are safe from hackers and other threats.




Spyware are programs that are installed into your computer without the user’s knowledge. Spyware is often found on most computers however some computers that hold very confidential information need to protect themselves against spyware. Spyware is installed onto your computer when a user goes onto different websites. It then sends back information to where it came from about activities on the computer and it can also open your files and send back any information it thinks is relevant. This can be extremely dangerous for computers at ASOS.com as they hold information about the website, its customers and their products and if this confidential information was sent off to the wrong person via spyware, there could be severe consequences. Websites such as ASOS.com need to protect all of their computers from spyware as although a lot of the time it can be harmful, it can also bring about major problems for its customers if their details are stolen.
http://www.pctools.com/spyware-doctor/

Tuesday 8 January 2008

BACK OFFICE PROCESSES

  1. The purpose of back office processes is to ensure the smooth ordering, payment and reporting of transactions on the website. Some of the back ofice functions include, accounting, record keeping of clients' orders, stock control and the management of the public facing web site.
  2. The processes involved in stock control are to make sure that there are enough products to meet the demand, to make sure one item isn't sold twice etc. The centre of this type of system is a database because they can have all of the items listed, information about the item, the supplier of the item, upodates about the item etc.
  3. A person logs onto a database over the Internet so that everytime a customer goes onto a website and searches for something, it shows what the company actually has and shows whether items are in stock or not. An ASP (Active Server Pages) is a code is run everytime someone clicks onto a search engine, the code then reads the database and looks up something and the answer is sent back via a webpage.
  4. As a customer moves through an online store orering goods, it is necessary to hold the details of the items purchased. Organisations maintain the virtual shopping basket for a customer by reserving the items that you have put into your basket, prices are then totalled and extra prices are added on at the end for example postage and packaging.
  5. On sheet
  6. HTTP Authentication produces the familiar login/password browser sequence. This is where a user is asked for a password and an ID to access the server. Cookies are placed into customer's computier but are typically set using an HTML form and Common Gateway Interface script. A persistant cookie can be used which can save the users having to log in everytime they visit the website. This works until the customer deletes the cookie.
  7. There are some cookies that enable you to save your username to that computer so when you go back onto that website you only have to type in your password therefore saving time for the user. Cookies are an automated way of knowing who is on your website and for how long and what they look at etc.
  8. A cookie is a way for a server or a web site to place information on the client computer. Cookies are small text files that are stored on the user's hard disk by the web server. These are useful for transactional websites as it can save settings that the user has previously asked for, for example the language that the webpage is in. They are also useful to the website as they can keep account of what products are viewed the most, the amount of time the customer spends on their website, how often they visit etc.
  9. It is useful to get a customer to log into a website as they can be tracked anonymously using a random numer sent in a cookie. Other tables in the database will track the customer's actions. Once a customer has logged in, the session can be monitored in much more detail. Actions can trigger data being written to the database. This information can be used in a variety of ways for example, loyal customer can be rewarded by special offers.
  10. List Of The Tables That Might Be Involbed In Tracking Customers' Actions
    Affiliates
    Affiliates Transfers
    Cart Rows
    Categories
    Categories Products
    Credit Cards
    Customer Special Prices
    Discounts
    Emails
    Newsletter
    Orders
    Payments
    Products
    Related Products
    Reviews
    Shipments
    Stock
    Store News
    Tax Per Product
    Visits
    Wap Carts
    Wish List
  11. HTTPS encryption is used to secure methods of data transfer. For exmaple, paying by credit card is a relatively easy task but the security of cred card data is very important so when the details are stored in a databse, the table of field holding that data needs to be encrypted as well. This way, if the database is accessed by unauthorised people, the card details cannot be read.
    11. This method is safe even when someone intercepts the data travelling through the website as it has been encrypted so is unreadable to anyone looking at it unless they are authorised.
  12. A stolen card is unlikely to be used for shopping as the address details are normally checked and first time orders must always be delivered to the address held by the card company. Once a card payment has been accepted, then the seller is guaranteed the money by the credit card company. Payments cannot be stopped unless the card has been stolen.
  13. Stock control consists of all the processes involed in ordering, storing and selling goods. An important part of the back office process is real-time stock control. When there is a need to order replacements, the web site could hae inks to the supplier via the internet so that replacement goods can be ordered automatically as too much stock of one thing will tie up money that could be used for other purposes in the business.
  14. The processes involved in dispatch and delivery are;
    Address labels need to be printed along with dispath notes and invoices.
    The goods need to be packaged and collected by courier.
    The organisation will hand the tracking over to them.
    The customer can be informed via email or by logging in to the courier's tracking system so that the customer can track the progress of the consignment.

BACK OFFICE PROCESSES

  1. The purpose of back office processes is to ensure the smooth ordering, payment and reporting of transactions on the website. Some of the back ofice functions include, accounting, record keeping of clients' orders, stock control and the management of the public facing web site.
  2. The processes involved in stock control are to make sure that there are enough products to meet the demand, to make sure one item isn't sold twice etc. The centre of this type of system is a database because they can have all of the items listed, information about the item, the supplier of the item, upodates about the item etc.
  3. A person logs onto a database over the Internet so that everytime a customer goes onto a website and searches for something, it shows what the company actually has and shows whether items are in stock or not. An ASP (Active Server Pages) is a code is run everytime someone clicks onto a search engine, the code then reads the database and looks up something and the answer is sent back via a webpage.
  4. As a customer moves through an online store orering goods, it is necessary to hold the details of the items purchased. Organisations maintain the virtual shopping basket for a customer by reserving the items that you have put into your basket, prices are then totalled and extra prices are added on at the end for example postage and packaging.
  5. On sheet
  6. HTTP Authentication produces the familiar login/password browser sequence. This is where a user is asked for a password and an ID to access the server. Cookies are placed into customer's computier but are typically set using an HTML form and Common Gateway Interface script. A persistant cookie can be used which can save the users having to log in everytime they visit the website. This works until the customer deletes the cookie.
  7. There are some cookies that enable you to save your username to that computer so when you go back onto that website you only have to type in your password therefore saving time for the user. Cookies are an automated way of knowing who is on your website and for how long and what they look at etc.
  8. A cookie is a way for a server or a web site to place information on the client computer. Cookies are small text files that are stored on the user's hard disk by the web server. These are useful for transactional websites as it can save settings that the user has previously asked for, for example the language that the webpage is in. They are also useful to the website as they can keep account of what products are viewed the most, the amount of time the customer spends on their website, how often they visit etc.
  9. It is useful to get a customer to log into a website as they can be tracked anonymously using a random numer sent in a cookie. Other tables in the database will track the customer's actions. Once a customer has logged in, the session can be monitored in much more detail. Actions can trigger data being written to the database. This information can be used in a variety of ways for example, loyal customer can be rewarded by special offers.
  10. List Of The Tables That Might Be Involbed In Tracking Customers' Actions
    Affiliates
    Affiliates Transfers
    Cart Rows
    Categories
    Categories Products
    Credit Cards
    Customer Special Prices
    Discounts
    Emails
    Newsletter
    Orders
    Payments
    Products
    Related Products
    Reviews
    Shipments
    Stock
    Store News
    Tax Per Product
    Visits
    Wap Carts
    Wish List
  11. HTTPS encryption is used to secure methods of data transfer. For exmaple, paying by credit card is a relatively easy task but the security of cred card data is very important so when the details are stored in a databse, the table of field holding that data needs to be encrypted as well. This way, if the database is accessed by unauthorised people, the card details cannot be read.
    11. This method is safe even when someone intercepts the data travelling through the website as it has been encrypted so is unreadable to anyone looking at it unless they are authorised.
  12. A stolen card is unlikely to be used for shopping as the address details are normally checked and first time orders must always be delivered to the address held by the card company. Once a card payment has been accepted, then the seller is guaranteed the money by the credit card company. Payments cannot be stopped unless the card has been stolen.
  13. Stock control consists of all the processes involed in ordering, storing and selling goods. An important part of the back office process is real-time stock control. When there is a need to order replacements, the web site could hae inks to the supplier via the internet so that replacement goods can be ordered automatically as too much stock of one thing will tie up money that could be used for other purposes in the business.
  14. The processes involved in dispatch and delivery are;
    Address labels need to be printed along with dispath notes and invoices.
    The goods need to be packaged and collected by courier.
    The organisation will hand the tracking over to them.
    The customer can be informed via email or by logging in to the courier's tracking system so that the customer can track the progress of the consignment.