E-commerce Monitoring and Control Policy Plan for Simply New Zealand Limited
You will find the tasks required to be completed in the monitoring and control policy plan document on the following pages. You can identify these by the blue text within the document. There are 10 tasks (numbered 1-10) to be completed for the plan. The plan will also be available under assessment 3 on Moodle for you to complete electronically.E-COMMERCE Monitoring and Control Policy Plan for Simply New Zealand Limited
It is the purpose of this policy plan to establish guidance on how to identify, measure, monitor, and control risks arising from the use of electronic services. It sets forth the expectations of Simply New Zealand management and staff when implementing and operating e commerce systems.
A. Intellectual Capital
Simply New Zealand needs to be aware of the breach of Intellectual Property that can occur when existing employees leave the company to work for other related industries. Examples of loss can include software, ideas, business processes and project work.
1. Illustrate to Simply New Zealand three (3) potential impacts that theft of intellectual property due to employees moving to competitors can cause for an e commerce business. (12 marks)
2. For each of the three (3) potential impacts identified in Q A.1 above, explain one (1) example of how to minimise or negate the potential impact. (12 marks)
B. Analytical Opportunities
Behavioural & Attitudinal Data
3. Identify and evaluate examples of the following three (3) analytical opportunities for Simply New Zealand online store. Include in your discussion the impact for e business.
a. Demographic profiling (4 marks)
b. Spend by category (individual and total) (3 marks)
c. Satisfaction drivers (5 marks)
4. Identify four (4) factors an e commerce CRM (customer relationship management) system can measure to assist in control of an online business. (8 marks)5. Analytical tools are crucial to the success of an online store. However, Simply New Zealand needs to understand how technology for e commerce can measure online store activity. Explain four (4) features for measurement and/ or reporting features that Google Analytics offer. (12 marks)
C. Risk Assessment and Management
Safeguarding customer information – e commerce systems require effective and reliable controls to maintain data integrity, ensure member privacy and protect Simply New Zealand computer and telecommunications systems from unauthorised intrusion, misuse or fraud.
User Authentication – Simply New Zealand will identify the customer before issuing authorisation codes. Once the customer has been identified, Simply New Zealand will assign an access code and password. Each time a customer attempts to access the E commerce system, his/her identity is authenticated. Once the authentication has passed, the customer can access account information or engage in online transactions.
6. Suggest three (3) methods that could authenticate users (customers) of the Simply New Zealand e commerce site to illustrate the robustness of security control for online transactions. (9 marks)
Network and Data Access Controls – Simply New Zealand requires verification and enforcement of a user’s authorised right to access network, application, and data. Simply New Zealand prohibits unauthorised individuals to enter Simply New Zealand operations facilities, retrieve confidential information, or to gain access to Simply New Zealand software applications and operating systems. To enforce access authorisation the following controls are used:
User IDs & Passwords
- Passwords, including regular password updates.
Passwords – If no password is requested, a randomly generated eight-character temporary password is assigned. Customers are prompted and required to change the temporary password to their own selection upon their initial access to the system. Must be a minimum of eight characters in length.
- Use of alphanumeric passwords is encouraged but can be alpha or numeric.
- Users must call to have user passwords and identifications reset.
- Session controls automatically logoff after one hour of non-use.
- Session controls automatically logoff after three failed access attempts.
- The use of unencrypted or clear-test password storage is prohibited.
- User ID and passwords are encrypted during transmission.
7. Identify for Simply New Zealand one (1) example of a weak password and one (1) example of a strong password. (3 marks)
D. Breach of Security
Following the detection of an unauthorised act or user, Simply New Zealand will initiate procedures to respond to the intrusion:
- Management will be notified immediately regarding the cause and scope of the breach.
- The extent of damage or disclosure of information will be determined, including the legal liability Simply New Zealand may incur.
- Proper response activities will be put in place by Simply New Zealand to cover communications with members, law enforcement agencies, regulatory agencies, and the media.
- Only designated individuals will be authorised to communicate with any of the above-detailed entities.
- Malware threats identified and contained for further action.
8. Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software. For e commerce the risk can be at the server level. Identify three (3) potential malware threats and advise Simply New Zealand what damage this software can cause to Simply New Zealand ’ e commerce business. (12 marks)9. Simply New Zealand has given all the new staff access to all areas of the e commerce back end functions, files and the server. Explain two (2) reasons why this poses a significant risk to the business. (5 marks)
10. Another risk for e commerce is excessive ISP outages or poor performance from an ISP. Explain for Simply New Zealand two (2) actions to negate this risk and impacts on the business.