Assignment #2 – Knowledge About Protecting Information Resources and E-commerce

CSIS 2200-070 Systems Analysis and Designs

Ceyda Cakir 300390361
Jaspreet Sahiwal

Cakir_Ceyda_Assignment#2. 1
Project 1
1.Information technologies can be misused to invade user’s privacy and commit computer
crime. Below are some of these misuses.

Increasing of information technologies has affected positive and negative ways in our lives.
According to this assignment will be discussed negative impacts of information technologies. It
leads to invasion of user’s privacy and misuse of data. This issue is playing a crucial role for
organizations, individuals, and governments. Every organization, divisions, individuals want to
protect their privacy and security.

Phishing means that it deceives people into giving away their information such as passwords,
usernames, or social security number. In other words, they present themselves as a trustworthy
person and seek people's information. This is often used by e-mail or social media. So how can it
be minimized? Honestly solutions are simple and easy to use. Firstly, government and
organizations educate people about knowing phishing attempts such as suspicious email
addresses. If it can be given an example of suspicious email addresses, these people trick other
people by sending links and getting them to open documents. Secondly, Applying or
downloading anti-phishing tools or applications to prevent phishing e-mails. Third one, people
have to use multi-factor authentication. Authentication provides people with more security layer.
(How to Recognize and Avoid Phishing Scams, 2023)

Pharming is the practice of secretly sending people to fake websites. This is typically done via
malware on the user's device or by taking advantage of holes in DNS (Domain Name System)
servers. The aim is to take or capture personal information of user such as credit cards number,
credit card’s passwords. People can avoid of this misuse like updating Domain Name System
weekly or daily, using security protocols in DNS, downloading anti-virus programs. (Contributor
(2021)

Cakir_Ceyda_Assignment#2. 2
Baiting is when someone deceives or misinform another person by appealing them with
something they want, like a free prize or a good deal. The free prize or a good deal is not real. It
leads the person into downloading harmful software or giving away secret personal or company
information. For example, imagine seeing an online ad for free software. When you open on free
software, instead of purchasing it, your computer or your personal information is given away to
them. To minimize of this misuse is to educate peoples about the risks of downloading files from
harmful software or untrust files. Other thing is that implementing strict policies is a key to
prevent this misuse (What Is Baiting in Cyber Security? n.d.)

Smishing is another concept of phishing. In this misuse is done with short message service. The
aim is to reach and deceive low level people and capture their personal information. In Turkey
there are lots of issues about this misuse. For instance, someone needs money to pay his or her
debt and suddenly this person gets a SMS which includes you award 1000 Turkish Liras, and
you have to get click on the link. If this person clicks the link, all of her or his information, credit
card numbers will be stolen immediately. How can it be avoided? Solutions are simple Firstly;
people enable spam filters on their mobile devices to block these messages. Secondly, every
person avoids clicking on link from suspicious senders or untrust senders. (What Is Smishing and
How to Defend Against It, 2023)

Vishing is another concept of phishing, and it is accomplished via telephone calls. People trick
other people into providing their personal information. To avoid vishing attacks, people have to
know about vishing attacks. Also, people can ignore unknown numbers. Lastly people have to be
skeptical. (What Is Vishing? Definition & Protection | Proofpoint US, 2024)

Cakir_Ceyda_Assignment#2. 3
2. Discuss about the following intentional security threats

Intentional security threats are harmful actions to people, organization, or groups. They are
usually accomplished by people who want to cause trouble and they take advantage of
weaknesses in technology or human behaviour. This topic will be discussed about threats of
intentional security.

A typical kind of threat is known as a virus. It is possible for a virus to propagate between
computers. When it gets on a computer, it can lead to issues including file deletion or improper
computer operation. Typically, viruses infiltrate computers via files downloaded from the
internet or email attachments. However, people can avoid this threat. First option is people have
to downloading anti-virus program and firewall. Second option is that people must not open
email from unknown senders. Third option is that improving web browser security settings.
(What Is a Computer Virus? Virus, n.d.)

A second kind of threat is called Trojan. Trojan horses are malicious programs that appear to be
beneficial but are really harmful. Rather than spreading like viruses, they fool users into
downloading them. Once installed on a computer, they may allow hackers access to the system,
giving them the ability to seize control and crucial information. Trojan horses typically enter
systems through suspicious emails, links, or downloads. (What Is a Trojan Horse? Trojan Virus
and Malware Explained | Fortinet, n.d.)

A third kind of threat is called Backdoor. Backdoors and other intentional security flaws pose
serious concerns to internet safety. Backdoors are covert methods of getting into a network or
computer system. Hackers frequently construct them. Once a backdoor is downloaded, it gives
hackers access to the system, giving them the ability to steal confidential data or perform other
destructive tasks. Software backdoors are known to exist. To avoid this threat is to change your
default passwords and monitor network activity. (Malwarebytes, 2023)

Cakir_Ceyda_Assignment#2. 4
A fourth threat is that a cyberattack known as a denial-of-service (DoS) attempt is a kind where a
malevolent entity attempts to prohibit authorized users from accessing a computer by preventing
it from operating normally. In order to cause more customers to experience a denial-of-service,
DoS attacks usually work by overloading a targeted computer with requests until regular traffic
is unable to be processed. One computer being used to initiate the assault is what defines a
denial-of-service (DoS) attack. To prevent that organizations can apply measures like traffic
filtering. (What Is a Denial-of-Service Attack (DoS), n.d.)

Social engineering refers to a huge spectrum of human behaviors carried out through human
relationships. It misinforms users into revealing sensitive information or committing security
errors by manipulating their minds. Social engineering attacks are baiting’ pretexting and
phishing. So how can it avoided? The first is that user requires more education about these
misuse or threats. Also, organizations or government can use security programs to prevent this
misuse. (Masas, 2023)

Cakir_Ceyda_Assignment#2. 5
Project 2
In addition to backing up data and storing securely, organizations can take many other
steps to guard against threats. A comprehensive security system may include the following.
[1 Mark each]

In the current digital environment, data is an organization's lifeblood, thus protecting it from
various dangers is crucial. Although data backup and storage security are essential policies,
enterprises need to use a multi-pronged strategy to fully strengthen their defenses.

Non biometric Security Measures are the first one. These include several different types of
conventional security measures including access cards, PINs, passwords, and security tokens.
They are crucial for limiting internal access to both digital and physical assets in a company.
Conversely, biometric security measures rely on distinct biological traits like fingerprints, iris
patterns, or facial features to confirm a person's identification through biometric authentication.
Because biometric data is difficult to falsify or duplicate, this provides an additional degree of
protection. (Innovatrics, 2023)

Another step is Virtual Private Networks. VPNs enable users to safely access private networks or
surf the internet anonymously by establishing a secure encrypted connection across a public
network (like the internet). When transferring data across untrusted networks or remotely
accessing resources, VPNs are essential for safeguarding critical information. (What Is a Virtual
Private Network (VPN)?, 2024)

Data encryption involves encoding data in such a way that only authorized parties can access and
understand it. Data encryption’s aim is to protect digital data confidentiality as it is stored on
computer systems and transmitted using the internet or other computer networks. In addition to
ensuring secrecy, these algorithms power important security measures including non-repudiation,
integrity, and authentication. The processes of integrity and authentication enable the verification
of a message's origin and the assurance that its contents have not changed since it was
transmitted. (What Is Data Encryption? (Definition, Best Practices & More), n.d.)

Cakir_Ceyda_Assignment#2. 6
Access control is a security strategy that governs who or what may see or utilize resources in a
computer system. It is a core security concept that reduces risk to the company or organization.
There are two kinds of access controls: physical control and logical control. Physical access
control prevents unauthorized access to campuses, buildings, rooms, and physical IT assets.
Logical access control restricts access to computer networks, system files, and data. Companies
or communities use electronic access control systems to track employee access to constrained
company locations and private regions. These systems rely on user credentials, access card
readers, audits, and reporting. (Lutkevich, 2022)

Project 3

Cakir_Ceyda_Assignment#2. 7
A number of technologies and applications support e-commerce activities. Discuss the
following in consideration of the same. [1.25 Marks each]

Digital marketing, database marketing, mobile marketing has been played a crucial role in e-
commerce activities. Nowadays companies focus on digital marketing because of increasing
technologies and developing new technologies. Digital marketing includes various strategies and
channels used to promote products or services online. In e-commerce, digital marketing plays
a key role in attracting potential customers driving to traffic to e-commerce platforms and
increasing sales. Technologies such as social media marketing, email marketing help businesses
to target specific users, engage with customers and build relationships. (Team, 2024)

Mobile marketing refers to activities that use and leverage mobile devices such
as tablets, phones or watches to reach target audiences and promote a brand's products or
services. Before diving into mobile marketing tactics and activities, let's first develop a mobile
marketing strategy. Your mobile marketing strategy is part of your overall digital marketing
strategy. This means that mobile marketing strategies must support and align with both
marketing and digital marketing goals and objectives. With so many people accessing
the Internet today through mobile devices, smartphones and tablets, a mobile marketing
strategy can represent the core digital marketing strategy of a particular organization. This
strategic decision is largely driven by the target groups and their mobile behavior. (Grayson,
2023)

Search Engine Optimization is about making improvements to your website’s structure and
content so its pages can be discovered by people searching for what you have to offer, through
search engines. People have searched for any manner of things both loosely and directly related
to your business. These are lost of opportunities to connect with these people, answer their
questions, solve their problems, and become a trusted resource for them. There are so many
benefits such as better reputation, getting and relationships with more customers. (WordStream,
2024) SEO is also one of the only online marketing channels that, if set up correctly, can
continue to pay dividends over time. (Moz, 2024)

Cakir_Ceyda_Assignment#2. 8
Electronic payments allow customers or users to pay for goods and services in electronic
system. This is done without the use of checks or cash. Electronic payment is usually made
through debit cards, credit cards or direct bank deposits. But there are other alternative
payment methods, such as electronic wallets and cryptocurrencies. So, if you plan to open your
business online and create an online store, you must have an online store payment system to
accept payments online. (FreshBooks, 2023)

In conclusion, digital marketing, mobile marketing, Search Engine Optimization, and electronic
payment systems are integral parts of the e-commerce ecosystem, each playing a unique role
in increasing sales, improving customer engagement, and maximizing the success of online
businesses. By using these technologies and applications effectively, e-commerce companies can
take advantage of the digital market and stay ahead of the competition.

Cakir_Ceyda_Assignment#2. 9
Project 4
Explain four major models of business-to-business e-commerce. [1.25 Marks each]

In the continuously evolving business, the spread of digital technologies has shaped the
communication and business between companies. Among the various areas of e-commerce,
business-to-business (B2B) e-commerce stands out as a key area that promotes efficiency,
collaboration, and growth in the global market. Several different models have emerged in B2B e-
commerce, each offering a unique approach to facilitating business and fostering business
relationships. The purpose of this assignment is to examine and analyze the four main models of
inter-business between B2B.

First model is Business-to-consumer models. Business-to-consumer (B2C) e-commerce is the

most prevalent, a large number of online marketplaces fit into this category. They often use
digital marketing to achieve e-commerce success. If it will be given an example of this,
considering a clothing, entertainment, and home goods retailer like Walmart that sells products
to individual consumers online. (Staff & Taylor, 2023)

Another model is a business-to-business e-commerce model. This model is usually associated

with high-quality and expensive products or services in industries where most of the income
comes from acquisitions. The business-to-business model usually ends with a buying stage - a
company sells its product to another company, which then sells it to its customers. (Staff &
Taylor, 2023)

A slightly rarer but equally effective strategy is the consumer-to-business e-commerce model.
C2B means that consumers sell their products or exchange services directly with businesses. This
usually happens without an intermediary such as a manufacturer or wholesaler. It’s example is
that considering an online review site like Facebook, where consumers leave customer reviews,
participate in business surveys, or even share products. as a central social media content
influencer. This is done in exchange for some kind of benefit, such as the chance to win a prize,
receive a discount or receive a free product. (Staff & Taylor, 2023)

Consumer-to-consumer or peer-to-peer (P2P) is an e-commerce business model where

consumers sell their products or services directly to other consumers. This differs from business-

Cakir_Ceyda_Assignment#2. 10
to-consumer relationships where the focus of business is selling products or services to
consumers. The reason C2C is such a popular e-commerce model is that it gives business owners
the opportunity to reach a wider audience and grow their customer base. C2C sites are often
referred to as P2P sales platforms. The concept is very similar to the ads that are often posted at
the local neighborhood or community level. (Staff & Taylor, 2023)

In short, the B2B e-commerce landscape is characterized by a diverse collection, each offering
different approaches to facilitate transactions and promote business-to-business collaboration. By
understanding and explaining business to business consumer to consumer, consumer to business
and last one business to consumer models effectively, businesses can exploit the power of
technology to increase relationships and open new opportunities in digital and virtual world.

Cakir_Ceyda_Assignment#2. 11
REFERENCES

How to recognize and avoid phishing scams. (2023, November 29). Consumer Advice.
https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Contributor, T. (2021, April 23). pharming. Security.
https://www.techtarget.com/searchsecurity/definition/pharming
What is Baiting in Cyber Security? (n.d.). Fortra’s Terranova Security.
https://www.terranovasecurity.com/blog/what-is-baiting
What is Smishing and How to Defend Against it. (2023, November 20). www.kaspersky.com.
https://www.kaspersky.com/resource-center/threats/what-is-smishing-and-how-to-defend-
against-it
What is Vishing? Definition & protection | Proofpoint US. (2024, February 12). Proofpoint.
https://www.proofpoint.com/us/threat-reference/vishing
What is a computer virus? virus. (n.d.). © Copyright 2004 - 2024 Webroot Inc. All Rights
Reserved. https://www.webroot.com/us/en/resources/tips-articles/computer-security-threats-
computer-viruses
What is a trojan horse? Trojan virus and malware explained | Fortinet. (n.d.). Fortinet.
https://www.fortinet.com/resources/cyberglossary/trojan-horse-virus
Malwarebytes. (2023, October 30). Backdoor computing attacks – Definition & examples |
Malwarebytes. https://www.malwarebytes.com/backdoor
What is a denial-of-service attack (DoS)? (n.d.). Palo Alto Networks.
https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos
Masas, R. (2023, December 20). What is Social Engineering | Attack Techniques & Prevention
Methods | Imperva. Learning Center. https://www.imperva.com/learn/application-security/social-
engineering-attack/
Innovatrics. (2023, September 5). Biometric Security - Definition, FAQs - Innovatrics.
https://www.innovatrics.com/glossary/biometric-security/
What is a virtual private network (VPN)? (2024, February 22). Cisco.
https://www.cisco.com/c/en/us/products/security/vpn-endpoint-security-clients/what-is-vpn.html
What is data encryption? (Definition, best practices & more). (n.d.). Digital Guardian.
https://www.digitalguardian.com/blog/what-data-encryption

Cakir_Ceyda_Assignment#2. 12
Lutkevich, B. (2022, July 7). access control. Security.
https://www.techtarget.com/searchsecurity/definition/access-control
Team, I. (2024, January 25). What is digital marketing? Types and examples. Investopedia.
https://www.investopedia.com/terms/d/digital-marketing.asp
Grayson, R. (2023, March 23). Mobile marketing. Pressbooks.
https://opentextbc.ca/foundationsdigitalmarketing/chapter/mobile-marketing/]
WordStream. (2024, January 29). What is SEO? A Search Engine Optimization Guide.
https://www.wordstream.com/seo
Moz. (2024, January 1). SEO 101: What is it, and why is it important? The Beginner’s Guide to
SEO. Moz. https://moz.com/beginners-guide-to-seo/why-search-engine-marketing-is-necessary
FreshBooks. (2023, June 19). What is an electronic payment (E-Payment) system & how does it
work? https://www.freshbooks.com/hub/payments/what-is-electronic-payment
Staff, B., & Taylor, J. (2023, August 7). The 4 main e-commerce Business models for building a
successful online Store. BeProfit. https://beprofit.co/a/blog/what-are-the-four-main-types-of-e-
commerce-business-models

Cakir_Ceyda_Assignment#2. 13