Topologies that are employed to achieve connectivity across

01 the Internet
Protocols and understand the specific purposes served by
02 several Internet protocols

03 Business benefits associated with Internet commerce and be

aware of several Internet business models

04 Risks associated with intranet and Internet electronic

commerce

05 Issues of security, assurance, and trust

pertaining to electronic commerce
Electronic commerce implications for the
06 accounting profession
Electronic commerce involves the electronic processing and
transmission of business data. This include various activities such as:
 electronic buying and selling of
goods and services
 on-line delivery of digital
products
 electronic funds transfer (EFT)
 electronic trading of stocks
 direct consumer marketing
 electronic data interchange
(EDI)
 the Internet revolution
1. Business to Business - Here the companies are
doing business with each other. The online
transactions only involve the manufacturers,
wholesalers, retailers etc.
2. Business to Consumer - Here the company will sell
their goods and/or services directly to the consumer.
The consumer can browse their websites and look at
products, pictures, read reviews.
3. Consumer to Consumer - where the consumers are
in direct contact with each other. No company is
involved. It helps people sell their personal goods and
assets directly to an interested party.
4. Consumer to Business - This is the reverse of B2C,
so the consumer provides a good or some service to
the company.
Examples of E-Commerce Sites
IMPORTANCE OF STUDYING INTERNET COMMERCE
When the Internet Revolution surfaced,
electronic commerce dramatically expanded
and underwent radical changes through time.
However, amidst all its benefits for the many
businesses and their consumers, it also
poses possible threats and unique risks that
should be evaluated properly. The accountant
must be familiar with the technologies and
techniques that underlie electronic commerce.
 The Internet was first
developed for the U.S.
military and became used
widely for academic and
government research.
Through the years of usage,
it evolved into a “worldwide
information highway”. It
grew successfully and
continues to grow daily.
 Internet employs communications
PACKET SWITCHING technologies based on packet
switching.
Figure 12.1 illustrates this technique
whereby:

 Messages are divided into small

packets for transmission.
 Individual packets of the same
message may take different routes
to their destinations.
 Each packet contains address and
sequencing codes so they can be
reassembled into the original
complete message at the at the
receiving end.
VIRTUAL PROTOCOL
NETWORK
A virtual private network (VPN) is a
private network within a public
network. For years, common carriers
have built VPNs, which are private from
the client’s perspective, but physically
share backbone trunks with other users.

VPNs have been built on X.25 and

frame-relay technologies. Today,
Internetbased VPNs are of great interest.
Maintaining security and privacy in this
setting, however, requires encryption
and authentication controls.
 EXTRANETS

These are password-controlled

networks for private users rather
than the general public.

Extranets are used to provide

access between trading partner
internal databases.

Internet sites containing infor-

mation intended for private
consumption frequently use an
extranet configuration.
 The World Wide Web
(Web) is an Internet facility
that links user sites locally
and around the world.

In 1989, Tim Berners-Lee

developed the Web with the
purpose of sharing nuclear
research information over the
Internet.
 The fundamental format for the Web is a
text document called a Web page that has
embedded HyperText Markup Language (HTML)
codes that provide the formatting for the page
as well as hypertext links to other pages.

Web pages are maintained at Web sites,

which are computer servers that support
HyperText Transfer Protocol (HTTP). The
pages are accessed and read via a Web browser
such as Internet Explorer. To access a Web
site, the user enters the Uniform Resource
Locator (URL) address of the target site in the
Web browser.
 E-MAIL ADDRESS

URL IP
ADDRESS ADDRESS
 E-MAIL ADDRESS
The format for an e-mail address is USER NAME@DOMAIN NAME.
There are no spaces between any of the words. A domain name is an
organization’s unique name combined with a top-level domain (TLD) 01
name.

.com commercial
.net network provider .firm a business
.store goods for sale
.org nonprofit organization
.web WWW activities
.edu education and research
.arts culture/entertainment
.gov government .rec recreation/entertainment
.mil military agency .info information service
.int international/intergovern- .nom individual/personal
mental
 URL ADDRESS
The URL is the address that defines the path to a facility or file on the
Web. URLs are typed into the browser to access Web site home pages
and individual Web pages and can be embedded in Web pages to provide
hypertext links to other pages. The general format for a URL is protocol
prefix, domain name, subdirectory name, and document name.
02
EXAMPLE: http://www.cengage.com/accounting/hall

The protocol prefix is http:// and the domain name is www.cengage.com/accounting/hall.

From this homepage, the user can activate hyperlinks to other pages as desired. The
user can go directly to a linked page by providing the complete address and separating
the address components with slashes.
 URL ADDRESS
Subdirectories - These can be several levels deep. To reference them, each
must be separated with a slash. For example, the elements of the following URL
for a hypothetical sporting goods company are described next:

http://www.flyfish.com/equipment/rods/brand_name.html

http:// protocol prefix (most browsers default to HTTP if prefix untyped)

www.flyfish.com/ domain name
equipment/ subdirectory name
rods/ subdirectory name
brand_name.html document name (Web page)
 IP ADDRESS
Every computer node and host attached to the Internet must have a
unique Internet Protocol (IP) address. For a message to be sent, the IP
addresses of both the sending and the recipient nodes must be provided.
Currently, IP addresses are represented by a 32-bit data packet.
03
The general format is four sets of numbers separated by periods. The decomposition of the
code into its component parts varies depending on the class to which it is assigned. Class A,
class B, and class C coding schemes are used for large, medium, and small networks,
respectively. EXAMPLE: 128.180.94.109 translates into:

128.180 Lehigh University

94 Business Department faculty server
109 A faculty member’s office computer (node)
 Protocols are the rules and standards
governing the design of hardware and
software that permit users of networks,
which different vendors have manufactured,
to communicate and share data.

The data communications industry borrowed the term protocol from the diplomatic community.
Diplomatic protocols define the rules by which the representatives of nations communicate
and collaborate during social and official functions.

An analogy may be drawn to data communications. A communications network is a

community of computer users who also must establish and maintain unambiguous lines of
communication. If all network members had homogeneous needs and operated identical
systems, this would not be much of a problem; however, networks are characterized by
heterogeneous systems components..
1. Facilitate the physical connection between
the network devices
2. Synchronize the transfer of data between
physical devices
3. Provide a basis for error checking and
measuring network performance
4. Promote compatibility among network
devices
5. Promote network designs that are flexible,
expandable, and cost-effective
The first networks used several different protocols that
often provided poor interfaces between devices that
actually resulted in incompatibilities. Also, early
protocols were structured and inflexible, thus limiting
network growth by making system changes difficult.

A change in the architecture at a node on the network

could have an unpredictable effect on an unrelated
device at another node. Technical problems such as
these can translate into unrecorded transactions,
destroyed audit trails, and corrupted databases.
 “Seven-Layer Protocol Model”
NODE 1 NODE 2

Layer 7 Application Layer 7 Application

Data
Manipulation
Layer 6 Presentation Layer 6 Presentation
Tasks
Layer 5 Session Layer 5 Session

Data Layer 4 Transport Layer 4 Transport

Communications
Tasks Layer 3 Network Layer 3 Network

Layer 2 Data Link Layer 2 Data Link

HARD HARD
WARE WARE
Layer 1 Physical Layer 1 Physical
 File Transfer Protocol
(FTP)
Transfer Control Protocol/
Internet Protocol (TCP/IP)
Simple Network Mail
Protocol (SNMP)
Hypertext Transfer Protocol
(HTTP)
Secure Sockets Layer (SSL) and
Secure Electronic Transmission
(SET)
Transfer Control Protocol/Internet Protocol (TCP/IP) is the
basic protocol that permits communication between Internet
sites.
It was invented by Vinton Cerf and Bob Kah under contract
from the U.S. Department of Defense to network dissimilar
systems.
This protocol controls how individual packets of data are
formatted, transmitted, and received. This is known as a
reliable protocol because delivery of all the packets to a
destination is guaranteed.
If delivery is interrupted by hardware or software failure, the
packets are automatically retransmitted.
 FILE TRANSFER PROTOCOL (FTP)
This is used to transfer text files, programs,
01 spreadsheets, and databases across the
Internet. TELNET is a terminal emulation
protocol used on TCP/IP-based networks. It
allows users to run program s and review
data from a remote terminal or computer.
MAIL PROTOCOLS
Simple Network Mail Protocol (SNMP) is
02 the most popular protocol for transmitting e-
mail messages. Other e-mail protocols are
Post Office Protocol and Internet
Message Access Protocol.

NETWORK NEWS TRANSFER PROTOCOL

03 It is used to connect to Usenet

groups on the Internet. Usenet
newsreader software supports the
NNTP protocol.
 SECURITY PROTOCOLS
 Secure Sockets Layer (SSL) is a low-level encryption scheme
used to secure transmissions in higher level HTTP format.
 Private Communications Technology (PCT) is a security
04 protocol that provides secure transactions over the Web.
 Secure Electronic Transmission (SET) is an encryption scheme
developed by a consortium of technology firms and banks
(Netscape, Microsoft, IBM, Visa, MasterCard, and so on) to
secure credit card transactions.
 Privacy Enhanced Mail (PEM) is a standard for secure e-mail
on the Internet. It supports encryption, digital signatures, and
digital certificates as well as both private and public key
methods.
HyperText Transport Protocol (HTTP) controls Web
browsers that access the Web. When the user clicks on a
link to a Web page, a connection is established and the
Web page is displayed, then the connection is broken.

HyperText Transport Protocol–Next Generation (HTTP-

NG) is an enhanced version of the HTTP protocol that
maintains the simplicity of HTTP while adding important
features such as security and authentication.
HyperText Markup Language (HTML) is the document format
used to produce Web pages. HTML defines the page layout,
fonts, and graphic elements as well as hypertext links to
other documents on the Web.
HTML is used to lay out information for display in an
appealing manner such as one sees in magazines and
newspapers.
Even more pertinent is HTML’s support for hypertext links in
text and graphics that enable the reader to virtually jump to
another document located anywhere on the WorldWide Web.
XML is a meta-language for describing markup
languages.
Extensible means that any markup language can be
created using XML.
• includes the creation of markup languages capable of
storing data in relational form, where tags (formatting
commands) are mapped to data values
• can be used to model the data structure of an
organization’s internal database
XBRL is an XML-based language for standardizing methods
for preparing, publishing, and exchanging financial information,
e.g., financial statements.
XBRL taxonomies are classification schemes.
Advantages:
• Business offer expanded financial information to all
interested parties virtually instantaneously.
• Companies that use XBRL database technology can further
speed the process of reporting.
• Consumers import XBRL documents into internal databases
and analysis tools to greatly facilitate their decision-making
processes.
 Access to a worldwide
01
customer and/or supplier base

02 Reductions in inventory
investment and carrying costs
Rapid creation of business partnerships to
03 fill emerging market niches
Reductions in retail prices through lower
04 marketing costs

05 Reductions in procurement costs and

better customer service
INFORMATION LEVEL

TRANSACTION LEVEL

DISTRIBUTION LEVEL
1st

At the information level of activity, an organization uses the Internet to

display information about the company, its products, services, and business policies.
This level involves little more than creating a Web site, and it is the first step taken
by most firms entering the Internet marketplace. When customers access the Web
site, they generally first visit the home page.

To be successful at this level, the organization must ensure that:

(1)information displayed on the Web site is current, complete, and accurate;
(2) customers can find the site and successfully navigate through it.
(3) an adequate hardware and software infrastructure exists to facilitate quick
access during high-usage periods; and
(4) only authorized users access information on the site.
2nd

Organizations involved at the transaction level use the Internet to accept orders from
customers and/or to place them with their suppliers. This involves engaging in business
activities with total strangers from remote parts of the world. These may be customers,
suppliers, or potential trading partners. Many of the risks that are discussed later in the
chapter relate to this (and to the next) level of electronic commerce.

Success in this domain involves creating an environment of trust by resolving the key
concerns listed here:
• Ensure that data used in the transaction are protected from misuse.
• Verify the accuracy and integrity of business processes used by the potential customer,
partner, or supplier.
• Verify the identity and physical existence of the potential customer, partner, or supplier.
• Establish the reputation of the potential customer, partner, or supplier.
3rd

• Organizations operating on the distribution level use the Internet to sell

and deliver digital products to customers.

• These include subscriptions to online news services, software products

and upgrades, and music and video products.

• In addition to all the concerns identified at the transaction level, firms

involved in this aspect of electronic commerce are concer-ned that
products are delivered successfully and only to legiti-mate customers.
Perhaps the greatest potential benefit to be
derived from electronic commerce is the
firm’s ability to forge dynamic business
alliances with other organizations to fill
unique market niches as opportunities
arise.

These may be long-lasting partnerships or

one-time ventures. Electronic partnering of
business enterprises forms a dynamic
virtual organization that benefits all parties
involved
Figure 12-2 illustrates the
partnering relations hip
possible in a virtual
organization.
• Data Security: are stored and transmitted data
adequately protected?

• Business Policies: are policies publicly stated

and consistently followed?

• Privacy: how confidential are customer and

trading partner data?

• Business Process Integrity: how accurately,

completely, and consistently does the company
processes its transactions?
• Reliance on electronic commerce poses
concern about unauthorized access to
confidential information. As LANs become the
platform for mission-critical applications and
data, proprietary information, customer
data, and financial records are at risk.
Organizations connected to their customers
and business partners via the Internet are
particularlynexposed.

• Business risk is the possibility of loss or injury

that can reduce or eliminate an organization’s
ability to achieve its objectives.
 INTRANET RISKS
• Interception of network messages
sniffing: interception of user IDs, passwords,
confidential e-mails, and financial data files
• Access to corporate databases
connections to central databases increase the risk that
data will be accessible by employees
• Privileged employees
override privileges may allow unauthorized access to
mission-critical data
• Reluctance to prosecute
fear of negative publicity leads to such reluctance but
encourages criminal behavior
 INTERNET RISKS
• RISKS TO CONSUMERS
As more and more people connect to
the Web, Internet fraud increases.
Because of this, many consumers view
the Internet as an unsafe place to do
business. In particular, they worry about
the security of credit card information left
on Web sites and the confidentiality of
their transactions.
THEFT OF CREDIT CARD NUMBERS
The perception that the Internet is not secure for credit card
purchases is considered to be the biggest barrier to electronic
commerce. Some Internet companies are negligent or even
fraudulent in the way they collect, use, and store credit card
information. Another fraud scheme involves establishing a
fraudulent business operation that captures credit card
information.

THEFT OF PASSWORDS
One form of Internet fraud involves establishing a Web site to
steal a visitor’s password. To access the Web page, the visitor is
asked to register and provide an e-mail address and password,
the cyber criminal uses the captured password to break into the
victim’s accounts.
CONSUMER PRIVACY
Concerns about the lack of privacy discourage consumers from
engaging in Internet commerce. One poll revealed that:
Almost two-thirds of non-Internet users would start using the
Internet if they could be assured that their
personal information was protected.
Privacy is the number one reason that individuals are
avoiding Internet commerce.

Cookies are files containing user information that are created by

the Web server of the site being visited. The cookies are then
stored on the visitor’s computer hard drive. They contain the
URLs of visited sites. The privacy controversy over cookies
relates to what information is captured and how it is used.
COOKIES AND CONSUMER SECURITY
Another concern over the use of cookies relates to security.
Cookies are text (.txt) files that can be read with any text editor.
Some Web sites may store user passwords in cookies. If the
passwords are not encrypted (discussed later) before being
stored, anyone with access to the computer can retrieve the
cookies and the passwords.

A related form of risk comes from criminal or malicious Web

sites. As the user browses the site, a JavaScript program may be
uploaded to the user’s computer. The program secretly scans the
hard drive for the cookies file and copies it to the Web site, where
it is reviewed for passwords and other personal data.
IP Spoofing
Malicious
Programs
• Worms
Denial of
Service Attacks • Logic Bombs
• SYN Flood Attack
• Trojan Horses
• Smurf Attack
• Distributed Denial of
Service Attacks
Masquerading
a form of masquerading to gain unauthorized
access to a Web server and/or to perpetrate
an unlawful act without revealing one’s
identity

Modification of IP Address
a perpetrator modifies the IP address of the
originating computer to disguise his or her
identity

Disguise
may be used to make a message appear
to be coming from a trusted or authorized
source and thus slip through control
systems designed to accept transmissions
from certain (trusted) host computers and
block out others
 IP Spoofing
A hacker may spoof a manufacturing firm
with a false sales order that appears to
come from a legitimate customer. If the
spoof goes undetected, the manufacturer
will incur the costs of producing and
delivering a product that was never ordered.
Not Sending the Final Ackowledgement
The connecting server sends an initiation
code called a SYN (SYNchronize) packet to
the receiving server.

The receiving server then acknowledges the

request by returning a SYNchronize–
ACKnowledge (SYN-ACK) packet.

Finally, the initiating host machine responds

with an ACK packet code.

The SYN flood attack is accomplished by not

sending the final acknowledgment to the
server’s SYN-ACK response, which causes
the server to keep signaling for
acknowledgement until the server times out.
 SYN Flood Attack
A hacker can clog the ports of the
receiver’s server with incomplete
communication requests that prevent
legitimate transactions from being
received and processed. Thus, it may
take days before sales order are
received, delaying production and
affecting customer satisfaction.
Utilizing IP spoofing to overload victim of echo
reply
The perpetrator sends ping which also sends
to the host computer and listening for a
response message. A functioning and
available host must return an echo reply
message that contains the exact data
received in the echo request message packet.
The perpetrator uses forged IP address of the
victim’s computer (IP spoofing) rather than
that of the actual source computer.
Consequently, each intermediary node sends
echo responses to the ping message, which
are returned to the victim’s IP address, not
that of the source computer. The resulting
flood echoes can overwhelm the victim’s
computer and cause network congestion that
makes it unusable for legitimate traffic.
 Smurf Attack
Echo replies can overload the
system of the victim; thus slowing
its information processing. This
can affect everything from filling of
sales order, payroll processing,
and creation of accounting reports.
How does DDoS work?
A DDoS attack requires an attacker to gain
control of a network of online machines in
order to carry out an attack. Computers and
other machines (such as IoT devices) are
infected with malware, turning each one into
a bot (or zombie). The attacker then has
remote control over the group of bots, which is
called a botnet.
The attacker is able to direct the machines by
sending updated instructions to each bot via a
method of remote control. When the IP
address of a victim is targeted by the botnet,
each bot will respond by sending requests to
the target, potentially causing the targeted
server or network to overflow capacity,
resulting in a denial-of-service to normal
traffic.
 DDoS Attack
Financial institutions can be extorted as
they are threatened to be attacked
through DDoS. Legitimate customers
also have the risk to be unable to
access their online accounts and the
institution to be unable to process
many financial transactions.
Worms
a type of malware that spreads copies of itself
from computer to computer, can replicate itself
without any human interaction, and it does not
need to attach itself to a software program in
order to cause damage

Logic Bombs
a sinister piece of code that is secretly
inserted into a computer network, operating
system, or a software application

Trojan Horses
type of malicious code or software that
looks legitimate but can take control of
your computer
 Malicious Programs
These disrupts IT and computer
processes and in extreme cases
can delete, steal or hold to ransom
valuable business data such as
accounting records and secret
product formula and processes.
Encryption Digital
Authentication

Firewalls Seals of
Assurance

the conversion of data into a
secret code for storage in
databases and transmission
over networks
The key is a mathematical
value that the sender
selects.
The sender uses an encryption algorithm
to convert the original message (called
cleartext) into a coded equivalent (called
ciphertext). At the receiving end, the
ciphertext is decoded (decrypted) back
into cleartext.
The algorithm is the procedure of shifting
each letter in the cleartext message the
number of positions that the key value
indicates
To encode a message, the sender provides the
encryption algorithm with the key, which
produces the ciphertext message. This is
transmitted to the receiver’s location, where it is
decoded using the same key to produce a
cleartext message.

Also known as Rijndael, it is a

private key (or symmetric key) Private Key
encryption technique. The U.S. E n c r y p t i o n
government has adopted it as an
encryption standard. T e c h n i q u e
 PUBLIC KEY
ENCRYPTION
This approach uses two different
keys: one for encoding messages and
the other for decoding them. The
recipient has a private key used for
decoding that is kept secret.

The encoding key is public and

published for everyone to use.
One of the most trusted public key
encryption methods is Rivest-Shamir-
Adleman (RSA). This method is,
however, computationally intensive
and much slower than private key
encryption.
 Digital Certificate
is like an electronic identificatio
n card that is used in conjunctio
n with a public key encryption s
ystem to verify the authenticity
of the message sender
Digital Signature
an electronic authentication tech
nique that ensures the transmitt
ed message originated with the
authorized sender and that it wa
s not tampered with after the sig
nature was applied

/FACEBOOK
You can simply impress your
audience and add a unique zing
and appeal to your Presentations.
A PKI system consists of:
1.A certification authority that issues and revokes
digital certificates.
2. A registration authority that verifies the identity of
certificate applicants. The process varies
depending on the level of certification desired. It
involves establishing one’s identity with formal
documents such as a driver’s license, notarization,
fingerprints, and proving one’s ownership of the
public key.
3. A certification repository, which is a publicly
@TWITTER
accessible database that contains current
You can simply impress your
audience and add a unique zing information about current certificates and a
and appeal to your Presentations. certification revocation list of certificates that have
been revoked and the reasons for revocation.
 A firewall is a system
used to insulate an
01
organization’s intranet It can be used to authenticate an
from the Internet. outside user of the network, verify his
02 or her level of access authority, and
then direct the user to the program,
data, or service requested

Firewalls can also be

used to protect LANs
03 from unauthorized A common configuration
employs two firewalls: a
internal access. 04 network-level firewall and
an application-level firewall.
 Network-Level Application-Level
Firewall Firewall
provides high-level
provides basic screening network security; these
of low-security messages firewalls are configured
(for example, e-mail) and to run security
routes them to their applications called
destinations based on the proxies that perform
source and destination sophisticated functions
addresses attached such as verifying user
authentication
 AICPA/CICA
SysTrust
AICPA/CICA
International
WebTrust
Computer
Verisign, Security
Inc. Association
TRUSTe
Better Business
Bureau
 seals offered by trusted third-party
organization that businesses can
display on their Web site home pages to
show that they comply with certain
business practices, capabilities, and
controls
Are multiple-function seals better than single
function seals?
NOT NECESSARILY.
In a study conducted by Hu et al. (2010)
entitled ―The effects of Web assurance seals on
consumers' initial trust in an online vendor: A
functional perspective,‖ it has been found out
that the effect of a seal with different
function on enhancing consumers’ initial
online trust is weakened by the presence of
the other.

ONE IS ENOUGH.
It can be inferred in this study that sticking
with a single seal of assurance is enough
or sometimes actually better than availing
all types of seal of assurance.
 Better Business Bureau
a nonprofit organization that has been
promoting ethical business practices
through self-regulation since 1912
has extended its mission to the
Internet through a wholly owned
subsidiary called BBBOnline, Inc
BBBOnline relates primarily to concern
Qualifications about business policies, ethical advertising,
and consumer privacy
1. Become a member of the BBB.
2. Provide information about the company’s
ownership, management, address, and phone
number. This is verified by a physical visit to the
company’s premises. BBOnline does not verify controls over
3. Be in business for at least 1 year. transaction processing integrity and
4. Promptly respond to customer complaints. data security issues.
5. Agree to binding arbitration for unresolved disputes
with customers
 TRUSTe
Founded in 1996

is a nonprofit organization dedicated to

improving consumer privacy practices
among Internet businesses and Web sites
addresses consumer privacy concerns
exclusively and provides a mechanism for
Qualifications
posting consumer complaints against its
1. Agree to follow TRUSTe privacy policies and members
disclosure standards.
2. Post a privacy statement on the Web site disclosing
the type of information being collected, the purpose If a member organization is found to be out
for collecting information, and with whom it is shared. of compliance with TRUSTe standards, its
3. Promptly respond to customer complaints. Agree to right to display the trust seal may be
site compliance reviews by TRUSTe or an revoked.
independent third party.
 Veri-Sign, Inc.
Veri-Sign, Inc., was established as a for-
profit organization in 1995. It provides
assurance regarding the security of
The organization does not verify security transmitted data.
of stored data or address concerns
related to business policies, business
processes, or privacy. Their products allow customers to
transmit encrypted data and verify the
source and destination of transmissions.
Veri-Sign, Inc., issues three classes of
certificates to individuals, businesses, and
organizations. To qualify for class three
certification, the individual, business, or Its mission is to provide digital certificate
organization must provide a third-party solutions that enable trusted commerce and
confirmation of name, address, telephone communications.
number, and Web site domain name.
 International Computer
Security Association

The ICSA established its Web

certification program in 1996.

ICSA certification addresses data

security and privacy concerns.
It does not deal with concerns about
business policy and business processes.

Organizations that qualify to display

the ICSA seal have undergone an
extensive review of firewall security Organizations must be recertified
from outside hackers annually and undergo at least two
surprise checks each year.
 AICPA/CICA WebTrust

The AICPA and CICA established

the WebTrust.

The seal must be renewed every

90 days.
The examination focuses on the areas of
business practices (policies), transaction
integrity (business process), and information
protection (data security).
To display the AICPA/CICA WebTrust seal, the
organization undergoes an examination
according to the AICPA’s Standards for It was established in 1997.
Attestation Engagements, No. 1, by a specially
Web-certified CPA or CA.
 AICPA/CICA SysTrust
As part of the outsourcing contract,
Virtual requires the servicing
organizations to produce a clean
SysTrust report every 3 months.
The potential users of SysTrust are
trading partners, creditors,
shareholders, and others who rely on
the integrity and capability of the
system.
In July 1999, the AICPA/CICA
introduced an exposure draft
describing a new assurance service
called SysTrust.
It is designed to increase management,
customer, and trading partner confidence in
systems that support entire businesses or
specific processes.
The assurance service involves the public
accountant evaluating the system’s reliability against
four essential criteria: availability, security, integrity,
and maintainability.
 PRIVACY CONTINUOUS ELECTRONIC CONFIDENTIALITY OF
VIOLATION AUDITING AUDIT TRAILS DATA

1 2 3 4

CHANGING LEGAL ACCESS DATA

ENVIRONMENT CONTROLS INTEGRITY NONREPUDIATION AUTHENTICATION

9 8 7 6 5
 Local Area Networks Wide Area Networks
LANs are often confined to a single room in
When networks exceed the geographic
a building, or they may link several
limitations of the LAN, they are called WANs.
buildings within a close geographic area.
The WAN may be used to link geographically
However, a LAN can cover distances of
dispersed segments of a single organization
several miles and connect hundreds of
or connect multiple organizations in a trading
users. The computers connected to a LAN
partner arrangement.
are called nodes.

Network Interface Card

The physical connection of workstations to the
LAN is achieved through a network interface card
(NIC), which fits into one of the expansion slots in
the microcomputer. This device provides the
electronic circuitry needed for internode
communications. The NIC works with the network
control program to send and receive messages,
programs, and files across the network.
Servers
LAN nodes often share common resources
such as programs, data, and printers, which
are managed through special-purpose
computers called servers. When the server
receives requests for resources, the requests
are placed in a queue and are processed in
sequence.
• A network of computers with a large central
computer (the host) at the hub that has direct
connections to a periphery of smaller computers
• Often used for a WAN, in which the central
computer is a mainframe
• A common model is to partition local data to the
nodes and centralize the common data
• Primary communication will be between the central
site and the nodes.
• Sales are processed in real time at the POS
terminals. Local processing includes obtaining
credit approval, updating the customer’s available
credit, updating the inventory records, and
recording the transaction in the transaction file
(journal). At the end of the business day, the nodes
transmit sales and inventory information to the
central site in batches. The central site updates the
control accounts, prepares customer bills, and
determines inventory replenishment for the entire
region.
• system is arranged in top down structure
that is the top system is a parent nodes or
root node and below the root nodes next
level is called as child nodes and son on its
look like a tree structure.
• if parent nodes fail will affect complete
topology, complete network will be crashes.
• host computer is connected to several levels of
subordinate smaller computers in a master-
slave relationship.
• applicable to firms with many organizational
levels that must be controlled from a central
location.
• example, consider a manufacturing firm with
remote plants, warehouses, and sales offices
• In this topology every node is connected to
other nodes and the last nodes connected
to the first nodes which make a completed
ring type structure.
• Ring network works on token. A token is
electronic address of the receiver and it
contain short message.
• It eliminates the central site.
• All nodes in this configuration are of equal
status (peers).
• Responsibility for managing communications is
distributed among the nodes.
• Common resources that are shared by all
nodes can be centralized and managed by a file
server that is also a node.
• each node (may be computer or any
network device) is connected with
single cable.
• only in one direction data is transfer.
• It is used in small networks.
• The complete network will fail if cable
fail.
• the nodes are all connected to a
common cable—the bus.
• one or more servers centrally control
communications and file transfers
between workstations.
• is simple, reliable, and generally less
costly to install than the ring topology.
• It distributes the processing between the user’s
(client’s) computer and the central file server.
• Both types of computers are part of the network, but
each is assigned functions that it best performs.
• approach reduces data communications traffic, thus
reducing queues and increasing response time.
• The client-server approach can be applied to any
topology (for example, ring, star, or bus).
Establish a communications session
between the sender and the receiver.

Manage the flow of data across the

network.

Detect and resolve data collisions

between competing nodes.

Detect errors in data that line failure or

signal degeneration cause.
 POLLING
One site, designated
the master, polls the other slave
sites to determine if they have
data to transmit.

CARRIER SENSING
TOKEN PASSING A random access technique that
It involves transmitting a special detects collisions when they
signal—the token—around the occur
network from node to node
in a specific sequence.
• Polling is the most popular

DATA COLLITION
technique for establishing
a communication session
in WANs.
• If a slave responds in the
affirmative, the master site
locks the network while
the data are transmitted.
• Allows priorities to be set
for data communications
across the network.
• polling is noncontentious.
• Important nodes can be
polled more often than
less important nodes.

POLLING
• Each node on the

DATA COLLITION
network receives the
token, regenerates it,
and passes it to the next
node.
• Only the node
possessing the token is
allowed to transmit data.
• can be used with either
ring or bus topologies
• major advantage is its
deterministic access
method, which avoids
data collisions

TOKEN PASSING
• This technique, which is formally labeled carrier-sensed multiple

DATA COLLITION
access with collision detection (CSMA/CD), is used with the bus
topology.
• Collisions can occur when two or more nodes, unaware of each
other’s intent to transmit, do so simultaneously when they
independently perceive the line to be clear.
• This technique is widely used--found on Ethernets.

ADVANTAGES OF ETHERNETS
(1) the technology, being relatively
simple, is well suited to the less costly twisted-pair cabling, whereas
token ring works best with more
expensive coaxial cable;
(2) the network interface cards Ethernet uses are much less
expensive than those
used in the token ring topology; and
(3) Ethernet uses a bus topology, which is easier to expand.

CARRIER SENSING
Union Pacific (2016)
Electronic Data Interchange (EDI) is the
electronic interchange of business information
using a standardized format. It is a process
which allows one company to send information
to another company electronically rather than
with paper.

Many business documents can be exchanged using

EDI, but the two most common are purchase orders
and invoices. At a minimum, EDI replaces the mail
preparation and handling associated with traditional
business communication. However, the real power of
EDI is that it standardizes the information
communicated in business documents, which makes
possible a "paperless" exchange.
 FIRST
EDI is an interorganization
endeavor. A firm does not

SECOND
transaction
engage in EDI on its own.

information
transmitted in a standardized
is
EDI
format. Therefore, firms with
different internal systems can
exchange information and do
business.

THIRD
the information systems of the trading partners The intercompany
automatically process the transaction. In a
pure EDI environment, there are no human
exchange of computer-
intermediaries to approve or authorize processible business
transactions. Authorizations, mutual information in standard
obligations, and business practices that apply format.
to transactions are all specified in advance
under the trading partner agreement.
 Data keying.
01 EDI reduces or even eliminates the need for data entry.

Error reduction
02 Firms using EDI see reductions in data keying errors, human
interpretation and classification errors, and filing errors.

Reduction of paper & Postage.

03 The use of electronic envelopes and mailed documents are
replaced with much cheaper data transmissions.

Automated procedures
04 EDI automates manual activities associated with purchasing,
sales order processing, cash disbursements, and cash receipts.

Inventory reduction
01
05
01 By ordering directly as needed from vendors, EDI reduces the
lag time that promotes inventory accumulation.

Physical Layer
defines standards for the
physical interconnection of
devices to the electronic
circuit. Concerned with pin
connections to devices, the
wiring of workstations, and
cabling standards.
Transport Layer
to ensure delivery of the entire
file or message across
individual networks and
multiple networks, regardless
of the number and type of Session Layer
dissimilar devices involved. specific connection between
two users or entities on the
network. The purpose of this
layer is to guarantee a correct
and synchronized connection.
Data Link Layer
concerned with the
transmission of packets Network Layer
of data from node to deal with the routing and
node based on the relaying of data to different
workstation address. LANs and WANs based
on the network address.
They specify how to identify
nodes on a network and
regulate the sequencing of
messages to the nodes.
Presentation Layer
data in transit are often in a
format that is very different
from what the user’s
application requires. It provide
the rules for editing, formatting,
converting, and displaying data
to the user’s system.
Application Layer
provides the overall environment for
the user or the user’s application to
access the network. These services—
common to all communicating
applications—include protocols for
network management, file transfer, and
e-mail.
WE HOPE THAT YOU’VE LEARNED A LOT!