Professional Documents
Culture Documents
Recap Session
Arup K Das
Doctorate, Information Management, MDI Gurugram
Head of Security & Compliance, Ericsson India Digital Services
Guest Faculty, FMS, University of Delhi
Guest Faculty, MDI, Gurugram
2
Recap
3
What is E-Business
▪ Electronic business (e-business) can be defined as the use of
the internet to network and empower business processes,
electronic commerce, organizational communication and
collaboration within a company and with its customers,
suppliers, and other stakeholders.
▪ E-businesses utilize the internet, intranets, extranets and
other networks to support their commercial processes.
▪ E-Business is the replacement of ineffective existing methods
of information flow in the supply and value chains of an
organization
▪ E-Business liberates resources like manpower, materials,
money and time, which can then be redistributed for more
value-added tasks, to bring incremental revenue and profits to
customers and suppliers.
4
What is E-Commerce
▪ E-Commerce refers to electronic transactions between a
purchasing organization and its suppliers (Buy side of E-
Commerce)
5
Key Differences
E-Business & E-Commerce
7
Types of E-Business
▪ B2G (Business to Government)
✓ B2G is the online exchange of information and transactions between
businesses and government agencies, also known as e-government.
✓ B2G allows government agencies and businesses to use electronic means to
conduct business and interact with each other over the internet.
✓ E.g. Infosys offering electronic tax filing services to Govt. of India
8
Traditional E-Commerce Setup
E-Commerce setup on Cloud Computing
What is EDI?
Traditional Manual Process
11
Ten Online Business Laws
1. Taxes
▪ First, know that every state and country has different expectations and standards when it comes to
taxes.. That means, you have to conduct some research and understand your target market.
▪ For instance, if your store’s demographic is located in the U.S., you’ll likely want to display your
prices exclusive of tax. However, if your target market is Australia, where shoppers are accustomed
to seeing all-inclusive prices, you’ll want to include tax.
2. Payment Gateway
▪ There are many payment gateways available for E-Commerce
▪ Need to align with the payment gateway, that’s most applicable for your business
12
Ten Online Business Laws
4. Shipping Restrictions
▪ You need to know your shipping restrictions. E.g. Not all shippers restrict the same items
▪ Most shipping companies clearly specify their restricted items
▪ Also, it may be noted that some providers may allow you to ship usually restricted items but will
require some extra paperwork and fees.
5. Inventory
▪ You may start storing the clothing for your online boutique in a spare closet or packing your
handmade jewelry in too many storage boxes in your home
▪ However, if you’ll be holding substantial inventory, you should also check your lease deed, or
zoning codes to see if there are any prohibitions on running a business like the one, you’re
contemplating out of your home
▪ You could benefit from having a brick-and-mortar location or warehouse in the early stages of
your business.
▪ Having a clear and organized inventory management strategy in advance will help you create a
scalable business plan for the future
13
Ten Online Business Laws
6. Age Restriction
▪ Anytime you launch a website, it’s absolutely required that it comply with the Children’s Online
Privacy Protection Act (COPPA)
▪ This act includes quite a few regulations, but the one that will likely apply to your site is the
inability to collect any personal information from a child under the age of 13
▪ If you’re planning on selling a product or service tailored specifically to a young audience, you’ll
need to abide by COPPA regulations
▪ As far as age verification requirements for ecommerce stores selling age-restricted items, you
should look into your country’s specific codes
7. Business Insurance
▪ There are multiple types of insurance for small businesses, including general liability, product
liability, professional liability, commercial liability, and home-based insurance
▪ During your vetting process, it’s a good idea to at least take a look at product liability insurance.
It’s intended for companies that manufacture, wholesale, distribute, and retail a product and may
be liable for its safety
14
Ten Online Business Laws
8. License & Permits
▪ Depending on which product you decide to offer, you may need a license to sell it.
▪ This varies based on the country in which you’re located, so contact your local licensing
department.
▪ If you’re selling special products to a regulated industry (e.g., medical devices or holistic health
care supplements), you’ll need to check with your state to see if you need to be licensed to
provide those kinds of products or service
9. PCI Compliance
▪ PCI compliance is a necessary protection for online sellers, and nearly all SaaS E-Commerce
platforms have it baked into some degree
▪ Educating your business on PCI compliance is the first step to making sure you’re protected
15
E-Payment System – How it works?
1. After the buyer puts in all the required information and
pushes the button to finalize the purchase, the data is
sent to a seller’s web server through an SSL connection.
16
E-Commerce Payment Systems
A Comparison
PayPal Amazon Pay Stripe 2CheckOut Authorize.net
Payment PayPal, Apple Pay, Amazon Pay AliPay, Apple Pay, PayPal, ACH, PayPal, Apple
Methods Android Pay, Venmo, Android Pay, WebMoney, Pay, E-check,
Bitcoin Bitcoin, WeChat, Payoneer, Visa Checkout
ACH, EPS WeChat, Wire
Credit/Debit Visa, MasterCard, Visa, MasterCard, Visa, MasterCard, Visa, MasterCard,
Card Support Visa, MasterCard, American Express, JCB, American Express, American American
American Express, Diner's, NYCE, STAR, AMEX Express, JCB, Express, JCB,
JCB, AMEX, Diners China Union, EuroCard Discover Discover
Club
Setup Fee No No No No $49
Transaction Fee 2.9% + $0.30 2.9% + $0.30 2.9% + $0.30, 3.5% + 0.35% 2.9% + $0.30
ACH/Bitcoin
Processing 0.8%
Features AVS, SSL, CCV, Virtual AVS, SSL, CCV AVS, SSL, CCV, AVS, SSL, CCV AVS, SSL, CCV,
Terminal Virtual Terminal Virtual Terminal
17
B2B E-Commerce Models
▪ Buyer-Orientated Marketplace: In this market place, few buyers face
many suppliers
▪ Supplier-Oriented Marketplace: In this market place, many buyers
face few suppliers
▪ Intermediary-Oriented Marketplace: Here, many buyers face many
suppliers.
▪ Other important B2B models, that may also be considered, are as
follows:
✓ Virtual Corporation
✓ Networking between the headquarters and subsidiaries
✓ Online services to business
SDLC: Software Development Life Cycle
19
Agile Delivery – Development Sprints
Customer Peer/Arch App System Solution
Approvals Review Validation Validation Validation
Customer
20
DEVOPS
DevOps – enables uninterrupted delivery flow
removing any impends in a process, empowering People
people using underlined technology Cultural change
Collaboration between teams
Cross functional teams
Knowledge sharing
People Process
DevOps migration playbook
DevOps Maturity scale
Agile development and deployment
methodologies
Process
Technology
DevOps reference architecture
Technology trends and innovations
Evangelize DevOps culture thru
technology and tools
Technology
21
DEVOPS - Solution Overview
DEVOPS SOLUTION
Development
Operations
Application Lifecycle Release Lifecycle Management
Management
Business
Analysts
Monitorin Alarming
LCM Blogs-Chat Reports RM EM Reports
g
Testing
Dev
SCM Workflows Jobs Notifications Reports
Environments
Integration
Version control, traceability
Intg
BUILD Repositories
PM/RM UAT
22
DEVOPS – CI/CD (Continuous Integration /
Continuous Deployment) Platform
Release Manager Compound Packages KPIs
AO Clone
Jenkins Trigger Build Process
APP 1
AO Cluster
Static RPM Clone
Auto
Package Ready
Code Build Deploy
?
Analysis APP 1
Create
Clone
APP 2
Build
Artifacts
Merge N Y
Rejected Request
CI
Pass Clone
GitLab
? 23
Merge
Approved
Intoducing ERP
24
CRM Components
▪ CRM Marketing - CRM tools with marketing automation capabilities can
automate repetitive tasks to enhance marketing efforts at different points in
the lifecycle for lead generation. E.g., as sales prospects come into the
system, it might automatically send email marketing content, with the goal
of turning a sales lead into a full-fledged customer.
▪ CRM Sales - Sales force automation tools track customer interactions and
automate certain business functions of the sales cycle that are necessary to
follow leads, obtain new customers and build customer loyalty.
▪ CRM Support - Designed to reduce tedious aspects of a contact center
agent's job, contact center automation might include prerecorded audio that
assists in customer problem-solving and information dissemination. Various
software tools that integrate with the agent's desktop tools can handle
customer requests in order to cut down on the length of calls and to simplify
customer service processes. Automated contact center tools, such
as chatbots, can improve customer user experiences.
25
CRM Components
▪ Geolocation technology, or location-based services –
❑ Some CRM systems include technology that can create geographic marketing
campaigns based on customers' physical locations, sometimes integrating with
popular location-based GPS (global positioning system) apps.
❑ Geolocation technology can also be used as a networking or contact management
tool in order to find sales prospects based on a location.
26
CRM Technologies
Cloud based CRM
▪ CRM that uses cloud computing, also known as SaaS (software as a service) or on-demand
CRM, data is stored on an external, remote network that employees can access anytime,
anywhere there is an internet connection, sometimes with a third-party service provider
overseeing installation and maintenance.
▪ The cloud's quick, relatively easy deployment capabilities appeal to companies with limited
technological expertise or resources.
▪ Data Security is a primary concern for companies using cloud-based systems, as the
company doesn't physically control the storage and maintenance of its data. If the cloud
provider goes out of business or is acquired by another company, an enterprise's data can
be compromised or lost. Compatibility issues can also arise when data is initially migrated
from a company's internal system to the cloud.
▪ Companies might consider cloud CRM as a more cost-effective option. Vendors typically
charge the user on a subscription basis and offer the option of monthly or yearly
payments.
27
CRM Technologies
On-Premise CRM
▪ This system puts the onus of administration, control, security and maintenance of the
database and information on the company using the CRM software.
▪ With this approach, the company purchases licenses upfront, instead of buying yearly
subscriptions from a cloud CRM provider. The software resides on the company's own
servers and the user assumes the cost of any upgrades.
▪ It also usually requires a prolonged installation process to fully integrate a company's data.
Companies with complex CRM needs might benefit from an on-premises deployment.
▪ Many cloud-based providers, such as Salesforce and WorkWise, also offer on-premises
versions of their CRM software.
28
CRM Technologies
Open-Source CRM
▪ An open-source CRM system makes source code available to the public,
enabling companies to make alterations at no cost to the company employing
the system.
▪ Open-source CRM systems also enable the addition and customization of data
links on social media channels, assisting companies looking to improve social
CRM practices.
29
CRM Technologies
Social CRM
▪ Social media in CRM involves businesses engaging with customers directly through social media platforms,
such as Facebook, Twitter and LinkedIn. Social media presents an open forum for customers to share
experiences with a brand, whether they are airing grievances or promoting products.
▪ To add value to customer interactions on social media, businesses use various social CRM tools that
monitor social media conversations -- from specific mentions of a brand to the frequency of keywords used
-- to determine their target audience and which platforms they use. Other tools are designed to analyze
social media feedback and address customer queries and issues.
▪ Companies are interested in capturing customer sentiments, such as the likelihood they will recommend
products and their overall customer satisfaction, to develop marketing and service strategies. Companies
try to integrate social CRM data with other customer data obtained from sales or marketing departments
to get a single view of the customer.
▪ Another way in which social CRM adds value for companies and customers is through customer
communities, where customers post reviews of products and can engage with other customers to
troubleshoot issues or research products in real time. Customer communities can provide low-level
customer service for certain kinds of problems and reduce the number of contact center calls. Customer
communities can also provide new product ideas or feedback that companies can use.
30
CRM Technologies
Mobile CRM
▪ CRM applications built for smartphones and tablets have become a must-have
for sales representatives and marketing professionals who want to access
customer information and perform tasks when they are not physically in their
offices.
▪ Mobile CRM apps take advantage of features that are unique to mobile devices,
such as GPS and voice recognition capabilities, to give sales and marketing
employees access to customer information from anywhere.
31
Account Management
32
Billing Management
▪ Billing Platform enables enterprises to launch and monetize any combination
of subscription, usage-based, hybrid or dynamic billing models.
▪ With automated billing management, one can maximize recurring revenue
and improve the customer experiences.
▪ Billing Management consists of the following:
❑ Subscription Management
❑ Usage-based Billing
❑ Hybrid Billing
❑ Dynamic Billing
❑ Invoicing
❑ Taxation
33
Usage-based Billing
▪ Billing Platform lets you move beyond
simple subscription-based billing to
monetize products with sophisticated
usage and rating.
▪ This flexibility enables one to deploy
creative pricing models and charge
based on customer usage.
▪ Quickly deploy tailored, consumption-
based pricing for your customers and
give them the flexibility to pay for
what they use.
34
Hybrid-based Billing
▪ If you offer a combination of
subscription and usage-based products
and services, then go for hybrid billing.
▪ Hybrid billing gives enterprises the
opportunity to differentiate themselves
from the competition while giving
customers an experience tailored to
their unique needs.
▪ Only Billing Platform provides the
ability to manage hybrid pricing
models that include any combination
of one-time charges, usage-based,
tiered, subscription, overages,
minimum commitments and more, all
in a single platform.
35
Dynamic Billing
▪ Billing Platform gives enterprises the
tools to flexibly monetize unique
products and services.
▪ Easily apply mathematical functions,
logical operators or configure to close
and send separate invoices based on
specific events or actions in real time
to get the most revenue from your
products.
▪ If you deliver products or services
where demand and willingness to pay
can change daily, dynamic pricing from
Billing Platform will bring greater
revenues and gross profits to grow
your bottom line.
36
Invoicing and Taxation
▪ Invoicing
❑ Increases first time billing accuracy with automated invoice processing.
❑ Easily view your invoices by geography, subsidiary, customer, or industry using Billing
Platform’s agile architecture without any custom coding or IT assistance and with
support for complex account hierarchies, invoicing can be easily consolidated or
separated dynamically.
❑ Configurable dynamic invoice templates allow you to design and deliver unique
invoices by business unit, reseller/distributor or geography.
▪ Taxation
❑ Billing Platform helps you increase business agility while maintaining compliance with
tax regulations in all the locations in which you operate.
❑ It enables finance teams to integrate with external tax engines to ensure efficient
assessment of sales tax/VAT/GST or any other tax type to comply with global,
regional, and local tax regulations.
37
Product Catalog
▪ Billing Platform’s product and package
configuration tools help to design and
deploy new offerings and manage
existing offers that can be customized
to industries, target segments, and
regions with multi-currency.
▪ Easily monetize and customize offers
with tools to manage product and
services catalogs, apply discounting
rules, define dependencies, make bulk
changes to rates, and standardize
offerings across each product line for a
smoother, consolidated invoicing
process.
38
Pricing and Rating
▪ Think beyond flat-rate subscription
offerings and deploy metered usage,
hybrid-based or dynamic pricing plans.
▪ All such features can be configured in
a single solution.
▪ Billing Platform automates the most
complex billing and rating scenarios
and provides the tools you need to
modify pricing so that your business
can evolve over time and reflect the
unique way you do business.
39
Packages and Bundles
▪ Billing Platform’s product catalog can
help create packages and bundles with
point and click configuration.
▪ Quickly create new products, manage
existing products and contracts, set
pricing and discounts and schedule
rate changes with configuration tools.
▪ Set dependencies and exclusions to
pinpoint exactly how and what is sold,
saving administrative time and
eliminating costly errors
40
Tracking Order
▪ Tracking and monitoring orders is perhaps the most fundamental aspect of any OMS.
Once an e-commerce brand grows beyond the smallest size, it needs some kind of
system to handle orders. Even the most proficient, on-the-ball worker can’t keep all
order details in their head.
▪ At heart, an OMS is about making life easier for both a brand and its customers. The
correct system can create a more seamless customer experience. It can also make
inventory management, logistics, and more processes far more intuitive.
▪ An order management system becomes even more vital for firms that sell via many
channels. The best OMS will track and record orders through your webstore,
marketplaces, and other platforms. Centralizing and unifying sales in that way can make
a real difference to efficiency and productivity, as well as eliminate errors.
▪ It’s not all about digital channels, either. An OMS will also record, and handle orders
placed over the phone or in-store if you have such a presence. All details of all orders,
therefore, become available in one place. You and your staff can check order statuses,
make relevant changes, or reach out to customers with greater ease
41
Monitor and Manage Inventory
▪ The placement and handling of orders impact many other elements of your business.
Every order placed and fulfilled, for instance, affects your inventory. Getting inventory
management correct is vital for any e-commerce brand.
▪ If you don’t have an accurate measure of your inventory, a range of issues can arise:
❑ Overselling – Accepting orders for products of which you don’t have adequate stock to fulfill. Doing
so leads to canceling those orders and disappointing customers.
❑ Overstocking – Thinking you’re short of a product and over-ordering replacement inventory. This
means you waste valuable warehouse space and could get left with dead stock.
❑ Inaccurate Forecasting – If you don’t have accurate inventory figures, it’s harder to understand
customer demand. You may miss when there’s an uptick in desire for a particular product. That
could see you run out of stock when you might have pre-empted the increased demand.
▪ An order management system will simplify the inventory tracking process. The best
software will update your inventory levels in real-time. That means they change with
every order that’s placed. That’s regardless of the channel by which the purchase gets
made.
42
Encompass Reverse Logistics
▪ All e-commerce businesses know that returns are an inevitability. Approximately 30% of
products bought online get returned. That’s as compared to less than 10% bought in-
store. Handling returned items and dealing with the customers who sent them back is
vital to order management.
▪ With the right OMS, reverse logistics becomes much more straightforward. A top-class
system gives you many options in this regard. You may, for instance, be able to clone
an original order to create a credit instantly. That makes it more straightforward to
manage refunds, replacements or reorders.
▪ An OMS, too, makes it more intuitive to fold reverse logistics into inventory
management. Depending on what’s returned, the system can give you a range of
options. It may write off stock that’s sent back, quarantine it, or add it back to your
inventory on-hand.
43
HRMS Components
▪ Talent Management
❑ Application Tracking System
❑ Employee On-boarding Management
❑ Training Management
❑ Performance Management
44
HRMS Components
▪ Payroll System
❑ Payroll Process
❑ Payroll Design
❑ Payroll Run
▪ HR Experience Management
▪ HR Process Automation
▪ Employee Self Service
▪ HR Analytics
45
Service Oriented Architecture
An ever growing catalog of business services to enable business agility and growth
Reservations:
Check
Avilability()
Service Y
Reservations:
Create
Booking()
Seat Mgmn
Reserve
Seats()
Payment
Process
Payement()
Seat Mgmnt
Issues Tickets()
Avilability()
Reservations:
Create
Booking()
Seat Mgmn
Reserve
Seats()
Payment
Process
Payement()
Seat Mgmnt
Issues Tickets()
Service
Consumers
47
SOA Services
Create & use new service
Project 2 Project 4
UCR UCR UCR UCR UCR UCR
Target
Enterprise
Service Catalogue Service
Catalog
48
Microservice
(E-Commerce Portal)
▪ Breaking E-commerce
portal into small business
units
▪ One successful order
needs to proceed through
all of these modules
within a specific time
frame.
▪ Each of these business
modules should have its
own business logic and
stakeholders.
▪ They may communicate
with other third-party
vendor software for some
specific needs, and also
with each other.
49
Definition of BI
▪ Business intelligence (BI) leverages software and services to
transform data into actionable insights for an organization’s
strategic and tactical business decisions.
▪ BI Tools access and analyze data sets and present analytical
findings in reports, summaries, dashboards, graphs, charts
and maps to provide users with detailed intelligence about the
state of the business.
▪ Business Intelligence often also refers to a range of tools that
provide quick, easy-to-digest access to insights about an
organization's current state, based on available data.
50
BI – Process Flow
The organization and The process involves analytical Results are presented and delivered
transformation of data components, such as dimensional in different human comprehendible
into clean and common analysis, statistical analysis, formats to support decisions. It also
models and formats. business analytics & data mining to includes data exploration & reporting.
extract information and knowledge.
Data Preparation
The collection of raw The refined data will be modeled and Queries can also directly present
data from different stored in a particular data management results to users without intensive
sources by different systems for quality management, easy analysis. This is usually used for
means & in different and fast access and data profiling. data exploration & descriptive
formats reports.
51
BI System Components (at a glance)
52
What is Business Analytics?
53
Classifications
▪ Descriptive Analytics: An interpretation of various historical data,
descriptive analytics helps organizations better understand the
changes that already occurred in business processes.
54
Key Constituents
▪ Data Aggregation - Refers to the gathering, organizing, and
filtering of data before analysis.
▪ Data Mining - Relates to the sorting of massive datasets using
statistics, machine learning, and databases to establish relationships
and identify trends.
▪ Sequence Identification and Association - This component of
business analytics identifies predictable actions performed
collaboratively or sequentially with other actions.
▪ Text Mining - Exploration and management of vast, unstructured
text data for quantitative and qualitative analysis.
▪ Optimization - Engaging simulation techniques for testing various
case scenarios, after the identification of trends and predictions of
possible outcomes.
▪ Data Visualization - Presents a pictorial representation of the data,
in the form of visual elements, such as graphs, charts, and maps.
55
Business Analytics & Data Analytics
56
How big is Big Data?
▪ Twitter users send out ▪ More than 100 million
285,00 tweets New emails are
generated
▪ Facebook processes
almost 350GB of data ▪ 72 hours of new videos
are uploaded into You
Tube
▪ Individuals and
organizations launch 576
new websites ▪ Walmart processes
almost 15000
Transactions
▪ Google processes more
than 2 million search
queries ▪ Sprint processes more
than 300,000 phone calls
57
How big is Big Data?
2.9 Million emails sent 50 Million Tweets per day
every second
24 Petabytes of data
processed per day by 72.9 products ordered on
Google Amazon every second
58
What are the sources of Big Data?
Media Social
Media and communication Digital material created by
outlets (articles, podcasts, social media (text, photos,
audio, video, email, blogs) videos, tweets)
Machine Historical
Data generated by computers
Data about our environment
& machines generally without
(weather, traffic, census) and
human intervention (business
archived documents, forms or
process logs, sensors, phone
records
calls)
59
3 Vs of Big Data
Volume Velocity
How much volume of
How fast you can process
data that you need to
structured, semi-structured
process?
and unstructured data?
Variety
What are the varieties of
data sources?
60
Impact of Big Data
▪ Healthcare: It allows us to find new cures and better
understand and predict disease patterns. This leads to
saving more lives.
61
Software ROBOTS INTERACT WITH THE
EXISTING IT LANDSCAPE JUST AS HUMANS DO…
Overview of Robotics
components
Humans Robots
› Database containing
› Knowledge of
scripts based on
how to execute
processes to be
processes
automated
Labor
Intensive and Process
High Error Stability
Rate
Low
High Cycle
Exception
Times
Rates
2 4
SPEECH RECOGNITION
and Supervised Learning for
Prediction & Decisions
VIRTUAL ASSISTANTS
64
AI Categories - Details
Natural Language Processing
65
AI Categories - Details
Speech Recognition & Virtual Assistants
66
AI Categories - Details
Optical Character Recognition
67
AI Categories - Details
Supervised Machine Learning
68
AI Categories - Details
Deep Learning
69
Cryptography
▪ Cryptography provides confidentiality, integrity, authentication, and
nonrepudiation for sensitive information while it is stored (at rest),
traveling across a network (in transit/in motion), and existing in memory
(in use/in processing)
▪ It is an extremely important security technology that is embedded in many
of the controls used to protect information from unauthorized visibility and
use
▪ Two main types of cryptosystems enforce confidentiality:
❑ Symmetric cryptosystems use a shared secret key available to all users of the cryptosystem.
❑ Asymmetric cryptosystems use individual combinations of public and private keys for each
user of the system.
70
Symmetric Key Cryptography
▪ It is simple and easy to
implement
▪ It operates very fast, at times
1000 times faster than
Asymmetric Key Cryptography
▪ Key distribution is a major
problem, since parties need to
establish mechanism to
exchange secret keys
▪ It doesn’t implement Non-
Repudiation, because any part
can encrypt / decrypt
messages with secret key
▪ Keys must be re-generated
often, every time someone
leaves the group
71
Asymmetric Key Cryptography
▪ Asymmetric Key
Cryptography provides
support for Digital
Signature Technology
▪ Asymmetric Key
Cryptography provides
Integrity, Authentication &
Non-Repudiation
▪ Key distribution is simple
72
Cryptographic Modes of Operation
▪ ECB (Electronic Code Book) – Encrypts a 64-bit block with a secret key
▪ CBC (Cipher Block Chain) mode – Each block of unencrypted text is XORed with a
block of cipher text, immediately preceding it before it is encrypted.
▪ CFB (Cipher Feedback Mode) – It is a streaming version of CBC, where it operated
against data produced in real time.
▪ OFB (Output Feedback Mode) – It operates in the same fashion as CFB, except that
XORing an encrypted version of the previous block of cipher text, OFB XORs the plain
text with a seed value.
▪ Counter Mode (CTR) – It uses a stream cipher similar to that’s used in CFB and OFB
modes. However, instead of creating the seed value for each encryption/decryption
operation from the results of the previous seed values, it uses a simple counter that
increments for each operation.
▪ Encryption Standards –
▪ DES – Data Encryption Standards,
▪ Triple DES (3DES)
▪ AES – Advanced Encryption Standards,
▪ Rivest Cipher (RC4, RC5, RC6)
▪ Rijndael
▪ CAST – CAST-128 / CAST-256
▪ PKI – Public Key Encryption
▪ Diffie Hellman
73
Blockchain
Problem
74
Blockchain
Solution
75
Distributed Ledger
▪ There are multiple ledgers, but Bank holds the ▪ There is one ledger. All Nodes have some level
“golden record” of access to that ledger.
▪ Client B must reconcile its own ledger against ▪ All Nodes agree to a protocol that determines
that of Bank, and must convince Bank of the the “true state” of the ledger at any point in
“true state” of the Bank ledger if discrepancies time. The application of this protocol is
arise sometimes called “achieving consensus.”
76
Blocks
▪ Every chain consists of multiple
blocks and each block has
three basic elements:
▪ The data in the block
▪ A 32-bit whole number called a nonce. The
nonce is randomly generated when a block is
created, which then generates a block
header hash
▪ The hash is a 256-bit number wedded to the
nonce. It must start with a huge number of
zeroes (i.e., be extremely small)
77
Cryptocurrency
▪ Blockchain’s most well-known use (and maybe most controversial)
is in cryptocurrencies.
▪ Cryptocurrencies are digital currencies (or tokens), like Bitcoin,
Ethereum or Litecoin, that can be used to buy goods and services.
▪ Just like a digital form of cash, crypto can be used to buy everything
from your lunch to your next home.
▪ Unlike cash, crypto uses blockchain to act as both a public ledger
and an enhanced cryptographic security system, so online
transactions are always recorded and secured.
▪ It can be bought using one of several digital wallets or trading
platforms, then digitally transferred upon purchase of an item, with
the blockchain recording the transaction and the new owner.
▪ The appeal of cryptocurrencies is that everything is recorded in a
public ledger and secured using cryptography, making an
irrefutable, timestamped and secure record of every payment.
78
Central Bank Digital Currency (CBDC)
▪ In 2022-23, the RBI will usher the rupee into its digital avatar, ‘powered by blockchain
o Our consumer payment system (including UPI) is already world class and many transactions have moved
away from cash to mobile payments.
o Our fintech ecosystem continues to innovate with new use cases to meet changing consumer needs.
o Our interbank payment systems have national reach
o Then, what’s the need of CBDC
▪ A CBDC could potentially provide an impetus to stable coins in the crypto world. This is
where the thinking behind the digital rupee needs to be closely linked to our posture
with regulation of crypto and Web3
▪ Reserve Bank of India (RBI) is working out a phased implementation strategy for
introduction of Central Bank Digital Currency (CBDC) by examining use cases, to avoid
any disruptions.
▪ The purpose of creating a digital currency is to provide significant benefits, such as
reduced dependency on cash, higher seigniorage due to lower transaction costs and
reduced settlement risk
▪ The CBDC is a digital version of flat currency that can be exchanged via
blockchain-based wallets and is regulated by the central bank.
79
Risk Assessment Methodology
▪ Risk Analysis:
▪ Risks are recorded in a table as shown
in the risk assessment report.
▪ All combined recommendations
generates the risk treatment plan
▪ Each risk shall be entered in a risk
tracking tool.
▪ Each risk and recommendation
becomes a user story type artifact.
Threat Actors
External Internal
Hackers (students) Technician
Anonymous Consultants
Criminal enterprises Janitors
State actors Handy-man
Competitors Suppliers
Power users Planted personnel
Private investigators Managers
Journalists Disgruntle employees
Political actors Salary, Re-org, Layoffs
Microsoft STRIDE Model
Threat Property Definition Example Mitigation Examples
Spoofing Authentication Impersonating something or Threat action aimed to illegally access To authentication user:
someone else and use another user's credentials, such • Digest authentication
as username and password. • Id authentication
• Cookie authentication
• Kerberos authentication
• PKI systems such as SSL/TLS and
certificates
• IPSec
• Digitally signed packets
To authenticate code or data:
• Digital signatures
• Message authentication codes
• Hashes
Tampering Integrity Modifying data or code Threat action aimed to maliciously • File integrity verification (i.e. AIDE,
change/modify persistent data, such as HIDS, etc.)
persistent data in a database, and the • ACLs
alteration of data in transit between two • Digital signatures
computers over an open network, such • Message Authentication Codes
as the Internet.
Repudiation Non-repudiation Claiming to have not Threat action aimed to perform illegal • Strong Authentication
performed an action operations in a system that lacks the • Secure logging and auditing
ability to trace the prohibited • Digital Signatures
operations. • Secure time stamps
• Trusted third parties
Information Confidentiality Exposing information to Threat action to read a file that one was • Encryption
someone not authorized to see not granted access to, or to read data in • ACLs
Disclosure
it transit.
Denial of Availability Deny or degrade service to Threat aimed to deny access to valid • ACLs
users users, such as by making a web server • Filtering (firewall)
Service
temporarily unavailable or unusable. • Quotas
• Authorization
• High availability designs
Elevation of Authorization Gain capabilities without proper Threat aimed to gain privileged access • ACLs
authorization to resources for gaining unauthorized • Group or role membership
Privilege
access to information or to compromise • Privilege ownership
a system. • Permissions
• Input validation
Threat-driven approach – Cyberattack Flow
General Data Protection Regulation
GDPR
HIGHLIGHTS:
▪ Tabled for adoption on 24 May 2016, it
shall apply from 25 May 2018.
▪ It is a regulation, not a directive.
▪ It is a General Data Protection Regulation
that will cover all sectors, including E.g.
telecom and IT
▪ It brings plenty of new consumer rights
and compliance requirements :
✓ High fines for non-compliance
(up to 4% of company’s global
turnover)
✓ Mandatory DPIA (Data Protection
Impact Assessment)
✓ Mandatory DPO (Data Protection
Officer)
✓ 72 hours data breach notification
✓ Liability for the data processor
GDPR Requirements
One Stop Shop › Controllers only deal with one Data Protection Authority in the Union
Mandatory DPIA › Controllers are responsible for and shall be able to demonstrate compliance
Data Portability › Portability of data from one controller to another
Right to erasure › “Right to be forgotten” E.g. from a service, upon request
Right to restriction of processing › Temporary restriction for certain reasons
Stricter Child Protection › Age verification, limit of 16 y.o., could be lowered to 13 y.o. on a country basis
Retention (storage
limitation)
› Data shall not be retained for longer than needed (based on DPIA)
Profiling › Right to object to automated profiling decisions
Data processing register › Obligations to keep a register of the data processing activities
Data Protection Officer › Obligation to nominate a DPO
Pseudonymization › As a recommended way to protect data, together with encryption
89
Question Pattern
▪ Total – 5 Questions (All 14 Marks each)
❑ Question-1 (Mandatory) – 2x7 Marks
❑ Attempt any 4 Questions from Rest 5 Questions – 4x14 Marks
▪ Question-1 – Key concepts (short descriptions)
▪ Questions will be conceptual. It will be to test your knowledge and
understanding of the subject
▪ You need to play the role of a CIO / IT Strategy Lead person in the
industry according to the situations given in the question
90
Thank You
91