Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

E-Business > Chapter 4 > Flashcards

Chapter 4 Flashcards

1
Q

As internet never was designed to be a global marketplace, it lacks ____________________

A

many basic security features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Integrity

A

Ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorised party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Give a customer and a merchant perspective of integrity

A

Customer - Has information transmitted or received been altered?

Merchant - Has data on the site been altered without authorization? Is data being received from customers valid?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define: Non-Reputation

A

Ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Give a customer and a merchant perspective of non-reputation

A

Customer - Can a party to an action with me later deny taking that action?

Merchant - Can a customer deny ordering a product?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define: Authenticity

A

Ability to identify the identity of a person or entity with whom one is dealing on the internet
Ex. can I trust who this person or company is saying they are?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define: Confidentiality

A

Ability to ensure that message and data are available only to those who are authorised to view them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define: Privacy

A

Ability to control the use of information about oneself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define: Availability

A

Ability to ensure that an e-commerce site continues to function as intended

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a major factor that can disrupt the customers “ease of use” and or their e-transaction causing less repetition in customer purchases?

A

Security! To many verification process can cause customers to become very annoyed and either give up on a purchase or cause less purchases in the future.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An increased level of security on a website can also cause…

A

A slower, less efficient website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some examples of “malicious code”?

A

Virus’s, worms, adware, trojan’s etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is one of the most common ways computers get infected with malicious code?

A

Drive by download- malware coming from downloaded files that a user requested

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some differences between viruses and worms?

A

Viruses are usually created to damage while worms are created to collect information and spread rapidy from computer to computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the “backdoor” feature of infectious software?

A

Allowing a person to remotely access infected devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Potentially Unwanted Programs (PUPS) are…

A

program that install themselves on a computer, typically without users informed consent – increasingly found on social networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

List 3 different kinds of PUPS

A

Adware - a PUP that serves pop-up ads to computer, usually installed on a computer to generate these pop ups
Browser Parasite - – program that can monitor and change the settings of a users browser
Spyware - program used to obtain information such as a user’s keystrokes, e-mail, instant messages and so on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Define : Phishing

A

any deceptive, online attempt by a third party to obtain confidential information for financial gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are hackers and crackers?

A

Hacker – individual who intends to gain unauthorised access to a computer system
Cracker – with the hacking community, a term typically used to denote a hacker with criminal intend

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is encryption?

A

process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver. The purpose of encryption is (a) to secure stored information and (b) to secure information transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Define: Cipher text

A

text that has been encrypted and thus cannot be read by anyone other than the sender and the receiver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The message integrity provides…

A

assurance that the message has not been altered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Non-repudiation prevents …

A

the user from denying he or she send the message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Authentication provides …

A

verification of the identity of the person (or computer) sending the message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Confidentiality gives …

A

assurance that the message was not read by others

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The key(cipher) is

A

any method for transforming plain text to cipher text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Substitution cipher is…

A

every occurrence of a given letter is replaced systematically by another letter

28
Q

Transition cipher is the ordering…

A

of letters in each word is changed in some systematic way
more complicated if (a) words are broken into two and (b) spell the first word with every other
letter beginning with the first letter, and then spell second word with remaining letters

29
Q

Symmetric key encryption is when…

A

both the sender and receiver use same digital key to encrypt and decrypt messages

30
Q

Symmetric key encryption has two main flaws, what are they?

A
  1. Hackers are powerful and can break encryption
  2. Systematic key encryption requires both parties to share the same key. A hacker can target either the sender or the receiver to gain access to the key
31
Q

Data Encryption Standards (DES)…

A

developed by NSA and IBM. Uses a 56-bit encryption key

32
Q

Advanced Encryption Standards (AES) are…

A

the most widely used symmetric key encryption algorithm, using 128-, 192-, and 256-bit encryption keys.

33
Q

Explain how public key encryption works…

A

Two mathematically related digital keys are used: a public key and a private key. The private key is kept secret by the owner, and the public key is widely disseminated. Both keys can be used to encrypt and decrypt a message. However, once the keys are used to encrypt a message, that same key cannot be used to encrypt the message.

The sender uses the recipient’s key to encrypt the message(s) while the recipient uses his/her private key to decrypt it.

34
Q

Break the public key encryption process down into 5 steps

A
  1. The sender crates a digital message
  2. The sender obtains the recipient’s public key from a public directory and applies it to the message
  3. Application of recipient’s key produces an encrypted cipher text message
  4. The encrypted message is sent over the internet
  5. The recipient uses his/her private key to decrypt the message
35
Q

Hash function is…

A

an algorithm that produces a fixed-length number called a hash or message digest. Hash digest of a message are sent to recipients along with another message that verifies the integrity.
The entire cipher text is then encrypted with recipient’s private key – creating a digital signature – for authenticity and non-repudiation

36
Q

List the 7 steps of public key encryption that has DIGITAL SIGNATURES

A
  1. The sender crates an original message
  2. The sender applies a hash function, producing a 128-bit hash result
  3. The sender encrypts the message and hash result using recipient’s public key
  4. The sender encrypts the result, again using his or her private key
  5. The result of the double encryption is sent over the internet
  6. The receiver uses the sender’s public key to authenticate the message
  7. The receiver uses his or her private key to decrypt the hash function and the original message. The receiver checks to ensure the original message and the hash function results conform to one another
37
Q

Define digital envelopes

A

a technique that uses symmetric encryption for large documents, but public key encryption to encrypt and send the symmetric key

38
Q

Digital certificates and public key infrastructure relies on….

A

certification authorities who give out, verify and then guarantee digital certificates

39
Q

What is a digital certificate

A

A digital document that contains the name of the subject or company, the subject
s public key, a digital certificate serial number, an expiration date, an issuance date, the digital signature of the certification authority, and other identifying formation.)

40
Q

Certification authority (CA) is a…

A

trusted third party that issues digital certificates.

41
Q

Public key infrastructures are

A

Certification authorities and digital certificate producers that are accepted by all parties

42
Q

How do you create a digital certificate?

A

The user generates a public/private key pair and sends a request for a certification to a CA along with the users public key.
The CA verifies the information.
The CA issues a certificate containing the user’s public key and other related information.
Finally, the CA creates a message digest from the certificate itself and signs it with the C’s private key.

43
Q

Pretty good privacy is …

A

a widely used e-mail public key encryption software program

44
Q

What are some limitations to encryption solutions

A
  • not effective against insider employees who have legitimate access to corporate systems including customer information
  • most e-com sites do not store customer information in encrypted form
  • no garentee that the person using the computer with the right keys is the right person (computer theft, sneaky wives ya know)
45
Q

The most common form of securing channels is through the…

A

Secure Sockets Layer and Transport Layer Security

46
Q

Secure Negotiated session is …

A

a client-server session in which the URL of the requested document along with the contents, contents of forms and the cookies are exchanged and encrypted

47
Q

Give an example of a secure negotiated session

A

When you enter your credit card in a form the data is encrypted

48
Q

A session key is

A

a unique symmetric encryption key chosen for a single secure session

49
Q

Once a session key is used it ..

A

is is plunged into the darkness of mordor and is gone FOREVER
Single use key

50
Q

A virtual private network

A

allows remote users to securely access internal networks via the internet using the Point to Point Tunneling protocol PPTP

51
Q

What are 2 ways of protecting Networks and explain both

A

Firewalls - hardware or software that filters communication packets and prevents packets from entering the network based on security policy
Proxy Server - software server that handles all communications from or being sent to the internet.

52
Q

What are the 5 steps to developing an E-Commerce security plan?

A
  1. Perform a risk assessment
  2. Develop a security policy
  3. Develop an implemenation plan
  4. Create a security organization
  5. Perform a security audit
53
Q

Security Policy is

A

A set of statements prioritizing the information risks, identifying acceptable risk targets and identifying the mechanisms for achieving these targets

54
Q

After establishing the base of the security policy, the next step is to create an…

A

Implementation plan - the actions/steps you will take to achieve the security plan goals

55
Q

After implementing the plan you will need to organize the …

A

security organization - the education and training of users to keep management aware of security threats and breakdowns

56
Q

…….. must be established to determine who can gain legitimate access to a network

A

Access Controls

57
Q

Authentication Procedures

A

Include the use of digital signatures, certificates of authority and public key infrastructure

58
Q

Biometrics

A

The study of measurable biological or physical characteristics

59
Q

Security Tokens

A

Small devices that continuously generate six digit passwords to prevent theft

60
Q

Authorization Policies….

A

determine differing levels of access to information assets for differing levels of users

61
Q

Authorization Management system

A

Establishes where and when a user is permitted to access certain parts of a website

62
Q

Security audit…

A

the routine review of access logs (identifying how outsiders are using the site as well as how insiders are accessing the sites assets)

63
Q

The CERT coordination center monitors and…

A

tracks online criminal activity reported to it by private corporations and government agencies that seek out its help

64
Q

A stored value payment system is

A

account created by depositing funds into an account and from which funds are paid out or withdrawn as needed

65
Q

Merchant account

A

a bank account that allows companies to process credit card payments and receive funds from those transactions

E-Business (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions