1.OVERVIEW OF ELECTRONIC COMMERCE Introduction Definition of Electronic Commerce Electronic Business Potential Benefits of Electronic Commerce The Internet and WWW as Enablers of Electronic Commerce Impact of Electronic Commerce on Business Models Overall Business and E-Commerce Goal Congruence The Impact of Electronic Commerce on the Value Chain The ICDT Business Strategy Model Three Pillars of Electronic Commerce Electronic Commerce Security Organization of Topics Implications for the Accounting Profession Summary Key Words Review Questions Discussion Questions Cases 2.ELECTRONIC COMMERCE AND THE ROLE OF INDEPENDENT THIRDPARTIES Introduction Consulting Practices and Accountants’Independence CPA Vision Project New Assurance Services Identified by the AICPA The Elliott Committee and the Cohen Committee Three Waves of Electronic Commerce Electronic Commerce Integrity and Security Assurance Electronic Commerce Systems Reliability Assurance Internal Control Framework Competition Risk Assessment Assurance Impact of Electronic Commerce on the Traditional Assurance Function Continuous Auditing Third-Party Assurance of Web-Based Electronic Commerce Security of Data Business Policies Transaction Processing Integrity Privacy of Data Web Site Seal Options Better Business Bureau Truste Veri-Sign ICSA AICPA/CICA Webtrust Business Practices Transaction Integrity Information Protection Report Issuance Comparison of Seals Implications for the Accounting Profession Skill Sets Expansion of Assurance Services Consulting and International Services Summary Key Words Review Questions Discussion Questions Cases 3.THE REGULATORY ENVIRONMENT Introduction Cryptography Issues Key Length Key Escrow and key Recovery International Cryptography Issues Privacy Issues FTC Privacy Online Report Adults’Privacy Rights and The EU’s Directive Web Linking Inappropriately Referencing a Linked Site Displaying Information without Proper Referencing Linking Using Framing Linking Using Trademark in Keyword Meta Tags Unauthorized Display of a Registered Trademark Linking to Illegal Files Domain Name Disputes Similarly Named companies or Products Registering and Using a Competitor’s Name Domain Names Registered and Held Hostage Domain Name Dispute Resolution Internet Sales Tax International Tax Issues Electronic Agreements and Digital Signatures Internet Service Prodivers and International Libel Laws Implications for the Accounting Profession Liability Exposure and Risk Assessment Expansion of Legal Resources and Services Digital Signatures and Certificate Authorities Summary Key Words Review Questions Discussion Questions Cases 4.EDI,ELECTRONIC COMMERCE,AND THE INTERNET Introduction Traditional EDI Systems The Origin of EDI Non-EDI Systems Value-Added Networks(VANs)and Preestablished Trading Partners Partially Integrated EDI Systems Fully Integrated EDI Systems Benefits of EDI Systems Data Transfer and Standards Department of Defense Transaction Example Financial EDI EDI Systems and the Internet Security concerns Security of Data during Transmission Audit Trails and Acknowledgements Authentication Internet Trading Relationships Consumer to Business Business to Business Governmnet to citizen Benefits EDI Web Browser Translation Software Insight’s EDI and Internet Systems Real-time EDI Inventory Links with Suppliers Entegrated Delivery Links with Federal Express Web-Based Sates Impact of EDI-Internet Applications on the Accounting Profession Increased Complexity of Auditing through the computer Integrity of and Reliance in the VANs Extension of Audit to Trading Partners’s Systems Increased Technological Skills of Smaller Accounting Firms Summary Key Words Review Questions Discussion Questions Cases 5.RISKS OF INSECURE SYSTEMS Introduction Overview of Risks Associated with Internet Transactions Internet Associated Risks Risks to Customers False or Malicious Web Sites Stealing Visitors’Ids and Passwords Stealing Visitors’Credit Card Information Spying on a Visitors’Hard Drive Theft of Customer Data from Selling Agents and ISPs Privacy&the Use of Cookies Risks to Selling Agents Customer Impersonation Denial of Service Attacks Data Theft Intranet Associated Risks Sabotage by Former Employees Threats from Current Employees Sniffers Financial Fraud Downloading of Data E-Mail Spoofing Social Engineering Risks Associated with Business Transaction Data Transferred between Trading Partners Intranets,Extranets and Internet Relationships Data Interception Message Origin Authentrication Proof of Delivery Message Integrity&Unauthorized Viewing of Messages Timely delivery of Messages Risks Associated with Confidentially-Maintained Archival,Master File and Reference Data Risks Associated with Viruses and Malicious Code Overflows Viruses Trojan Horses Hoaxes Buffer Overflows Implications for the Accounting Profession Intranets and Internal Controls Intranet and Internal Controls Web Site Assurance Summary Key Words Review Questions Discussion Questions Cases 6.RISK MANAGENENT Introduction Control Weakness vs.Control Risk Security Gaps Culture Management Excessively Tight Controls Risk Management Paradigm Disaster Recovery Plans Disaster Recovery Plan Objectives Second Site Back-up alternatives Mutual Aid Pact Cold Site/Crate and Ship Hot Site Conducting a Dress Rehearsal Implications for the Accounting Profession Evolution of Internal control Framework The Control Environment Risk Assessment Control Activities Information and Communication Monitoring The Role of Internal Controls in Risk Management Summary Key Words Review Questions Discussion Questions Cases 7.INTENET SECURITY STANDARDS Introduction Standard Setting Issues and Committees ANSI UN/EDIFACT ANSI’s ASC X12 Alignment Task Group Leading the Migrations to UN/EDIFACT Major Standard Setting Structures and Interfaces U.S.and International Standard Setting Bodies Internet and WWW Committees Internet committees WWW Committees W3C OBI Global Information Infrastructure Commission Security Committees and Organizations Security Protocols and Languages OSI TCP/IP IP Addresses Class A Class B Class C Class D and Class E Domain Names IPv6 FTP and TELNET NNTP HTTP and HTTP-NG S-HTTP,SSL,and PCT SGML,HTML,and XML DOM ang DHTML JAVA STEP Messaging Protocols Basic Mail Protocols Security-Enhanced Mail Protocols Secure Electronic Payment Protocols The Role of Accountants in Internet-related Standard Setting Process Summary Key Words Review Questions Discussion Questions Cases 8.CRYPTOGAPHY AND AUTHENTICATION Introduction Messaging Security Issues Confidentiality Integrity Authentication Non-Repudiation Access controls Encryption Techniques Symmetric Encryption Keys Data Encryption Standard Triple Encryption Advanced Encryptions Standard Skipjack RC2,RC4,and RC5 Asymmetric cryptography Public-Private Key Pairs Elliptic Curve Cryptography Integrity check Values and Digital Signatures Integrity check Value(Hashes) Digital Signatures One Time Pads Good Encryption Practices Passwork Maintenance Key Length Key Management Policies Compressed Files Message contents Key Manangement Public Certification Authorities Private or Enterprise Certification Authorities Hybrid Public and Private certification Authorities Key Management Tasks Identification and Verification of Users Key Generation Key Registration Key Escrow and Recovery Key Updates and Replacement Key Revocation and Destruction Additional Authentication Methods Additional Non-Repudiation Techniques Implications for the Accounting Profession Confidentiality Message Integrity Authentication Non-repudiation Access Controls Internal Control and Risk Analysis Summary Appendix A-The RSA Algorithm Appendix B-XOR Function Key Words Review Questions Discussion Questions Cases 9.FIREWALLS Introduction Firewall Defined TCP/IP Open Systems Interconnect(OSI) Components of a Firewall typical functionality of Firewalls Packet Filtering IP Spoofing Network Address Translation Application-Level Proxies Stateful-Inspection Virtual Private Networks Real-Time Monitoring Network Topology Demilitarized Zone Securing The Firewall Policy Network Security Access Policy Firewall Design Policy Administration Services Telnet and FTP Security Issues Finger Service Security Issues Internal Firewalls Authentication Operating System Controls Factors to Consider in Firewall Design In-House Solutions vs.Commercial Firewall Software Limitations of the Security Prevention Provided by Firewalls Implications for the Accounting Profession Penetration Testing and Risk Exposure Provider of Network Solutions Forensic Accounting and Intrusion Investigation Summary Key Words Review Questions Discussion Questions Cases 10.ELECTRONIC COMMERCE PAYMENT MECHANISMS Introduction The SET Protocol SET vs.SSL Version 1.0 Payment Gateway Certificate Issuance Certificate Trust Chain Cryptography Methods Dual Signatures The SET Logo Compliance Testing Status of Software Implementations Version 2.0 and Intermediate Releases Magnetic Strip Cards Smart Cards Electronic Checks The FSTC’s Electronic Check The FSTC’s BIPS Specification BIPS and EDI Electronic Cash Implications for the Accounting Profession Audit Implications Electronic Bill Presentment and Payment systems Summary Key Words Review Questions Discussion Questions Cases 11.INTELLIGENT AGENTS Introduction Definition of Intelligent Agents Capabilities of Intelligent Agents Level of Agent Sophistication Agent Societies Intelligent Agents&Electronic commerce The Online Information Chain Push Technology and Marketing Pull Technology and Demands of Information and Services New Geographical Markets Business-to-Business Transaction Negotiation Limitations of Agents Implications for the Accounting Profession Continuous Reliability Assurance Agents and Security Summary Key Words Review Questions Discussion Questions Cases 12.WEB-BASED MARKETING Introduction The Scope of Marketing Business,Marketing,and Information Trchnology Strategy Congruence The Four Ps Applied to Internet Marketing Product Pricing Place(Distribution) Promotion The Fifth“P”.Personalization toffler’s Powershift Marketing Implications of the consumer Power Shift Building Relationships through Database Marketing Personalized Transaction Domain The Relentless Search for Value Internet Marketing Techniques Passive Providers of Information Search Engine and Directory Registration Solicited,Taargeted E-mail Interactive Sites Banner Advertising Off-Line Advertising Unsolicited,Targeted E-Mail Spam Mail E-mail Chain Letters On-Line Advertising Mechanisms Directories Search Engines Keywords and Meta Tags,and Frequency of Words Location of Words Link Popularity Reviewed Sites Case Sensitive Banners Sponsorships Portals On-line Coupons Web Site Design Issues Page Loading Efficiency Simplicity Use the Space Wisely Create a Reason to Return Framing Tables and Fonts Graphics Interlaced Graphics GIF vs.JPEG Files Colors and Contrast Purchasing Information Tracking Data Intelligent Agents and Their Impact on Marketing Techniques Implications for the Accounting Profession Summary Key Words Review Questions Discussion Questions Cases INDEXES
鄂公網(wǎng)安備 42010302001612號(hào) 