UNIVERSITI KUALA LUMPUR

MALAYSIAN INSTITUTE OF MARINE ENGINEERING TECHNOLOGY

E-COMMERCE AND
INFORMATION SYSTEM

LGB20703
INDIVIDUAL ASSIGNMENT

NAME: MOHAMMAD SHAHRIN BIN RADZUAN

NO. ID: 56280110006

LECTURER: NOR AFIZA BINTI MOHD NOOR

TABLE OF CONTENT

INTRODUCTION……………………………………………………………………………..1

QUESTION 4……………………………………………………………………………….…2-6

INTRODUCTION……………………………………………………………………………..7

QUESTION 5…………………………………………………………………………..…….8-12

CONCLUSION……………………………………………………………………………….13

REFERENCES……………………………………………………………………...……….14
INTRODUCTION

In a company, a complete database are usually important to the organization. So, people in the
organization are not used to it because of the conventional way. In this IT era, database
becomes more important and sophisticated. So, to drive this paradigm, it must been
appropriately motivate the employees to use it wisely. Motivation is must for each of the
employees. Education alone is not enough either. Many "educated" individuals achieve very
little on or off the job. They know what to do, and they know how to do it. The problem is they're
not motivated enough to do much about it. So, motivation is the key towards the success of the
modern organization.
Q.4    List the five problems which may motivate an organization to move toward the database
approach. Explain the significance of each one to a manager to an organization.

BASIC PRINCIPLES TO REMEMBER

1. MOTIVATING EMPLOYEES STARTS WITH MOTIVATING YOURSELF

It's amazing how, if you hate your job, it seems like everyone else does, too. If you are very
stressed out, it seems like everyone else is, too. Enthusiasm is contagious. If you're enthusiastic
about your job, it's much easier for others to be, too. Also, if you're doing a good job of taking
care of yourself and your own job, you'll have much clearer perspective on how others are doing
in theirs.
A great place to start learning about motivation is to start understanding your own motivations.
The key to helping to motivate your employees is to understand what motivates them. So what
motivates you? Consider, for example, time with family, recognition, a job well done, service,
learning, etc. How is your job configured to support your own motivations? What can you do to
better motivate yourself?

For the manager, he or she must start the database so the employee started to use this
database.

2. ALWAYS WORK TO ALIGN GOALS OF THE ORGANIZATION WITH GOALS OF

EMPLOYEES
As mentioned above, employees can be all fired up about their work and be working very hard.
However, if the results of their work don't contribute to the goals of the organization, then the
organization is not any better off than if the employees were sitting on their hands -- maybe
worse off! Therefore, it's critical that managers and supervisors know what they want from their
employees. These preferences should be worded in terms of goals for the organization.
Identifying the goals for the organization is usually done during strategic planning. Whatever
steps you take to support the motivation of your employees (various steps are suggested
below), ensure that employees have strong input to identifying their goals and that these goals
are aligned with goals of the organization. (Goals should be worded to be "SMARTER". More
about this later on below.)

For the manager, he or she must make a goal for the company, the key performance for the
company and must set up a standard compared to the current performance.

3. KEY TO SUPPORTING THE MOTIVATION OF YOUR EMPLOYEES IS UNDERSTANDING

WHAT MOTIVATES EACH OF THEM
Each person is motivated by different things. Whatever steps you take to support the motivation
of your employees, they should first include finding out what it is that really motivates each of
your employees. You can find this out by asking them, listening to them and observing them.

For the manager, he or she must evaluate   staff  performance  performance and update   the
performance  data  monthly.

4. RECOGNIZE THAT SUPPORTING EMPLOYEE MOTIVATION IS A PROCESS, NOT A

TASK
Organizations change all the time, as do people. Indeed, it is an ongoing process to sustain an
environment where each employee can strongly motivate themselves. If you look at sustaining
employee motivation as an ongoing process, then you'll be much more fulfilled and motivated
yourself.

For the manager, he or she  set  up  performance  management  system and also individual
development  system.

5. SUPPORT EMPLOYEE MOTIVATION BY USING ORGANIZATIONAL SYSTEMS (FOR

EXAMPLE, POLICIES AND PROCEDURES) -- DON'T JUST COUNT ON GOOD
INTENTIONS
Don't just count on cultivating strong interpersonal relationships with employees to help motivate
them. The nature of these relationships can change greatly, for example, during times of stress.
Instead, use reliable and comprehensive systems in the workplace to help motivate employees.
For example, establish compensation systems, employee performance systems, organizational
policies and procedures, etc., to support employee motivation. Also, establishing various
systems and structures helps ensure clear understanding and equitable treatment of
employees.

For the manager, he or she must set  up  the  performance  review system/
policies/procedures ,performance  recognition  system, and the  performance  rewards  system.

Current issue

No Motivation? It’s Costing Your Company

The Gallup organization once analyzed its massive database and determined that about half (55
percent) of today’s employees have no enthusiasm for their work. Gallup labeled these people
as “not engaged.” In other words, they didn’t have much loyalty to their organization or much
desire to improve their job performance. It found that one in five (19 percent) were so negative
about their jobs that they actually poisoned the workplace. In fact, when those employees called
in sick, their organizations were more productive and efficient.

You may think, “Big deal. So what if some of our employees are not fully motivated?” But it is a
big deal. Their lack of motivation is costing your organization big bucks.

Gallup estimated that if companies could get 3.7 percent more work out of each employee, the
equivalent of 18 more minutes of work each eight-hour shift, the gross domestic product in the
United States would swell by $355 billion, twice the GDP of Greece.

In today’s competitive world, the really successful person is not only educated, but also
motivated.

If you’re educating or training your employees, but you’re not motivating them to use what they
learn, you’re wasting your time and your money.
The famous author, William Butler Yeats, said it quite well: “Education is not filling a bucket but
lighting a fire.” A more contemporary figure, Kevin Roberts, the CEO of Saatchi & Saatchi, says,
“In the 21st century, organizations have to achieve peak performance through inspiration by
unleashing the power of their people—not by teaching them, not by managing them, but by
inspiring them.”

If you educate and motivate your staff, you’ll see an increase in productivity, efficiency,
effectiveness and ultimately an increase in profits.

The Mercedes Benz plant in South Africa learned that. For a long time, the managers said their
quality problems were due to an unmotivated, lazy workforce. That’s why it took them two
weeks to make a car that had 70 defects. By contrast, the Mercedes Benz plant in Europe could
turn out a car in one week that had only 14 defects.

Then, a fortunate accident occurred. After a year of suffering with productivity and quality
problems, it just so happened that a car was being made for liberator and president Nelson
Mandela. No particular mention or fanfare was made. The vehicle simply went through the
assembly line with a tag on it that read, “For Mr. Mandela.”

To the managers’ amazement, the car was completed in one week and had only 10 minor
problems. A light bulb went off in the managers’ heads. Their workers were capable. They were
educated enough to do the job and do it well. They had simply not been motivated enough to
give their very best. It was at that point that the Mercedes leadership learned that they had to
engage their workers’ hearts, not just their hands.

Are you doing that in your organization? You’re buying your employees’ time. Are you also
getting their hearts and minds?

Education plus motivation will not only help your organization make more money, but it will also
save you a lot of money.

When I was speaking at a construction company, the CEO asked his employees a question. He
asked, “What does it cost to put a piece of plywood on the floor? How much does it cost in
terms of time and money?” The employees answered, “About ten minutes and twenty dollars.”
The CEO replied, “Yes and no.” He said that’s what it would have cost if the job had been done
right. Unfortunately, an employee slapped down the plywood poorly and didn’t cover a hole
properly. The ensuing lawsuit cost the company $450,000. The employee was educated. He
knew what to do, but he wasn’t motivated enough to do it right.

Solution

1. Take a look at the training you’re offering employees. Is it really motivating them? As a
speaker, I find that many people in my audiences are quite well educated. They’re filled with
knowledge. However, sometimes they don’t have enough motivation to use all the knowledge
they possess.

2. Listen to what your colleagues are saying when they hear about an upcoming seminar. Do
you hear groans and complaints about having to go? Or do you hear comments of excitement,
as people can’t wait for it to begin? What you hear will tell you how successful your past classes
have been in motivating people.

3. If you’re not hearing almost unanimous excitement, re-examine the education you’re offering
and re-examine those who are leading it. One bad class or one poor instructor can leave a
negative legacy for a long time to come.
INTRODUCTION

The main goals of information security are Confidentiality, Integrity and Availability.
Confidentiality means the information available on a system should be safe from unauthorized
people; better examples would be customer credit card information, patient medical information
in hospitals or personal information of employees in an organization. If that information is not
secured, the company or the organization involved in that will eventually loose its reputation and
business. Integrity means the information available in an organization should be complete and
whole. It shouldn't be altered by any unauthorized person. Intentional or unintentional attacks on
the information will cause severe damage and finally the information becomes unreliable.
One of the best examples would be account holders≠ information in a Bank. If something
happens to the banking information, it is devastating and the Bank will be in danger of losing its
customers and business. In fact, in such cases, it may face a lawsuit too.
Q.5    Different among Trojans, Worsens and Viruses. Justify that “Computer Virus is a major
treat to computer security.”

MAJOR SECURITY THREATS

The main categories of the threats for the information

security are as follows:
1. Intrusion or Hacking
2. Viruses and Worms
3. Worsen
4. Trojan

Intrusion or Hacking

It is nothing but gaining access to a computer system without the knowledge of its owner. The
people who do this kind of unlawful things are called as hackers. Once they get access to
targeted systems, they can alter data available on those systems or steal private information
such as SSN, personal information and sometimes some sensitive information related to bank
and credit card accounts. Most of the targeted systems for hackers are eCommerce websites,
individual machines and sometimes bank websites that provide facility for online banking. The
targeted systems for hacking are depending on the hackers and their personal types. Some
people will do hacking just for fun and curiosity.

Some of the techniques or loop holes that Hackers use for

hacking are as follows:
1. Poor Implementation of Shopping Carts
2. Hidden fields in the html forms
3. Client-side validation scripts
4. Direct SQL attack
5. Session Hijacking
6. Buffer Overflow Forms
7. Port Scan
In order to prevent the systems from these kinds of attacks, most of the eCommerce websites
and even single users have started to use good firewall systems; whenever there is an attack,
the firewall systems reports immediately and sometimes it helps to track the attack.

Worsens
IS  the  damaging   the process of recording video, as well as at its transmitting and transfer to
various carriers, different kinds of noise worsening the quality of video image can appear on the
tape.

A computer virus is a computer  program  that can copy itself  and infect a computer.  A true
virus can only spread from one computer to another  when its host is taken to the target
computer; for instance because a user sent it over a network or the Internet, or carried it on a
removable medium such as a   disk  or  cd  etc.Viruses can increase their chances of spreading
to other computers by infecting files on a network  file system  or a file system that is accessed
by another computer.

Viruses and Worms

Viruses and Worms are computer programs that make computer systems not to work properly.
There is a subtle difference between Virus and Worm; both can replicate itself, but when
traveling on the network, Virus needs a carrier file. It can't travel on its own on the network;
where as Worms can travel on its own without anything. It doesn't actually need any infected file
to stick in.
Viruses can be classified into different categories as given below depending on the way it
affects the systems.
· Polymorphic Virus : It changes its signature with every infection
· Stealth Virus: This virus has to change something to infect the system. After changing
something, it has to gain control over some system functions to hide itself and the infected files.
In order to do this, it has to reside in memory.
· Tunneling Virus: These types of viruses will tunnel under anti-virus softwares and try to escape
from the eyes of anti-virus softwares.
· Virus Droppers: This type is actually a program that creates virus and affect the computer
systems using its virus. It itself is not a virus. It is a creator of virus.
Because it is not a virus, it is difficult to detect it through anti-virus softwares.
· Cavity Virus: This virus will actually maintain the size of the infected files not to be identified by
the antivirus softwares.
The better way to avoid viruses is installing anti-virus softwares on all systems. Some new
viruses may even try to bypass antivirus softwares; so, it is very important to keep virus-
signature-database up to date. In addition to anti-virus software, users should be very careful
while downloading files from internet or mails, because that may contain some malicious virus. If
the files or mails are not from trusted source, it is better to delete it right away
without opening it.

Trojan Horse
Trojan Horse programs are initially used for system administration purposes. System
administrators used these programs to control their work-stations remotely. These programs are
having two components; one runs as a server and another one runs as a client. The server part
is installed on the work stations and the client is installed on the administrators≠ machines.
Though it has a good purpose, its power can be used for bad purposes too. Hackers can use
these programs to get control on their target machines and watch all the activities. This is very
dangerous than Virus and DoS for the eCommerce businesses. The threatening issues with
Trojan Horses are as follows:

1. It allows for data integrity attack.

2. It allows gaining control over the target machine and to steal private information available on
the target system. This way it affects privacy policy.
3. It can store key strokes and make it viewable for hackers. As a result, hackers can easily get
the victim's login-ids and passwords. This way, it affects confidentiality.
4. Hackers can see screen shots of targeted machines using Trojan

Worms

- A worm is a small piece of software that uses computer networks  and security holes to
replicate itself. A copy of the worm scans the network for another machine that has a specific
security hole. It copies itself to the new machine using the security hole, and then starts
replicating from there, as well.
Current issue

McAfee Response To Current False Positive Issue Wednesday, April 21st, 2010 at 4:29 pm
by Barry McPherson

In the past 24 hours, McAfee identified a new threat that impacts Windows PCs. Our researchers
worked to address this threat that attacks critical Windows system executables and buries itself
deep into a computer’s memory.

The research team created detection and removal to address this threat. The remediation passed
our quality testing and was released with the 5958 virus definition file at 2.00 PM GMT+1 (6am
Pacific Time) on Wednesday, April 21.

McAfee is aware that a number of customers have incurred a false positive error due to this
release. We believe that this incident has impacted a small percentage of our enterprise accounts
globally and a fraction of our consumer base–home users of products such as McAfee VirusScan
Plus, McAfee Internet Security Suite and McAfee Total Protection. That said, if you’re one of
those impacted, this is a significant event for you, we understand that and we’re very sorry.

Our initial investigation indicates that the error can result in moderate to significant issues on
systems running Windows XP Service Pack 3.The immediate impact on corporate users was
lessened for corporations who kept a feature called “Scan Processes on Enable” in McAfee
VirusScan Enterprise disabled, as it is by default, though those customers could also be impacted
when running a scan.

The faulty update was removed from all McAfee download servers within hours, preventing any
further impact on customers.

McAfee teams are working with the highest priority to support impacted customers. We have
also worked swiftly and released an updated virus definition file (5959) within a few hours and
are providing customers detailed guidance on how to repair any impacted systems.

SUGGESTIONS TO OVERCOME THESE PROBLEMS

There are no 100% solutions for these security problems and threats, but some of the following
suggestions could control these issues to some extent.
1. Increase the awareness of the above issues among all computer users and instruct them with
some kinds of do's and don'ts.
2. Use SSL connection for all transactions related to money and private information.
3. Use symmetric key based encryption and decryption for all transactions, because PKI
Cryptography may not work for session based transactions.
4. Install Anti-Virus softwares on the systems and keep database of viral signatures up to date.
Nowadays, lots of companies are providing Virus scanning and cleaning
softwares for an affordable cost. Some better examples are McAfee, Norton Antivirus and
trendmicro etc.
5. Install good firewall system to prevent attacks from DoS and Trojan Horses and be up to date
on the latest patches of firewalls.
6. If there is any change in the behavior of the systems, inspect the firewall settings immediately
and fix it right away when there is any problem on the settings. McAfee firewall has all these
kinds of features.
7. Look for the latest advisories on the new viruses, worms and Trojan horses etc. If there is
anything needs to be installed, better do it immediately.
8. Most of the websites are not caring about the customer's privacy. They should follow the
directions given by FTC (Federal Trade Commission) and protect customer
privacy. If they don't do so, anybody can sue those companies.
9. Look for updates or new patches for the operating systems. Nowadays, Microsoft is providing
free update (Service pack-2) on Windows XP that contains virus protection software, firewall
and security center. It is better to get that installed on all windows systems.
10. Train system administrators and developers to handle these vulnerabilities properly and it is
better to employ a cyber security professional who is an expert in securing
systems.
11. Above all, the vendors of operating systems should provide patches for security
mechanisms; because, they are the creators of the operating systems; they know their system
better than anybody else. It is easy for them to give effective systems to handle the web threats.
CONCLUSION

For question 4, exactly a lack of motivation definitely impacts the business so motivation is
must for every person. If you have determination so u can do everything. I think so everything is
possible but you have to need for little bit motivation. One thing more always think positive
because positive attitude always boost up and increase our motivation. So i think so in every
field every person have required the motivation For question 5, nowadays, information is one of
the very important assets in almost all organizations. Once the internal networks of those
organizations are connected to the Internet, it becomes a potential target for cyber attacks. In
order to secure the systems and information, each company or organization should conduct a
self-hacking-audit, analyze the threats and eliminate it before getting any problem. This paper
explains about the main goals of information security, its major threats and some suggestions to
prevent the systems from major threats.
REFERENCE

 http://en.allexperts.com/q/Marketing-1090/2010/3/management-information.htm
 McClure, S., & Shah, Saumil & Shah, Shreeraj (2003). Web Hacking Attacks and
Defense. Boston: Pearson Education, Inc
 Jacobs, J., & Clemmer, L., & Dalton, M., & Rogers, R., & Posluns,
J (2003). SSCP: Systems Security Certification Practitioner:
Rockland: Syngress Publishing, Inc.
 Virus Primer. Retrieved on Sep 29, 2004 from
http://www.trendmicro.com/en/security/general/virus/overview.htm
 http://siblog.mcafee.com/support/mcafee-response-on-current-false-positive-issue/
 http://socomsales.com/word/no-motivation-its-costing-your-company/