Bachelor of Computer Semester E-Commerce - B

Applications 5
Naveen Nagalingam

Case Study:
ABC Ltd is a manufacturer of mobile handsets. It has its manufacturing
plant in Bangalore and its offices and retail outlets in different cities in
India and abroad. The organization wants to have information systems
connecting all the above facilities and also providing access to its
suppliers as well as customers.
Discuss various issues in developing information systems and fulfilling
information needs at different levels in the organization.
Explain different security threats in the context of e-commerce for the
above company.
It Is estimated that in a few years, mobile phones will be the most common Internet
access device.

A manufacturing firm might benefit from the direct-engagement with customers and
resulting increased brand awareness that an e-commerce model has to offer. An
information system for this company in the web space might make use of practices
such as:

1. customer personalisations , profiling, promotions, loyalty programs, website

guided navigation

2. improved transaction process ;pricing dynamically based on geographical

regions, volume

3. digital product service materials for customers

4. distributed warehousing and order management

Such a model may serve to integrate the business' selling, supply chain, CRM, and
logistics functions.

The above company will find it necessary to house valuable and confidential
information such as

system critical automation processes

taxes

financial assets

medical records

job performance reviews.

New product ideas

marketing strategies

Company ABC would be legally required to consider security controls for the
integrity, confidentiality and accuracy of their financial data. A properly conducted
risk assessment with a cost-benefit analysis in mind, will bring out the vulnerability
points that need attention. The main concern would be to maintain a constant or
sufficient level of manufactured output to meet customer demand, by safeguarding
against any compromises of information, resources, or software quality i.e.

embezzlement

power failure

and user error

software bugs

Upon a risk assessment, company ABC may find it necessary to implement

formalised standards for all enforced general and application controls

Acceptable Use Policy different levels of users may be assigned different

access rules i.e. identity management and authentication

Data security controls as a document retention policy that ensures

electronic documents, emails, and other records, are accessed by
authorized personnel only.

System monitoring software authorized use of system software, wireless

devices, laptops, desktops, equipment. Example is an employee
assignment password for logging onto the corporate network, smart cards,
tokens,

secure manufacturing hardware physically, including backup and recovery

provisions for computer operations

In the e-commerce environment, ABC needs to protect against malware

and intruders with a secured network infrastructures:

Firewall technologies, internal and external

Intrusion Detection System

Antivirus and antispyware

Wireless encryption protocols

secured company-issued smartphones

Online transactions will necessarily be secured with encryption and SSL

A business impact analysis can identify the most critical systems and the impact of
an outage, the maximum amount of downtime allowed, and the value of technical
backup systems. This would be based on predicted levels and scale of output and
type of operation. A business continuity policy may be deemed necessary:

fault-tolerant computer systems redundant hardware, software, and power

supply components for uninterrupted service. These function on failover
software mechanisms.

High-availability system in case a web based catalogue and online

transaction system is adopted, web-server hardware, backup servers,
distribution of processing across multiple servers, high-capacity storage,, may
be built to minimize downtime.
In case ABC decides to make their products more attractive by bundling services, i.e.
in any software development projects this company might have, to ensure the
quality of software, security measures can be enforced:

rigorous software testing

software metrics

good testing methods