E-COMMERCE SYSTEMS

Question 1

What is E-commerce?

Answer 1

• E-commerce involves the sale or delivery of goods/services by means of using Information and Communication Technology

Question 2

List five types of E-commerce and give an example for each.

Answer 2

1. Electronic buying and selling of goods and services - takealot
2. Online delivery of digital products - iTunes Store
3. Electronic funds transfer - FNB internet banking
4. Electronic trading of stocks - Easy equities
5. Direct consumer marketing - purchasing from Nike online

Question 3

E-commerce can be divided into a few main categories (3) (and sub categories)

Answer 3

Business:

1. Business to business - alibaba.com
2. Business to consumer - takealot

Consumer

1. consumer to business - Fiver
2. consumer to consumer - Facebook market place

Government E-services

government services to the public and businesses - tenders, municipal account payments

Question 4

List 5 advantages and 3 disadvantages of E-commerce

Answer 4

Advantages:

1. Allows small players to compete well with established players all around the world
2. A business will not be geographically bound - transact with people all over the world
3. Lower associated with not having ‘brick-and-mortar’ location means products can be offered at better prices and profitability can be improved
4. Can be a great extension of a physical store to new markets. more convenient for customers to shop online
5. Can offer a wide range of items online without having all of the stock on hand

Disadvantages

1. Some customers still want to look and feel the product before purchasing
2. Delivery costs could lead to one being uncompetitive
3. Delay is the customer receiving their goods, whereas in-store purchasing is immediate

Question 5

What is E-business? Give an example.

Answer 5

• E-bussines differs from E-commerce as E-business involves using the Internet and online technologies to create operating efficiencies, therefore increasing value to customers and the business
• E-business is more internally focused. It asks the question: ‘how can business be improved by technology?’ such as by integrating the sales department with the manufacturing department so as soon as an order is placed, in real time, the manufacturing department has the information on the sale
• Another example is integrating the suppliers system with the business’ system - Mercedes gets parts delivered to its manufacturing plant as the car moves along the production line, hence they save on storage costs and ordering expenses

Question 6

Networks can be categorised according to the geographical area that they cover. What are the three most common networks?

Answer 6

1. Local Area Network (LAN)
   - A network that connects devices and computers within a small area (home). LAN can be wireless, in which case it is called a WLAN (Wireless Local Area Network)
2. Wide Area Network (WAN)
   - A network that connects computers over a vast area (a country). The internet is the largest example of a WAN
3. Virtual Private Network (VPN)
   - This is a private network within a public network
   - A VPN connects on a public network but uses security encryption to ensure only authorised users can access the network.
   - For example, the Wits website allows you to use it without incurring data costs

Question 7

What is the internet?

Answer 7

The internet is a global network of computers which shares and communicates information between users by means of an Internet Protocol (IP)

Question 8

What is the Internet Protocol (IP)?

Answer 8

IP is the standard communication rules and standards to transfer data over the internet

Question 9

What is the communication technology called that IP uses?

Give a brief description of it .

Answer 9

• IP uses a communication technology called Packet Switching.
• Packet Switching divides data into small packets to be transmitted over the internet in the most efficient manner.
• This enables faster sharing of large volumes of information

Question 10

Each computer connected to the internet has a unique address to which information is sent to or from. What is this dress called, and give a very brief overview.

Answer 10

This address is called an IP address.
Just like our home address, to send or receive information over the internet, the information needs to be send to/from your the IP address.

Question 11

Imagine if you had to type an IP address each time you wanted to access google (google:http://172.217.6.132/.) This would be hard to remember and use. What two things do we have in order to make this process easier? Provide full explanations of them.

Answer 11

1. A Domain name
   Doman names were designed to make it easier to remember a computer or resource name on the internet than an IP address.

a. Second Level Domains (SLD): the computer or host organisations name (eg Wits)

b. Top Level Domain (TLD): the nature or geographical location of the organisation using the address. 
eg; 
.ac or .edu -used for higher education 
.co.za -used for South African websites 
.gov -used for government organisations 
.org -used for non-profit organisations 
.net -used for network organisations 

2. Uniform Resource Locator (URL)
   this is an address that defines the path of a file or facility on the web
   A URL is made up of the following:
   a. Protocol Prefix: https
   b. Domain name: www.wits.ac.za (SLD and TLD)
   c. Subdirectory name: /accountancy
   d. Document name: /contact us

Question 12

What is the World Wide Web (www) and where does it fit in?

Answer 12

The World Wide Web is:

• An application that runs on the internet
• Has a collection of resources
• These resources may be hyperlinked and can be found by URL’s

Question 13

What is the fundamental format of the web?

Answer 13

The fundamental format of the web is a text document called a web page, that has embedded Hyper Text Transfer Protocol (HTTP)

Pages are accessed via a web browser using the URL with the homepage being the point of entry.

Question 14

What is the difference between an intranet and an extranet?

Answer 14

An intranet is a private network which is available internally to a business’s various departments and employees so that they can have access to information and share data using the internet technology. (eg a webpage of HR policies only visible to employees)

An extranet is an intranet that is accessible via access control to authorised customers, suppliers, and other parties.
the only difference is an extranet is accessible to people outside the business who have authorised use. Eg internet banking

Question 15

What are email addresses and instant messaging ?

Answer 15

These are methods to communicate with others digitally over the internet to exchange messages which may include documents, pictures, and videos. email and instant messages are applications that run on the internet.

Question 16

What is cloud computing ?

Answer 16

• Cloud computing is a model for delivery of applications and services such as data storage, provision of computing power and software via the internet on demand.
• Cloud computing basically allows users to have acesss to software or storage space for information without needing the physical hardware and software.
  All that users need to do is access the service via the internet.
• examples are gmail, google drive

Question 17

What are the three main types of cloud computing?

Answer 17

1. Software-as-a-Service (SaaS)
   A service whereby software/applications are provided to users via the internet (you do not actually download the data, only the app - Netflix, showmax)
2. Infrastructure-as-a-Service (IaaS)
   The provision of computing power and disc space to clients who access it - amazon web services, google drive
3. Platform-as-a-Service (PaaS)
   This enables firms to develop and deploy onto the cloud infrastructure, customer generated applications using vendor provided facilities.
   - Google apps engine which allows you to develop mobile app without having to worry about all the infrastructure and servers to run the app.

Question 18

Why don’t all companies use cloud computing? (4 points)

Answer 18

• They have already incurred investment in equipment and proprietary software, and Human Resources.
• Mission critical functions run on legacy systems that are many decades old and can’t interface with cloud computing.
• Companies want tailor made solutions
• Concerns about internal control and security issues - your data is dependant on a third party

Question 19

What are the advantages of cloud computing? (3)

Answer 19

• Access on many devices
• Low cost as less investment required in terms of purchasing hardware and software
• Can expand or contract the cloud computing capabilities per the business’s needs - eg increase storage space as you need it.

Question 20

Cyber risks and security - what are business risks?

definition and 3 points

Answer 20

Business risk is the possibility of loss or injury that reduces or eliminates an organisations ability to achieve objectives:

• in terms of cyber or electronic commerce, risk relates to the loss, theft, or destruction of data or use of computer programs that financially or physically harm an organisation
• Unauthroised and illegal employee activity is an example of intranet threats that pose a risk in e-commerce / e-business
• Intranets connected to central corporate databases increases risk that employees will view, corrupt, change, copy, or sell data.
  Employees use methods such as sniffing, which is the unauthorised interception of network information to obtain emails and other confidential information

Question 21

What is a cyber crime?

Answer 21

This is a criminal action that seeks to harm the computer itself or users of a computer or network to commit a crime. Cyber crimes often affects businesses negatively both in terms of repetitional and financial damage.

Question 22

What are the 5 most common cyber crimes?

Answer 22

IP spoofing

Denial of service attack (DoS attack)

Phishing

Computer related scams

Malware

Question 23

What is IP spoofing?

Answer 23

This is when a hacker impersonates another user/entity by forging their IP address to seem as if the hackers IP address is that of the authorised IP address user/entity

Eg a hacker sends an email with a forged version of an IP address of a municipality department, seeking to purchase certain items. If this is not picked up, the business thinks it is legitimate and supplies the items only to find out it was not legitimate and they incur a loss.
IP spoofing can also be used to hide the identity of a DoS attacker

Question 24

What is a denial of service attack (DoS)?

Answer 24

This is an assault on a web server to prevent it from servicing users.

This is done by sending vast amounts of messages and requests to access a business’s website/server, which slows down or crashes the site.

Question 25

What is phishing?

Answer 25

This is a means of obtaining personal information about an individual/entity such as passwords, user names, ID numbers, banking details by impersonating another entity

Question 26

What are computer related scams?

Answer 26

This is sending too good to be true emails to entice the user to believe they have won a large sum of money/inheritance.
Eg asking you do deposit R100 for the paper work to obtain your inheritance

Question 27

What is malware? List the 7 examples of malware.

Answer 27

Malware is a software that is designed to maliciously gain unauthorised access, disrupt, or destroy a computer system.

Examples:

1. A Virus
2. A Worm
3. A Logic Bomb
4. A Trojan horse
5. A Rootkit
6. Spyware
7. Ransomware

Question 28

What is a malware virus?

Answer 28

A malicious code or program that is designed to alter the way a computer operates.

A virus spreads by replicating itself without the users knowledge from one computer to another

They are spread via email attachments, scam website links, external hard drives, and other removable storage devices.

Viruses need a user to open and run the application it is on for it to begin infecting the computer.

Question 29

What is a malware worm?

Answer 29

A malicious program that can self replicate and move from one computer to another and does not need a program to run for it to be activated.

Once downloaded, worms do not need a program to run on

They are spread quickly via computer networks

Question 30

What is a malware logic bomb?

Answer 30

A piece of malicious code that has been intentionally written into an application or software that will cause the system or file to be corrupted or deleted shout certain conditions not be met.

Logic bombs are only activated when a certain condition is triggered, for example the programmer who wrote the file is let go.

Question 31

What is a malware Trojan horse

Answer 31

A program that disguise itself as a legitimate application or file but is actually a virus, worm, or a logic bomb

Question 32

What is a malware rootkit?

Answer 32

A tool that is designed not to be visible on your computer but grants cyber criminals remote access to your computer.

Computer criminals can therefore gain access to passwords, keystroke data, and sensitive files on your computer.

This form of malware is often very destructive. even if you change your password, cyber criminals will still be able to access your information.

Question 33

What is malware spyware?

Answer 33

A type of program that essentially spies on your computer activity and sends this personal information to cyber criminals.

Spyware can for example access your video recorder.

Question 34

What is malware ransomware?

Answer 34

A type of malware that encrypts files on your computer so that you cannot access them unless you pay the cyber criminal to release your files

They usually demand payment in bitcoin.

Question 35

List 12 security measures that can be put in place to reduce the three of cyber risks.

Answer 35

1. Anti-virus software
2. Anti-spyware software
3. Anti-spam software
4. Staff training
5. Securities policies in place
6. Firewalls
7. Penetration testing (ethical hacking)
8. Data back ups
9. Access control and passwords
10. Encryption
11. Digital signature
12. Digital certificate

Question 36

What is an anti-virus software?

Answer 36

A software which scans the computer, computer network, storage devices, emails, and other computer files for viruses and in some cases malware.

If any virus or malware is detected, the anti-virus software removes the virus

The anti-virus software must always be updated to the latest version to ensure it can fight the latest virus.

Question 37

What is an anti-spyware software?

Answer 37

A software that prevents and detects the installation of spyware on a computer.

Anti-spyware must also be regularly updated to defend against the latest spyware

Question 38

What is an anti-spam software ?

Answer 38

A software designed to prevent possible phishing and unwanted emails from entering your mail.

Messages are quarantined and marked as spam. a user can manually access these messages or block a sender.

Question 39

What is staff training?

Answer 39

Staff should be trained on how to identify possible spam / phishing mails and how to identify if a website is possibly spoofed.

Further training on basic cyber security protocols should be provided such as password management.

Question 40

What are firewalls?

Answer 40

A security program that monitors and controls in-coming and out-going network traffic between an internal network and an external one such as the internet.

Firewalls can detect if too many unknown requests come in and prevent a DoS attack as well as restrict hackers’ requests to acesss a network or server.

Question 41

What is penetration testing or ethical hacking?

Answer 41

This involves using ethical hacker who try to hack a business’s systems as a means to find vulnerabilities in the system which can be fixed before someone else exploits them as part of a cyber attack.

Question 42

What are data backups?

Answer 42

Businesses must regularly back up data on a cloud or different server/computer/storage device to ensure that in the event of a cyber attack, crucial data is not lost.

Question 43

What is access control and passwords?

Answer 43

The access to computer must be restricted to certain personnel with different access rights given based on their functions.

Passwords must be regularly changed and required to access the system.

Question 44

What is encryption?

Answer 44

The conversion of data into a secret code for storage in databases and transmission over networks.

Data is encrypted during transfer and then decrypted back into its original form once it is received, preventing anyone from deciphering the data.

Question 45

What is a digital signature?

Answer 45

An electronic authentication technique that ensures the transmitted message originated with an authorised sender and was not tampered with after the signature was applied.

Question 46

What is a digital certificate?

Answer 46

Like an electronic ID card, used with public key encryption system to verify authenticity of a website or server.

Third parties such as version and Thawte issue these certificates.

Basically, it guarantees that the website you are accessing is indeed the real website of the business you may want to transact.

Question 47

Consumers should be aware of cyber risks when transacting online as well.
Companies may not store credit card data securely and have lax controls over this potentially leading to this information being stolen, whilst others may sell personal information.

What can consumers do to prevent this from happening?
(3)

Answer 47

• Ensure that the business you are dealing with has adequate security measures on their website such as payment authentication and digital certificates in place.
• Always shop via a secure network when entering personal details, eg public wifi but with a VPN connection
• Read company policies over data, do not just hand over your information and consent to marketing

Question 48

What are the implications of cyber risks for accounting?

3

Answer 48

• Accountants and auditors must be aware of the latest developments as it affects the business in all aspects and is vital to ensure the business is effective and efficient.
• Greater security needs to be put in place to ensure the authenticity of documents which means understanding what system security measures businesses have in place and how to audit them
• IT specialists need to play a bigger role in the modern accounting and audit firm.