Академический Документы
Профессиональный Документы
Культура Документы
I. Internet Commerce
Protocols
Internet Protocols
Internet Technologies
Packet Switching Extranets
messages are divided into small packets a password controlled
each packet of the message takes a network for private users
different routes
World Wide Web
Virtual Private an Internet facility that links
Network users locally and globally
a private network within a public Internet addresses
network
e-mail address
URL address
IP address
Internet Commerce
Protocols
Its function
facilitate the synchronize provide a promote
physical the transfer of basis for error network
connection data between checking and designs that
between the physical measuring are flexible,
network devices network expandable,
devices performance and cost-
effective.
Internet Commerce
Internet Protocols
Transfer Control Protocol/Internet Protocol (TCP/IP)
encryption schemes
File Transfer Protocol (FTP)
What is risk?
Intranet Risks
Internet Risks
Risk Associated with Electronic Commerce
Intranet Risk
Intercepting network messages Privileged employees
sniffing: interception of user IDs, passwords, override privileges may allow unauthorized
confidential e-mails, and financial data files access to mission-critical data
Encryption
Digital Authentication
Firewalls
Seals of Assurance
Security, Assurance and Trust
Encryption
A computer program
transforms a clear message
into a coded (ciphertext) form
using an algorithm.
Security, Assurance and Trust
Digital Authentication
Digital Signature
electronic authentication technique that ensures that the transmitted message originated
with the authorized sender and that it was not tampered with after the signature was
applied
Digital Certificate
like an electronic identification card that is used in conjunction with a public key encryption
system to verify the authenticity of the message sender
Security, Assurance and Trust
Firewalls
Network Level Firewalls Application Level Firewall
low cost/low security access high level/high cost customizable
control network security
uses a screening router to its allows routine services and e-mail
destination to pass through
does not explicitly authenticate performs sophisticated functions
outside users such as logging or user
penetrate the system using an IP authentication for specific tasks
spoofing technique
Security, Assurance and Trust
Seals of Assurance
Trusted third-party organizations offer seals of assurance
that businesses can display on their Web site home pages:
BBB
TRUSTe
Veri-Sign, Inc
ICSA
AICPA/CICA WebTrust
AICPA/CICA SysTrust
4
Implications
for the
Accounting
Profession
Implications for the Accounting Profession
Privacy Violation
Implications for the Accounting Profession
Continuous Auditing
intelligent control agents
auditors review
transactions at heuristics that search electronic
transactions for anomalies
frequent
intervals or as
they occur
Implications for the Accounting Profession
Confidentiality of data
open system designs
allow mission-critical
information to be at the
risk to intruders
Implications for the Accounting Profession
Authentication
in e-commerce systems,
determining the identity
of the customer is not a
simple task
Implications for the Accounting Profession
Nonrepudiation
repudiation can use digital
lead to signatures and
uncollected digital
revenues or certificates
legal action
Implications for the Accounting Profession
Data Integrity
determine whether data
has been intercepted
and altered
Implications for the Accounting Profession
Access Controls
prevent unauthorized
access to data
Implications for the Accounting Profession