2. Pieces of the E-commerce Site-Building Puzzle Copyright © 2004 Pearson Education, Inc.

4. Systems design

5. Building the system

6. Testing

7. ImplementationSlide 4-3

8. Web Site Systems Development Life Cycle Slide 4-4

9. A Logical Design for a Simple Web Site

10. Choices in Building and Hosting Figure 4.4, Page 203 Copyright © 2004 Pearson Education, Inc. Slide 4-6

11. The Spectrum of Tools for Building Your Own E-commerce Site Slide 4-7

12. Costs of Customizing E-commerce Packages Slide 4-8

14. Benchmarking: process by which site is compared to those of competitors in terms of response speed, quality of layout and designSlide 4-9

15. Components of a Web Site Budget Slide 4-10

16. Key Players in Web Server Software Slide 4-11

17. Basic Functionality Provided by Web Servers Slide 4-12

18. Widely Used Midrange and High-end E-commerce Suites Slide 4-13

20. Server

22. Hacking and cybervandalism

23. Credit card fraud/theft

24. Spoofing

25. Denial of service attacks

26. Sniffing

27. Insider jobsSlide 5-14

28. A Typical E-commerce Transaction Slide 5-15

29. Slide 5-16 Credit Card Fraud Fear that credit card information will be stolen deters online purchases Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity One solution: New identity verification mechanisms

30. Spoofing, DoS and dDoS Attacks, Sniffing, Insider Jobs Spoofing: Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points Sniffing: type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network Insider jobs:single largest financial threat Slide 5-17

31. Slide 5-18 Technology Solutions Protecting Internet communications (encryption) Securing channels of communication (SSL, S-HTTP, VPNs) Protecting networks (firewalls) Protecting servers and clients

32. Tools Available to Achieve Site Security Slide 5-19

34. Develop security policy – set of statements prioritizing information risks, identifying acceptable risk targets and identifying mechanisms for achieving targets

35. Develop implementation plan – action steps needed to achieve security plan goals

36. Create security organization – in charge of security; educates and trains users, keeps management aware of security issues; administers access controls, authentication procedures and authorization policies

37. Perform security audit – review of security practices and proceduresSlide 5-20