Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-business Auditing Revised on 2014.

Published byClaude Parsons Modified over 6 years ago

Similar presentations

Presentation on theme: "E-business Auditing Revised on 2014."— Presentation transcript:

1 E-business Auditing Revised on 2014

2 Introduction E-business vs E-commerce Are they similar?
E -business and e-commerce are terms that are sometimes used interchangeably, but the terms are actually different E-business E-commerce

3 What is Difference Between e-commerce and e-Business?
e-commerce - buying and selling using an electronic medium. ICT is used in inter-business or inter-organizational transactions (transactions between and among firms/organizations) and in business-to-consumer transactions (transactions between firms/organizations and individuals). Eg: Accepting credit and payments over the net, doing banking transactions using the Internet, selling commodities or information using the World Wide Web and so on.

4 What is Difference Between e-commerce and e-Business?
e-Business - on top of e-commerce, it also includes both front and back-office applications that form the engine for modern E-commerce. e-business is not just about e-commerce transactions; it's about re-defining old business models, with the aid of technology to maximize customer value. ICT is used to enhance one’s business. It includes any process that a business organization conducts over a computer-mediated network e-Business is the overall strategy and e- commerce is an extremely important facet of e- Business.

5 What is Difference Between e-commerce and e-Business?
Thus e-business involves not merely setting up the company website and being able to accept credit card payments or being able to sell products or services on time. It involves fundamental re-structuring and streamlining of the business using technology by implementing enterprise resource planning (ERP) systems, supply chain management, customer relationship management, data ware housing, data marts, data mining, etc. (Source:

6 e-commerce It involves three types of integration:
Vertical integration of front-end Web site applications to existing transaction systems; Cross-business integration of a company with Web sites of customers, suppliers or intermediaries such as Web-based marketplaces; Integration of technology with modestly redesigned processes for order handling, purchasing or customer service

7 e-business Three primary processes are enhanced in e-business:
Production processes, which include procurement, ordering and replenishment of stocks; processing of payments; electronic links with suppliers; and production control processes, among others; Customer-focused processes, which include promotional and marketing efforts, selling over the Internet, processing of customers’ purchase orders and payments, and customer support, among others; and Internal management processes, which include employee services, training, internal information-sharing, video-conferencing, and recruiting. Electronic applications enhance information flow between production and sales forces to improve sales force productivity. Workgroup communications and electronic publishing of internal business information are likewise made more efficient

8 e-business Involves four types of integration:
Vertical - between Web front- and back-end systems; Cross-business integration - between a company and its customers, business partners, suppliers or intermediaries; Horizontal - among e-commerce, enterprise resource planning (ERP), customer relationship management (CRM), knowledge management and supply-chain management systems; Integration of technology with radically redesigned business processes

9 Risks with e-business Fraud
A deception deliberately practiced in order to secure unfair or unlawful gain (Source:

10 Risks with e-business Loss of privacy/ confidentiality
Losing the ability for an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively (Adapted from:

11 Risks with e-business Lack of authentication Corruption of data
Absence in verifying whether someone or something is, in fact, who or what it is declared to be. (Adapted from: searchsecurity.techtarget.com/definition/authentication) Corruption of data Errors in computer data that occur during writing, reading, storage, transmission, or processing, which introduce unintended changes to the original data (Source: Business interruption

12 Controls in e-business applications
Authenticity mechanism User-id and password PIN Non-repudiation mechanism The ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated Digital signature Encryption Policies

13 e-Business Security Audit
The most important controls for auditing e-business security are the following: Access control policy and procedures Account management Which manages system accounts, including establishing, activating, modifying, reviewing, disabling, and removing accounts. Separation of duties The system enforces separation of duties through assigned access authorizations. The organization establishes appropriate divisions of responsibility and separates duties as needed to eliminate conflicts of interest in the responsibilities and duties of individuals. Least privilege The system enforces the most restrictive set of rights/privileges or accesses needed by users (or processes acting on behalf of users) for the performance of specified tasks.

14 e-Business Security Audit (cont.)
Unsuccessful login attempts The system enforces a limit of consecutive invalid access attempts by a user during a time period. System use notification The system displays an approved, system use notification message before granting system access informing potential users: That the user is accessing the system That system usage may be monitored, recorded, and subject to audit That unauthorized use of the system is prohibited and subject to criminal and civil penalties That use of the system indicates consent to monitoring and recording. Previous logon notification The system notifies the user, upon successful logon, of the date and time of the last logon, and the number of unsuccessful logon at-tempts since the last successful logon.

15 e-Business Security Audit
Session lock The system prevents further access to the system by initiating a session lock that remains in effect until the user reestablishes access using appropriate identification and authentication procedures. Supervision and review access control Which supervises and reviews the activities of users with respect to the enforcement and usage of information system access controls. Remote access Which documents, monitors, and controls all methods of remote access (e.g., dial-up, broadband, Internet) to the information system Appropriate organization officials authorize each remote access method for the information system and authorize only the necessary users for each access method. (Source: NĂSTASE, NĂSTASE and ŞOVA (2007): Information Security Audit in e-business applications )

Download ppt "E-business Auditing Revised on 2014."

Similar presentations

Security Controls and Systems in E-Commerce

Security Controls and Systems in E-Commerce
Chapter 1 Business Driven Technology

Chapter 1 Business Driven Technology
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Chapter 10: E-Branding – Building the brand online

Chapter 10: E-Branding – Building the brand online
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.

McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Information Systems In The Enterprise

Information Systems In The Enterprise
What is an Information System? Input of DataResourcesProcessing Data Data Control of System Performance Storage of Data Resources Output of InformationProducts.

What is an Information System? Input of DataResourcesProcessing Data Data Control of System Performance Storage of Data Resources Output of InformationProducts.
Management Information system E-commerce E-business Supervised by: Miss : Rasha Ragheb Atallah Presentation provided by: Salah Imad AlQady Ramzy Shafeeq.

Management Information system E-commerce E-business Supervised by: Miss : Rasha Ragheb Atallah Presentation provided by: Salah Imad AlQady Ramzy Shafeeq.
Network security policy: best practices

Network security policy: best practices
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
E-Business and E-Commerce

E-Business and E-Commerce
The Internetworked E-Business Enterprise

The Internetworked E-Business Enterprise
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
EFirm & eCommerce Digital Firm. Contents 1. Introduction 2. The opportunities of technology 3. Electronic Commerce 4. Payment systems 5. Management challenges.

EFirm & eCommerce Digital Firm. Contents 1. Introduction 2. The opportunities of technology 3. Electronic Commerce 4. Payment systems 5. Management challenges.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Similar presentations

Ads by Google