CHAPTER 10 : SECURITY THREATS AND SOLUTIONS

Figure 6-1  Security threats that can affected the system

Based on figure 6-1, for customer, security threats facing by them phishing scam and computer virus. Customer at the client layer can cause harm by computer virus. A computer virus is rogue software program that attaches itself to other software program or data files in order to be executed, usually without user knowledge or permission. Sometime viruses can attack on customer e-mail. Examples of viruses are Trojan horses, email viruses, network virus.

Besides that, online fraud involves customers getting duped into giving away their personal credentials and other confidential information via a phishing scam. Phishing scams are a form of identity theft, where spam emails are sent out to entice the customers to provide their personal information. The customers are tricked to reply to a URL/Email address provided by the fraudster as long as they maintain an email account.

The solutions for these security threats of the phishing scam and computer virus Customer must never respond to emails that requires to them submit a personal information directly into the e-mail and claims that their account has won prizes or cash and requests them to enter, validate or verify their personal information like personal details, password or user ID into an email or requires to confirm, validate, verify and/or update customer info. If customer receive a suspicious email asking them to confirm the details of theirs information, please forward it to eshop@tesco.com.my to get confirmation.  Other than that, customer should check seller’s privacy and return policy so that customer aware if any suspected email address. To prevent computer virus, customer should have effective and updated antivirus/antispyware software and in a public or work environment, check computer physically for any unusual devices that may be plugged in especially on the keyboard cable.

Based on figure 6-1, for corporate server, the security threats are spoofing, sniffing and Denial-of-Service Attacks (DoS). Spoofing may involve redirecting a Web link to an address different from intended one, with the site masquerading as the intend destination. Hackers redirect customers to a Tesco fake Web site that look almost exactly like the true site, they can then collect and process orders, effectively stealing business as well as sensitive customer information from the true site.

            Other than that, a sniffer is a type of eavesdropping program that monitors information traveling over a network. When used legitimately, sniffers help identify potential network trouble spots or criminal activity on networks, but when used for criminal purpose, they can be damaging and very difficult to detect. Sniffers enable hackers to steal proprietary information from anywhere on a network including e-mail messages, company files and confidential reports.

           

Denial-of-service attack, hackers flood a network server or Web server with many thousands of false communications or requests for services to crash the network. The network receives so many queries that it cannot keep up with them and is thus unavailable to service legitimate requests. DoS attacks effectively knock the services offline, costing lost business and negative publicity. They also force IT staff to expend valuable resources defending against the attackers.

The solutions for these security threats of spoofing, sniffing and Denial-of-Service Attacks (DoS). With dotDefender web application firewall you can avoid DoS attacks because dotDefender inspects Tesco HTTP traffic and checks their packets against rules such as to allow or deny protocols, ports, or IP addresses to stop web applications from being exploited. For prevent, filter the incoming packets, which seems to come from internal IP address and the outgoing packets as well and to encrypt communications completely and using sturdy physical security and make sure that your antivirus program is updated regularly and harden your TCP/IP stack.

Based on figure 6-1, for purchase order system, the security threats are hardware failure, software failure and internal threats. System malfunctions when computer hardware breaks down, not properly or is damaged by improper use or criminal acts. Hardware faults may occur. Computers have a certain lifespan. In particular the main piece where data is stored the "hard disk” has a rotating disc that contains a very sensitive device that does about a thousand cycles per min. Drives are like old records, spinning in a magnetic vacuum. They are very sensitive instruments, suffering sudden blows while moving will greatly damage them and when the life span assigned to them is taken into account (which can be estimated by the warranty period) the possibility of losing data is a threat that cannot be ignored.

Internal threat are many employees forget their password to access computer system or allow co-workers to use them which is compromise the system. Malicious intruders seeking system access sometimes trick employees into revealing their password by pretending to be legitimate members of the company in need of information. Both end users and information systems specialists are a major source of errors introduced into the information systems. A problem with software is the presence of the hidden bugs or program code effects. It is virtually impossible to eliminate all bugs from the large programs. The main source of bugs is the complexity of decision-making code.

The solutions for these security threats of purchase order system are for internal threats by using a smart card that size of credit card that contains a chip formatted with an access permission and other data. It can replace password because users often forget password, share them or choose poor password that are easy to guess which compromises security.

For hardware failure, tidy up the server room; a neater room will increase air flow and if you have more than 1 server, arrange them in a row so that the cold air comes from the front and is expelled out the back and put the hardware in the disclosure space and clean up regularly with specific standard and also Put extra cooling parts in the hardware components and have proper maintenance to prevent bad hard disk sectors.

For software failure, the software vendor creates small pieces of software called patches to repair the flaws without disturbing the proper operation of the software .it is up to users of the software to track vulnerabilities, test and apply all patches. This process is called patch management.

CHAPTER 9 : COMPETITIVE ADVANTAGES P.O SYSTEM

Competitive Advantages

5.1.1    Improves Efficiency

Efficiency is a business buzzword that is used so often that it is easy to forget its meaning. The truth is in today’s competitive business environment; efficiency wins the day. A manufacturing supply chain system can automate routine tasks, ensuring a smooth and efficient purchase order execution process.Customer do not need going out to purchase at the store because they can purchase the goods by online then the goods deliver to the customer efficiently.

5.1.2    Document Management

Rather than spending time combing through folders among rows of filing cabinets, electronic document management allows supply chain executives to find a supplier’s transaction history within a few clicks. Executives can review purchase records and communications quickly and easily.

5.1.3    Reduce Error Rates

There are many ways in which humans - so far - continue to stay ahead of computers. Humans are the creators, the innovators and the communicators. However, there are some things that computers excel at that humans do not. Principally, repetitive tasks that require accuracy. For example; humans are quite error-prone when it comes to entering purchase orders containing identical or near-identical information. An automated system can generate error-free purchase orders in a fraction of the time - freeing the humans up to do what they do best.

5.1.4    Improves Delivery Times

As technology accelerates, businesses must be able to respond more quickly to changes in the economic and business environment. Supply chain systems allow executives to make continuous improvements to their purchasing processes in response to an ever-changing business climate.

5.1.5    Streamlines Inventory Management

Gone are the days of warehouses filled from top to bottom with products or materials. Today’s efficient companies must master the art of inventory management. Anticipating the market’s need and ordering only what is required to do business. Streamlining inventory management helps businesses to keep their overheads low and their profit margins high.

5.1.6    Enhances Decision-Making Capabilities

Data is the cornerstone of sound business decision-making. A supply chain system can deliver mission-critical information in real-time to improve decision making and avoid costly mistakes. To learn more about how a supply chain system can help you improve your business processes contact us at any time.

Problems

5.2.1    System Server Breakdown

System server breakdown occur when the online system stops                                                                 functioning properly. For example, the customer cannot made a payment by

his/her credit card on the machine pay due the breakdown.

5.2.2    100%  Payment by the Electronic Card only

The payment of purchasing order system only using credit card and debit

card. It is difficult to customer to pay the goods by cash money.

5.2.3    High Potential on Scam Order

Any potential customer can make an order to purchase the goods easily.

This means lead for many fake orders. For example, the delivery man want to

deliver the goods at the address given but the customer admit that he/she do

not make any order from Tesco.

  3. Recommendations

5.3.1    The Server must be repaired before service can be resume.

To avoid the system breakdown, the server must be repaired first.

5.3.2    Add on Banking Online System for Payment

To avoid the difficulties of customer for payment the goods, use banking online system, deposit cash machine or ATM transfer.

           

5.3.3    Verify the confirmation orders to customer before the delivery

To overcome the high rate on scam orders, prefer to make a final confirmation orders toward the customer before deliver the goods such sent an email for approvals.

CHAPTER 8 : BUSINESS PROCESS OF P.O SYSTEM

Value chain activities of TESCO Stores

Primary activities are the activities which are most directly related to the firm’s production and their main contributions of products. Primary activities include inbound logistics, operations, outbound logistics, marketing and sales, and services activities. Inbound logistics include receiving and storing the materials in TESCO’s warehousing systems for distribution to productions so that when customer order product from Tesco website, Tesco can check to their warehouse system whether the quantity of  customer request have stock or not, if the quantity insufficient, Tesco will contact their supplier to order the product that customer requested. Tesco also have produced their own product.  Besides that, they can inform their supplier to add certain amount product when Tesco have promotions.  The operations activities in the TESCO value chain include the compute-controlled machining systems which transforming the inputs into output or finished product.

Marketing and sales are promoting and selling products. They promote their product to customer during festival season so that customer can get product in best price. They are also promoting customer to used membership card to get best price. Their marketing and sales activities include promoting and selling their products in their website by using technology department. The outbound logistics activities include the shipment or delivering schedule systems such as distributing products, scheduling the driver and routine road. So that customer will get information about scheduling and routine road. Customer can collect product in certain pick place of product. The services are including the maintenance and repair the equipment’s or returning, the goods of the TESCO’s production. Based on return policy, customer get return their product if have any problem.

Support activities are the activities that make delivery of the firm’s primary activities possible highlight the management systems used to support the primary activities. For TESCO, the support activities include the infrastructure of TESCO, human resources management, technology development, and procurement. The TESCO’s infrastructure are include the administration and the management of the TESCO itself, while for the human resources management activities are includes the hiring, recruiting, and training the employees. Technology development activities of the firm include the improving the products and the production process. Procurement for the TESCO includes all the activities of purchasing all the inputs or resources. 

CHAPTER 7 : IT COMPONENTS OF P.O SYSTEM

It component provides platform for supporting all information system in the business. Components consist of:

1)      Hardware

2)      Software

3)      Telecommunication network

Hardware

There is several type of hardware that using to access the Tesco Online Shopping. For customer usually use a personal computer (PC) or mobile device to access system of Tesco online shopping. PC and mobile device are using to make an order a product from a Tesco Online Shopping. After the customer makes an order, the transaction will send to the Tesco store. In addition, the hardware that are using for a Tesco is Supercomputer. A supercomputer will receive all the transactions make by customer. A supercomputer will collect all the data before it will proceed to the next stage.

Personal Computer (PC)

Supercomputer

Mobile Devices Software

Software is programs that manage the resources of the computer system and simplify applications programming. They include software such as the operating system, database management systems, networking software, translators, and software utilities.

1. WebLITE Software

For Tesco Online system, they use Weblite software to manage their online shopping system. WebLITE is designed to take the technicalities out of technology and empower its users to increase the overall effectiveness of their digital initiatives. Businesses will now be able to deploy powerful web applications quickly and implement a complete suite of solution that is proven, in a cost effective and scalable manner.

WebLITE software,  Managing website, made easy

2. AVReporter Energy Management Software

Tesco are decided to upgrade their management system to a more sophisticated and highly effective solution. AVReporter software is the effective tool for the TESCO management facility in the way to get the information about the energy and site operation, while maintaining the comfortable of the customers’ site and maximizing the saving opportunities. 

AVReporter software,  Easy to use & easy to apply Telecommunication Network The telecommunication network that are using by Tesco Online Shopping are Public IP and High-Speed Broadband. A public IP is any valid address, or number, that can be accessed over the Internet. So, customer can access the Tesco Online Shopping anytime when their want. Besides that, High-Speed broadband is using by customer to access Tesco Online Shopping. For example of High-Speed Broadband are Streamyx, TM UniFi and others. System Topology Network Topology is the schematic description of a network arrangement, connecting various nodes (sender and receiver) through lines of connection. For Tesco Online Shopping, they are using a hybrid topology system. Hybrid topology system is two different types of topologies which is a mixture of two or more topologies. The two different type of topologies system that are using by Tesco Online Shopping are mesh topology and tree topology as showed in figure below.  Hybrid topology system used by Tesco Store Sdn Bhd

CHAPTER 6 : GENERAL DESCRIPTION OF P.O SYSTEM

The system has been chosen for our group is purchasing order system. Purchase order (PO) is a buyer-generated document that authorizes a purchase transaction. When accepted by the seller, it becomes a contract binding on both parties.

A purchase order sets forth the descriptions, quantities, prices, discounts, payment terms, date of performance or shipment, other associated terms and conditions, and identifies a specific seller. Purchasing order is one of the Transaction Processing System (TPS). It is a computerize system that perform and record that daily routine transactions necessary to conduct of the business.

The purchasing order system of the Tesco online shopping has 9 steps start from the customer order until the good is delivering to the customer. 

Figure 4-1

Purchasing Order Process

1)    As the Figure 4-1 showed above, the business process starts when customers try to purchase some goods through TESCO online shopping. The web browser communicates back-and-forth over the Internet with a web server that manages the Tesco store's website.

2)    Once the customers have chose the goods that they want to purchase, the web server sends customer’s order to the order manager which is a central computer that sees orders through every stage of processing from submission to dispatch.

3)    The order manager queries a database to find out whether what the customer wants is actually in stock or not based on the availability of  the quantity that desired by customers. Within the order manager, it provides sorted order date, customer’s name, and the status of the purchased order.

4)    Then, the stock database response the confirmation whether the item required is in stock or the system will suggests an estimated delivery date when supplies will be received from the suppliers.

5)    If the items are not in stock, the stock database system can order new supplies from the suppliers. This might involve communicating with order systems at the suppliers HQ to find out estimated supply times. In this case study, we are assuming that the items required are in the stocks, and then the order manager continues to process it. The order manager confirms that the transaction has been successfully processed and notifies to the customers through the web server. The web server shows the customer a web page confirming that customer’s order has been processed and the transaction has been completed.

6)    The order manager sends a request to the warehouse to dispatch the goods to the customer. The warehousing systems for the storing and ready for dispatch purposes. Once the goods have been dispatched by trucks provided by TESCO, the warehouse computer e-mails the customer to confirm that their goods are on their way.

7)    A truck from a dispatch firm collects the goods from the warehouse and delivers them. Finally, the goods are delivered to the customer.

8)    Next, it communicates with a merchant system (run by a credit-card processing firm or linked to a bank) to take payment using the customer's credit or debit card number.

9)    The merchant system might make extra checks with the customer's own bank computer, and then gives confirmation whether the customers have enough funds or not.

CHAPTER 5 : TESCO ONLINE

HI THERE. 

UNFORTUNATELY WE CANNOT CONTINUE ON OUR RESEARCH IN ONE DROP PERFUME COMPANY BECAUSE OF SOME PROBLEM THAT WE CAN'T HANDLE. SO, NOW WE REPLACE TESCO AS OUR COMPANY RESEARCH IN OUR PROJECT.

Tesco is one of the hypermarkets that provide many products such as organic product, baby world, fresh always, chilled dairy, frozen world, stationeries, kitchen appliance and others. Tesco store Malaysia start launch on 2002.Since entering Malaysia, Tesco have opened 47 stores across the country with a combined floor space of almost 4 million sq. ft. They operate in the country in partnership with local conglomerate, Sime Darby, who holds a 30% stake in the business. “We make what matters better, together”, that is the mission of Tesco. Besides, Tesco have a several vision to achieve their mission. That is:

1. To be wanted and needed around the world.
2. To be a growing business which full of opportunities
3. To be a modern business, innovative & full of ideas.
4. To be the winners locally whilst applying our skills globally.
5. To be a business which inspiring, earning trust and loyalty from customers, our colleagues and communities.

In addition, Tesco also provide Tesco Online Shopping. Tesco Online Shopping is the exciting new service from Tesco. This service allows you to order a wide range of products from the comfort of your own home, and have them delivered directly to your door at a time to suit you. But, the online shopping service is currently available in Klang Valley, Penang and Johor Bahru. 

CHAPTER 4 : ONLINE PURCHASING ORDER (P.O) SYSTEM

WE ARE BACK FOR THE NEXT ENTRY!

We Gonna Describe About The Information System That We Choose In

ONE DROP PERFUME COMPANY<3

that’s are...

ONLINE PURCHASING ORDER SYSTEM

Purchase Order System is a complete cloud based system that streamlines the way how people buys goods & services from an organization. It is an all inclusive purchase management system that puts the whole procurement process on screen using an easy-to-use interface.

Purchase Order System, everything is automated – where users have access to preferred suppliers and product/service category master list; can create quotation requests, purchase orders, convert quotes requests to orders, match orders with invoices and goods received, all the way to payments; eliminating the need for paper. 

The type of information system are the transaction processing system.

 So, this is how the purchasing order process looks like as general. We will explain to deeper in the next entry!