Please complete section A below
SECTION A: GENERAL DETAILS
Student number M401002031
Surname Boakye DankwaFirst name/s Fritz
Title of research An investigation on computer security in an organisation and network payment mechanisms and digital cash at Tayelamay & sons enterprise ltd.
Date and year of registration January 2016
Work Home Cell +230 58960816
Email [email protected]
Region Republic of Mauritius
Date submitted 5 May 2018
When you have completed putting your topic together and have adhered to the above guidelines, please submit your topic to: [email protected]
Chapter 1 Introduction…………………………………………………………………………………………………………3
1.2 Research Problem………………………………………………………………………………………………6
1.3 Aim of the study…………………………………………………………………………………………………7
1.4 Objective of the study…………………………………………………………………………………………7
1.5 Research question……………………………………………………………………………………………….8
1.6 Significance of study……………………………………………………………………………………………9
1.7 Format of the study……………………………………………………………………………………………10
TOC o “1-3” h z u Chapter 2 Literature review PAGEREF _Toc512979315 h 112.2.2 Concerns on internet and networks PAGEREF _Toc512979321 h 152.2.3 Major issues in network security PAGEREF _Toc512979322 h 162.2.4 Safety factors concerning standalone computers PAGEREF _Toc512979323 h 172.2.5 Data loss by accidents PAGEREF _Toc512979324 h 172.3.1 Security efforts PAGEREF _Toc512979325 h 202.4.2 Key elements of a private digital cash system PAGEREF _Toc512979326 h 222.5.2 Conclusion PAGEREF _Toc512979327 h 26Chapter 3 Research Design and Methodology………………………………………………………………………….27
3.2 Research Methodology ……………………………………………………………………………………………………28
3.3 Sampling Strategy PAGEREF _Toc512979328 h 28Bibliography…………………………………………………………………………………………………………………………37
Appendix A -Appendix A: Draft of Covering Letter PAGEREF _Toc512979329 h 39Appendix B -Appendix B: Draft Interview Questionnaire PAGEREF _Toc512979330 h 40
Our society, businesses and organizations are constantly becoming more and more intertwined with online technology. Much of the data that used to be stored on paper, is now stored exclusively on hard drives so that it can be accessed faster, more easily and from remote areas. Records of customer data, emails, telephone numbers, financial and accounting information is also stored electronically. Educational institutes store their teaching material electronically and even the laws of the state are stored in a digital form (Kontini 2018).
Digital cash acts much like real cash, except that it’s not on paper. Money in the bank account is converted to a digital code. This digital code may then be stored on a microchip, a pocket card (like a smart card), or on the hard drive of your computer.
There are over a dozen proposals for electronic payment systems on the Internet. There is the entire question of security. Credit card numbers may be viewed by unauthorized individuals because the Internet is an open system. In the authentic world, there are a number of denotes to minimize fraud. A customer utilizing a credit card will customarily opt to carry out transactions at trustworthy or familiar facilities, stores, and markets
The research demonstrates an investigation on computer security, network payment mechanisms and digital cash at Tayelamay ; Sons Enterprise ltd. In this chapter, the background to the problem is discussed; the aims and objectives are also presented.
Background to the Problem
At Tayelamay ; Sons Enterprise ltd, IT security plays a crucial role in critical infrastructures such as power and water supply systems, transportation systems, building systems and plant control systems operated with the aid of IT systems. The increasing openness of these infrastructures increases their attack surface. Industrial espionage and cyber-attacks also pose a growing threat.
In recent years, the financial industry, which include securities businesses, has visually perceived a rapid elevate in the number of electronic finance malefactions that use pharming and smishing involving internet browsers and mobile contrivances to purloin personal financial information. As such, with the recent increase in the number of incipient types of solemn electronic financial fraud, the paramountcy of information security activities has grown significantly. It should be noted, however, that information security activities are regarded by corporations and organisations as passive supplemental work procedures that unnecessarily increase the workload of their employees; thus, the essentiality of information security activities has been accorded deficient consequentiality. Despite the spread of vigilance of the paramountcy of information aegis, little investment in information security is made even now, thereby making it arduous to execute efficacious information auspice activities at Tayelamay ; Sons Enterprise Ltd.
Tayelamay ; Sons Enterprise ltd, computer security, network payment mechanisms and digital cash is becoming a challenging in endeavour to keep of certain information, for example:
Technical issues of IT security;
Training of employees;
Multi-currency and payment methods; and
Taxation and money laundering.
Size of the Organisation
Director (1), Director Finance and Administration (1), Director IT (1), Manager Analyst (1), Building engineering (9), Architecture (7), Information security managers (1), IT systems specialist (4), Civil engineering (7), Data system information (8), Human Resources (1), Construction Manager (2), Construction Assistant (2), Project Manager (1), Site Manager (1), General contractor (10).
Director: member of the board that oversees the affairs of Tayelamay ; Sons Enterprise ltd;
Director Finance and Administration: member of the board that oversees Finance and Administration;
Director IT: responsible for the management, strategy and execution of IT infrastructure for an organization;
Manager Analyst: proposes ways to improve an organisation’s efficiency;
Building engineering: expert in the use of technology in the design, construction, assessment and maintenance of the built environment;
Information security managers: responsible for protecting the organization’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals;
IT systems specialist: provide services related to software, hardware, databases, Web resources, networks and enterprise systems;
Civil engineering: deals with the design, construction, and maintenance of the physical and naturally built environment;
Architecture: planning, designing, and constructing building;
Construction Manager: plans, coordinates, budgets, and supervises construction projects from early development to completion;
Construction Assistant: Gather materials for workers to handle on job sites, Keep job sites clean and machines serviced;
General Contractor: providing all of the material, labour, equipment and services necessary for the construction of the project;
Project Manager: responsible for delivering the project, with authority and responsibility from the Project Board to run the project on a day-to-day basis;
Site Manager: oversee operations on a day-to-day basis, and ensure that work is done safely, on time and within budget and to the right quality standards;
Data system information: create, modify, or maintain an organization’s Information System; and
Human Resources: overseeing all things related to managing an organization’s human capital. Recruiting and staffing, Compensation and benefits, Training and learning and Labour and employee relations.
The team is composed of young professional surrounded by a General Manager. The organisation structure is as follows:
Figure: 1.1.1 the Organisation Structure:
Director Finance and Administration
IT systems specialist
Information security Manager
Data system information
Source: Own Findings
1.2 The Research Problem
The financial industry is faced with a growing number of ever-evolving cyber security challenges. Issues of utmost concern include stifling compliance regulations, the struggle to secure customer data and third-party jeopardy. The landscape is even becoming rockier for organizations that have mastered cyber security as they endeavour to keep up with elevating customer prospects, not to mention fluid and increasingly sophisticated cyber malefactor tactics(Bhatia 2004).
There are key quandaries of Tayelamay ; Sons Enterprise Ltd facing in cyber security are; Ransomware, Distributed denial of accommodation attacks, convivial engineering, insider threats, fake ads and feedback. Keeping ahead of cyber malefactors requires an amalgamation of the right systems and software.
Given the pace of technology evolution, organisations find it arduous to stay ahead of resourceful cyber malefactors who are looking to exploit the susceptibilities in their core business systems.
Digital cash inspirit potentially the worsening of quandaries over taxation and mazuma laundering. In turn, these quandaries may alter peregrine exchange rates, perturb mazuma supplies, and embolden an overall financial crisis.
The transactionality of digital cash and the faculty of digital cash to flow free across national borders could have consequential repercussions internationally. From an economic view, this transnationality is the most paramount characteristic of digital mazuma. If it comported like traditional currencies, circulating within a national border and controlled by a central monetary ascendancy, there would be few economic implicative insinuations that would be worth analyzing. However, transnationality has the potential to cause conflict between cyber space and nation states (Tietyn 1997:78).
1.3 Aim of the Study
The aim of the study is to investigate the impact of Network payment mechanisms and digital cash in Tayelamay ; Sons Enterprise Ltd. The study will also focus on the security requirements for network payment systems and digital cash.
1.4 Objective of study
The research objectives of this study are as follows:
To investigate the types of computer security and network payments systems and digital cash available at Tayelamay ; Sons Enterprise Ltd;
To analyse the impact of implementing network payment systems and digital cash within Tayelamay ; Sons Enterprise Ltd; and
To make recommendations on implementing network payment systems and digital cash within Tayelamay; Sons Enterprise Ltd.
1.5 Research question
What are the types of network payments systems and digital cash available at Tayelamay; Sons Enterprise Ltd?
What impact of implementing network payment systems and digital cash help within Tayelamay; Sons Enterprise Ltd?
How can recommendations on implementing network payment systems and digital cash help within Tayelamay ; Sons Enterprise Ltd?
1.6 Significance of the Study
The goal of this study controlling physical access to the hardware, as well as forfending against harm that comes via network access, data, code injection and online payment at Tayelamay ; Sons Enterprise ltd.
Today, from internet banking to regime infrastructure, and thus network aegis is no longer an optional extra. Cyber-assailment is now international concern, as high-profile breaches have given many concerns that hacks and other security assailments could imperil the ecumenical economy.
This study will withal investigate on cyber-assailants utilization of maleficent code and software to assail computer code, logic or resulting in disruptive consequences that compromise data and lead to cyber-malefactions such as information and identity larceny or system infiltration (Luminet, 2018).
In the pass, companies used to store data on paper, spreadsheets, and on computer without security. However with technogical advancements many companies have the desideratum to implement computer security, network payment mechanisms and digital cash. Companies are able to keep more precise and up to data records, sanctioning them to be better prepare for the future magnification in their companies (Brown 2009: 8).
In the ever-transmuting world in which we live, incipient technology is continually being developed. This change requires organisational bellwethers to be cognizant of the variants of technology which could ameliorate the organisational efficacy. Many companies have taken the steps to alter computer security, network payment mechanisms and digital cash to perform in endeavors to keep up with incrementing employee counts and the evolution of technology.
The computer security, network payment mechanisms and digital cash can avail the employer fixate on cyber attack that deliberate exploitation of computer systems, technology dependant enterprises and networks. And the prospect of digital cash as a developing method of payment in both exhilarating and worrisome (Brown 2009:23).1.7 Format of the Study
The study consists of five chapters:
Chapter One – The introduction explains what is to be expected in the study;
Chapter Two- The literature review provides an outline to investigate the types of computer security and network payments systems and digital cash available to an organisation, to analyse the impact of implementing network payment systems and digital cash within Tayelamay ; Sons Enterprise ltd.
Chapter Three – Research and methodology elaborates and justifies the research design and methodology used for this research;
Chapter Four – Outlines the statement of findings, analysis of data and discussion on the research; and
Chapter Five – Conclusions and recommendations to the problem and the completion of the study.
Computer network security management approaches have different requisites, depending on the size and physical setting of the network. A habitation or diminutive office may only require rudimentary computer network security, while immensely colossal businesses may require high-maintenance and advanced software and hardware to avert malignant attacks from hacking and spamming.
Access to information and programs on the network are controlled by a Network Administrator, who assigns users an ID and password or other authenticating information to ascertain that they are sanctioned to conduct transactions and communications across the network.
A true digital cash system is secure, innominate, off-line capable, portable, two-way, divisible, widely accepted, utilizer-amicable, and sanctions for unit-of-value liberation. These ten attributes parallel the consequential attributes of traditional cash, and are ample to engender a system that is the electronic equipollent of paper cash (Mac 2005).
2.1 Literature Review This section provides an outline on computer security and network payments systems and digital cash available at Tayelamany ; Sons Enterprise ltd and analyse the impact of implementing network payment systems and digital cash within Tayelamay ; Sons Enterprise ltd.
Cyber security is becoming an increasingly paramount issue for businesses ecumenical, with the financial and reputational cost of data breaches engendering paramount headaches for extemporaneous boards. While technology is availing organisations to optimise their operations through sundry innovative betokens, the number of cyber security threats that companies must tackle has grown significantly. However, Tayelamay ; Sons Enterprise ltd is facing cyber security risk (Parmar 2017:12).
Here are the key quandaries that Tayelamay ; Sons Enterprise ltd are facing:
Ransomware typically averts users from accessing paramount information and data on their computers or networks until a payment is made. However, cyber malefactors don’t always free up contrivances once the ransom is met and often endeavor to extort more cash out of their victims.
Not all cyber malefactors are profit-oriented, and the elevate of hacktivism designates a growing number of people are breaking into computer systems for politically or convivially charged reasons. These assailments can be even more damaging than traditional threats because hacktivists are often endeavoring to make a verbalization, so their efforts are conventionally very publicly damaging for an organisation’s reputation. There are additionally consequential safety concerns if hacktivists can override safety mechanisms or publish documents that pose national security risks (Parmar 2017:13).
As cyber security technology and preventative measures become more involute, malefactors will turn to gregarious engineering in an effort to bypass such systems. This involves manipulating or apostatizing key individuals into divulging consequential data or financial information, such as through phishing techniques.
As a growing number of people use mobile contrivances to perform everyday business tasks, the likelihood that cyber malefactors will endeavor to exploit impotencies in the technology elevates.
•Fake ads and feedback
Consumers are frequently bombarded with advertisements online, and the proliferation of fake ads and phishing attacks have eroded confide in net-predicated marketing collateral. Meanwhile, purchased ‘relishes’ and other forms of fabricated feedback are exacerbating the quandary, leaving customers sceptical of the validity of sundry online advertising methods. Even businesses that are not involved in such activities may find fake ads and other nefarious marketing tactics are affecting their legitimate campaigns (Parmar 2017).
Furthermore, online payment systems have a very consequential role in e-commerce ‘Tayelamay& Sons Enterprise ltd use online payment systems that refer to paperless monetary transactions, which have revolutionized the business processing by reducing paper work, transaction costs, and labour cost. Being utilizer-amicable and less time consuming than manual processing, electronic commerce avails a business organization expand its market reach expansion.
In the last decade, the online payment systems have developed and reached a high caliber of security, privacy, and confidentiality and efficiency characters.
With digital cash, financial transactions will become more efficient, which in turn will broaden incipient business opportunities. Quandaries Tayelamay & Sons Enterprise ltd is facing with digital cash; Taxing digital cash and the spectre of cash laundering are consequential issues. Supplementally, digital cash could introduce instabilities to exchange rates and upset the overall cash supply (Webster 1995).
2.2 Computer Security at Tayelamay & Son Enterprise Ltd.
This section describes computer security, network payments systems and digital cash at Tayelamay & Sons Enterprise ltd. Security controls that are put in place to provide confidentiality, integrity, and availability for all components of computer systems. These components include data, software, hardware, and firmware.
Computers have become an extension of everything, from banking and investing to shopping and communicating with others through email or chat. Hackers do not care about identity. Often they optate to gain control of computers so they can utilize it to launch attacks on other computer systems. Having control of computers gives the hackers the faculty to obnubilate their genuine location as they launch attacks, often against high-profile computer systems such as regime or financial systems (Mac 2005).Hackers have the facility to visually examine every action on the computer, or cause damage to computer by reformatting the hard drive or transmuting data.
Lamentably, hackers are always discovering incipient susceptibilities to exploit in computer software. The involution of software makes it increasingly arduous to exhaustively test the security of computer systems.
Internet security is the most paramount aspect, everyone utilizing the cyber world should understand. There are few consequential information to keep, avail secure and forfend information from security threats (Tight 1996:89).
• Latest Anti-virus software:
Incipient threats and Viruses are being discovered everyday and to cope with that you require to have a latest version of the Anti-virus software. Even to make the version of anti-virus software efficacious, there is the desideratum to update it with latest updates available. There are many anti- virus software available, both free and paid.
Anti-virus software alone is not enough. To be secure Internet Security threats additionally the desideratum Anti-spyware software. Spyware programs are different from viruses in a way that unlike virus it does not alter the way in which the machines works or corrupt any data but it installs itself on the machine to send consequential data like passwords, gregarious security number, Credit card numbers stored on the machine to its server. So in order to detect spyware programs and obviate one from getting into the machine, there is a desideratum for latest Anti-spyware software.
• Password auspice advice:
Passwords are the most paramount aspect of sundry online accounts. They provide access to online accounts and enable people to perform sundry activities linked with the account like shopping, electronically mailing, online transactions etc. Keeping password secure is like keeping cash secure. Never keep same passwords for different accounts. Never keep password’s that can be conjectured or password relating to personals like telephone number, date of inchoation etc. Utilize long Password’s consisting of both letters and digits and may be some special characters. Always Access Websites Cognate to password directly by opening an incipient webpage and never through a link in email or provided otherwise.
•Apply Latest Updates & Patches:
No software installed on system is impeccable for life. Susceptibilities are bound transpire. Apply the latest updates and patches the incipient software. These updates and patches are made available from time to time by the software manufacturer.
If possible endeavor to Utilize a firewall to obviate hackers from assailing into system and ascertain susceptibilities in System. Firewall blocks traffic not sanctioned to access the PC. Firewall enables you to access internet securely and avert unauthorized applications and people from accessing the PC (Seyman 2015:14).
2.2.1 Types of computer security risks include virus, spyware, and malware. However, to help understand types of computer security:
Internet and network security;
Standalone computer security; and
Data loss by accidents.
Internet security is the one most people are concerned with, as it deals with malware and hackers. The next type of computer security as well as network security, deals with the security quandaries on networks of any size. This includes external quandaries as well as quandaries from users of computers inside the network. Standalone computers refer to computers that are not connected to any network (but may be connected to internet). This component will cover the possible security susceptibilities on such systems. Conclusively, the data loss part is applicable to networks and computers in the networks as well as standalone computers.
Concerns on Internet and NetworksInternet security, among variants of computer security, covers malware and hacking techniques. The Cyber World is an open zone where anyone can engender a website that may place malware on your computer or server. This is withal the space that gives shelter to people who are on the prowl to reach your computer or servers to access your data for misuse.
One can divide the cyber world into unknown and trusted sites. Trusted sites are simply the ones that you can trust, with a good example being your own office website. Conspicuously, one won’t knowingly place any code on the own website to compromise the computer security of people visiting it. Another way to divide the Internet is into secure and non-secure zones. The secure zones are customarily represented by a lock symbol in the address bar of computer. An example of such sites can be internet banking site that employs high caliber encryption to secure their database as well as your computer.
While malware is already kenned, there are two more mundane techniques utilized by hackers to access data: port knocking and packet sniffing (Lincoln 2000:66).
There are several ports on computer that sanction different applications to transfer data to and from the computer. A good application would instantly close the port as anon as it sends or receives information. However, there are some applications that delay or forget to close these ports. Sometimes it is the OS to incriminate. Port knocking, or port scanning, is the technique where hackers keep on endeavoring to access the different ports on the computer or server. Once they find an open port, they can facilely reach your data and utilize it the way they optate.
One might ken that to transmit data over Internet, it is divided into several chunks (called packets) of equal size. Each packet contains the sequence number of the packet preceded by the IP address of the computer or website (server) to where it is send. They additionally contain the IP address of source computers/network components such as servers (websites). These packets are mostly encrypted afore leaving for the destination. Packet sniffing is another efficacious technique that avails hackers gain control over the source as well as destination computers. This is more perilous than port knocking as it affects the entire network system. The technique involves observing the encryption and transmission patterns from a computer/server to the ISP’s server. Other hackers can additionally sniff data transmission from certain websites. Once they crack the encryption, or if the ISP or website does not fortify high caliber encryption, the data is facilely accessed by the hacker. Once accessed, even a data chunk can give further clues to the hacker for gaining total control over a computer, network, and even a website.
This is why most browsers use high caliber SSL encryption to keep your data safe. Still, no software is impeccable and may give out details if there is any kind of security lapse on part of end-utilizer, ISP, or the website developers (Lincoln 2000).
Major Issues in Network SecurityAmong other types of computer security quandaries, this section deals with client-server model of networks. Any network is only as secure as the network designers and administrators make it. There are numerous ways whereby a network is vulnerably susceptible to both external and internal threats. The cull of server and its configuration plus encryption methods highly affect the security of any network. Following are a few of the “most possible” threats to a network on client-server model (Denzin 2008:20):
•Improper configuration of servers: where users are auto-elevated to certain reputed groups. Different servers offer different facilities. Most of the prestigious servers, including Exchange 2007, have the facility to auto-elevate users predicated on their interactions. This often results in data larceny.
•Misuse of Utilizer Rights: users with certain rights may misuse their privileges to purloin company data and sell it competitors or utilize it for some other malevolent purport such as ravaging data files concerning competitors, etc.
•Spamming to engender Denial of Accommodation: this technique is again utilized by both internal and external hackers. The artifice is to flood the network with fake data packets. The network is plenarily congested and results in a crash. If the server is not well configured, the network fails and does not work, resulting in the loss of authentic data that can be picked up by the hackers. Even if the hackers cannot intercept data in this case, the data in transmission is disoriented perpetually (Denzin 2008:21).
Safety Factors Concerning Standalone ComputersAmong the major types of computer security are factors affecting data on standalone computers. The major threat is furtive techniques used when such computers are left running and unattended. Many users do not consider locking their computers afore taking a short break. Others can facilely take a peek into the computer by the time the genuine utilizer returns. Hence it is recommended to program the computer to lock by itself after a few minutes of dormancy. The option is available in windows OS where you can set a password for each utilizer and set the properties to ask for the password when the screen preserver is abstracted. This additionally calls for lowering the time afore screen preserver commences. Still, users should make it a habit to lock their computers as a component of their data security policy.
Another safety factor that is often abused is users not utilizing any security for booting the computer. I vigorously suggest a BIOS password so that unauthorized users can’t even optically discern the full configuration of the computer. Among other security threats that are again Internet cognate are the possibility of infection and hacking by way of malware (Philipp 2007:44).
Data Loss by AccidentsA network failure or a hard disk drive crash is never prognosticable. One of the most consequential angles in types of computer security is loss of data caused by quandaries with data storage contrivances and data loss during transmission. While the latter has to be dealt with a good network security policy to instaurate data packets lost in transit, the data loss caused by a computer/server crash can be obviated utilizing a solid backup plan. Data files can be replicated over a remote server as well as on different computers on a network. For standalone computers, users can apply backup to external contrivances and or to some online storage (Effulgent 2016:331).
Network Payments Systems
Internet payment systems refer to the sundry methods by which individuals and companies doing business online amass cash from their customers in exchange for the goods and accommodations they provide. A number of different forms of payment subsist for online purchases, and more are being developed all the time. After all, it is in the best interest of both consumers and merchants to make electronic commerce as safe and facile as possible. “The low cost of ingress has magnetized hundreds of companies, sizably voluminous and diminutive, to the caliber playing field of cyberspace,” (Dowling 1996:78), noted in his book web advertising and marketing. “In the cyber world, a diminutive, one-man operation can look as good as or better than an immensely colossal, multinational corporation.
Customers who physically visit retail establishments can optate among a variety of payment methods, including cash, checks, credit cards, and debit cards. Customers who shop in the cyber world are commencing to expect online merchants to offer the same variety and service in payment terms. Credit cards remain the most mundane form of payment for online purchases, albeit the options have expanded to include digital cash, keenly intellective cards, electronic checks, and other technologies. In integration, some customers perpetuate to make online purchases utilizing traditional payment methods, such as placing orders by telephone or fax, or sending a check via snail mail (Dowling 1996:80).
Concerns about security and the perception that online credit card transactions are prodigiously unsafe seem to be among the most astronomically immense issues keeping many retailers and consumers from closing sales electronically.
•Credit cards: As of 2000, credit cards remained the most prevalent denotes of online payment. They were additionally among the most facile payment methods, for consumers as well as for merchants. From the consumer’s standpoint, authoritatively mandating merchandise from the cyber world required only entering a credit card number and expiration date in the congruous fields on a merchant’s web site. Many consumers felt more preponderant confidence in online transactions when they utilized a credit card, kenning that a third party (the credit card company or issuing bank) was involved and could avail bulwark them against fraud (Brown 2009).
For merchants who already accept credit cards offline, taking credit card payments over the Internet is relatively simple. It rudimentally involves establishing two web pages, one to promote the company and its products or accommodations, and the other to process order information.
According to (Dowling1996:56) explicated, however, it can be arduous for online retailers to establish the merchant accounts needed to commence accepting credit cards. Many banks are reluctant to establish accounts for online merchants because they deal with “card-not-present transactions,” or transactions in which the physical credit card and holder’s signature are not utilized. The approbation process for these accounts is conventionally quite rigorous, and the fees on sales incline to be higher than those charged to customary merchants.
•Electronic checks: Diminutive businesses can withal sanction customers to pay for online purchases by accepting personal or business checks online. “Albeit not as popular as credit cards, electronic checks are withal accepted by hundreds of merchants on the Net,” (Emery 1997) indited. “While most electronic check schemes require the merchant to utilize special software, electronic checks might appeal to you if you do not currently have a credit card merchant account.” Online merchants who accept electronic checks generally set up a form on a Web page and have their customers enter all the information from their conventional checks. The merchant can submit this information to a bank like a customary check. A digital signature is utilized in lieu of a handwritten one to verify the identity of the customer. One advantage of electronic checks is that it provides customers with a familiar method of payment. In additament, a number of accommodations are available to simplify the process for both consumers and merchants.
•Secure third parties and online banks: Banks have traditionally been reluctant to do business online because of the perceived security peril. But banks have commenced offering an incrementing number of accommodations online in replication to customer demands. Secure third parties may be banks or other institutions that act as middlemen in financial transactions between merchants and customers. For diminutive businesses, conducting transactions through a secure third party eliminates the desideratum and expense of establishing a secure Web site. Secure third parties additionally provide consumers with integrated bulwark from fraud, since the merchants never handle their credit card numbers. “Secure third parties will become more popular as more minuscule merchants with fewer resources perpetuate migrating on-line,” Dowling indited. “While a diminutive company may want to keep Web operations in-house, it may not optate to purchase or maintain a secure Web server. Third-party solutions offer an affordable alternative to sumptuous, secure servers and local Internet providers that don’t offer secure transaction capability.”
•Old-fashioned payment methods: A final alternative for companies that conduct sales over the Internet is to accept payment via traditional, offline methods by taking orders through an address or phone number listed on their Web site, for example. However, experts admonish that circumscribing payment methods in this manner may cost a company some potential sales. “As anon as is integrate that extra step inditing down your address or phone number, sending out a check or dialling the phone you give them another chance to revaluate their decision to buy,” (Dowling 1996) expounded. “When prospective clients click on your order-now button, they’d better be capable of doing just that.
One avenue in which utilizing traditional payment methods may not hurt sales is business to business transactions. Even when sales are made over the Internet, many businesses opt to utilize subsisting methods to bill their customers’ accounts. In order to forfend both parties in an online transaction from fraud, businesses may find it auxiliary to require all incipient accounts to be opened in inditing via fax or mail. In this way, the seller has a printed document on hand listing the designations of sanctioned buyers, along with approved e-mail addresses, shipping addresses, and purchase amount limits. Any transmutations to this account information should additionally be made in inditing. The seller should verify orders by telephone and send an electronic-mail attestation upon shipment.
2.3.1 Security EffortsSecurity remains the main concern about online payment systems, categorically the utilization of credit cards for purchases made over the Internet. Albeit media reports incline to concentrate on the effect of security breaches on consumers, credit card fraud affects merchants as well. For example, when hackers infiltrate a company’s computers, purloin thousands of customer credit card numbers, and utilize them to charge fraudulent purchases, the online retailer’s reputation suffers astringent damage. In additament, companies are sometimes left without recourse when they accept a credit card order and ship the merchandise, only to have the customer claim that they never authoritatively mandated or received it (Emery 1997).
But many e-commerce analysts claim that transmitting credit card numbers online does not have to be any less secure than handing a card to a salesperson at retail store. Within the Amalgamated States, credit card numbers sent over the Internet can be forfended by sophisticated encryption technology which is often invisible to parties involved in the sale.
In fact, encryption capability is built into many popular Web browsers utilized by consumers, and the software needed to decrypt messages is widely available to online merchants at a plausible price.
According to (Emery 1997) explicated, encryption reassures the merchant that the customer’s order has not been altered and that the customer’s personal and financial data has not been intercepted and facsimiled. Furthermore, if a digital signature is annexed, the merchant can verify that the order was genuinely sent by the person who claimed to have sent it. Encryption additionally assures the customer that their personal and financial data remains confidential. Of course, it is vital that the online retailer never decrypt or store credit card numbers on any computer that is connected to the cyber world.
Digital cash aims to mimic the functionality of paper money, by providing such properties of anonymity and transferability of payment. Digital cash is intended to be implemented data which can be facsimiled, stored, or given as payment (for example, annexed to an electronic mail message, or via a (ecumenical serial bus)USB stick, bluetooth, etc). Just like paper currency and coins, digital cash is intended to represent value because it is backed by a trusted third party (namely, the regime and the banking industry).
Most money is already paid in electronic form; for example, by credit or debit card, and by direct transfer between accounts, or by on-line accommodations such as PayPal. This kind of electronic money is not digital money, because it doesn’t have the properties of money (namely, innominate and off-line transferability between holders) (Joppe 2000:16).
Digital cash is utilized to describe many different kinds of products, from micropayment to perspicacious cards to genuine digitized value stored in computers. Each system is different, has different requisites and capabilities, and potentially different quandaries. To state simply, digital cash is a digitally signed payment message that accommodates as a medium of exchange. A message is any signal or a communication item such as email. By signed payment message we betoken something like a check. And a digitally signed payment message betokens a payment message signed with digital signature, such as an electronic check. The prospect of digital cash as a developing method of payment is both exhilarating and worrisome. Many different interest groups have issues which must be addressed afore digital cash and electronic commerce can proliferate. Among these issues are anonymity and privacy, security, ease and cost of avail, standards, infrastructure, control of the money supply and malefactor activity. And as is to be expected, the positions of some interest groups are directly antithesis to those of others (Chaum 2015:89).
2.4.1 How does digital cash work?
Source: David Chaum (2015)
The figure shows the basic operation. User Alice obtains digital cash “coins” from her bank (and the bank deducts a corresponding amount from her account). The user is now entitled to use the coins by giving them to another user Bob, which might be a merchant. Bob receives e-cash during a transaction and see that it has been authorized by a bank. They can then pay the cash into their account at the bank.
Key elements of a private digital cash systemThere are ten key elements to a prosperous, private digital cash system. This section compares and contrasts true digital cash to paper cash as we ken it today. Alice digital cash token is postulated to be utilized in the system in any transaction.
The transaction protocol must ascertain that a high-level security is maintained through sophisticated encryption techniques. For instance, Alice should be able to pass digital cash to Bob without either of them, or others, able to alter or reproduce the electronic token (Chaum 2015).
Anonymity assures the privacy of a transaction on multiple levels. Beyond encryption, this optional intractability feature of digital cash promises to be one of the major points of competition as well as controversy between the sundry providers. Transactional privacy will additionally be at the heart of the regime’s assailment on digital cash because it is that feature which will most likely render current licit tender impertinent. Both Alice and Bob should have the option to remain innominate in cognation to the payment. Furthermore, at the second level, they should have the option to remain thoroughly invisible to the mere esse of a payment on their behalf (Chaum 2015).
The security and utilization of the digital cash is not dependent on any physical location. The cash can be transferred through computer networks and off the computer network into other storage contrivances. Alice and Bob should be able to ambulate away with their digital cash and convey it for use within alternative distribution systems, including non-computer-network distribution channels. Digital wealth should not be restricted to a unique, proprietary computer network.
Two ways Payments
The digital cash can be transferred to other users. Essentially, peer-to-peer payments are possible without either party required to procure registered merchant status as with today’s card-predicated systems. Alice, Bob, Claire, and Dylan share an elaborate dinner together at a trendy restaurant and A pays the bill in plenary. Bob, Claire, and Dylan each should then be able to transfer one-fourth of the total amount in digital cash to Alice.
2.4.7 Off-line Capability
The protocol between the two exchanging parties is executed off-line, denoting that neither is required to be host-connected in order to process. Availability must be unrestricted. Alice can liberatingly pass value to Bob at any time of day without requiring third-party authentication.
A digital cash token in a given amount can be subdivided into more diminutive pieces of cash in more diminutive amounts. The cash must be fungible so that plausible portions of change can be made. Alice and Bob should be able to approach a provider or exchange house and request digital cash breakdowns into the most diminutive possible units. The more minute the breakdowns are the better to enable high quantities of minuscule-value transactions (Chaum 2015).
2.4.9 Infinite duration
The digital cash does not expire. It maintains value until lost or eradicated provided that the issuer has not debased the unit to nothing or gone out of business. Alice should be able to store a token somewhere safe for ten or twenty years and then retrieve it for use.
2.4.10 Wide acceptability
The digital cash is prominent and accepted in an immensely colossal commercial zone. Primarily a brand issue, this feature implicatively insinuates apperception of and confide in the issuer. With several digital cash providers displaying wide acceptability, Alice should be able to utilize her preferred unit in more than just a restricted local setting.
The digital cash should be simple to utilize from both the spending perspective and the receiving perspective. Simplicity leads to mass use and mass use leads to wide acceptability. Alice and Bob should not require an advanced degree in cryptography as the protocol machinations should be transparent to the immediate utilizer.
2.4.12 Unit-of-value or monetary freedom
Another paramount need is that the digital cash is denominated in market-determined, non-political monetary units. Alice and Bob should be able to issue non-political digital cash denominated in any defined unit which competes with governmental-unit digital cash.
2.5.1 Impact of implementing network payment systems
In the Age of High Technology cash strives to endure the competition with electronic money, because more and more people prefer to have virtual wallets.
2.5.2 Positive impact of implementing network payment systems
Time savings. Money transfer between virtual accounts customarily takes a few minutes, while a wire transfer or a postal one may take up to several days. Withal, one will not waste time waiting in lines at a bank or post office;
Expenses control. If someone is alacritous to bring his disbursements under control, it is indispensable to be patient enough to indite down all the petty expenses, which often takes an immensely colossal part of the total amount of disbursements. The virtual account contains the history of all transactions denoting the store and the amount spent and it can be checked at anytime .This advantage of electronic payment system is quite paramount in this case;
Reduced risk of loss and theft. A virtual wallet cannot be forgotten anywhere as it cannot be glommed by purloiners. Albeit there are many scammers in cyberspace, it has been discussed in detail how to make an e-currency account secure;
Low commissions. Payment for internet service provider or a mobile account replenishment through the UPT (unattended payment terminal), will result in high fees. As for the electronic payment system: a fee of this kind of operations consists of 1% of the total amount, and this is a considerable advantage;
User-friendly. Usually every service is is designed to reach the widest possible audience, so it has the intuitively understandable utilizer interface. In integration, there is always the opportunity to submit a question to a fortification team, which often works 24/7. It is possible to get an answer utilizing the forums on the subject; and
Convenience. It’s enough to have an access to the Internet. All the transfers can be performed at anytime, anywhere (Erin 2014).
2.5.3 Negative impacts of implementing payments system are:
Restrictions. There is a circumscription regarding the maximum amount in the account, the number of transactions that can be carried out per day as well as the amount of each output by each payment system;
The risk of being hacked. Following security rules can reduce threat; it can be compared to the peril of a larceny. If the system processing company has been broken, it can lead to the leak of personal data on cards and its owners. Even if the electronic payment system does not launch plastic cards, it can be involved in scandals regarding the Identity larceny;
The problem of transferring money between different payment systems. Conventionally the majority of electronic payment systems do not cooperate with each other. In this case, the services of e-currency exchange can be utilized, albeit it can be time-consuming when a non trusted accommodation is utilized for this purport;
The lack of anonymity. The information about all the transactions, including the amount, time and recipient are stored in the database of the payment system. This denotes the astuteness agency has access to this information; and
The necessity of Internet access. In a case where the cyber world connection fails, it will be infeasible to access online account.
Generally, the advantages of electronic payment system outweigh its disadvantages and they have more immensely colossal opportunities compared to traditional wire transfers (Erin 2014:48).
2.5.2 ConclusionDigital cash promises to be a revolutionary method for conducting business. It will sanction transactions to occur between parties on antithesis sides of the globe with the same ease as going to the corner gas station to buy gas. However, this incipient technology will present us incipient challenges.
Electronic cash additionally gives us the faculty to trade in non governmental units of currency. Electronic cash transactions have the potential to become as popular as credit card transactions. Banks or other financial institutions will then, essentially, be minting these electronic coins which will be backed by the financial stability of a corporation rather than a regime. This will certainly have an impact on world economies (Johnson 2003:34).
3.1 Research Design and MethodologyThis research aims to study computer security in an organization, network payment mechanisms and digital cash issues through survey method. Survey conducted for Tayelamay ltd. It is intended to study challenges to intrusion detection for computer security in an organisation, network payment mechanisms and digital cash. The Survey will be conducted by questionnaire method. This research investigates computer security and network payments systems and digital cash. To investigate this, experiment method is utilized. Sundry experiments are performed utilizing machine learning software to ken efficient methods for intrusion detection and analyse the impact of implementing network payment systems.
3.2. Statement of the Research Problem
Computer security in an organization, network payment mechanisms and digital cash is the desideratum of IT departments or IT companies with growing network. For network security one of the most critical factors is detection of intrusion attack on computer security. Intrusion detection is becoming a challenging task due to incremented connectivity of computer system and accommodations. In this context “What are challenges to intrusion detection for computer security network payment mechanisms and digital cash” is the question to be tackled. Researcher seeks to study network security issues, categorically desideratum of intrusion detection systems and challenges to intrusion detection system to ascertain computer security network payment mechanisms and digital cash in IT industrial units of Tayelamay & Sons Enterprise Ltd. This study is further intended to investigate how computer security and network payments systems and digital cash can be forfended and invigorating security. There is need to study how computer security network payment mechanisms and digital cash. What computer security payment mechanisms and digital cash techniques are utilizable to handle challenges of intrusion detection? For this sundry experiments utilizing computer security payment mechanisms and digital cash methods are required to execute. These experiments are aiming to ascertain methods to resolve computer security payment mechanisms and digital cash issue efficaciously. Aim of this study is to provide a framework which is capable to give solution for challenges to intrusion detection. This research intends to get answers for the following research questions (Halais 2006:18).
What are the challenges to current intrusion detection systems?
What are the effective data Network Payment mechanisms and digital cash for intrusion detection?
Why computer security is essential?
How to distinguish whether incoming network trafficis normal orintrusion.
How intrusion detection plays important role in computer security payment mechanisms and digital cash?
Qualitative research is concerned with amassing and analysing information in as many forms, chiefly non-numeric, as possible. It inclines to fixate on exploring, in as much detail as possible, more minuscule numbers of instances or examples which are visually perceived as being fascinating or illuminating, and aims to achieve `depth’ rather than `breadth’. (Blaxter, Hughes and Tight, 1996: 61).This type of research aims at discovering the fundamental motives and desires, utilizing in dept interviews for the purport. Qualitative research aims to address questions concerned with developing a construal of the designation and experience dimensions of humans’ lives and gregarious world (Fossey, 2002:717).Through such research, participants have the opportunity to respond more elaborately and in more preponderant detail than is in general the case with quantitative methods. Consequently, researchers have the opportunity to respond immediately to what participants verbally express by asking subsequent questions to information the participant has provided. However, qualitative research in practice is relatively an arduous job. This includes criticisms such as:
Qualitative research is merely an assembly of anecdote and personal impressions, vigorously subject to researcher inequitableness;
Secondly, it is argued that qualitative research lacks reproducibility. The research is so personal to the researcher that there is no assurance that a different researcher would not come to radically different conclusions; and
Finally, qualitative research is criticised for destitute of generalisability. Qualitative methods incline to engender immensely colossal amounts of detailed information about a minute number of settings.(Mays.N,1995:311)
The purport of research is to discover answers to questions through the application of scientific procedures. In this research, the survey will be the research design which will be acclimated to as it provides an adequate implement to assess people’s opinion on the research quandary.
3.3 Sampling StrategyA sample is a finite part of a statistical population whose properties are studied to gain information about the whole (Webster, 1998:124). It can be defined as a set of respondents culled from a more immensely colossal population for the purport of a survey.
According to Denzin, N. K., & Lincoln, Y. S. (2000:15) the sampling technique used is a crucial element of the overall sampling strategy. The strategy is the orchestration set forth to be sure that the sample utilized in the research study represents the population from which sample is drawn. There are many different ways of taking a sample. The main alternative sampling plans may be grouped into probability techniques and non-probability techniques.
Probability sampling techniques, which include simple arbitrary sampling, systematic arbitrary sampling and stratified desultory sampling. This type of sampling involves a cull process in which each element in the population has an equal and independent chance of being culled.
Non-probability sampling, which include quota sampling, self-cull sampling, service sampling, snowball sampling and purposive sampling. The elements that make up the sample are culled by non-arbitrary methods. This type of sampling is less liable to engender representative sample than probability sampling.
Given that it is a qualitative research, ergo the studies will follow these steps:
Select the target population;
Select the accessible population;
State the eligibility criteria;
Outline the sampling plan; and
Recruit the sample.
As such the studies might evolve as follows:
A general conception of where and with what population to commence and by soliciting a few cases through service procedures;
Successive sample units are culled predicated on what has already been culled;
Informants are often used to avail in cull of sample members;
The sample will be adjusted according to conceptualizing;
Sampling perpetuates until saturation is achieved; and
The final sample may include substantiating or disconfirming cases.
Thus, a non-probability sampling will be opted for. According to Marshall (1996:524-525), sampling for qualitative research is an area of considerable discombobulation for researchers experienced in the hypothetic-deductive model. This mostly relates to misinterpretation about the aims of the qualitative approach, where ameliorated understanding of involute human issues is more consequential than generalising of results. This main issue explicates why probabilistic sampling is neither productive nor efficient for qualitative studies and why alternative strategies are utilized.
As verbally expressed by McLeod.S (2008:45), qualitative research is utilizable for studies at the individual level, and to ascertain, in depth, the ways in which people cerebrate or feel. Analysis of qualitative data is arduous and requires a precise description of participant replications, for example, sorting replications to open questions and interviews into broad themes. Expert erudition of an area is obligatory to endeavor to interpret qualitative data and great care must be taken when doing so.
3.4 Data Collection Instruments
This section will explore methods of data accumulation utilized in a qualitative research. According to Polkinghorne (2005:138), the purport of data accumulating in qualitative research is to corroborate the experience it is investigating. The evidence is in the form of accounts people have given of the experience. The researcher analyzes the evidence to engender a core description of the experience. The data accommodate as the ground on which the findings are predicated. In constructing the research report, the researcher draws excerpts from the data to illustrate the findings and to show the reader how the findings were derived from the evidential data.
According to Mac.N et al (2011:5) the three most prevalent qualitative methods, explicated in detail in their respective modules, are participant observation, in-depth interviews, and focus groups. Each method is concretely suited for obtaining a categorical type of data.
Participant observation is opportune for accumulating data on naturally occurring comportments in their customary contexts;
In-depth interviews are optimal for accumulating data on individuals’ personal histories, perspectives, and experiences, categorically when sensitive topics are being explored; and
Focus groups are efficacious in eliciting data on the cultural norms of a group and in engendering broad overviews of issues of concern to the cultural groups or subgroups represented.
In a focus group discussion the researcher assemble a minute group, customarily between 6 to 15 people to discuss the research. Participants verbalize spontaneously and liberatingly about the topic. A facilitator guides the discussion. Focus group discussion avails to gain more in depth information on a concrete issue. The discussion is frequently tape-recorded, then transcribed and analysed.
In this method, the researcher observes rather than takes part. Data can be recorded in many ways such as stenography, audio, video, photos or drawings. The researcher observes certain sampled situations or people rather than endeavoring to become engrossed in the entire context. Thus, the latter can develop a detailed understanding of the values and credences held by members of the population. The researcher makes notes about anything they observe for later analysis (Hungler 2001).
In-depth interviews should be utilized in lieu of focus groups if the potential participants may not be included or comfortable verbalizing openly in a group, or when you optate to distinguish individual opinions about the program. They are often used to refine questions for future surveys of a particular group. Subjects are asked to comment on authentic events rather than giving generalisations. This can reveal more about credences and postures and deportment. The researcher may be able to obtain more detailed information for each subject, but loses the richness that can arise in a group in which people debate issues and exchange views.
Among these three data amassment method, the researcher will utilize the In-depth interviews method which will contain categorical questions to each research objective for which data needs to be accumulated. A sample of staff including IT specialist, Building engineering, Data system information, and the Director of Tayelamay ; Sons Enterprise Ltd will be interviewed individually (Hungler 2001).
The questionnaire will consist of five sections:
Section A: will contain three screening questions, to determine firstly the date the staffs joined the company, and secondly whether he or she works for which department, and conclusively what he or she feels on the strengths and areas of amelioration of the company.;
Section B: will contain questions, which will seek to answer to what extent staffs understand the subsisting processes and procedures in their corresponding department;
Section C: will contain questions, which will avail to determine how risks are being mitigated in each department;
Section D: will contain questions, to understand which implements and KPIs are utilized and how they are quantified in order to evaluate the caliber of customer contentmen; and
Section E: will contain questions, which will avail to ascertain what type of strategic change management program should be adopted to remedy the authentic situation.
3.4.1 Validity and Reliability
Another paramount stage of the data accumulation is the testing the validity and reliability of the data amassed.
According to Joppe (2000:51) Validity determines whether the research authentically measures that which it was intended to quantify or how veracious the research results are. In other words, does the research instrument sanction you to hit “the bull’s ocular perceiver” of your research object? Researchers generally determine validity by asking a series of questions, and will often probe for the answers in the research of others. There are many type of validity, including:
Face validity: occurs where something appears to be valid. This of course depends very much on the judgment of the observer. In any case, it is never adequate and requires more solid validity to enable acceptable conclusions to be drawn. Measures often start out with face validity as the researcher culls those which seem likely prove the point.
Content validity: refers to the extent to which the quantification questions in the questionnaire provide adequate coverage of the investigative questions;
Criterion-Cognate validity: examines the faculty of the quantification to presage a variable that is designated as a criterion. A criterion may well be an externally-defined ‘gold standard’. Achieving this caliber of validity thus makes results more credible; and
Concurrent validity: measures the test against a benchmark tests and high correlation denotes that the test has vigorous criterion validity.
Joppe (2000:51) defines reliability as the extent to which results are consistent over time and a precise representation of the total population under study is referred to as reliability and if the results of a study can be reproduced under a kindred methodology, then the research instrument is considered to be reliable. There are three types of reliability such as:
Test-retest reliability: is a quantification of reliability obtained by administering the same test twice over a period of time to a group of individuals. The scores from Time 1 and Time 2 can then be correlated in order to evaluate the test for stability over time;
Parallel forms reliability: is a quantification of reliability obtained by administering variants of an assessment implement (both versions must contain items that probe the same construct, adeptness, erudition base, etc.) to the same group of individuals. The scores from the two versions can then be correlated in order to evaluate the consistency of results across alternate versions; and
Inter-rater reliability: is a quantification of reliability used to assess the degree to which different judges or raters accede in their assessment decisions. Inter-rater reliability is utilizable because human observers will not compulsorily interpret answers the same way; raters may disaccord as to how well certain replications or material demonstrate erudition of the construct or adeptness being assessed.
3.5 Data Analysis
Qualitative data analysis involves the identification, examination, and interpretation of patterns and themes in textual data and determines how these patterns and themes avail answer the research questions at hand. For this purport, the researcher needs to go through a process called Content Analysis. Content Analysis designates analysis of the contents of an interview in order to identify the main themes that emerge from the replications given by the respondents’.According to Sain.J (2008:52) this process involves a number of steps:
Step 1: Identify the main themes: The researcher needs to punctiliously go through the descriptive replications given by respondents to each question in order to understand the designation they communicate. From these replications the researcher develops broad themes that reflect these construals. People use different words and language to express themselves. It is consequential that the researcher cull wording of the theme in a way that accurately represents the designation of the replications categorized under a theme. These themes become the substructure for analyzing the text of unstructured interviews;
Step 2: Assign codes to the main themes: If the researcher wants to count the number of times a theme has occurred in an interview, he requires to cull a few replications to an open- ended question and identify the main themes. He perpetuates to identify these themes from the same question till a saturation point is reached. Indite these themes and assign a code to each of them, utilizing numbers or keywords;
Step 3: Relegate replications under the main themes: Having identified the themes Next step is to go through the transcripts of all the interviews and relegate the replications under the different themes; and
Step 4: Integrate themes and replications into the text of your report: Having identified replications that fall within different themes, the next step is to integrate into the text of the report. While discussing the main themes that emerged from the study, verbatim replications are habituated to keep the feel of the replication. Additionally, counting how frequently a theme has occurred, and then provide a sample of the replications can be done.
3.6 Pilot Study
A pilot study can be utilized as a minuscule scale version or tribulation run in preparation for a major study” (Polit, Beck, & Hungler, 2001:467).Another consequential element to the interview preparation is the implementation of a pilot test. The pilot test will avail the researcher in determining if there are imperfections, inhibitions, or other impotencies within the interview design and will sanction him to make indispensable revisions prior to the implementation of the study (Kvale, 2007). A pilot test should be conducted with participants that have homogeneous fascinates as those that will participate in the implemented study. The pilot test will additionally avail the researcher with the refinement of research questions,
Some more reasons to consider a pilot study in this research:
Refine the questionnaire;
Participants will have no quandaries in answering the questions during the interview process;
No quandary in recording data;
The questions’ validity will be assessed;
The reliability of the amassed data will be assessed;
Check the research methods to be used;
Ensure that the research methods to be used are feasible.
It provides the researcher with conceptions, approaches, and clues that not have prognosticated afore conducting the pilot study. Such conceptions and clues increase the chances of getting more pellucid findings in the main study;
Save time and mazuma; and
The researcher may endeavor out a number of alternative measures and then cull those that engender the most pellucid results for the main study.
Preliminary analysis of the pilot test data can be undertaken to ascertain that the data amassed will enable the investigative questions to be answered (Saunders et al., 2009:394). Ergo, for this research, a pilot test will be carried out with a sample of 10 participants and their comments will accommodate to refine the final questionnaire.
3.7 Ethical Considerations
Sound research is a moral and ethical endeavour and should be concerned with ascertaining that the fascinates of those participating in a study are not harmed as a result of research being done. Research institutions lay down principles and guidelines for conducting research in an ethically congruous manner and require the researchers to obtain approbation from ethics committees or equipollent. Research bodies and universities shows that there are four or five key ethical principles that are prevalent across the board. These include:
Informed and voluntary consent;
Confidentiality of information shared;
Anonymity of research participants;
Beneficence or no harm to participants; and
3.7.1 Informed and Voluntary Consent
The researcher is expected to obtain apprised consent from all those who are directly involved in research or in the vicinity of research. This principle adheres to a more immensely colossal issue of deference to the participants so that they are not coerced into participation and have access to germane information prior to the consent (Halai, 2006:5).
3.7.2 Confidentiality of Information Shared
This principle is withal concerned with offering reverence and aegis to research participants through assurance of confidentiality of information shared (Halai, 2006:6).
3.7.3 Anonymity of Research Participants
The principle of anonymity require researcher not to reveal the identity of the individuals and institutions involved. Typically anonymity is provided through the utilization of pseudonyms (Halai, 2006:6).
3.7.4 Beneficence or no Harm to Participants
According to this principle the researcher is expected to provide the participants with an outline of the jeopardies and benefits involved to the participants in the study (Halai, 2006:6).
The principle of reciprocity requires that the researcher considers actively ways through which participants could be compensated for their time and effort (Halai, 2006:6).
This proposal covered three chapters. Chapter one the exordium, which gives an account of the work done and the context in which has been done. Chapter Two is the Literature Review this is a process of reading, analyzing, evaluating and summarising materials about the research. The results of the literature review will be compiled in a report and is additionally accommodate part of the proposal. Works which are extraneous should be discarded and those which are peripheral should be optically canvassed critically. Determinately, Chapter Three is the Research Methodology which avails to understand the process and culled research methodology is given. In this chapter data is amassed for the research project.
Einstein.N (2018) http://www.referenceforbusiness.com/small/Inc-Mail/Internet-Payment-Systems.html Accessed on 2 April 2018
Hub, B. (2016) https://www.brighthub.com/computing/smb-security/articles/61722.aspx Accessed on 2 April 2018
Online Available from: https://www.thenetworkpro.net/2010/04/02/why-is-computer-security-important/ Accessed on 9 April 2018
Luminet (2018) Online Available from: https://luminet.co.uk/importance-cyber-security/ Accessed on 9 April 2018
Angelina K. (2018) Online Available from: https://ankontini.com/what-is-the-role-of-cyber-security-in-an-organization/ Accessed on 10 April 2018
Harish ,P. (2017) Online Available from: https://www.barclaysimpson.com/industrynews/the-top-10-cyber-security-challenges-for-businesses-801833525 Accessed on 11 April 2018
Online Available from: https://aisel.aisnet.org/jmwais/vol2016/iss1/4/ Accessed on 8 April 2018
Online Available from:HYPERLINK “https://www.theseus.fi/bitstream/handle/10024/139600/Yang_Wenjing.pdf?sequence=1&isAllowed=y”https://www.theseus.fi/bitstream/handle/10024/139600/Yang_Wenjing.pdf?sequence=1;isAllowed=y Accessed on 6 April 2018
Online Available from: https://onlinelibrary.wiley.com/doi/pdf/10.4218/etrij.15.0114.1042 Accessed on 7 April 2018
Online Available from: https://www.siemens.com/press/pool/de/feature/2017/corporate/2017-09-innovation-china/background-cyber-security-e.pdf Accessed on 7 April 2018
Concepts in Digital cash Online Available from: (http://www.orlingrabbe.com/digiprin.htm) Accessed on 10 April 2018
Emery, V. 1997 How to Grow Your Business on the Internet. 3rd Ed. Scottsdale, AZ: Coriolis
Pappas, Lorna.1997 “The Web: It’s Becoming a Safer Place to Shop.” Chain Store Age Executive with Shopping Center .
Ross, Julie Ritzer.1998 .Online Industry Explores Internet Payment Alternatives.
Sliwa, Cl. 2000 “More Than 25 Percent of Online Transactions Fail; Study Shows That Consumers Still Find Problems.”
Yasin, R. 2000 “Is Security in the Cards? Visa and Amex Take Steps to Make Online Transactions Safer.
Mays.N (1995:311). Qualitative Research: Rigour and qualitative research. online Available from: http://www.bmj.com/content/311/6997/109 Accessed on 24 April 2018
Webster, M. (1998). Sampling in Research online Available from: http://indiana.edu/~educy520/sec5982/week_2/mugo02sampling.pdf Accessed on 24 April 2018
Denzin, N. K., & Lincoln, Y. S. (2000). Handbook of qualitative research. London: Sage Publications.
Appendix A: Draft of Covering Letter
Management College of South Africa
Aril 26, 2018
I am a Degree student at the Management College of South Africa conducting a research regarding an investigation on computer security in an organisation, network payment mechanisms and digital cash at Tayelamay & Sons Enterprise Ltd.
The reports show the computer security, network payment mechanisms and digital cash at Tayelamay & Sons Enterprise Ltd. There have been a lot of cyber security threats, facing online network payment issues. As well as digital cash; taxing digital cash and the spectre of money laundering issues. This has caused a severe impact on the reputation of the company.
In order to gather as much information for this research, I will need to conduct an individual interview with you and your participation would be highly appreciated. This will not take more than 15 minutes of your time and all information provided through your participation in this study will be kept confidential. Furthermore you will remain an anonymous in the thesis or in any report on this research.
I guarantee that there are no known or foreseen risks to participate in this study and the data collected through this research will be securely kept for a period of 1 year in a secure location.
Thank you in advance for your co-operation in my research.
Fritz Boakye DankwaAppendix B: Draft Interview QuestionnaireSection A
When did you join Tayelamay & Sons Enterprise Ltd and do you still like work here?
How do keep yourself updated with the information security news?
According to you what are the strength and the weaknesses of Tayelamay & Sons Enterprise Ltd.
Describe your organisation and your role in connection with computer security.
What is the difference between encryption and hashing?
What is the security misconfiguration in your organization?
What are the various ways by which the employees are made aware about information security policies and procedures?
What type of problem do you think exit in the network payment mechanisms department?
The world has recently been hit by, Attack/Virus etc. What have you done to protect your organization as a security professional?
How do you govern various security objects?
What are the objects that should be included in a good penetration testing report?
How do you handle Antivirus alerts?
What are the different levels of data classification and why are they required?
In a situation where a user needs admin rights on his system to do daily tasks, what should be done; should adim access be granted or restricted?