Herb Heskeths Weblog

I recently I had to review and document a Journal about “Web Security for E-Commerce” by Robert J. Boncella in the Communications of the Association for Information Systems Volume 4, Article 11, November 2000; for my RES300 class. There was some interesting information I found for my project, this was:

“Client-side security is concerned with the techniques and practices that protect a user’s privacy and the integrity of the user’s computing system. The purpose of client-security is to prevent malicious destruction of a user’s computer system, and to prevent unauthorized use of a user’s private information, such as use of a user’s credit card number for fraudulent purposes.”

“Server-side security is concerned with the techniques and practices that protect the Web server and its associated hardware from break-ins, Web site vandalism and denial of service attacks. The purpose of server-side security is to prevent modification of a Web site’s contents, prevent use of the server’s hardware, software, or databases for malicious purposes and to ensure reasonable access to a Web site’s services, i.e., to avoid or minimise denial of service attacks.”

“Secure transmission is concerned with the techniques and practices that will guarantee protection from eavesdropping and intentional message modification. The purpose of these security measures is to maintain the confidentiality and integrity of user and server information as it is exchanged through the communication channel.”

“With respect to e-commerce, Web security has as its main focus Web server security and secure transmission. There is some concern with client-side security. However the client can be mostly assured that the client’s security expectations will be met if the Web server and transmission channel are secure in the sense suggested above.”

The question asked, was: ‘So are you thinking of doing a case study of one or more companies or are you thinking of doing a survey of as many companies as you can?’

Answer: I was thinking of doing a case study of one particular company but believe in my case it would be better, doing a survey of as many companies as I can, and preparing the results of the findings into a written report. It is my intention to look at North Island companies rather than South Island companies, as I believe the findings from the North Island will return more valuable results; compared to the South Island.

In class last week, I was unsure as to what a case study was (as this might be what my project is termed under), so to refresh my memory I did a search on google and found an interesting Website. The article on the Website was called “How to Write a Case Study?, the first paragraphy reminded me, what a case study is all about:

“Case studies can be used in any academic discipline. The purpose of a case study is to provide a more thorough analysis of a situation or “case” which might reveal interesting information about that classification of things. For the business student, a case study could be done on a particular company; for the political science student a case study might concern a particular country or government/administration. Case studies could be written about individuals, such as how kids learn to read, for example, about organizations and their management practices, or the results of applying a computer science program or process to a problem. You might be trying to figure out how to solve the problem of illiteracy or environmental degradation. The sky is the limit. The key is to take your large problem and bring it down to the level of the individual or single unit.”

The Website where this information was from: ‘http://www.essayforum.com/10_366_0.html’

Also another interesting document was: “How to Write a Case Study” from: ‘http://www.gttp.org/docs/HowToWriteAGoodCase.pdf’

Cheers,

Herb

RES300 Research Methods

- Choosing a Research Approach -

•  What is the area/issue/problem that I am doing my research about? (we call this the research question)

Answer: Data security in E-commerce

• What is the purpose of the research I will do (this includes the question, what is your expected outcome from your research)?

Answer: To show businesses how important Data security in E-commerce is, and how this technology can benefit them.

• Do I want to confirm something or explore something or build something?

Answer: Explore the current situation of Data security in E-commerce in New Zealand, aimed more at the North Island than the South Island.

• Do I want the results of my research to be ‘generalisable’?

Answer: No

• What do I think would be a good research approach?

Answer: Empirical research approach

• Would it be a good idea to combine different approaches? If so, why?

Answer: No, could get confusing, the only other two research approaches which could be combined are: Theoretical (building a theory, which does not apply to my problem), and Constructive (which is building something, which does not apply to my problem) both research approaches do not provide any advantages to my problem.

• How do I do this type of research?

Answer: Perform observations, measurements, and to get results back which will usually be numbers; in this case perhaps I might write a survey. Also research what a case study is, and get sample case studies to find out how to write one.

• What are my skills and what do I need to learn to do this research?

Answer: Computer skills, research skills, I will need to learn to be more familiar with analytical skills (analysing numbers, and interpreting results). And get sample surveys to research what makes an effective survey.

• What are the deadlines?

Answer: Whatever NMIT sets for the Project.

• What resources will I need?

Answer: Research papers, journals, the Internet, and case studies.

Hi,

After a long delay of my two week term holiday, clearing out the shed, and the getting the study room sorted for my new baby girl coming in july; I am now ready to report back on my findings I found over the term break.

During the break I typed “data security in e-commerce” into Google, and found an interesting link which led me to a Google electronic book called “Electronic Commerce” by Michael Erbschloe; in the book I found an interesting article:

“To secure information assets, organizations must open availability to legitimate users while barring unauthorized access. In general, secure systems must provide the following protections:

Accountability: Detect attacks in progress or trace any damage from successful attacks. Prevent system users from later denying completed transactions.

Availability: Ensure uninterrupted service to authorized users. Service interruptions can either be accidental or maliciously caused by denial-of-service attacks.

Confidentiality: Safeguard user privacy and prevent the theft of information both stored and in transit.

Integrity: Ensure that electronic transactions and data resources are not tampered with at any point, either accidentally or maliciously.“

Later on the author describes in one sentence “Simply put, the more accessible data is, the harder it is to protect“. 

I thought this was all very interesting, and will try and find a copy in the library as it might contain more valuable information for my project. The book this information was from was:

Loshin, P and Vacca, J. (2004) Electronic Business, Fourth Edition. Boston, MA: Charles River Media, Inc.