ACCT 522

Electronic Commerce and Internet Security

West Virginia University

College of Business and Economics
Spring, 2008
Wednesday, 2:30 to 3:45, Room 428
CRN 10900, Sect. 001

Instructor: Virginia Franke Kleist, Ph.D.

Assistant Professor, MIS
111 B & E Building Room 129
Virginia.kleist at mail dot wvu dot edu
(304)-293-7939

Office Hours: • W 4:00 to 5:00, F 10:30- 1:30, and by appointment

Required Materials: • Schneider, G. (2007). Electronic Commerce, Boston,

MA: Thomson Course Technology, Seventh Annual
Edition.

Course Objectives:

The objectives of the course are to become familiar with the technologies, strategy and
management issues associated with electronic commerce as well as to develop a good
understanding of the risks in its use, including in the exchange of financial data, and to
keep information secure. Internet security will receive special emphasis in the course.

The objectives of the course are to assist the accounting student in gaining an
understanding of the role he or she plays as an advisor to business in 1) identifying
Internet tax choices, payment mechanisms, and strategic business choices in supply chain
and customer relationship management; 2) managing web based security risks for clients
including from a Sarbanes-Oxley perspective; 3) providing financial advice about the
cost of alternative electronic commerce business methods. This course will help
accounting students to understand how the use of the internet in business is impacting
accounting practices. Among the topics explored in the course are electronic commerce
business models, the regulatory environment from privacy to taxation, security in online
communications, encryption, digital certificates and digital signatures, and risk
identification and assessment. The methods explained in the course are designed to help
managers understand the online environment and acquire a knowledge base that will

1
allow them to make more insightful decisions. Electronic commerce methods are
changing so rapidly that it is important to have ownership of all aspects of this topic to
develop an effective business skill set.

Upon successful completion of this course, the student should be able to:

• Understand electronic commerce business models and business strategies,

including selling, marketing and the business to business use of EC in the value
chain
• Understand the technical underpinnings of electronic commerce, including
knowing about the TCP/IP model for data exchange, web server hardware and
software, and electronic commerce software
• Understand the legal environment of electronic commerce
• Understand electronic commerce security mechanisms
• Understand electronic commerce payment mechanisms
• Be able to assess information security risks and be able to evaluate the security of
information in operations, personnel, software, and physical security
• Be able to recognize and apply proper “best practices” information security
assurance management tools

Course Design:

The typical week will involve a text -based lecture format mixed with class interactions
and discussions on cases and real world electronic commerce and information security
activities. There will be 1 team based formal analysis and presentation (six pages in
length), and four exams- these activities are individual in nature. I often call on students
at random, and you are expected to be prepared with both the book readings, cases and
the specialized topic readings. The general atmosphere of the classroom case discussion
is expected to be as if one is present at a business meeting of executives trying to solve a
real world accounting consultant problem.

Student Evaluation:

EVALUATED ITEM TOTAL POINTS TOWARDS GRADE

Student Case presentation (team 50 points
grade, 1 at 50 points)
Written short cases (2 at 50 points 100 points
each)
Tests (2 at 100 points each, 200 points
individual work)
Security Lab 50 points
Homeworks- 20 points each
TOTAL POINTS

2
Grading:

Grades are based on the following percentage based scale:

97.5 percent and up A+

93.0 percent and up A
90.0 percent and up A-
87.5 percent and up B+
83.0 percent and up B
80.0 percent and up B-
77.5 percent and up C+
73.0 percent and up C
70.0 percent and up C-
Below 70 0 D or F

This scale is typically followed exactly, although for scaling purposes the instructor
reserves the right to make small adjustments of curving all of the grades at a certain level
in the students’ favor at the end of the semester.

Individual Case Write-ups:

Three short, formal cases will be assigned for analysis and discussion during the the
semester, and this will require a written analysis. The response is to be 2 to 3 pages in
length, using 12 point font. Your cases should be well organized, with an introductory
paragraph that states the key points of the paper and what the paper will cover, such as an
executive overview. Each case is worth 50 points. Use lots of charts, graphs, and
succinct points to convey your information with density. Do not use “I,” “we” or “you”
in your writing. Do use “bullet points” to convey more material in a compact way, and
use headings to make your work well organized. At the end of your case, please have a
summary or conclusions paragraph which reiterates the main points of your discussion.
Cases are due at the beginning of the class on the last class. I will not accept emailed
cases. I will not accept late cases for any reason.

The case write-up will be assigned points based on the following evaluation methods:
• Mechanical presentation issues: grammar, form, punctuation, appearance, and
spelling;
• Business writing skills: clarity, focus, concise argument and persuasiveness of
discussion, and,
• Thinking ability: depth, thoughtfulness, originality, understanding, and
sophistication and creativity of response.

For further guidance in how the cases will be evaluated, please refer to the “Case and
Paper Evaluation Form.” This is posted on the class web site.

3
Tests and Exams:

Three tests and one final exam will be given, covering the material in the lectures,
readings, discussions and textbook. You are responsible for the answers to materials that
are covered in the lectures, but may not be in the book. A mix of multiple choice answer,
short answer, and essay will be used for the tests. The tests will contribute 300 points to
the total student evaluation grade. The final exam is scheduled during exam week and it
will count for 200 points toward the student grade. Coverage of chapter material as well
as readings and class discussions will be included in the tests.

Student Case Presentation:

Student Case Presentation. Groups will present one “Student Case Presentation” Each
group will cover their topic in a 15 to 20 minute talk, using slides, supported with a short,
one or two page paper and copy of the slides. The group will be given a grade for each
Case Presentation for 50 points based upon the following items:

• Innovativeness: New and originality.

• Presentation: The manner in which the assignment was presented, packaged
and/or submitted: Readability of slides, clarity of spoken presentation,
professional, clean, neat.
• Written: Coherence and logic of written portion of assignment. Adherence to all
case and report guidelines, including using proper sources and citations.
• Completeness: The degree to which all of the expected responses were included.
• Responsiveness: Ability to respond to questions from classmates and
instructor
• Analysis: Ability to comment on and to assess the overall potential and
limitations about the subject matter and tie it to course. What is the “big picture”
about this case situation?
• Added Value: Anything above the requirements that increases the assignment
value, understanding or distinguishes it from your peer’s work in a favorable
manner
• Total time in the classroom is not to exceed 20 minutes

Plagarism:

Please read and be fully aware of the definition of plagiarism as stated in the Academic
Dishonesty policy of West Virginia University:
http://www.arc.wvu.edu/admissions/integrity.html. If the professor becomes aware of
any sentences, paragraphs, graphs, data, or concepts from other research that are
presented in either a case or a research paper for this class without having been cited
using a reference to the original source of the material, the case or research paper will
receive a grade of zero points and that paper may not be resubmitted again in the class.

4
The student will be reported to the head of your program, and every effort will be made
to give the student an unforgivable F for the entire course.

Please be certain to cite all sources used in research, as there are no deviations from this
policy by this instructor.

Instructor Access:

My office hours are Wednesdays from 4:00 to 5:00, and Friday from 10:30- 1:30. I am
always happy to meet with you then, or else any time that is mutually convenient by
appointment. You are always welcome to email me with questions or to arrange a
meeting. I will always respond to your emails within 24 hours, Monday through Friday,
but am less responsive to the telephone because I do not always work in my WVU
office. I encourage and welcome your email. I enjoy meeting with students during my
office hours, am also happy to discuss careers in IS, resumes, possible firms to target for
employment, or any issues which are important to you about the class. If you are
uncomfortable with any aspect of the course, and wish to make a criticism or make a
suggestion, but wish to do so anonymously, please leave an unsigned note in my mailbox
or under my door, and I will try and accommodate you if at all possible.

Social Justice:

I concur with the West Virginia University commitment to social justice and expect to
foster a nurturing learning environment based upon open communication, mutual respect,
and non-discrimination. Our University does not discriminate on the basis of race, sex,
age, disability, veteran status, religion, sexual orientation, color or national origin. Any
suggestions as to how to further such a positive and open environment in this class will
be appreciated and given serious consideration. If you are a person with a disability and
anticipate needing any type of accommodation in order to participate in this class, please
advise me and make appropriate arrangements with Disability Services (293-6700).

Syllabus:

DATE: TEXT: ASSIGNMENT AND TOPICS TO BE COVERED IN

CLASS:
(Subject to some change week to week depending on progress
and interest).

WEEK 1: Schneider Chapter 1: Introduction to Electronic Commerce: The concept

(2007), of the second wave of EC, business models, economic forces and
Electronic EC, SWOT analysis of EC opportunities, international nature of
Commerce EC

5
WEEK 2: Schneider Chapter 2: Technology Infrastructure: The Internet and the
(2007), Web: The internet, TCP/IP, packet vs. circuit switching, HTML,
Electronic XML, VPN’s, types of internet connectivity
Commerce
Submit team names by tonight for Dr. K (3 students each).

WEEK 3: Schneider Chapter 3: Selling on the Web: Revenue Models and Building a
(2007), Web Presence: Models, changing models over time,
Electronic effectiveness of web sites, rating web sites
Commerce
Chapter 4: Marketing on the Web: marketing strategies in EC,
market segmentation, relationship densities, advertising models,
brands on the internet, search engine positioning

CLASS HOMEWORK: Read articles on the Rappa web text

regarding various aspects of successful business models on the
internet, http://digitalenterprise.org/models/models.html Write a
one paragraph summary of each of your three selected articles.

Team 1 Case Presentation: Lonely Planet, p. 157

WEEK 4: Discussion Lecture: Moore’s Crossing the Chasm, Arthur’s Path

about strategy Dependency articles.
of using
electronic Team 2 Case Presentation: Oxfam, p. 210
commerce
technologies in CLASS HOMEWORK: Skim over three articles on channels of
business electronic commerce from Dr. Michael Rappa's textbook titled
applications. Managing the Digital Enterprise at North Carolina State
University,
http://ecommerce.ncsu.edu/topics/channels/channel.html Think
about how some of these articles might show examples of
electronic commerce used by firms for competitive, sustainable
strategic advantage. How might a firm sustain a competitive
advantage conferred by an information technology edge? In
particular, focus your efforts and readings on the Dell case
material given in the readings. Write a one paragraph summary
of each of your three selected articles.

CLASS CASE ONE: Visit the Dell website. Do outside

research on Dell’s financials, its strategy, its technological
underpinnings, other current events that you are able to discern.
What is the fundamental Dell EC strategy? How successful has it
been? Will this strategy continue to be successful in the future?

6
 What are the threats against Dell's business model? Where is
Dell going in the future? What have you learned from the Dell
business case?

WEEK 5: Schneider Chapter 5: EDI: Purchasing, logistics, egovernment, EDI,

(2007), Supply Chain Management, Electronic Marketplaces
Electronic
Commerce Additional online reading: Greenstein and Feinman, Chapter 4,
“EDI, Electronic Commerce and the Internet,” in Electronic
Commerce: Security, Risk Management and Control. (2000),
Boston: Irwin, McGraw-Hill, pp. 101-127.

WEEK 6: Exam 1: Chapters 1-5, Schneider, Greenstein and Feinman.

WEEK 7: Schneider Chapter 6: Online Auctions, Virtual Communities, Web Portals:

(2007), Various types of auctions and how these work, virtual
Electronic communities of note, revenue models for web portals
Commerce

WARDRIVING DEMONSTRATION OF WIRELESS

HACKING.

WEEK 8: Schneider Chapter 7: The Environment of Electronic Commerce: Legal

(2007), issues, intellectual property issues, conflicts of the law, domain
Electronic names, cybersquatting, online crime, terrorism, US Income
Commerce taxes, US State Sales taxes, European Union VAT

Additional online reading: Greenstein and Feinman, Chapter 2,

“Electronic Commerce and the Role of Independent Third-
Parties,” in Electronic Commerce: Security, Risk Management
and Control. (2000), Boston: Irwin, McGraw-Hill, pp. 27-57.

CLASS HOMEWORK. Read three articles on the Rappa web

text regarding various aspects of intellectual property on the
internet,
http://digitalenterprise.org/ip/ip.html Please submit a brief, one
paragraph summary of your three selected articles.

Team 8 Case Presentation

Read articles, focus on topic of why employee privacy is or is
not an issue for the accounting profession, prepare short written
report on your analysis, lead discussion based on Rappa’s web
site on privacy in online digital data:

7
 http://digitalenterprise.org/privacy/privacy.html

Team 9 Case Presentation: Research, read and summarize five

internet tax issues with a presentation and brief written report.

WEEK 9: Schneider Chapter 8: Web Server Hardware and Software: Web server
(2007), basics, client server approaches, software for servers, email and
Electronic how it works, internet utility programs, web server hardware.
Commerce
Additional online reading: Merkow and Breithaupt, Chapter 12,
“Telecommunications, Network, and Internet Security,” in
Information Security: Principles and Practices, 2006. Upper
Saddle River: Pearson Prentice Hall, pp. 257-288.

Team 3 Case Presentation: Microsoft and the Peoples Republic

of China, p. 390

WEEK 10: Schneider Chapters 8 and 9: Electronic Commerce Software: Web hosting
(2007), alternatives, catalog display, shopping cart, middleware,
Electronic transaction processing, Enterprise Resource Planning systems,
Commerce Customer relationship management software, content
management software, knowledge management software

Team 4 Case Presentation: Ingersoll-Rand, p. 433.

WEEK 11: Schneider Chapter 10: Electronic Commerce Security: Managing risk,
(2007), computer security classifications, security policies, security for
Electronic client computers, web bugs, java applets, ActiveX controls,
Commerce Viruses, Communications security, physical security, encryption.

Team 5 Case Presentation: First Internet Bank of Indiana, p. 529

Team 6 Case Presentation: Read articles on the Rappa web text

regarding various aspects of security and control, present a few
articles of interest to the class,
http://digitalenterprise.org/security/security.html

Team 7 Case Presentation due: Find five Security policies

published on the internet, and do a summary of all five for the
class, also conducting an analysis and critique of these five

8
 plans.

WEEK 12: Chapter 10: Electronic Commerce Security: Managing risk,

computer security classifications, security policies, security for
client computers, web bugs, java applets, ActiveX controls,
Viruses, Communications security, physical security, encryption.

CASE TWO: Prepare an in depth, three to four page paper on

one aspect of cryptography, including an analysis of some
vendors of that particular type of cryptographic product, e.g.,
RSA Security or others.

LAB: Meet in the labs for an exercise in encryption, business

intelligence, will follow the lecture.

WEEK 13: Chapter 11; Payment Systems for Electronic Commerce:

Online payment mechanisms, payment cards, Electronic cash,
electronic wallets, stored value cards, check processing, phishing
attacks, mag strip cards, biometrics

LAB DUE TODAY.

Team 10 Case Presentation. Read articles, prepare formal

written report on your analysis, lead discussion on Rappa’s web
site on how to develop trust in electronic commerce:
http://digitalenterprise.org/trust/trust.html

WEEK 14: Exam 2: Chapters 6, 7, 8 , 9, 10, 11 Schneider

WEEK 15: Lecture of Chapter 1: What do we secure? Continuous knowledge

highlights assurance, the assurance function, documentation of assurance,
from Schou corrective action requirements
and Chapter 3: Security Policy: Definitions, the Information
Shoemaker Assurance Process, Assurance plan, Security Management
(2007), System
Information Chapter 4: Building and Documenting an Information
Assurance Assurance Framework: Policies, culture, metrics, human
factors. What is confidentiality, integrity, availability,

9
authorization and authentication, plus non-repudiation.
Chapter 5: Maintaining Security of Operations: Threat
Responses, operational planning, Security patches, baselining
Chapter 6: Controlling Access: Passwords, Identification,
authorization, authentication, tokens, one time passwords,
multifactor authentication, digital signatures, digital certificates,
discretionary access control, types of permissions, security
models
Chapter 7: Personnel Security: Role of human resources in
security control, contractor control
Chapter 8: Physical Security: Managing dispersion, physically
secure spaces, power, perimeter intrusion detection, doors, locks,
natural disasters, fire
Chapter 9: Ensuring Against Software Vulnerabilities:
Hacking, software assurance, software change management,
systematic testing, quantifying software metrics, COTS,
Chapter 10: Continuity Planning and Disaster Recovery:
continuity planning and business value, recovery times, cold and
hotsites, testing, the disaster plan.

CASE THREE: Read business case, Kleist, V. F., Morris, B.

and J. Denton, “Information Systems Assurance Management at
Municipal Software Solutions, Inc.,” Prepare a 3 page written
analysis of their problem, their solution and any issues that you
might identify, using the questions at the end of the case to help
you in your analysis.

10