Page 307 - Introduction to Electronic Commerce and Social Commerce
P. 307
294 10 E-Commerce Security and Fraud Issues and Protections
faculty, and networks are vulnerable to a variety of security The users are contacted via e-mail and alerted to the prob-
issues, many of which originate from social media websites lem. The system may even block the user’s access. In such an
such as Facebook and YouTube. The College encourages the event, the user can go to the student computer lab for prob-
use of social media as a collaborative, sharing, and learning lem resolution.
environment. Bandwidth is controlled only when classes are in session.
Social media is also a leading target for malware writers. Sources: Based on Goodchild (2011), SUNY (2014), and
With the large number of downloads, social media has oldwestbury.edu (accessed April 2016).
become an ideal place for cybercriminals to insert viruses and
hack into systems. Phishers use social engineering techniques
to deceive users into clicking on, or downloading malware. LESSONS LEARNED FROM THE CASE
Because of the various devices used by the students and
faculty, the College’s attempts to manage network security This case demonstrates two problems: possible mal-
were unsuccessful. Specifically, the attempt to use intelligent ware attacks and insufficient bandwidth. Both problems
agents (which some students objected to having on their can reduce the effectiveness of SUNY’s computerized
computers) as guards failed. system, interfering with students’ learning and faculty
The College had computer-use policies in place, but these teaching and research. The solution, in which the uni-
were established in the past for older computing environ- versity can monitor when users are on the university
ments. Since the old policies were not effective, the univer- network, look for any unusual activity, and take appro-
sity decided to rewrite its old usage policy to meet the needs priate action if needed, demonstrates one of the defense
of current technology. mechanisms used by an organization. The new polices
Bandwidth usage was a problem due to the extensive conflict with student privacy—a typical situation in
downloading of videos by faculty and students. The high security systems: the tighter the security, the less pri-
level usage for noneducational related activities sometimes vacy and flexibility people have. In this chapter, we
interfered with classroom or research needs. introduce the broad battlefield between attacks on infor-
mation systems and the defense of those systems. We
also present the issues of fraud in e-commerce and strat-
The Solution
egies and policies available to organizations for deploy-
ing security measures.
All students, faculty, and staff received a user ID for com-
puter utilization. Next, a new usage policy was implemented.
This policy was communicated to all users and was enforced
by monitoring the usage for each ID, watching network traf- 10.1 THE INFORMATION SECURITY
fic, and performing behavioral analysis.
The policy covered all users, all devices, and all types of PROBLEM
usage, including mobile devices and the Internet. According
Information security refers to a variety of activities and
to SUNY College at Old Westbury (2014), the policy states
that users should not expect full privacy when it comes to methods that protect information systems, data, and proce-
dures from any action designed to destroy, modify, or degrade
their e-mail messages or other online private information,
including Internet usage records, and sets forth what infor- the systems and their operations. In this chapter, we provide
an overview of the generic information security problems
mation is collected by the university. Given that the IDs iden-
tify the type of users (e.g., student or faculty), management and solutions as they relate to EC and IT. In this section, we
look at the nature of the security problems, the magnitude of
was able to set priorities in allocating bandwidth.
Old Westbury is not alone in utilizing a policy to control the problems, and introduce some essential terminology of
Internet usage. Social Media Governance (socialmediagov- information security. For an overview, see John (2016) and
ernance.com) is a website that provides tools and instruc- Smith (2015).
tions regarding the control of computing resources where
social media is concerned.
What Is EC Security?
The Results Computer security in general refers to the protection of data,
networks, computer programs, computer power, and other
The modified system monitors performance and automati- elements of computerized information systems. It is a very
cally sends alerts to management when deviations from the broad field due to the many methods of attack as well as the
policy occur (e.g., excessive usage). Also, it conducts behav- many modes of defense. The attacks on and defenses for com-
ioral analysis and reports behavioral changes of users. puters can affect individuals, organizations, countries, or the
