companies can do business online using their own servers and server software is used most often by large companies
commerce service providers
Internet service providers (ISPs) provide Internet access to companies and individuals. Virtually all of these companies offer Web-hosting services as well and sometimes called themselves
These firms, which often offer Web server management and rent application software (such as databases, shopping carts, and content management programs) to businesses, sometimes call themselves (managed service providers)( application service providers)
the client’s Web site is on a server that hosts other Web sites simultaneously and is operated by the service provider at its location.
the service provider makes a Web server available to the client, but the client does not share the server with other clients of the service provider.
the service provider rents a physical space to the client to install its own sen er hardware. The client installs its own software and maintains the server. The service provider is responsible only for providing a reliable power supply and a connection to the Internet.
The best hosting services provide Web server hardware and software combinations that are_______, which means they can be adapted to meet changing requirements when their clients grow.
a listing of goods and services
is a simple list written in HTML that appears on a Web page or a series of Web pages
stores the information about items in a database, usually on a separate computer that is accessible to the server that is running the Web site itself.
HTTP messaging, which is the foundation of the Web, is a ___________(it does not retain information from one transmission or session to another),
is a company based in Tucker, Georgia, that .sells electronic commerce software to companies that operate small and midsize electronic commerce Web sites
occurs when the shopper proceeds to the virtual checkout counter by clicking a checkout button.
a collection of information that is stored on a computer in a highly structured way.
is software that makes it easy for users to enter, edit, update, and retrieve information in the database.
distributed information systems
Large information systems that store the same data in many different physical locations are called ________and the databases within those systems are called distributed database systems.
_______ which was developed and is maintained by a community of programmers on the Web. Similar to the Linux operating system ______is open-source software, even though it was developed by a Swedish company (______ AB), which is now owned by Oracle.
_________is software that takes information about sales and inventory shipments from the electronic commerce software and transmits it to accounting and inventory management software in a form that these systems can read.
Making a company’s information systems work together is called __________ and is an important goal of companies when they install middleware.
A program that performs a specific function, such as creating invoices, calculating payroll, or processing payments received from customers, is called an application program, application software, or, more simply, an application.
___________is a computer that takes the request messages received by the Web server and runs application programs that perform some kind of action based on the contents of the request messages.
The actions that the application server software performs are determined by the rules used in the business. These rules are called _______________
application integration (enterprise application integration)
In many organizations, the business logic is distributed among many different applications that are used in different parts of the organization. In recent years, many IT departments have devoted significant resources to the creation of links among these scattered applications so that the organization’s business logic can be interconnected. The creation and management of these links is called _________
___________ application systems return pages generated by scripts that include the rules for presenting data on the Web page with the business logic.
Because page-based systems combine presentation and business logic, they are hard to revise and update.
To avoid this problem, an increasing number of businesses use a _________ application system that separates the presentation logic from the business logic.
ERP (Enterprise resource planning)
______________________ software packages are business systems that integrate all facets of a business, including accounting, logistics, manufacturing, marketing, planning, project management, and treasury functions.
The W3C defines __________ as software systems that support interoperable machine-to-machine interaction over a network._________ is a set of software and technologies that allow computers to use the Web to interact with each other directly, without human operators directing the specific interactions.
(application program interface) API
A general name for the ways programs interconnect with each other is ____. When the interaction is done over the Web, the techniques are called Web ____.
(Simple Object Access Protocol) SOAP
Implementing The first widely used approach to Web services was ______________, which is a message-passing protocol that defines how to send marked-up data from one software application to another across a network.
The other two specifications are the Web Services Description Language (WSDL), which is used to describe the logic unit characteristics of each Web service, and the Universal Description, Discovery, and Integration Specification (UDDI), which works as a sort of address book to identify the locations of Web services and their associated WSDL descriptions.
(Representational State Transfer) REST
In 2000, Roy Fielding outlined a principle called _________________, that describes the way the Web uses networking architecture to identify and locate Web pages and the elements (graphics, audio clips, and so on) that make up those Web pages. Some Web services designers who found SOAP to be overly complex for their applications turned to Fielding’s REST idea and used it to structure their work.
__________ CSPs provide small businesses with a basic Web site, online store design tools, storefront templates, and an easy-to-use interface. These service providers charge a low monthly fee and may also charge one-time setup fees (similar to basic CSPs), however, others also charge a percentage of or fixed amount for each customer transaction. Amazon Services (through its “Professional Sellers” and “Individual Sellers” programs) and eBay Stores.
Content management software
______ ___________ _________ helps companies control the large amounts of text, graphics, and media files that have become crucial to doing business.
Thus, large companies are using systems that help them manage the knowledge itself, rather than the documentary representations of that knowledge. The software that has been developed to meet that goal is called ____________ software.
_______________ software helps companies do four main things: collect and organize knowledge, share the knowledge among users, enhance the ability of users to collaborate, and preserve the knowledge gained through the use of information so that future users can benefit from the learning of current users.
Supply chain management
___________ software helps companies to coordinate planning and operations with their partners in the industry supply chains of which they are members. ____ software performs two general types of functions: planning and execution.
Customer relationship management
________________ software must obtain data from operations software that conducts activities such as sales automation, customer service center operations, and marketing campaigns. The software must also gather data about customer activities on the company’s Web site and any other points of contact the company has with its existing and potential customers.
The Salesforce.com practice of replacing a company’s investment in computing equipment by selling Internet-based access to its own computing hardware and software is called ____________, and it has become an important new force in the software industry. _____________ allows companies to gain the benefits of software without having to install computing hardware and maintain it.
__________ is the protection of assets from unauthorized access, use, alteration, or destruction. There are two general types of security: physical and logical.
_____________ includes tangible protection devices, such as alarms, guards, fireproof doors, security fences, safes or vaults, and bombproof buildings.
Protection of assets using nonphysical means is called ________ security
Any act or object that poses a danger to computer assets is known as a threat. A countermeasure is a procedure that recognizes, reduces, or eliminates a threat.
An__________, in this context, is a person or device that can listen in on and copy Internet transmissions.
Secrecy refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source. Integrity refers to preventing unauthorized data modification. Necessity refers to preventing data delays or denials (removal). Integrity threats are reported less frequently and are less well known to the general public. An integrity violation occurs, for example, when an e-mail message is intercepted and its contents arc changed before it is forwarded to its original destination. That is, the integrity of the message has been violated. In this particular exploit, which is called a
(man-in-the-middle exploit), the contents of the e-mail are often altered in a way that changes the message’s original meaning.
There are two ways of categorizing cookies: by time duration and by source. The two kinds of time-duration cookie categories include
(session cookies), which exist until the Web client ends the connection (or “session”), and
(persistent cookies), which remain on the client computer indefinitely.
Another way to categorize cookies is by their source. Cookies can be placed on the client computer by the Web server site, in which case they are called
(first-party cookies), or they can be placed by a different Web site, in which case they are called
(third-party cookies). A third-party cookie originates on a Web site other than the site being visited. These third-party Web sites usually provide advertising or other content that appears on the Web site being viewed.
_____is a tiny graphic that a third- party Web site places on another site’s Web page. When a site visitor loads the Web page, the _______ is delivered by the third-party site, which can then place a cookie on the visitor’s computer. A _________’s only purpose is to provide a way for a third-party Web site (the identity of which is unknown to the visitor) to place cookies from that third-party site on the visitor’s computer.
These programs run when a client device loads the Web page and are called ______ _______. ____ ______ programs can display moving graphics, download and play audio, or implement Web-based spreadsheet programs.
An______ is a small application program. ______ typically run within the Web browser and are most often written in the Java programming language.
–>A Trojan horse is a program hidden inside another program or Web page that masks its true purpose. The Trojan horse could snoop around a client computer and send back private information to a cooperating Web server—a secrecy violation. The program could alter or erase information on a client computer—an integrity violation. Zombies are equally threatening.
–>A zombie is a Trojan horse that secretly takes over another computer for the purpose of launching attacks on other computers. The computers running the zombie are also sometimes called zombies. When a Trojan horse (or other type of virus) has taken over a large number of computers (and thus made them into zombies), the person who planted the virus can take control of all the computers and
–>form a botnet (short for robotic network, also called a zombie farm when the computers in the network are zombies) that can act as an attacking unit, sending spam or launching denial-of-service attacks against specific Web sites.
browser ___________, which are programs that enhance the capabilities of browsers, handle Web content that a browser cannot handle.______ can enable a browser to perform useful tasks, such as playing audio or video; however, ______ can also pose security threats to client computers by executing commands buried within the media being manipulated.
A______ is a type of virus that replicates itself on the computers that it infects. ______ can spread quickly through the Internet.
A ______________ or digital ID is an attachment to an e-mail message or a program embedded in a Web page that verifies that the sender or Web site is who or what it claims to be.
The term__________ describes the process of hiding information (a command, for example) within another piece of information. This information can he used for malicious purposes.
biometric security device
A _______ _________ ______ is one that uses an element of a person’s biological makeup to perform the identification. These devices include writing pads that detect the form and pressure of a person writing a signature, eye scanners that read the pattern of blood vessels in a person’s retina or the color levels in a person’s iris, and scanners that read the palm of a person’s hand (rather than just one fingerprint) or that read the pattern of veins on the back of a person’s hand.
Almost all mobile devices include software that allows the owner to initiate a ______________ if the device is stolen. A ____________ clears all of the personal data stored on the device, including e-mails, text messages, contact lists, photos, videos, and any type of document file. If a mobile device does not include ___________ software, it can be added as an app.
Apps that contain malware or that collect information from the mobile device and forward it to perpetrators are called _____ ______. To weed out _____ ______, the Apple App Store tests apps before they are authorized for sale. The Android Market does not screen for rogue apps as extensively as Apple;
Software applications called _______ __________ provide the means to record information that passes through a computer or router that is handling Internet traffic. Using a ________ _________ is analogous to tapping a telephone line and recording a conversation. _____ _______ can read e-mail messages and unencrypted Web client- server message traffic, such as user logins, passwords, and credit card numbers.
Periodically, security experts find electronic holes, called___________, in electronic commerce software. A _________ is an element of a program (or a separate program) that allows users to run the program without going through the normal authentication procedure for access to the program.
anonymous Web service
Several companies and organizations offer_______ ________ ____________ that hide personal information from sites visited. These services provide a measure of secrecy to Web surfers who use them by replacing the user’s IP address with the IP address of the anonymous Web service on the front end of any URLs that the user visits.
An integrity threat, also known as active_________, exists when an unauthorized party can alter a message stream of information. Unprotected banking transactions, such as deposit amounts transmitted over the Internet, are subject to integrity violations.
_______________ is an example of an integrity violation. _____________ is the electronic defacing of an existing Web site’s page. The electronic equivalent of destroying property or placing graffiti on objects, ______________ occurs whenever someone replaces a Web site’s regular content with his or her own content.
–>Masquerading or spoofing—pretending to be someone you are not, or representing a Web site as an original when it is a fake—is one means of disrupting Web sites.
–>Domain name servers (DNSs) are the computers on the Internet that maintain directories that link domain names to IP addresses.
These exploits, which capture confidential customer information, arc called________ __________. The most common victims of ________ _____ are users of online banking and payment system (such as PayPal) Web sites.
(distributed denial-of-scrvice) DDOS
Attackers can use the botnets you learned about earlier in this chapter to launch a simultaneous attack on a Web site (or a number of Web sites) from all of the computers in the botnet. This form of attack is called a ________ attack. The attack on U.S. and South Korean government and business Web sites you learned about at the beginning of this chapter was a _____ attack.
WEP (Wireless Encryption Protocol)
The security of the connection depends on the ________________, which is a set of rules for encrypting transmissions from the wireless devices to the WAPs.
In some cities that have large concentrations of wireless networks, attackers drive around in cars using their wireless-equipped laptop computers to search for accessible networks. These attackers are called
–>wardrivers. When wardrivers find an open network (or a WAP that has a common default login and password), they sometimes place a chalk mark on the building so that other attackers will know that an easily entered wireless network is nearby.
–>This practice is called warchalking. Some warchalkers have created Web sites that include maps of wireless access locations in major cities around the world.
________ is the coding of information by using a mathematically based program and a secret key to produce a string of characters that is unintelligible. The science that studies __________ is called cryptography
A program that transforms normal text, called –>plain text, into cipher text (the unintelligible string of characters) is called an –>encryption program. The logic behind an encryption program that includes the mathematics used to do the transformation from plain text to cipher text is called an –>encryption algorithm.
____ _______ is a process that uses a hash algorithm to calculate a number, called a hash value, from a message of any length. It is a fingerprint for the message because it is almost certain to be unique for each message.
__________ ________, or public-key encryption, encodes messages by using two mathematically related numeric keys. In 1977, MIT professors Ronald Rivest, Adi Shamir, and I^eonard Adleman invented the RSA Public Key Cryptosystem. In their system, one key of the pair, ealled a public key, is freely distributed to anyone interested in communicating securely with the holder of both keys. The public key is used to encrypt messages using one of several different encryption algorithms. The second key, called a private key, is kept by the key owner. The owner uses the private key to decrypt all messages received.
–>One of the most popular technologies used to implement public-key encryption today is called Pretty Good Privacy (PGP).
__________ __________, also known as private-key encryption, encodes a message with an algorithm that uses a single numeric key, such as 456839420783, to encode and decode data.
A ______ ______ is a key used by an encryption algorithm to create cipher text from plain text during a single secure session.
S-HTTP security is established during the initial session between a client and a server. Either the client or the server can specify that a particular security feature be required, optional, or refused. This process of proposing and accepting (or rejecting) various transmission conditions is called _________ __________.
sometimes called an envelope. This
–>(secure envelope) encapsulates and encrypts the message, which provides secrecy, integrity, and client/server authentication. S-HTTP is still used by some Web servers; however, SSL has largely replaced it.
To detect message alteration, a hash algorithm is applied to the message content to create a _____ _________, which is a number that summarizes the encrypted information.
An encrypted message digest created using a private key is called a ________ _________.
A________ is an area of memory set aside to hold data read from a file or database. A ________ is necessary whenever any input or output operation takes place because a computer can process file information much faster than the information can be read from input devices or written to output devices.
one in which excessive data is sent to a server, can occur on mail servers. Called a _______ ______, the attack occurs when hundreds or even thousands of people each send a message to a particular address.
access control list (ACL)
An ______ ______ _______ is a list or database of files and other resources and the usernames of people who can access the files and other resources.
A_______ is software or a hardware-software combination that is installed in a network to control the packet traffic moving through it. Most organizations place a ________ at the Internet entry point of their networks.
–>Those networks inside the _______ are often called trusted, whereas networks outside the _______ are called untrusted.
Firewalls are classified into the following categories: packet filter, gateway server, and proxy server.
–>Packet-filter firewalls examine all data flowing back and forth between the trusted network (within the firewall) and the Internet.
–>Gateway servers are firewalls that filter traffic based on the application requested. Gateway servers limit access to specific applications such as Telnet, FTP, and HTTP.
–>Proxy server firewalls are firewalls that communicate with the Internet on the private network’s behalf.
Intrusion detection systems
_______ _________ ________ are designed to monitor attempts to log into servers and analyze those attempts for patterns that might indicate a cracker’s attack is under way.
In addition to firewalls installed on organizations’ networks, it is possible to install software-only firewalls on individual client computers. These firewalls are often called _______ _________. The use of ________ _______ has become an important tool in the protection of expanded network perimeters for many companies.
Internet payments for items costing from a few cents to approximately a dollar are called_______________
–> small payments is used to describe all payments of less than S10
An ___________ _______ is a set of connections between banks that issue credit cards, the associations that own the credit cards (such as MasterCard or Visa), and merchants’ banks.
closed loop system
In some payment card systems, the card issuer pays the merchants that accept the card directly and does not use an intermediary, such as a hank or clearinghouse system. These types of arrangements are called ________ ______ __________ because no other institution is involved in the transaction.
open loop system
Whenever additional parties, such as the intermediaries in this example, are included in payment card transaction processing, the system is called an ________ _______ _________. Visa and MasterCard are two of the most widely known examples of ________ _______ _________. Many banks issue both of these cards.
Unlike American Express or Discover, neither Visa nor MasterCard issues cards directly to consumers. Visa and MasterCard are ((credit card associations)) that are operated by the banks who are members in the associations. These member banks, which are
An __________ _______ is a bank that does business with sellers (both Internet and non- Internet) that want to accept payment cards.
To process payment cards for Internet transactions, a business must set up a ((merchant account)) with an _________ ________.
_________ __________ is a technique used by criminals to convert money that they have obtained illegally into cash that they can spend without having it identified as the proceeds of an illegal activity.
Software-based digital wallets fall into two categories, depending on where they are stored. A ((server-side digital wallet)) stores a customer’s information on a remote server belonging to a particular merchant or wallet publisher.
Smartphones and tablets, as mobile devices, are candidates to become ((hardware-based digital)) wallets that can store a variety of identity credentials (such as a driver’s license, medical insurance card, store loyalty cards, and other identifying documents).
Near field communication (NFC) technology, which allows for contactless data transmission over short distances, can also be used if the smartphone is equipped with a chip similar to those that have been used on payment cards (such as MasterCard’s PayPass card) for a number of years.
A ________ _____ is a plastic card with an embedded microchip that can store information. _______ _____ is also called stored-value cards.
_______ _____ is safer than magnetic strip credit cards
When the e-mails used in a phishing expedition are carefully designed to target a particular person or organization, the exploit is called ________ _______. The _______ ________ perpetrator must do considerable research on the intended recipient, hut by obtaining detailed personal information and using it in the e-mail, the perpetrator can greatly increase the chances that the victim will open the e-mail and click the link to the phishing Web site.
U.S. laws define ((organized crime)), also called ((racketeering)), as unlawful activities conducted by a highly organized, disciplined association for profit. The associations that engage in organized crime are often differentiated from less organized groups such as gangs and from organized groups that conduct unlawful activities for political purposes, such as terrorist organizations.
The Internet has opened new opportunities for organized crime in its traditional types of criminal activities and in new areas such as generating spam (which you learned about in earlier chapters), phishing, and identity theft. ((Identity theft)) is a criminal act in which the perpetrator gathers personal information about a victim and then uses that information to obtain credit.
Businesses use tactics called ((downstream strategies)) to improve the value that the business provides to its customers. Alternatively, businesses can pursue ((upstream strategies)) that focus on reducing costs or generating value by working with suppliers or inbound shipping and freight service providers.
total cost of ownership
In addition to hardware and software costs, the project budget must include the costs of hiring, training, and paying the personnel who will design the Web site, write or customize the software, create the content, and operate and maintain the site. Many organizations now track costs by activity and calculate a total cost for each activity. These cost numbers, called ___________(TCO), include all costs related to the activity.
A person would pitch an idea for an online business to a group of businesspersons who had money and enough business knowledge to evaluate the idea’s potential. These investors, often called ((angel investors))
((Venture capitalists)) are very wealthy individuals, groups of wealthy individuals, or investment firms that look for small companies that are about to grow rapidly. They invest large amounts of money (between a million and a few hundred million dollars) hoping that in a few years the company will be large enough to sell stock to the public in an event called an initial public offering (IPO). In the IPO, the venture capitalists take their profits and once again search for a new small company in which to invest.
Most companies have procedures that call for an evaluation of any major expenditure of funds. These major investments in equipment, personnel, and other assets are called ((capital projects)) or ((capital investments)).
evaluation approaches are called ((return on investment)) (ROI) techniques because they measure the amount of income (return) that will be provided by a specific current expenditure (investment). ROI techniques provide a quantitative expression of whether the benefits of a particular investment exceed their costs (including opportunity costs).
Companies today recognize the value of the accumulated mass of employees’ knowledge about the business and its processes. The value of an organization’s pool of this type of knowledge is called ((intellectual capital)).
the company outsources the initial site design and development to launch the project quickly. The outsourcing team then trains the company’s information systems professionals in the new technology before handing the operation of the site over to them. This approach is called ((early outsourcing)).
Once the company has gained all the competitive advantage provided by the system, the maintenance of the electronic commerce system can be outsourced so that the company’s information systems professionals can turn their attention and talents to developing new technologies that will provide further competitive advantage. This approach is called ((late outsourcing)).
In both the early outsourcing and late outsourcing approaches, a single group is responsible for the entire design, development, and operation of a project—either inside or outside the company. This typical outsourcing pattern works well for many information systems projects. However, electronic commerce initiatives can benefit from a partial outsourcing approach, too. In ((partial outsourcing)), which is also called ((component outsourcing)), the company identifies specific portions of the project that can be completely designed, developed, implemented, and operated by another firm that specializes in a particular function.
An__________ is a company that offers startup companies a physical location with offices, accounting and legal assistance, computers, and Internet connections at a very low monthly cost.
______ ___________ is a collection of formal techniques for planning and controlling the activities undertaken to achieve a specific goal.
Project portfolio management
A company’s top technology manager is its chief information officer (CIO).
_________ __________ __________ is a technique in which each project is monitored as if it were an investment in a financial portfolio. The CIO records the projects in a list (usually using spreadsheet or database management software) and updates the list regularly with current information about each project’s status. By managing each project as a portfolio element, project portfolio managers can make trade