1.OVERVIEW OF ELECTRONIC COMMERCE
Introduction
Definition of Electronic Commerce
Electronic Business
Potential Benefits of Electronic Commerce
The Internet and WWW as Enablers of Electronic Commerce
Impact of Electronic Commerce on Business Models
Overall Business and E-Commerce Goal Congruence
The Impact of Electronic Commerce on the Value Chain
The ICDT Business Strategy Model
Three Pillars of Electronic Commerce
Electronic Commerce Security
Organization of Topics
Implications for the Accounting Profession
Summary
Key Words
Review Questions
Discussion Questions
Cases
2.ELECTRONIC COMMERCE AND THE ROLE OF INDEPENDENT THIRDPARTIES
Introduction
Consulting Practices and Accountants’Independence
CPA Vision Project
New Assurance Services Identified by the AICPA
The Elliott Committee and the Cohen Committee
Three Waves of Electronic Commerce
Electronic Commerce Integrity and Security Assurance
Electronic Commerce Systems Reliability Assurance
Internal Control Framework
Competition
Risk Assessment Assurance
Impact of Electronic Commerce on the Traditional Assurance Function
Continuous Auditing
Third-Party Assurance of Web-Based Electronic Commerce
Security of Data
Business Policies
Transaction Processing Integrity
Privacy of Data
Web Site Seal Options
Better Business Bureau
Truste
Veri-Sign
ICSA
AICPA/CICA Webtrust
Business Practices
Transaction Integrity
Information Protection
Report Issuance
Comparison of Seals
Implications for the Accounting
Profession
Skill Sets
Expansion of Assurance Services
Consulting and International Services
Summary
Key Words
Review Questions
Discussion Questions
Cases
3.THE REGULATORY ENVIRONMENT
Introduction
Cryptography Issues
Key Length
Key Escrow and key Recovery
International Cryptography Issues
Privacy Issues
FTC Privacy Online Report
Adults’Privacy Rights and The EU’s Directive
Web Linking
Inappropriately Referencing a Linked Site
Displaying Information without Proper Referencing
Linking Using Framing
Linking Using Trademark in Keyword Meta Tags
Unauthorized Display of a Registered Trademark
Linking to Illegal Files
Domain Name Disputes
Similarly Named companies or Products
Registering and Using a Competitor’s Name
Domain Names Registered and Held Hostage
Domain Name Dispute Resolution
Internet Sales Tax
International Tax Issues
Electronic Agreements and Digital Signatures
Internet Service Prodivers and International Libel Laws
Implications for the Accounting Profession
Liability Exposure and Risk Assessment
Expansion of Legal Resources and Services
Digital Signatures and Certificate Authorities
Summary
Key Words
Review Questions
Discussion Questions
Cases
4.EDI,ELECTRONIC COMMERCE,AND THE INTERNET
Introduction
Traditional EDI Systems
The Origin of EDI
Non-EDI Systems
Value-Added Networks(VANs)and Preestablished Trading Partners
Partially Integrated EDI Systems
Fully Integrated EDI Systems
Benefits of EDI Systems
Data Transfer and Standards
Department of Defense Transaction Example
Financial EDI
EDI Systems and the Internet
Security concerns
Security of Data during Transmission
Audit Trails and Acknowledgements
Authentication
Internet Trading Relationships
Consumer to Business
Business to Business
Governmnet to citizen
Benefits
EDI Web Browser Translation Software
Insight’s EDI and Internet
Systems
Real-time EDI Inventory Links with Suppliers
Entegrated Delivery Links with Federal Express
Web-Based Sates
Impact of EDI-Internet Applications on the Accounting Profession
Increased Complexity of Auditing through the computer
Integrity of and Reliance in the VANs
Extension of Audit to Trading Partners’s Systems
Increased Technological Skills of Smaller Accounting Firms
Summary
Key Words
Review Questions
Discussion Questions
Cases
5.RISKS OF INSECURE SYSTEMS
Introduction
Overview of Risks Associated with Internet Transactions
Internet Associated Risks
Risks to Customers
False or Malicious Web Sites
Stealing Visitors’Ids and Passwords
Stealing Visitors’Credit Card Information
Spying on a Visitors’Hard Drive
Theft of Customer Data from Selling Agents and ISPs
Privacy&the Use of Cookies
Risks to Selling Agents
Customer Impersonation
Denial of Service Attacks
Data Theft
Intranet Associated Risks
Sabotage by Former Employees
Threats from Current Employees
Sniffers
Financial Fraud
Downloading of Data
E-Mail Spoofing
Social Engineering
Risks Associated with Business Transaction Data Transferred between Trading Partners
Intranets,Extranets and Internet Relationships
Data Interception
Message Origin Authentrication
Proof of Delivery
Message Integrity&Unauthorized Viewing of Messages
Timely delivery of Messages
Risks Associated with Confidentially-Maintained Archival,Master File and Reference Data
Risks Associated with Viruses and Malicious Code Overflows
Viruses
Trojan Horses
Hoaxes
Buffer Overflows
Implications for the Accounting Profession
Intranets and Internal Controls
Intranet and Internal Controls
Web Site Assurance
Summary
Key Words
Review Questions
Discussion Questions
Cases
6.RISK MANAGENENT
Introduction
Control Weakness vs.Control Risk
Security Gaps
Culture Management
Excessively Tight Controls
Risk Management Paradigm
Disaster Recovery Plans
Disaster Recovery Plan Objectives
Second Site Back-up alternatives
Mutual Aid Pact
Cold Site/Crate and Ship
Hot Site
Conducting a Dress Rehearsal
Implications for the Accounting Profession
Evolution of Internal control Framework
The Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
The Role of Internal Controls in Risk Management
Summary
Key Words
Review Questions
Discussion Questions
Cases
7.INTENET SECURITY STANDARDS
Introduction
Standard Setting Issues and Committees
ANSI
UN/EDIFACT
ANSI’s ASC X12 Alignment Task Group Leading the Migrations to UN/EDIFACT
Major Standard Setting Structures and Interfaces
U.S.and International Standard Setting Bodies
Internet and WWW Committees
Internet committees
WWW Committees
W3C
OBI
Global Information Infrastructure Commission
Security Committees and Organizations
Security Protocols and Languages
OSI
TCP/IP
IP Addresses
Class A
Class B
Class C
Class D and Class E
Domain Names
IPv6
FTP and TELNET
NNTP
HTTP and HTTP-NG
S-HTTP,SSL,and PCT
SGML,HTML,and XML
DOM ang DHTML
JAVA
STEP
Messaging Protocols
Basic Mail Protocols
Security-Enhanced Mail Protocols
Secure Electronic Payment Protocols
The Role of Accountants in Internet-related Standard Setting Process
Summary
Key Words
Review Questions
Discussion Questions
Cases
8.CRYPTOGAPHY AND AUTHENTICATION
Introduction
Messaging Security Issues
Confidentiality
Integrity
Authentication
Non-Repudiation
Access controls
Encryption Techniques
Symmetric Encryption Keys
Data Encryption Standard
Triple Encryption
Advanced Encryptions Standard
Skipjack
RC2,RC4,and RC5
Asymmetric cryptography
Public-Private Key Pairs
Elliptic Curve Cryptography
Integrity check Values and Digital Signatures
Integrity check Value(Hashes)
Digital Signatures
One Time Pads
Good Encryption Practices
Passwork Maintenance
Key Length
Key Management Policies
Compressed Files
Message contents
Key Manangement
Public Certification Authorities
Private or Enterprise Certification Authorities
Hybrid Public and Private certification Authorities
Key Management Tasks
Identification and Verification of Users
Key Generation
Key Registration
Key Escrow and Recovery
Key Updates and Replacement
Key Revocation and Destruction
Additional Authentication Methods
Additional Non-Repudiation Techniques
Implications for the Accounting Profession
Confidentiality
Message Integrity
Authentication
Non-repudiation
Access Controls
Internal Control and Risk Analysis
Summary
Appendix A-The RSA Algorithm
Appendix B-XOR Function
Key Words
Review Questions
Discussion Questions
Cases
9.FIREWALLS
Introduction
Firewall Defined
TCP/IP
Open Systems Interconnect(OSI)
Components of a Firewall
typical functionality of Firewalls
Packet Filtering
IP Spoofing
Network Address Translation
Application-Level Proxies
Stateful-Inspection
Virtual Private Networks
Real-Time Monitoring
Network Topology
Demilitarized Zone
Securing The Firewall
Policy
Network Security Access Policy
Firewall Design Policy
Administration
Services
Telnet and FTP Security Issues
Finger Service Security Issues
Internal Firewalls
Authentication
Operating System Controls
Factors to Consider in Firewall Design
In-House Solutions vs.Commercial Firewall Software
Limitations of the Security Prevention Provided by Firewalls
Implications for the Accounting Profession
Penetration Testing and Risk Exposure
Provider of Network Solutions
Forensic Accounting and Intrusion Investigation
Summary
Key Words
Review Questions
Discussion Questions
Cases
10.ELECTRONIC COMMERCE PAYMENT MECHANISMS
Introduction
The SET Protocol
SET vs.SSL
Version 1.0
Payment Gateway
Certificate Issuance
Certificate Trust Chain
Cryptography Methods
Dual Signatures
The SET Logo
Compliance Testing
Status of Software
Implementations
Version 2.0 and Intermediate Releases
Magnetic Strip Cards
Smart Cards
Electronic Checks
The FSTC’s Electronic Check
The FSTC’s BIPS Specification
BIPS and EDI
Electronic Cash
Implications for the Accounting Profession
Audit Implications
Electronic Bill Presentment and Payment systems
Summary
Key Words
Review Questions
Discussion Questions
Cases
11.INTELLIGENT AGENTS
Introduction
Definition of Intelligent Agents
Capabilities of Intelligent Agents
Level of Agent Sophistication
Agent Societies
Intelligent Agents&Electronic commerce
The Online Information Chain
Push Technology and Marketing
Pull Technology and Demands of Information and Services
New Geographical Markets
Business-to-Business Transaction Negotiation
Limitations of Agents
Implications for the Accounting Profession
Continuous Reliability Assurance
Agents and Security
Summary
Key Words
Review Questions
Discussion Questions
Cases
12.WEB-BASED MARKETING
Introduction
The Scope of Marketing
Business,Marketing,and Information Trchnology Strategy Congruence
The Four Ps Applied to Internet Marketing
Product
Pricing
Place(Distribution)
Promotion
The Fifth“P”.Personalization
toffler’s Powershift
Marketing Implications of the consumer Power Shift
Building Relationships through Database Marketing
Personalized Transaction Domain
The Relentless Search for Value
Internet Marketing Techniques
Passive Providers of Information
Search Engine and Directory Registration
Solicited,Taargeted E-mail
Interactive Sites
Banner Advertising
Off-Line Advertising
Unsolicited,Targeted E-Mail
Spam Mail
E-mail Chain Letters
On-Line Advertising Mechanisms
Directories
Search Engines
Keywords and Meta Tags,and Frequency of Words
Location of Words
Link Popularity
Reviewed Sites
Case Sensitive
Banners
Sponsorships
Portals
On-line Coupons
Web Site Design Issues
Page Loading Efficiency
Simplicity
Use the Space Wisely
Create a Reason to Return
Framing
Tables and Fonts
Graphics
Interlaced Graphics
GIF vs.JPEG Files
Colors and Contrast
Purchasing Information
Tracking Data
Intelligent Agents and Their Impact on Marketing Techniques
Implications for the Accounting Profession
Summary
Key Words
Review Questions
Discussion Questions
Cases
INDEXES
鄂公网安备 42010302001612号 