Download CHAPTER 7

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Customer relationship management wikipedia , lookup

Web analytics wikipedia , lookup

E-governance wikipedia , lookup

Computer security wikipedia , lookup

Transcript
CHAPTER 7
Telecommunications, the Internet, and Wireless Technology
Telecommunications and Networking in Today's Business World
There are two fundamentally different types of telecommunications networks: telephone
networks and computer networks, which are slowly merging into a single digital network
using
shared
Internet
technology
and
equipment.
Both voice and data communication networks have also become more powerful (faster),
more portable (smaller and mobile), and less expensive. Today more than 60 percent of
U.S. Internet users have high-speed broadband connections provided by telephone and
cable TV companies running at one million bits per second. The cost for this service has
fallen exponentially. Increasingly, voice and data communication as well as Internet
access
are
taking
place
over
broadband
wireless
platforms.
In addition to client computers, the major components used in a simple network include:
FIGURE

Network interface cards (NICs): Typically built into client computers

Connection medium: Cables or wireless signals for transmitting data

Network operating system (NOS): Software that manages communications on the
network and coordinates network resources, and can reside on every computer or
on a dedicated server computer

Hub or switch: Hubs are devices that connect network components, sending
packets of data to all connected devices. Switches are like hubs but can forward
data to specific destinations.

Routers are network devices to connect two or more networks
7-1
COMPONENTS
OF
A
SIMPLE
COMPUTER
NETWORK
Illustrated here is a very simple computer network, consisting of computers, a network operating system residing on
a dedicated server computer, cable (wiring) connecting the devices, network interface cards (NIC), switches, and a
router.
Large corporate network infrastructure typically consists of small local-area networks
(LANs) linked to firm-wide corporate networks for data and voice communication, and
various powerful servers, for supporting corporate Web sites, an intranet, extranets, or
connecting to backend systems such as sales, ordering, and financial transactions.
Corporations face the problem of integrating these networks, a task becoming easier as
communications
become
digital.
FIGURE
7-2
CORPORATE
NETWORK
INFRASTRUCTURE
Today’s corporate network infrastructure is a collection of many different networks from the public
switched telephone network; to the Internet; to corporate local-area networks linking workgroups,
departments, or office floors.
Contemporary digital networks are based on three key technologies:
1. Client/server computing: In client/server computing, client computers are linked to
each other through a network controlled by a server computer, which sets the
rules of communication for the network and provides addresses for each client
and device on the network.
2. Packet switching: A method of breaking messages into small packets that are sent
independently along different paths in a network using a router and then
reassembled at their destination.
FIGURE
7-3
PACKED-SWITCHED
NETWORKS
AND
PACKET
COMMUNICATIONS
Data are grouped into small packets, which are transmitted independently over various communications
channels and reassembled at their final destination.
3. Common protocols and TCP/IP: Widely used communications protocols provide
a set of rules to enable communication among diverse components in a
telecommunications network. TCP/IP is a suite of protocols which has become the
dominant model of achieving connectivity among different networks and
computers and on the Internet, providing a method for breaking up messages into
packets, routing them to the proper address, and reassembling them. The TCP/IP
reference model has four layers. Two computers using TCP/IP can communicate
even if they are based on different hardware and software platforms.
FIGURE 7-4 THE TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL (TCP/IP)
REFERENCE
MODEL
This figure illustrates the four layers of the TCP/IP reference model for communications.
Communications Networks
Electronic signals in a telecommunications network can be analog or digital. A modem
(abbreviated from MOdulation/DEModulation) is a translating device that can convert
signals
from
digital
to
analog
and
back.
FIGURE
7-5
FUNCTIONS
OF
THE
MODEM
A modem is a device that translates digital signals from a computer into analog form so that they can be
transmitted over analog telephone lines. The modem also translates analog signals back into digital form
for the receiving computer.
Types of networks include:

Local area network (LAN): Up to 500 meters (half a mile); an office or floor of a
building

Campus-area network (CAN): Up to 1,000 meters (a mile); a college campus or
corporate facility

Metropolitan-area network (MAN): A city or metropolitan area

Wide-area network (WAN): A transcontinental or global area
Ethernet is the dominant LAN standard at the physical network level, specifying the
physical medium to carry signals between computers; access control rules; and a
standardized frame, or set of bits used to carry data over the system.
LANS may use a client/server (in Windows, a domain network model) architecture or a
peer-to-peer architecture (in Windows, a workgroup network model), in which computers
exchange data without going through a separate server. Larger LANS may have multiple
servers for different, specific purposes, such as print, Web, mail, or application servers.
LANs have different topologies, ways of connecting their components. There are three
major network topologies:

A star network consists of a central hub connected directly to a number of other
computers or terminals. All communications must travel through the host.

A bus network links a number of computers by a single circuit; all signals are
broadcast in both directions to the whole network, and software identifies which
component is to receive a message. Bus networks fail less often and are the most
common Ethernet LAN topology.

A ring network links all computers by a closed loop and passes data in one
direction from one machine to another.
FIGURE
7-6
NETWORK
The three basic network topologies are the bus, star, and ring.
TOPOLOGIES
Networks use different types of physical transmission media, including:

Twisted wire: Pairs of copper wires used mostly for analog voice signals but also
sometimes for data. Twisted wire is the oldest medium.

Coaxial cable is thickly insulated wire that is faster and more interference-free
than twisted wire.

Fiber-optic cable consists of thousands of tiny clear glass fibers along which data is
sent as pulses of light. Although primarily used as high-speed network backbone
(the part of a network that handles major traffic), fiber optic is also being installed
in homes and businesses. Telecommunications carriers use fiber optic to build
purely optical networks to provide high-capacity transmission for multimedia, and
other data-intensive information services. Optical networks boost capacity by
using dense wavelength division multiplexing (DWDM), which enables the
simultaneous transfer of multiple transmissions along a single channel.
Wireless transmission uses radio frequencies or infrared signals to transmit data
wirelessly.
Microwave systems (terrestrial and satellite) transmit high-frequency radio signals and
are used for high-volume, long-distance, point-to-point communications. Microwaves
follow a straight line, and transmission stations or satellites are used as relay stations for
long
distance
signals.
FIGURE
7-7
BP
AMOCO’S
SATELLITE
TRANSMISSION
SYSTEM
Satellites help BP Amoco transfer seismic data between oil exploration ships and research centers in the
United States.
Cellular telephones use the 800-2000 MHz radio spectrum to communicate with radio
antennas (towers) placed within adjacent areas, or cells. Older cellular systems are
analog, while contemporary systems are digital, supporting data transmission as well as
voice
transmission.
Telecommunications transmission speed is represented in bits per second (bps). The
number of cycles per second a medium can send is called hertz; the capacity of the
channel, measured as the difference between the highest and lowest frequencies it can
transmit,
is
called
bandwidth.
A number of services are available to organizations requiring broadband, or high-speed
transmission, capabilities or access to the Internet, including:

Frame relay is a shared network service that is cheaper and faster than packet
switching because it does not use error correction routines.

Asynchronous transfer mode (ATM) technology parcels information into 53-byte
"cells" that can transmit data, video, and audio over the same network and that
can pass data between computers from different vendors.

ISDN (Integrated Services Digital Network) is an older telephone standard for voice,
video, image, and data transmission over twisted-pair telephone lines.

Digital subscriber line (DSL) technologies also use existing copper telephone lines
to carry voice, data, and video, but they have higher transmission capacities than
ISDN.

Cable internet connections operate over cable TV lines to provide high-speed
access to the Internet or corporate intranets.

T lines are expensive, high-speed data lines leased by large corporations from
communication providers, typically long-distance telephone companies. A T1 line
has 24 64-Kbps channels that can support a total data transmission of 1.544
Mbps, and a T3 line can support up to 45 Mbps.
The Internet
The Internet is the largest implementation of client/server computing and
internetworking, linking hundreds of thousands of individual networks and 1 billion people
worldwide.
Individuals connect to the Internet in two ways: through local Internet service providers
(ISPs)
and
through
their
business
firms.
The Internet is based on the TCP/IP networking protocol suite. Every computer is
assigned a unique Internet Protocol (IP) address, which is currently four strings of numbers
ranging from 0 to 255, as in the address 207.46.250.119. The Domain Name System
(DNS) is a system for converting IP addresses into names, such as google.com. DNS has
a hierarchical structure which specifies a root domain, top-level domains, second-level
domains,
and
host
computers
at
the
third
level.
FIGURE
7-8
THE
DOMAIN
NAME
SYSTEM
The Domain Name System is a hierarchical system with a root domain, top-level domains, second-level
domains, and host computers at the third level.
Internet traffic moves over trunk lines, transcontinental high-speed backbone networks,
typically owned by long-distance telephone companies (network service providers) or
national governments. Local connection lines are owned by regional telephone and cable
television companies in the US that lease access to ISPs, private companies, government
institutions,
and
retail
users.
FIGURE
7-9
INTERNET
NETWORK
ARCHITECTURE
The Internet backbone connects to regional networks, which in turn provide access to Internet service
providers, large firms, and government institutions. Network access points (NAPs) and metropolitan area
exchanges (MAEs) are hubs where the backbone intersects regional and local networks and where
backbone owners connect with one another. MAEs are also referred to as Internet Exchange Points.
Internet policies are established by several organizations and governmental bodies,
including the Internet Architecture Board (IAB), the Internet Corporation for Assigned
Names and Numbers (ICANN), the Internet Network Information Center (InterNIC), the
Internet Engineering Task Force (IETF), the Internet Society (ISOC), and the World Wide
Web Consortium (W3C). These agencies influence government agencies, major network
owners
and
ISP.
Everyone who uses the Internet pays some fee—hidden or otherwise—to maintain the
network. For example, each organization and business firm pays for its own networks
and its own local Internet connection services, a part of which is paid to the longdistance
trunk
line
owners
Because the number of addresses using the existing IP addressing (IPv4) is limited to 4.5
billion addresses, the Internet Engineering Task Force adopted a new Internet Protocol
Version 6 (IPv6), which uses a 128-bit addressing scheme which produces 3.4 x 1038
addresses.
The existing Internet has many shortcomings chief among which are poor security, no
service level guarantees, no differential service, no differential pricing, and bandwidth
limitations that would prevent the emergence of wide-scale Internet television or Internet
video distribution. Internet2 and Next-Generation Internet (NGI) are consortia
representing 200 universities, private businesses, and government agencies in the United
States that are working on a new, robust, high-bandwidth version of the Internet.
The Internet is based on client/server technology. Client platforms include PCs, cell
phones, PDAs, handheld devices, and information appliances. Users of the Internet control
what services they access through client applications on their computers such as Web
browsers. Internet services include e-mail, electronic discussion groups (Usenet groups
and LISTSERV), chatting, and instant messaging, Telnet, File Transfer Protocol (FTP), and
the World Wide Web. Each Internet service is implemented by one or more software
programs.
FIGURE
7-10
CLIENT/SERVER
COMPUTING
ON
THE
INTERNET
Client computers running Web browser and other software can access an array of services on servers
over the Internet. These services may all run on a single server or on multiple specialized servers.
Web pages are formatted with graphics, text, and dynamic links using Hypertext Markup
Language (HTML). Web pages are requested by clients and delivered by Web servers
using the Hypertext Transfer Protocol (HTTP). HTTP is the first set of letters at the start of
every Web address, followed by the domain name, the directory path to the requested
document, and the document name. The address typed in to a browser to locate a file,
including the directory path and the document name together, is called a Uniform
Resource Locator (URL). A Web server is software for locating and managing stored Web
pages. The most common Web server today is Apache HTTP Server.
Users can find information on the Internet using search engines. The first search engines
were simple keyword indexes of all the pages they visited. Contemporary search engines
use more complex models for finding relevant information. Google ranks search results
based on the relevance, or popularity, of each page. Web sites for locating information
such as Yahoo!, Google, and MSN have become so popular and easy to use that they also
serve as major portals for the Internet, as well as major shopping tools. In search engine
marketing, search results display both listings to a query as well as advertisements
related to the search query. The paid, sponsored advertisements are the fastest-growing
form
of
Internet
advertising.
Figure 7-11, Figure 7-12
FIGURE
7-11
MAJOR
WEB
SEARCH
ENGINES
Google is the most popular search engine on the Web, handling nearly 50 percent of all Web searches.
Sources: http://searchenginewatch.com, accessed August 19, 2006 and Kevin J. Delaney, “Search
Engines Find a Role for Humans,” The Wall Street Journal, May 11, 2006.
FIGURE
7-12
HOW
GOOGLE
WORKS
The Google search engine is continuously crawling the Web, indexing the content of each page,
calculating its popularity, and storing the pages so that it can respond quickly to user requests to see a
page. The entire process takes about one-half second.
Intelligent agent shopping bots search the Web for pricing and availability of products
specified by the user and return a list of sites that sell the item, along with pricing
information
and
purchase
links.
Web 2.0 refers to second-generation, interactive Internet-based services, such as:

Mashups: Software services that enable users and system developers to mix and
match content or software components to create something entirely new

Blogs: Informal yet structured Web site where subscribing individuals can publish
stories, opinions, and links to other Web sites of interest

RSS: RSS (Rich Site Summary, or Really Simple Syndication) technology pulls
specified content from Web sites and feeds it automatically to users' computers,
where it can be stored for later viewing

Wikis: Collaborative Web sites where visitors can add, delete, or modify content
on the site, including the work of previous authors
Internet networking technology is used by organizations to create private networks called
intranets and extranets, intranets extended to authorized vendors and customers to
facilitate communication and business transactions. Intranets and extranets are
protected from unauthorized visits by firewalls—security systems with specialized
software
to
prevent
outsiders
from
entering
private
networks.
In addition to e-mail, Internet-based tools that today's businesses use for communication
and coordination include:

Chat: Chatting enables two or more people on the Internet to hold live, interactive
conversations.

Instant messaging: A type of chat service that enables participants to create

their own private chat channels.

Usenet newsgroups: Worldwide discussion groups posted on Internet electronic
bulletin boards

Groupware: Software products used by individuals and teams working at different
locations for writing and commenting on group projects, sharing ideas and
documents, conducting electronic meetings, tracking the status of tasks and
projects, scheduling, and sending e-mail.

Electronic conferencing: Web conferencing and collaboration software allow
participants to view and modify documents and slides, write or drawn on an
electronic whiteboard, or share their thoughts and comments using chat or voice
conferencing.

Internet telephony: Voice over IP (VoIP) technology uses the IP to deliver voice
information in digital form using packet switching, avoiding the tolls charged by
local and long-distance telephone networks
FIGURE
7-13
HOW
IP
TELEPHONY
WORKS
An IP phone call digitizes and breaks up a voice message into data packets that may travel along different routes
before being reassembled at the final destination. A processor nearest the call’s destination, called a gateway,
arranges the packets in the proper order and directs them to the telephone number of the receiver or the IP
address of the receiving computer.

Virtual private network (VPN): A secure, encrypted, private network that has been
configured within a public network to take advantage of the economies of scale
and management facilities of large networks, such as the Internet.
FIGURE
7-14
A
VIRTUAL
PRIVATE
NETWORK
USING
THE
INTERNET
This VPN is a private network of computers linked using a secure “tunnel” connection over the Internet.
It protects data transmitted over the public Internet by encoding the data and “wrapping” them within
the Internet Protocol (IP). By adding a wrapper around a network message to hide its content,
organizations can create a private connection that travels through the public Internet.
The Wireless Revolution
Devices that support wireless or mobile communication and computing include:

Cell phones

Personal digital assistants (PDAs): Small, handheld computers
applications such as electronic schedulers and address books

E-mail handhelds: A special type of handheld that is optimized for wireless text
messaging

Smart phones: Hybrid devices combining the functionality of a PDA with that of a
digital cell phone
featuring
Digital cellular service uses several competing standards that are incompatible.

Global System for Mobile Communication (GSM) is the standard used in Europe and
much of the rest of the world outside the United States. GSM's strength is in
international roaming capabilities.

Code Division Multiple Access (CDMA) is the most widely used standard in the
United States. CDMA is less expensive and supports higher quality transmissions.
Most digital cellular systems today can transmit data at rates ranging from 9.6 to 2 Mbs.
384 Kbps is acceptable for email but not for downloading large files or Web pages.
Short message service (SMS) is a text message service used by a number of digital cell
phone
systems
to
send
and
receive
short
alphanumeric
messages.
2.5G networks use upgrades to the existing cellular infrastructure and feature data
transmission
rates
ranging
from
30
to
144
Kbps.
More powerful cellular networks called third-generation (3G) networks have transmission
speeds ranging from 384 Kbps for mobile users in, say, a car, to more than 2 Mbps for
stationary
users,
sufficient
for
rich
media
downloads.
There are also multiple standards and technologies governing how cellular phones access
the Internet and the World Wide Web.

Wireless Application Protocol (WAP) is a system of protocols and technologies that
enables cell phones and other wireless devices with tiny display screens, lowbandwidth connections, and minimal memory to access Web services.

A microbrowser is an Internet browser that works with the low-memory
constraints and low bandwidth requirements of handheld wireless devices and
uses WML (Wireless Markup Language). Requests are made to a WAP gateway
which translates HTML content into WML for the WAP client to receive it.

I-mode is a wireless service offered by Japan's NTT DoCoMo mobile phone network
that uses compact HTML instead of WML for delivering content.
Figure 7-15
FIGURE
7-15
WIRELESS
APPLICATION
PROTOCOL
(WAP)
VERSUS
I-MODE
WAP and I-mode use alternative standards for accessing information from the wireless Web.
There is a hierarchy of complementary standards for wireless computer networks
designed for connecting to personal area networks (PANs), LANs, MANs, and WANs.
Bluetooth, or IEEE 802.15, uses the 2.4-GHz band for creating small PANs, linking up to
eight devices within a 10 meter area. devices can communicate to each other without
direct user intervention. Its low power requirements make Bluetooth appropriate for
battery-powered
handhelds,
cell
phones,
or
PDAs.
FIGURE
7-16
A
BLUETOOTH
NETWORK
(PAN)
Bluetooth enables a variety of devices, including cell phones, PDAs, wireless keyboards and mice, PCs,
and printers, to interact wirelessly with each other within a small 30-foot (10-meter) area. In addition to
the links shown, Bluetooth can be used to network similar devices to send data from one PC to another,
for example.
Wi-Fi (wireless fidelity), or IEEE 802.11 includes three standards:

802.11a: This standard can transmit up to 54 Mbps in the 5-GHz band, in ranges
of 10-30 meters.

802.11b: This standard, currently the most popular, transmits up to 11 Mbps
using the 2.4 GHz band with a range of 30-50 meters.

802.11g: This standard also uses the 2.4 GHz band and can transmit up to 54
Mbps.
Wi-Fi system can operate in two modes:

Infrastructure mode, in which wireless devices communicate with a wired LAN
through access points

Ad-hoc mode, or peer-to-peer mode, in which the devices communicate directly
to each other.
FIGURE
7-17
AN
802.11
WIRELESS
LAN
Mobile laptop computers equipped with network interface cards link to the wired LAN by communicating
with the access point. The access point uses radio waves to transmit network signals from the wired
network to the client adapters, which convert them into data that the mobile device can understand. The
client adapter then transmits the data from the mobile device back to the access point, which forwards
the data to the wired network.
Mobile wireless stations often need a wireless network interface card (NIC) that has a
built-in
radio
antenna.
The 802.11 standard can be used to provide wireless Internet access, in which an access
point plugs into a wired Internet connection. Businesses are using Wi-Fi to create low
costs
WLANs
and
provide
Internet
access.
Hotspots are one or more access points positioned strategically in public spaces and
provide wireless coverage for a specific area. Many free public hotspots are available in
the US and other countries. However, users cannot roam from hotspot to hotspot if these
use different Wi-Fi network services. Wi-Fi also has weak security features, and is
susceptible to interference from nearby systems operating in the same spectrum, such as
microwave
ovens
or
wireless
phones.
WiMax (Worldwide Interoperability for Microwave Access), or IEEE 802.16, is a new set of
standards that has an access range of up to 31 miles and data transfer rates up to 75
Mbps, using WiMax antennas to beam high-speed Internet connections to rooftop
antennas
of
homes
and
businesses.
Broadband Internet access can also be configured through cellular telephon e networks.
Major cellular telephone carriers have configured their 3G networks to provide broadband
access for PCs and other handheld devices. EV-DO (Evolution Data Optimized), used by
Verizon, provides wireless Internet access over a cellular network at speeds form 300 to
500
Kbps.
Radio frequency identification (RFID) systems provide a powerful technology for tracking
the movement of goods throughout the supply chain. RFID systems use tiny tags with
embedded microchips containing data about an item and its location to transmit radio
signals over a short distance to special RFID readers. The RFID readers then pass the
data over a network to a computer for processing. Unlike bar codes, RFID tags do not
need
line-of-sight
contact
to
be
read.
The transponder, or RFID tag, uses a microchip to store information unique to the item,
such as an electronic identification code, where and when it was made, or its status
during production. The rest of the tag is an antenna that transmits data to the reader.
The reader unit consists of an antenna and radio transmitter with a decoding capability
attached to a stationary or handheld device. The reader emits radio waves in ranges
anywhere from 1 inch to 100 feet, depending on its power output, the radio frequency
employed, and surrounding environmental conditions. When a RFID tag comes within the
range of the reader, the tag is activated and starts sending data. The reader captures
these data, decodes them, and sends them back over a wired or wireless network to a
host
computer
for
further
processing.
Figure 7-18
FIGURE
7-18
HOW
RFID
WORKS
RFID uses low-powered radio transmitters to read data stored in a tag at distances ranging from 1 inch
to 100 feet. The reader captures the data from the tag and sends them over a network to a host
computer for processing.
RFID systems operate in a number of unlicensed frequency bands worldwide.

Low frequency systems (30 kilohertz to 500 kilohertz) have short reading ranges
(inches to a few feet) and lower system costs. Low-frequency systems are often
used in security, asset tracking, or animal identification applications.

High-frequency RFID systems (850 MHz to 950 MHz and 2.4 GHz to 2.5 GHz) offer
reading ranges that can extend beyond 90 feet and have high reading speeds.
High-frequency RFID applications include railroad car tracking or automated toll
collection for highways or bridges.
In inventory control and supply chain management, RFID systems capture and manage
more detailed information about items in warehouses or in production than bar coding
systems.
Wireless sensor networks (WSNs) are networks of hundreds or thousands of
interconnected wireless devices, or nodes, that are embedded into the physical
environment to provide measurements of many points over large spaces. They are based
on devices with built-in processing, storage, and radio frequency sensors and antennas.
The devices are linked into an interconnected network where data are routed seamlessly
among all the nodes and forwarded to a computer for analysis. Wireless sensor networks
are valuable in areas such as monitoring environmental changes, monitoring traffic or
military activity, protecting property, efficiently operating and managing machinery and
vehicles, establishing security perimeters, monitoring supply chain management, or
detecting
chemical,
biological,
or
radiological
material.
FIGURE
7-19
A
WIRELESS
SENSOR
NETWORK
FOR
A
SECURITY
SYSTEM
Each level of this wireless sensor network handles different types of sensing. Lower-level sensors for
monitoring events, such as doors opening and closing, motion, and breakage of windows and doors, are
complemented by a small group of more advanced sensors placed in key locations, such as cameras and
acoustic
and
chemical
detectors.
Source: From Jason Hill, Mike Horton, Ralph Kling, and Lakshman Krishamurthy, “The Platforms Enabling
Wireless Sensor Networks,” Communications of the ACM 47, no. 6 (June 2004).
CHAPTER 8
Securing Information Systems
System Vulnerability and Abuse
When data are stored in digital form, they are more vulnerable than when they exist in
manual
form.
Security refers to the policies, procedures, and technical measures used to prevent
unauthorized access, alteration, theft, or physical damage to information systems.
Controls consist of all the methods, policies, and organizational procedures that ensure
the safety of the organization's assets; the accuracy and reliability of its accounting
records;
and
operational
adherence
to
management
standards.
Threats to computerized information systems include hardware and software failure; user
errors; physical disasters such as fire or power failure; theft of data, services, and
equipment; unauthorized use of data; and telecommunications disruptions. On-line
systems and telecommunications are especially vulnerable because data and files can be
immediately and directly accessed through computer terminals or at points in the
telecommunications
network.
FIGURE
8-1
CONTEMPORARY
SECURITY
CHALLENGES
AND
VULNERABILITIES
The architecture of a Web-based application typically includes a Web client, a server, and corporate
information systems linked to databases. Each of these components presents security challenges and
vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any
point in the network.
The Internet poses additional problems because it was explicitly designed to be easily
accessed by people on different computer systems. Information traveling over unsecured
media can be intercepted and misused. Fixed IP addresses serve as fixed targets for
hackers, and Internet software has become a means for introducing viruses and
malicious
software
to
otherwise
secure
networks.
Wireless networks are even more vulnerable because radio frequency bands are easy to
scan. LANs that use the Wi-Fi (802.11b) standard can be easily penetrated by outsiders
with laptops, wireless cards, external antennae, and freeware hacking software. Service
set identifiers (SSID) identifying access points in a Wi-Fi network are broadcast multiple
times and can be picked up fairly easily by sniffer programs. In war driving,
eavesdroppers drive by buildings or park outside and try to intercept wireless network
traffic. The initial security standard developed for Wi-Fi, called Wired Equivalent Privacy
(WEP), is not very effective. WEP is built into all standard 802.11 products, but users
must turn it on, and many neglect to do so, leaving many access points unprotected.
FIGURE
8-2
WI-FI
SECURITY
CHALLENGES
Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address
to access the resources of a network without authorization.
Malicious software, or malware, includes threats such as computer viruses and worms, and
Trojan horses. A computer virus is rogue software that attaches itself to other programs
or data files in order to be executed, and may be highly destructive to files, computer
memory, and hard drives. Viruses are typically designed to spread from computer to
computer
through
e-mail
attachments
or
copied
files.
Worms are independent computer programs that copy themselves to computers over a
network independently from other computer programs or files, and therefore spread
more rapidly. A Trojan horse is an apparently benign program that actually performs
some hidden action such as installing malicious code or compromising the security of a
computer.
Spyware can also act as malicious software by obtaining information about users' buying
habits and infringing on privacy. Keyloggers record keystrokes made on a computer to
discover
steal
serial
numbers
for
software
and
passwords.
A hacker is an individual who intends to gain unauthorized access to a computer system.
The term cracker is typically used for hackers with criminal intent. Hackers spoof, or
misrepresent themselves, by using fake e-mail addresses or masquerading as someone
else. Hacker activities include:

Theft of goods and services

System damage

Cybervandalism: The intentional disruption, defacement, or even destruction of a
Web site or corporate information system.

Spoofing: Hiding of the hackers true identities or email addresses, or redirecting
a Web link to a different web site that benefits the hacker.

Theft of proprietary information: A sniffer is an eavesdropping program that
monitors network information and can enable hackers to steal proprietary
information
transmitting
over
the
network.
Denial of service (DoS) attacks: Flooding a network or server with thousands of
false communications to crash or disrupt the network. A distributed denial-ofservice (DDoS) attack uses hundreds or even thousands of computers to inundate
and overwhelm the network from numerous launch points. Hackers can infect
thousands of unsuspecting users' computers with malicious software to form a
botnet of resources for launching a DDoS.
FIGURE
8-3
WORLDWIDE
DAMAGE
FROM
DIGITAL
ATTACKS
This chart shows estimates of the average annual worldwide damage from hacking, malware, and spam since
1999. These data are based on figures from mi2G and the authors.
In computer crime, the computer can be either the target of or the instrument of a
crime. The most economically damaging kinds of computer crime are DoS attacks,
introducing viruses, theft of services, and disruption of computer systems.
Other examples of computer crime include:

Identity theft: In identity theft, an impostor obtains key pieces of personal
information to impersonate someone else and obtain credit, merchandise, or false
credentials.

Phishing: Setting up fake Web sites or sending e-mail messages that appear
legitimate in order to coerce users for confidential data. Other phishing techniques
include evil twins (wireless networks masquerading as legitimate Internet
hotspots, used to capture personal information) and pharming, redirecting users
bogus Web sites posing as legitimate Web sites.
Click fraud occurs when an individual or computer program fraudulently clicks on an
online ad without any intention of learning more about the advertiser or making a
purchase. Click fraud can also be perpetrated with software programs doing the clicking,
and bot networks are often used for this purpose.
The U.S. Congress responded to the threat of computer crime in 1986 with the Computer
Fraud and Abuse Act. This act makes it illegal to access a computer system without
authorization. Most U.S. states and European nations have similar legislation. Congress
also passed the National Information Infrastructure Protection Act in 1996 to make virus
distribution and hacker attacks to disable Web sites federal crimes.
One concern is that terrorists or foreign intelligence services could exploit network or
Internet vulnerabilities to commit cyberterrorism or cyberwarfare and cripple networks
controlling essential services such as electrical grids and air traffic control systems.
The largest financial threats to businesses actually come from insiders, either through
theft and hacking or through lack of knowledge. Malicious intruders may sometimes trick
employees into revealing passwords and network access data through social engineering.
Employees can also introduce faulty data or improperly process data.
Software errors are also a threat to information systems and cause untold losses in
productivity. Hidden bugs or program code defects, unintentionally overlooked by
programmers working with thousands of line of programming code, can cause
performance issues and security vulnerabilities. Software vendors create lines of code
called patches to repair flaws without disrupting the software's operation.
Business value of Security and Control
Security and control have become a critical, although perhaps unappreciated, area of
information systems investment. The longer computer systems are down, the more
serious the consequences for the firm. With increasing reliance on the Internet and
networked systems, firms are more vulnerable than ever to disruption and harm.
Company systems often house confidential information about individuals' taxes, financial
assets, medical records, and job performance reviews. They may contain information on
corporate operations, trade secrets, new product development plans, and marketing
strategies. Inadequate security and control may also create serious legal liability.
Businesses must protect not only their own information assets but also those of
customers, employees, and business partners. Recent U.S. government regulations
mandate the protection of data from abuse, exposure, and unauthorized access, and
include:

The Health Insurance Portability and Accountability Act (HIPAA) of 1996, which
requires members of the healthcare industry to retain patient information for six
years and ensure the confidentiality of those records

The Gramm-Leach-Bliley Act, which requires financial institutions to ensure the
security and confidentiality of customer data

The Sarbanes-Oxley Act, which imposes responsibility on companies and their
management to use internal controls to safeguard the accuracy and integrity of
financial information
Firms face new legal obligations for electronic records management and document
retention as well as for privacy protection. Electronic records management (ERM) consists
of policies, procedures, and tools for managing the retention, destruction, and storage of
electronic records.
Security, control, and electronic records management have become essential for
responding to legal actions. Much of the evidence today for stock fraud, embezzlement,
theft of company trade secrets, computer crime, and many civil cases is in digital form.
Legal cases today increasingly rely on evidence represented as computer data stored on
portable floppy disks, CDs, and computer hard disk drives, as well as in e-mail, instant
messages, and e-commerce transactions over the Internet. E-mail is currently the most
common type of electronic evidence.
An effective electronic document retention policy ensures that electronic documents, email, and other records are well organized, accessible, and neither retained too long nor
discarded too soon.
Computer forensics is the scientific collection, examination, authentication, preservation,
and analysis of data held on or retrieved from computer storage media in such a way
that the information can be used as evidence in a court of law. Electronic evidence can
reside on computer storage media in the form of computer files and as ambient data,
which are not visible to the average user.
Establishing a Management Framework for Security and Control
Protection of information resources requires a sound security system and set of controls.
ISO 17799, an international set of standards for security and control, specifies best
practices in information systems security and control.
A risk assessment determines the level of risk to the firm if a specific activity or process is
not properly controlled. Business managers working with information systems specialists
determine the value of information assets, points of vulnerability, the likely frequency of
a problem, and the potential for damage. Once the risks have been assessed, system
builders can concentrate on the control points with the greatest vulnerability and
potential for loss in order to minimize overall cost and maximize defenses.
Larger firms typically have a formal corporate security function headed by a chief security
officer (CSO). The security group educates and trains users, keeps management aware of
security threats and breakdowns, and maintains the tools chosen to implement security.
The chief security officer is responsible for enforcing the firm's security policy. A security
policy consists of statements ranking information risks, identifying acceptable security
goals, and identifying the mechanisms for achieving these goals. The security
organization typically administers acceptable use policies and authorization policies. An
acceptable use policy (AUP) defines acceptable uses of the firm's information resources
and computing equipment, including desktop and laptop computers, wireless devices,
telephones, and the Internet. Authorization policies determine differing levels of access to
information assets for different levels of users. Authorization management systems
establish where and when a user is permitted to access certain parts of a Web site or a
corporate
database.
FIGURE
8-4
SECURITY
PROFILES
FOR
A
PERSONNEL
SYSTEM
These two examples represent two security profiles or data security patterns that might be found in a
personnel system. Depending on the security profile, a user would have certain restrictions on access to
various systems, locations, or data in an organization.
As companies increasingly rely on digital networks for their revenue and operations, they
need to take additional steps to ensure that their systems and applications are always
available. Downtime refers to periods of time in which a system is not operational.
Several techniques can be used by companies to make reduce downtime.
Fault-tolerant computer systems use hardware or software to detect hardware failures and
automatically
switch
to
backup
systems.
High-availability computing environments use backup servers, distributing processing
among multiple servers, high-capacity storage, and disaster recovery planning and
business
continuity
planning
to
recover
quickly
from
a
system
crash.
In recovery-oriented computing, systems are designed to recover quickly, and
implementing capabilities and tools to help operators pinpoint the sources of faults in
multicomponent
systems
and
easily
correct
their
mistakes.
Disaster recovery planning devises plans for the restoration of computing and
communications services after they have been disrupted by an event such as an
earthquake,
flood,
or
terrorist
attack.
Business continuity planning focuses on how the company can restore business operations
after
a
disaster
strikes.
Some companies outsource security functions to managed security service providers
(MSSPs) that monitor network activity and perform vulnerability testing and intrusion
detection.
An MIS audit examines the firm's overall security environment as well as controls
governing individual information systems. Security audits review technologies,
procedures, documentation, training, and personnel. The audit lists and ranks all control
weaknesses and estimates the probability of their occurrence. It then assesses the
financial
and
organizational
impact
of
each
threat.
FIGURE
8-5
SAMPLE
AUDITOR’S
LIST
OF
CONTROL
WEAKNESSES
This chart is a sample page from a list of control weaknesses that an auditor might find in a loan system
in a local commercial bank. This form helps auditors record and evaluate control weaknesses and shows
the results of discussing those weaknesses with management, as well as any corrective actions taken by
management.
Technologies and Tools for Security and Control
Various tools and technologies used to help protect against or monitor intrusion include
authentication tools, firewalls, intrusion detection systems, and antivirus and encryption
software.
Access control consists of all the policies and procedures a company uses to prevent
improper access to systems by unauthorized insiders and outsiders. Authentication refers
to the ability to know that a person is who he or she claims to be. Access control
software is designed to allow only authorized persons to use systems or to access data
using some method for authentication. New authentication technologies include:

Token: A physical device similar to an identification card that is designed to prove
the identity of a single user.

Smart card: A device about the size of a credit card that contains a chip formatted
with access permission and other data.

Biometric authentication: Compares a person's unique characteristics, such as
fingerprints, face, or retinal image, against a stored set profile.
A firewall is a combination of hardware and software that controls the flow of incoming
and outgoing network traffic and prevents unauthorized communication into and out of
the network. The firewall identifies names, Internet Protocol (IP) addresses, applications,
and other characteristics of incoming traffic. It checks this information against the access
rules programmed into the system by the network administrator. There are a number of
firewall screening technologies:
FIGURE

Packet filtering examines fields in the headers of data packets flowing between the
network and the Internet, examining individual packets in isolation.

Stateful inspection determines whether packets are part of an ongoing dialogue
between a sender and a receiver.

Network Address Translation (NAT) conceals the IP addresses of the organization's
internal host computer(s) to protect against sniffer programs outside the firewall.

Application proxy filtering examines the application content of packets. A proxy
server stops data packets originating outside the organization, inspects them, and
passes a proxy to the other side of the firewall. If a user outside the company
wants to communicate with a user inside the organization, the outside user first
"talks" to the proxy application and the proxy application communicates with the
firm's internal computer.
8-6
A
CORPORATE
FIREWALL
The firewall is placed between the firm’s private network and the public Internet or another distrusted network to
protect against unauthorized traffic.
Intrusion detection systems feature full-time monitoring tools placed at the most
vulnerable points of corporate networks to detect and deter intruders continually.
Scanning software looks for patterns indicative of known methods of computer attacks,
such as bad passwords, checks to see if important files have been removed or modified,
and
sends
warnings
of
vandalism
or
system
administration
errors.
Antivirus software is designed to check computer systems and drives for the presence of
computer viruses. However, to remain effective, the antivirus software must be
continually
updated.
Vendors of Wi-Fi equipment have developed stronger security standards. The Wi-Fi
Alliance industry trade group's 802.11i specification tightens security for wireless LAN
products.
Many organizations use encryption to protect sensitive information transmitted over
networks. Encryption is the coding and scrambling of messages to prevent their access
by
unauthorized
individuals.
Two methods for encrypting network traffic on the Web are:

Secure Sockets Layer (SSL): SSL and its successor Transport Layer Security (TLS)
enable client and server computers to establish a secure connection session and
manage encryption and decryption activities.

Secure Hypertext Transfer Protocol (S-HTTP) is another protocol used for encrypting
data flowing over the Internet, but it is limited to individual messages.
Data is encrypted by applying a secret numerical code, called an encryption key, so that
the data are transmitted as a scrambled set of characters. To be read, the message must
be decrypted (unscrambled) with a matching key. There are two alternative methods of
encryption:
FIGURE

Symmetric key encryption: The sender and receiver create a single encryption
key that is shared.

Public key encryption: A more secure encryption method that uses two different
keys, one private and one public.
8-7
PUBLIC
KEY
ENCRYPTION
A public key encryption system can be viewed as a series of public and private keys that lock data when they are
transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and
uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the
encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message.
Digital signatures and digital certificates help with authentication. A digital signature is a
digital code attached to an electronically transmitted message that is used to verify the
origin and contents of a message. Digital certificates are data files used to establish the
identity of users and electronic assets for protection of online transactions. A digital
certificate system uses a trusted third party known as a certificate authority (CA) to
validate a user's identity. The digital certificate system would enable, for example, a
credit card user and a merchant to validate that their digital certificates were issued by
an authorized and trusted third party before they exchange data. Public key infrastructure
(PKI), the use of public key cryptography working with a certificate authority, is a
principal technology for providing secure authentication of identity online.
FIGURE
8-8
DIGITAL
CERTIFICATES
Digital certificates help establish the identity of people or electronic assets. They protect online
transactions by providing secure, encrypted, online communication.
CHAPTER 9
Achieving Operational Excellence and customer Intimacy: Enterprise applications
Enterprise Systems
Enterprise systems, or enterprise resource planning (ERP) systems, integrate the key
internal business processes of a firm into a single software system so that information
flows seamlessly throughout the organization, improving coordination, efficiency, and
decision
making.
Enterprise software is based on a suite of integrated software modules and a common
central database. The database collects data from and feeds the data into numerous
applications that supports nearly all of an organization's internal business activities.
When new information is entered by one process, the information is made available
immediately
to
other
business
processes.
FIGURE
9-1
HOW
ENTERPRISE
SYSTEMS
WORK
Enterprise systems feature a set of integrated software modules and a central database that enables
data to be shared by many different business processes and functional areas throughout the
enterprise.
Enterprise software is built around thousands of predefined business processes that
reflect best practices. Best practices are the most successful solutions or problemsolving methods in an industry for consistently and effectively achieving a business
objective.
Organizations implementing commercial enterprise software first select the business
processes they wish to use from the software and map their own processes to these,
using the software's configuration tables. Although businesses may choose to rewrite
portions of the software to match their existing processes, this can degrade system
performance
and
fail
to
reap
the
benefits
of
this
software.
Enterprise systems produce value by increasing organizational efficiency and by
providing firmwide information to help managers make better decisions. Enterprise
systems create a foundation for a more customer-driven organization by integrating firm
data to enable quicker responses to customer requests and information.
Enterprise systems:

Use analytical tools to evaluate a firm's overall performance

Use standard
organization
definitions,
formats,
and
performance
figures
across
the
Customer Relationship Management Systems
Customers can be seen as an enterprise's most valuable asset, and customer relationship
management systems enable large firms to understand and work with their customers.
CRM systems capture and integrate customer data from all over the organization,
consolidating the data, analyzing the data, and then distributing the results to various
systems and customer touch points across the enterprise. A touch point (also known as a
contact point) is a method of interaction with the customer, such as telephone, e-mail,
customer
service
desk,
conventional
mail,
Web
site,
or
retail
store.
Well-designed CRM systems provide a single enterprise view of the customer and provide
customers with a single view of the company regardless of the touch point the customer
uses.
FIGURE
9-7
CUSTOMER
RELATIONSHIP
MANAGEMENT
(CRM)
CRM systems examine customers from a multifaceted perspective. These systems use a set of integrated
applications to address all aspects of the customer relationship, including customer service, sales, and
marketing.
Good CRM systems provide data and analytical tools for determining the financial lifetime
value of a customer and customer loyalty and for identifying profitable customers and
their
needs.
Commercial customer relationship management (CRM) software packages range from
niche tools that perform limited functions, such as personalizing Web sites for specific
customers, to large-scale enterprise applications. The more comprehensive CRM
packages contain modules for:

Partner relationship management (PRM): PRM software uses many of the same data,
tools, and systems as customer relationship management to enhance
collaboration between a company and its selling partners. It provides a company
and its selling partners with the ability to trade information and distribute leads
and data about customers, integrating lead generation, pricing, promotions, order
configurations, and availability.

Employee relationship management (ERM). ERM software deals with employee
issues that are closely related to CRM, such as setting objectives, employee
performance management, performance-based compensation, and employee
training.
CRM systems typically provide software or tools for:

Sales force automation (SFA): SFA modules help sales staff increase their
productivity by focusing sales efforts on the most profitable customers. They
provide sales prospect and contact information, product information, product
configuration capabilities, and sales quote generation capabilities.

Customer service: Customer service modules provide information and tools to
make call centers, help desks, and customer support staff more efficient. They
have capabilities for assigning and managing customer service requests and may
include Web-based self-service capabilities.

Marketing: Marketing modules support direct-marketing campaigns with
capabilities for capturing prospect and customer data, qualifying leads, and
scheduling and tracking campaign mailings. They include tools for analyzing
marketing and customer data-identifying profitable and unprofitable customers,
designing products and services to satisfy specific customer needs and interests,
and identifying opportunities for cross-selling, up-selling, and bundling. Crossselling is the marketing of complementary products to customers. Up-selling is the
marketing of higher-value products or services to new or existing customers.
Bundling is cross-selling in which a combination of products is sold as a bundle at
a price lower than the total cost of the individual products.
FIGURE
9-8
HOW
CRM
SYSTEMS
SUPPORT
MARKETING
Customer relationship management software provides a single point for users to manage and evaluate
marketing campaigns across multiple channels, including e-mail, direct mail, telephone, the Web, and
wireless messages.
FIGURE
9-9
CRM
SOFTWARE
CAPABILITIES
The major CRM software products support business processes in sales, service, and marketing,
integrating customer information from many different sources. Included are support for both the
operational and analytical aspects of CRM.
CRM software can also be used to increase customer loyalty through customer service by
identifying valued customers and providing them with special services or offers.
FIGURE
9-10
CUSTOMER
LOYALTY
MANAGEMENT
PROCESS
MAP
This process map shows how a best practice for promoting customer loyalty through customer service
would be modeled by customer relationship management software. The CRM software helps firms
identify high-value customers for preferential treatment.
CRM applications may support either:

Operational CRM: Customer facing applications such as tools for sales force
automation, call center and customer service support, and marketing automation.

Analytical CRM: Applications that analyze customer data generated by operational
CRM applications to provide information for improving business performance
management. Analytical CRM applications are based on data warehouses that
consolidate the data from operational CRM systems and customer touch points for
use with online analytical processing (OLAP), data mining, and other data analysis
techniques. An important output of analytical CRM is the customer lifetime value
(CLTV). CLTV is based on the relationship between the revenue produced by a
specific customer, the expenses incurred in acquiring and servicing that customer,
and the expected life of the relationship between the customer and the company.
FIGURE
9-11
ANALYTICAL
CRM
DATA
WAREHOUSE
Analytical CRM uses a customer data warehouse and tools to analyze customer data collected from the
firm’s customer touch points and from other sources.
The business value of CRM systems includes

Increased customer satisfaction

Reduced direct-marketing costs

More effective marketing

Lower costs for customer acquisition and retention

Increased sales revenues through identifying profitable customers

Reduced churn rate: The churn rate measures the number of customers who stop
using or purchasing products or services from a company and is an important
indicator of the growth or decline of a firm's customer base.
Management Opportunities, Challenges, and Solutions
Many firms obtain extraordinary business value from enterprise applications because of
their power to improve process coordination and management decision making.
However, enterprise systems, supply chain management, and customer relationship
management systems are very expensive to purchase and implement. Costs run even
higher for organizations with global operations, which must manage organizational and
technology changes in many different languages, time zones, currencies, and regulatory
environments.
Enterprise applications require not only deep-seated technological changes but also
fundamental changes in the way the business operates, including changes to business
processes,
employee
responsibilities,
and
functions.
Enterprise applications also introduce "switching costs." Once an enterprise application is
purchased and implemented, it becomes very costly to switch vendors.
Enterprise applications require defining and implementing standardized definitions of data
throughout
the
organization.
Solutions for gaining more value from enterprise applications include:

Enterprise solutions (enterprise suites or e-business suites): Flexible
enterprise software that enables close linking between CRM, SCM, and enterprise
systems, as well as to customer and supplier systems.

Service platforms: A service platform integrates multiple applications from
multiple business functions, business units, or business partners to deliver a
seamless experience for the customer, employee, manager, or business partner.
Enterprise-wide service platforms provide a greater degree of cross-functional
integration than the traditional enterprise applications. To accomplish this,
software tools (such as Web services and XML) use existing applications as
building blocks for new cross-enterprise processes. Portal software can integrate
information from enterprise applications and disparate in-house legacy systems,
presenting it to users through a Web interface so that the information appears to
be coming from a single source.
FIGURE
9-12
ORDER-TO-CASH
SERVICE
Order-to-cash is a composite process that integrates data from individual enterprise applications and
legacy financial applications. The process must be modeled and translated into a software system using
application integration tools
CHAPTER 10
E-Commerce: Digital Markets, Digital goods
Electronic Business, Electronic Commerce, and the Emerging Digital Firm
E-commerce refers to:

The use of the Internet and the Web to transact business

Digitally enabled commercial transactions between and among organizations and
individuals.
FIGURE
10-1
THE
GROWTH
OF
E-COMMERCE
Retail e-commerce revenues have grown exponentially since 1995 and have only recently “slowed” to a
very rapid 25 percent annual increase, which is projected to remain the same until 2008.
The rapid growth of e-commerce since 1995 is due to the unique features of the Internet
and the Web as a commercial medium:

Ubiquity: Internet/Web technology is everywhere, at work, home, and
elsewhere, and anytime, providing a ubiquitous marketspace, a marketplace
removed from a temporal and geographical location.

Global reach: The technology reaches across national boundaries.

Universal standards: There is one set of Internet technology standards, which
greatly lower market entry costs (the costs to bring goods to market) and reduce
search costs (the effort to find products) for the consumer.

Richness: Information richness refers to the complexity and content of a
message. Internet technology allows for rich video, audio, and text messages to
be delivered to large numbers of people.

Interactivity: The technology works through interaction with the user.

Information density: Information density is the total amount and quality of
information available to all market participants. Internet technology reduces
information costs and raises quality of information, enabling price transparency
(the ease for consumers of finding a variety of prices) and cost transparency (the
ability of consumers to determine the actual costs of products). Information
density allows merchants to engage in price discrimination (selling goods to
targeted groups at different prices).

Personalization/customization:
E-commerce
technologies
permit
personalization (targeting personal messages to consumers) and customization
(changing a product or service based on consumer preference or history.
The Internet also shrinks information asymmetry, which occurs when one party in a
transaction has more information with respect to the transactions than the other party.
For instance, the Web has reduced the information asymmetries surrounding auto
purchases.
Digital markets are very flexible and efficient because they allow:

Reduced search and transaction costs

Lower menu costs (merchant's costs of changing prices)

Price discrimination

Dynamic pricing (prices changing based on the demand characteristics of the
customer or the seller's supply situation)

Disintermediation: Elimination of intermediaries such as distributors or retailers
FIGURE
10-2
THE
BENEFITS
OF
DISINTERMEDIATION
TO
THE
CONSUMER
The typical distribution channel has several intermediary layers, each of which adds to the final cost of a
product, such as a sweater. Removing layers lowers the final cost to the consumer.
The Internet digital marketplace has also greatly expanded sales of digital goods, goods
that can be delivered over a digital network. In comparison to traditional goods, the
marginal cost of producing another unit of a digital good is about zero, delivery costs
over the Internet are low, while marketing costs are about the same and pricing can be
variable.
E-commerce technologies have revolutionized commerce and enabled a variety of new
business models. Some are pure-play models, based purely on the Internet. Others may
be hybrid clicks-and-mortar models, using Web sites as an extension of a traditional
business, such as LLBean.com. New business models include:

Virtual storefronts: Such as Amazon.com

Information broker: Such as Realtor.com

Transaction broker: Such as E*Trade.com

Online marketplace: Such as Ebay.com

Content provider: Such as iTunes.com. The ability to deliver digital goods and
digital content over the Web has created new alternatives to traditional print and
broadcast media. Popular digital content includes online games, digital versions of
print newspapers, Internet radio, downloadable movies, online television
broadcasts, Podcasting (Internet audio broadcasts).

Online service provider: Such as Salesforce.com.

Virtual community: Such as YouTube.com; Online communities include social
networking sites, online communities used by individuals for expanding business or
social contacts, and social shopping sites, in which users swap shopping ideas.

Portal: Such as Yahoo.com. Some portals combine content from various sources,
using syndication as well providing additional value. Online syndicators aggregate
content or applications from multiple sources, package them for distribution, and
resell them to third-party Web sites
These new business models may have revenue generated from:

Sales of traditional or digital goods

Selling advertising space for banner ads and pop-up ads

Transaction fees

Sales of marketing information collected by users

Directing buyers to sellers
Electronic Commerce
The three major types of electronic commerce are:

Business-to-consumer (B2C): Retailing products and services to individual shoppers

Business-to-business (B2B): Sales of goods and services among businesses

Consumer-to-consumer (C2C): Consumers selling directly to other consumers.
Another way of classifying electronic commerce transactions is in terms of the
participants' physical connection to the Web. Conventional e-commerce transactions,
which take place over wired networks, can be distinguished from mobile commerce or mcommerce, the purchase of goods and services using handheld wireless devices.
Marketers can use the interactive features of Web pages to hold consumers' attention or
to capture information about their tastes and interests. This information may be obtained
by asking visitors to "register" online and provide information about themselves or by
using special software such as clickstream tracking to track the activities of Web site
visitors. Companies can then analyze this information to develop more precise profiles of
their
customers.
FIGURE
10-3
WEB
SITE
VISITOR
TRACKING
E-commerce Web sites have tools to track a shopper’s every step through an online store. Close
examination of customer behavior at a Web site selling women’s clothing shows what the store might
learn at each step and what actions it could take to increase sales.
Communications and product offerings can also be tailored precisely to individual
customers. By using Web personalization technology to modify Web pages presented to
each customer, marketers can achieve the benefits of using individual salespeople at
dramatically lower costs. Personalization can help firms form lasting relationships with
customers
by
providing
individualized
content,
information
and
services.
FIGURE
10-4
WEB
SITE
PERSONALIZATION
Firms can create unique personalized Web pages that display content or ads for products or services of
special interest to individual users, improving the customer experience and creating additional value.
Collaborative filtering compares a customer's behavior with data about similar customers
to predict what the customer would like to see next and makes recommendations to
users. Blogs, or Weblogs, informal web sites where individuals, or corporate
representatives and groups, can publish views and options, have emerged as a promising
Web marketing tool. New third-party services monitor customer discussions in online
communities or research online behavior of large numbers of customers at many
different
web
sites.
Learning what customers feel about one's products or services through electronic visits to
Web sites is much less costly than using focus groups. The Web shifts more marketing
and selling activities to the customer, as customers fill out their own on-line order forms.
Mobile commerce will provide businesses with additional channels for reaching customers
and
new
opportunities
for
personalization.
The Web and other network technologies are inspiring new approaches to customer
service and support. Companies can reduce costs and improve customer service by using
Web sites to provide helpful information as well as customer support via e-mail.
Companies are realizing substantial cost savings from Web-based customer self-service
applications. New products are even integrating the Web with customer call centers.
Much of B2B e-commerce is still based on proprietary systems for electronic data
interchange (EDI). Electronic data interchange (EDI) enables automated computer-tocomputer exchange between two organizations of standard transactions such as invoices,
bills
of
lading,
shipment
schedules,
or
purchase
orders.
FIGURE
10-5
ELECTRONIC
DATA
INTERCHANGE
(EDI)
Companies use EDI to automate transactions for B2B e-commerce and continuous inventory
replenishment. Suppliers can automatically send data about shipments to purchasing firms. The
purchasing firms can use EDI to provide production and inventory requirements and payment data to
suppliers.
Today companies are increasingly turning to the Internet for this purpose because it
provides a much more flexible and low-cost platform for linking to other firms. For
procurement (purchasing source goods and negotiation with suppliers), businesses can
use the Internet to locate low-cost goods, place orders, make payments, etc. Businesses
can create Web storefronts to sell goods, and Internet technology to create extranets or
link
to
other
businesses
for
transactions.
B2B e-commerce environments include:

Private industrial networks or private exchanges: Typically consisting of a large firm
using an extranet to link to its suppliers and other key business partners.

Net marketplaces or e-hubs: Internet-based marketplaces for many different
buyers and sellers. Net marketplaces are industry owned or operate as
independent intermediaries between buyers and sellers, generating revenue from
transaction fees or services to clients. Net marketplaces may sell direct goods
(used in a production process) and some sell indirect goods. They may support
contractual purchasing based on long-term relationships with designated
suppliers, and others support short-term spot purchasing, where goods are
purchased based on immediate needs, often from many different suppliers. Some
net marketplaces may serve vertical markets for specific industries or horizontal
markets, with goods and services for many industries.

Exchanges: Independently owned third-party Net marketplaces that can connect
thousands of suppliers and buyers for spot purchasing. Many exchanges provide
vertical markets for a single industry. However, many exchanges have failed
because they encourage competitive bidding that drove prices down without
offering long-term relationships.
FIGURE
10-6
A
PRIVATE
INDUSTRIAL
NETWORK
A private industrial network, also known as a private exchange, links a firm to its suppliers, distributors,
and other key business partners for efficient supply-chain management and other collaborative
commerce activities.
FIGURE
10-7
A
NET
MARKETPLACE
Net marketplaces are online marketplaces where multiple buyers can purchase from multiple sellers.
M-Commerce
Although m-commerce represents a small fraction of total e-commerce transactions,
revenue
has
been
steadily
growing.
M-commerce applications have taken off for services that are time-critical, that appeal to
people on the move, or that accomplish a task more efficiently than other methods.
Popular m-commerce applications include:

Content and location-based services: For checking
schedules, news, movie times, weather forecasts, etc
travel
information,

Banking and financial services: For checking account balances, transferring
funds, paying bills

Wireless advertising: Selling of advertising space in m-commerce applications,
such as sponsored search results from the go2Directory search site

Games and entertainment: Downloadable digital games, movies, music, and
ringtones
Because handheld mobile devices can only display small amounts of information at a
time, m-commerce enabled Web sites are being designed as special wireless portals
(mobile
portals)
with
content
optimized
for
smaller
screens.
Although Wi-Fi hotspots are increasing, m-commerce faces challenges such as:

Awkwardness and small screens of handheld devices

Security risks

Slow transfer speeds with second generation cell networks

Lack of standardized payment systems
Electronic Commerce Payment Systems
A variety of special electronic payment systems have been developed to pay for goods
electronically on the Internet, including:
Digital credit card payment systems:
These systems extend the functionality of credit cards so
they can be used for online shopping payments, providing mechanisms authentication and
money transfers.
Digital wallets:
Digital wallets store credit card, electronic cash, and owner identification
information and provide that information at an e-commerce site's checkout page, making
paying for purchases over the Web more efficient by eliminating the need for shoppers to
repeatedly enter their information into order forms.
Micropayment systems: These systems use accumulated balance or stored value payment
systems for purchases of less than $10. Many m-commerce transactions are small, frequent
purchases for items such as soft drinks, sports scores, newspapers, or mobile games that
require special micropayment systems.
allow users to make payments on the Web,
accumulating a debit balance on their credit card or telephone bills.
Accumulated balance digital payment systems
Stored value payment systems,
including smart cards, enable users to make instant payments
based on the value stored in a digital account.
(plastic cards that store digital information, such as health records, identification,
or financial data) can be used for micropayments in a stored value system. A smart card
requires use of a special card reading and writing device to recharge the card with cash or to
transfer cash either to an online or offline merchant.
Smart cards
is currency represented in electronic form that is moving outside the normal
network of money. Users are supplied with client software and can exchange money with
another e-cash user.
Digital cash
serve people who want to send money to vendors or
individuals who are not set up to accept credit card payments.
Peer-to-peer payment systems
extend existing checking accounts by using a digital signature that
can be verified and can be used for payments in electronic commerce.
Digital checking systems
Electronic bill presentment and payment services
monthly bills electronically.
are used for paying and managing routine