Information Security for E-commerce Assignment

Information Security for E-commerce Assignment


In Information Security for E-commerce Assignment is The most prevalent trend among small and medium-sized businesses, which can compromise their information systems, is the use of application service providers (ASPs) for hosting of e-commerce sites (Spiegel, 2000). Thus, the banks have made Electronic funds transfers (EFTs) much more secure and certificates protected, which exchanges information over private communications networks (Schneider & Perry, 2001). Privacy can also be taken care using digital signatures and certificates, where plain text is encrypted with the recipient's public key and is sent to the recipient, who decodes the message with their private key (Gregory, 2003). .

Another commonly used secure gateway is Secured Socket Layer, which is a network protocol layer between TCP (Transmission Control Protocol) and the application. Any information sent over the internet is broken into small packets, sequentially numbered and an error control is attached to it. SSL uses various digital certificates to ensure privacy and authentication. The new phase of electronic business management and growth is in wireless and mobile commerce because all the transaction applications are now built for mobiles as well (Varshney & Vetter, 2000).

Microsoft today provides various solutions for small-business owners for building an efficient network that can make online payment easy, safe and secure for an e-commerce site. The FrontPage Web site creation tool of Microsoft has made an option that facilitates the online payment system for small business plan (Jeannine Gailey, 2010). It provides a solution for payment services, merchant account, and secured transaction. Visa has also started a program whereby it has emphasized on integrating very high standards of security to enable a safe and secure network to its customers, i.e., the cardholders and the merchants. Visa provides a safe and secure network and this is facilitated by its own system of developing compliance standards (James, 2000). All the above shows that a safe and secure network is possible for a small business and it can be implemented by identifying the threats and early warning signals


There are 3 main aims which are to be achieved through this research, these are as follows:

Aim 1: On what major parameters are the information security issues for a small business e-commerce different from that of a large enterprise?

There are various variables, as discussed above, which represents specific information security problem that a small business, as well as large enterprise, may face. If we do an analysis of the level of information security for the big businesses and the small businesses structure , we can find a huge gap and this can be attributed majorly to the scarcity of the resources.

Aim 2:  Are bank payment gateways a better and more viable option for small business e-commerce than building software of their own for the purpose.

The payment gateways provided by banks or any third party is highly secured through various digital certificates. Secure socket layer (SSL) provides the data encryption and safer transactions. Although there is certain small business enterprise which prefers building their own software for e-commerce management, as it can be customized as per their requirements. Firms like Microsoft, are providing a platform for making such applications.

Aim 3: What role do the employees play for ensuring information security in a small business.

In a small business, employees play a big role in the business transactions as they act as the main interface with the client. Awareness programs are one of the main media for the companies to make their employees know about the issues related to the information security. An effective training program should be designed and documentation repository must be maintained for this purpose.


The research work is well defined and structured process which has been laid out by a lot of authors. The basic work for a project begins with the determination of the focus and agenda of the project. The research process involves the following steps (Jonathan Wilson, 2010):

1) Identification of the research report and questions.

2) Identification of the major sources of data and their applicability to the topic under study.

3) Identification of the applicable research methods to be used in the research analysis.

4) Analysis and Interpretation of the data to get the desired results.

A well thought-out study of the area under study helps to come out with the following aims of the project:

1) On what major parameters are the information security issues for a small business e-commerce different from that of a large enterprise?

2) Are bank payment gateways a better and more viable option for small business e-commerce than building software of their own for the purpose?

3) What role do the employees play for ensuring information security in a small business?


The attainment of goals of the project entails that both primary, as well as secondary research, needs to be done. The overall approach for this research would be qualitative and descriptive. Qualitative research involves analysis of data such as words. Qualitative data analysis is more time consuming, rich in context and less able to be generalized. Thus, a proper segmentation and target group needs to be defined and a detailed questionnaire is to be designed for the purpose of data collection. 


The study is basically to provide comparative information in context with the objectives set. Thus, it is important to have the coverage of both small business e-commerce as well as large enterprise. Hence, the organizations need to be identified and the concerned person including the employees has to be covered in the primary research. The target sample will include the professionals ranging in various age groups.

Following are the list of information to be gathered during the research survey, be it a primary survey or a secondary data survey:

1Identifying business information
2Evaluate the relevance and applicability of business information
3What are the information security initiatives
4Identify relevant issues related to security
5Identify parameters to measure security understanding & action
6Identify the staff members
7Measure baseline security understanding and action
8Is there any awareness program regarding information security
9Process of evaluating the effectiveness of the program
10Security understanding and actions of the employees
11Control actions to ensure and enhance the awareness
12Use of the payment gateways in the organization
13Are there any efforts to develop their own software for the purpose
14Opinions and critics of the higher authority


This research is related to the data which is very sensitive and not easily accessible and so the use of secondary data for analysis becomes the most obvious choice for the project. It is very difficult to generate any primary data which can be used for the research purpose. Thus, there are limitations of information unavailability scenario. Along with this, there are some other constraints, time and money being the most prominent ones. Since this project is an exploratory study, there is no limit to the amount of work that can be done in this project, but due to the paucity of time, the project is limited to certain areas of information security in small businesses. The limitation of geographical expansion also limits us to look forward to the use of secondary data for the behavior research process as it becomes a costly affair both in terms of time and money to travel to different cities to collect data pertaining to the research topic. Hence, the most feasible option here is to carry out the research with a secondary data analysis where we can focus on some qualitative and descriptive studies.

Besides secondary data, a visit made to the businesses that have encountered the problems related to information security sometime or the other will give a better insight and more concrete data to work upon. An interaction with the affected parties may help us to find out any issues that might have been overlooked during the course of the study. There might be a serious problem with the use of secondary data; the research in the secondary data might be based on a secondary study itself and hence the flaws in that research might be carried over to this study. A probable solution to this problem is the extensive use of as many research studies as possible. Also, the information collected from the affected business houses could also help in doing a cross-check with the interpretations given by the secondary data. To maintain the credibility of the research, any unauthentic data or information from any websites is avoided.


Ethics has an important aspect in research studies and due care has to be given to this aspect. Any research study has to free from any practices that are not unacceptable and unethical. Since a research study involves a lot of study of the work already done before by authors, due consideration has to be given that the work is not copied. The research work of others can be used as a base for getting extensive information about the topic. One more use can be that different research works give us different aspects but our project should not be based on their work. The viewpoints of other authors can be used with proper referencing and credit been given to the author for his work.

Since this project encompasses a collection of information from both sources, be it the primary data or the secondary data, there can be some practical ethical considerations. The interaction with the employees of the affected parties of information security issues might be under ethical conduct pressure as they will be asked to reveal information about the security issues faced by their firm, which may be considered sensitive by the firm. This is why the primary data will be collected only through proper authentic channels that have the authority to divulge such information. This will help in complying with the ethics involved with a research project.

With respect to the risk of respondents and power influence, the respondents under study will have to be monitored. This will imply that the ethical considerations with respect to power influence and the protection of respondent’s anonymity will apply to this project. The research has to be carried out with due considerations to this ethical aspect (Ian Gregory, 2003).

This research project will also attract ethical considerations related to data authorization. This will involve taking data from authentic sources, due acknowledgment of other people’s research work (Robin Levar Penslar, 1995). The final project will contain a due acknowledgment of the use of work done by others. It will also contain referencing as per the standards laid down. The content of other authors will be used just as a reference material for further analysis and help to understand the subject topic.


  1. Easttom, C. (2006). Computer security fundamentals. Upper Saddle River, NJ: Prentice Hall.
  2. Gupta, A., & Hammond, R. (2005). Information systems security issues and decisions for small businesses: An empirical examination. Information Management & Computer Security.
  3. Mark Merkow, (January 2001). “Worldwide E-Commerce Fraud Prevention Network Launches,” e-commerce-Guide. com
  4. Day, K. (2003). Inside the security mind: Making tough decisions. Upper Saddle River, NJ: Prentice Hall.
  1. Sonny Zulhuda, (2009).‘The requirement of information availability in the E-Commerce Act 2006?E-Security Bulletin18 – (Q1-2009), published by CyberSecurity Malaysia.
  2. Diller-Haas, A. (2004). Identity theft: It can happen to you. The CPA Journal, 74(4).
  3. Ryan, J. J. C. H. (2000). Information security practices and experiences in small businesses. The George Washington University, United States -- District of Columbia.
  4. Reid, G. (2003). The skinny on getting rid of spam. Black Issues in Higher Education, 19(25).
  1. Jeannine Gailey, owner of, author, and Web consultant. [online] Available at Retrieved on 5th Dec 2010.