Herb Heskeths Weblog

Hi,

Sorry about the late update, but I was really busy last week. Last week I spent Tuesday finding web-based survey alternatives to moodle survey, the reason for this was I had not received my password for the moodle survey function. I stumbled upon a few which I will include in my report, but some of the trials were too limiting, for example, survey monkey, as part of its trial functionality would only allow 10 replies back from participants. In my case 10 replies were not enough, so in the end I stumbled upon grapevinesurveys.com, which allowed 25 replies, and allowed an unlimited amount of written questions. On Wednesday I was given clearance to the moodle survey function, which after spending a couple of hours trying to get it to work, I gave up as it was overly complicated. I reverted back to grapevinesurveys, and added a username, and password for each participant.

On Thursday I completed the survey, and finished writing the survey e-mail message, this was sent on Friday to the 86 participants.

Today, I checked the progress of the survey, and found out that 9 participants had participated in the survey, I only need one more participant, and I would have fulfilled my estimate. I also had a project meeting with Mary today, and she was quite pleased with my progress, however she did mention that I might want to consider sending a reminder e-mail before the 30 day trial of the survey is up, so I can get more results. It was also decided that in the next two weeks I should have completed the literature review, and have done more work on the introduction, and background sections. Mary wants to see the progress of my report next Monday, being 22/09/08.

Thats all for now,

Herb

I prepared a draft project proposal for claire atkins to review on Friday. After reviewing the proposal on Friday claire told me a couple of hints which will give the proposal a more finished look. One of these suggestions was that: I should include a draft survey in the back of the document, as well as signing the ethical considerations form, however after doing some research on the Internet I came by quite an interesting survey. The survey can be found here: http://www.hkcert.org/english/nan/articles/sec2004_report.pdf.

I recently I had to review and document a Journal about “Web Security for E-Commerce” by Robert J. Boncella in the Communications of the Association for Information Systems Volume 4, Article 11, November 2000; for my RES300 class. There was some interesting information I found for my project, this was:

“Client-side security is concerned with the techniques and practices that protect a user’s privacy and the integrity of the user’s computing system. The purpose of client-security is to prevent malicious destruction of a user’s computer system, and to prevent unauthorized use of a user’s private information, such as use of a user’s credit card number for fraudulent purposes.”

“Server-side security is concerned with the techniques and practices that protect the Web server and its associated hardware from break-ins, Web site vandalism and denial of service attacks. The purpose of server-side security is to prevent modification of a Web site’s contents, prevent use of the server’s hardware, software, or databases for malicious purposes and to ensure reasonable access to a Web site’s services, i.e., to avoid or minimise denial of service attacks.”

“Secure transmission is concerned with the techniques and practices that will guarantee protection from eavesdropping and intentional message modification. The purpose of these security measures is to maintain the confidentiality and integrity of user and server information as it is exchanged through the communication channel.”

“With respect to e-commerce, Web security has as its main focus Web server security and secure transmission. There is some concern with client-side security. However the client can be mostly assured that the client’s security expectations will be met if the Web server and transmission channel are secure in the sense suggested above.”

The question asked, was: ‘So are you thinking of doing a case study of one or more companies or are you thinking of doing a survey of as many companies as you can?’

Answer: I was thinking of doing a case study of one particular company but believe in my case it would be better, doing a survey of as many companies as I can, and preparing the results of the findings into a written report. It is my intention to look at North Island companies rather than South Island companies, as I believe the findings from the North Island will return more valuable results; compared to the South Island.

In class last week, I was unsure as to what a case study was (as this might be what my project is termed under), so to refresh my memory I did a search on google and found an interesting Website. The article on the Website was called “How to Write a Case Study?, the first paragraphy reminded me, what a case study is all about:

“Case studies can be used in any academic discipline. The purpose of a case study is to provide a more thorough analysis of a situation or “case” which might reveal interesting information about that classification of things. For the business student, a case study could be done on a particular company; for the political science student a case study might concern a particular country or government/administration. Case studies could be written about individuals, such as how kids learn to read, for example, about organizations and their management practices, or the results of applying a computer science program or process to a problem. You might be trying to figure out how to solve the problem of illiteracy or environmental degradation. The sky is the limit. The key is to take your large problem and bring it down to the level of the individual or single unit.”

The Website where this information was from: ‘http://www.essayforum.com/10_366_0.html’

Also another interesting document was: “How to Write a Case Study” from: ‘http://www.gttp.org/docs/HowToWriteAGoodCase.pdf’

Cheers,

Herb

RES300 Research Methods

- Choosing a Research Approach -

•  What is the area/issue/problem that I am doing my research about? (we call this the research question)

Answer: Data security in E-commerce

• What is the purpose of the research I will do (this includes the question, what is your expected outcome from your research)?

Answer: To show businesses how important Data security in E-commerce is, and how this technology can benefit them.

• Do I want to confirm something or explore something or build something?

Answer: Explore the current situation of Data security in E-commerce in New Zealand, aimed more at the North Island than the South Island.

• Do I want the results of my research to be ‘generalisable’?

Answer: No

• What do I think would be a good research approach?

Answer: Empirical research approach

• Would it be a good idea to combine different approaches? If so, why?

Answer: No, could get confusing, the only other two research approaches which could be combined are: Theoretical (building a theory, which does not apply to my problem), and Constructive (which is building something, which does not apply to my problem) both research approaches do not provide any advantages to my problem.

• How do I do this type of research?

Answer: Perform observations, measurements, and to get results back which will usually be numbers; in this case perhaps I might write a survey. Also research what a case study is, and get sample case studies to find out how to write one.

• What are my skills and what do I need to learn to do this research?

Answer: Computer skills, research skills, I will need to learn to be more familiar with analytical skills (analysing numbers, and interpreting results). And get sample surveys to research what makes an effective survey.

• What are the deadlines?

Answer: Whatever NMIT sets for the Project.

• What resources will I need?

Answer: Research papers, journals, the Internet, and case studies.

Hi,

After a long delay of my two week term holiday, clearing out the shed, and the getting the study room sorted for my new baby girl coming in july; I am now ready to report back on my findings I found over the term break.

During the break I typed “data security in e-commerce” into Google, and found an interesting link which led me to a Google electronic book called “Electronic Commerce” by Michael Erbschloe; in the book I found an interesting article:

“To secure information assets, organizations must open availability to legitimate users while barring unauthorized access. In general, secure systems must provide the following protections:

Accountability: Detect attacks in progress or trace any damage from successful attacks. Prevent system users from later denying completed transactions.

Availability: Ensure uninterrupted service to authorized users. Service interruptions can either be accidental or maliciously caused by denial-of-service attacks.

Confidentiality: Safeguard user privacy and prevent the theft of information both stored and in transit.

Integrity: Ensure that electronic transactions and data resources are not tampered with at any point, either accidentally or maliciously.“

Later on the author describes in one sentence “Simply put, the more accessible data is, the harder it is to protect“. 

I thought this was all very interesting, and will try and find a copy in the library as it might contain more valuable information for my project. The book this information was from was:

Loshin, P and Vacca, J. (2004) Electronic Business, Fourth Edition. Boston, MA: Charles River Media, Inc.

Hi, today I was ask to prepare a number of questions for the preparation of the proposal, and this is what I came up with

1. Identify and describe at least one area of IT that you are interested in as an area in which you could do research. I am particularly interested in the area that you might choose as the basis of your project next semester.

• Data security in E-commerce; I have found out so far that E-commerce is basically electronic commerce (using the Internet as a marketplace), and data security can be a number of things, like: monitoring traffic, privacy, firewalls, digital signatures, digital certificates, transmission security, etc.

2. For the area (or one of the areas if you have described more than one) identify and describe at least 3 questions that you think would be interesting to research or investigate.

• Q1 – How advanced is data security in E-commerce?
• Q2 – What would be the problems of using data security in E-commerce? Is it hard to setup? What is the cost?
• Q3 – Why would you use data security in E-commerce?

3. For each of those 3 questions, identify and describe how you might go about finding the answers (in other words what kind of research approach might you use).

• Q1 – Review the literature on:

a) Data security in the past/now.

b) Comparison of data security benefits/problems.

c) People’s previous work in relation to data security.

• Q2 – a) Send a survey to businesses.

b) Find research papers relating to the problems associated with data security in E-commerce.

c) Use an Empirical research approach to back the question up with quantitative results.

• Q3 – a) Ask people from businesses (interview).

b) Use graphs to show the percentage of people who do use data security, the percentage of people who don’t, and the percentage of people who don’t even know that there is data security in E-commerce.

This evening I stumbled upon a website which closely relates to what I am currently researching, it was discussing that there is a new security method in e-commerce called ‘monitoring’.

This is quoted from the site: “Besides controlling access, organizations also need to monitor security events across the enterprise so that suspicious activities can be quickly pinpointed. This is becoming critical as enterprise networks grow rapidly in complexity and strategic importance. New monitoring technology lets organizations consolidate data from all their disparate security sensors—firewalls, anti-virus software, host systems, and routers— and provides a coordinated single image of potential intrusions for effective incident response”. The site where this information was from can be found here:

http://www.ecommerceprogram.com/ecommerce/Ebusiness-Security.asp

Found some very good references which I will look further into. Here they are:

IDG (2001) Securing the Internet Economy. Holliston, MA: IDG/Infoworks.

Laudon, K. and Traver, C. (2001) E-commerce: Business, Technology, Society. Boston, MA: Addison Wesley.

Percival-Straunik, L.L. (2001) E-Commerce. London: Economist Books.

This interesting article was from:
Groucutt, J & Griseri, P. (2004). References. Mastering e-business. P 87. Published by Palgrave Macmillan : N.Y.