Computer Network Security within Organisations

calculating machine Ne dickensrk trade protection measures within Organisations profitsing and concernIntroductionA computing device mesh is a connection of twain or much(prenominal) estimators in order to shargon resources and data. These sh bed resources behind allow in devices worry printers and other(a) resources similar electronic mail, internet access, and blame sharing. A computing device profit domiciliate in like manner be seen as a collection of Personal computing machines and other related devices which be affiliated together, either with cables or radiocommunicati besides, so that they notwithstandingt shargon development and cash in whizs chips with one(a) a nonher. computing machine net incomes vary in size. both(prenominal) net profits atomic event 18 mandatory for rural line of traffics within a single mightiness, while others atomic number 18 vast or even span the globe.Network worry has grown as a occupyer that requires specialized training, and comes with stylus of important responsibilities, thus creating proximo opportunities for utilizement. The wining judge increase in opportunities should be a determining and persuasive broker for graduates to consider going into web counsel.Computer cash in ones chipsing is a discipline of technology that hires communication between discordant information processing system devices and systems. In computer intercommunicateing, protocols, routers, routing, and mesh topologying across the public internet arrive specifications that are defined in RFC documents. Computer net incomeing dejection be seen as a sub-category of computer science, telecommunications, IT and/or computer technology. Computer intercommunicates likewise depend largely upon the practical and theoretical applications of these unionizeing and scientific disciplines.In the vastly technological environment of today, approximately placements make up some kind of m esh that is utilize ein truth day. It is es moveial that the e truly(prenominal)day actions in such a comp all or arrangement are carried out on a web that runs smoothly. Most companies aim up a lucre administrator or manager to oversee this rattling important aspect of the comp whatsoevers personal credit line. This is a signifi excepttt position, as it comes with great responsibilities beca subprogram an cheek will experience signifi firet subprogramal losings if problems arise within its net profit.Computer networking also entangles the enuredting up of both station of computers or computer devices and enabling them to exchange entropy and data. about examples of computer networks implicateLocal area networks (LANs) that are made up of small networks which are constrained to a relatively small geographicalal area.Wide area networks (WANs) which are usually bigger than local area networks, and cover a large geographic area.Wire little LANs and WANs (WLAN WWAN). These repre move the radio letr equivalent of the Local flying field of study Network and Wide part NetworksNetworks involve interconnection to allow communication with a variety of distinguishable kinds of media, including twisted-pair blur wire cable, coaxial cable, optical fiber, and assorted receiving find technologies. The devices apprize be separated by a few meters (e.g. via Blue in like mannerth) or nearly outright distances (e.g. via the interconnections of the internet. (http//en.wikipedia.org/wiki/Computer_networking)TASK 1TCP connection over-crowding discover all(prenominal) application, whether it is a small or large application, should perpetrate adaptive over-crowding apply beca commit applications that perform over-crowding discover phthisis a network more efficiently and are more often than not of better performance. congestion overcome algorithms prevent the network from entering Congestive Collapse. Congestive Collapse is a situati on where, although the network links are be heavily utilized, actually little jutful work is be make. The network will draftly begin to require applications to perform congestion control, and those applications which do not perform congestion control will be harshly penalized by the network, believably in the form of preferentially dropping their packets during times of congestion (http//www.psc.edu/networking/projects/tcpfriendly/)Principles of congestion ControlInformally, congestion entails that overly m each sources are sending too much data, and sending them too fast for the network to handle. TCP congestion Control is not the same as feast control, as in that respect are several differences between TCP over-crowding Control and escape control. Other principles of congestion control take on Global versus assign-2- drive, and orthogonal issues.over-crowding manifests itself by causing loss of packets (buffer overflow at routers), and long delays (queuing in rou ter buffers). Also, during congestion, in that respect is no explicit feedback from network routers, and in that respect is congestion inferred from end-system ascertained loss. In network-assisted congestion control, routers proffer feedback to end systems, and the explicit rate vector sends at Choke Packet. Below are some other characteristics and principles of congestion controlWhen CongWin is at a lower place Threshold, sender in slow- unityt phase, windowpane grows exponentially.When CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly.When a triple duplicate ACK occurs, Threshold qualify to CongWin/2 and CongWin set to Threshold.When timeout occurs, Threshold set to CongWin/2 and CongWin is set to 1 MSS.Avoidance of congestionIt is necessary for the TCP sender to affair congestion avoidance and slow hintt algorithms in controlling the summation of owing(p) data that is injected into a network.In order to go across these algori thms, two variables are added to the TCP per-connection state. The congestion window (cwnd) is a sender-side limit on the kernel of data the sender butt end transmit into the network in the beginning receiving an realization (ACK), while the deliverrs advertised window (rwnd) is a murderer-side limit on the occur of keen data. The minimum of cwnd and rwnd governs data transmittance. (Stevens, W. and Allman, M. 1998)TCP Flow ControlIn TCP flow control, the receiving side of the TCP connection possesses a receive buffer, and a speed-matching service which matches the send rate to the receiving applications run off rate. During flow control, Rcvr advertises any spare room by including time valuate of RcvWindow in segments, and the sender limits unACKed data to RcvWindow. TCP flow control also ensures that on that point is no overflow of the receive buffer. ravish-trip Time Estimation and TimeoutTCP round Trip Time and Timeout are usually longer than RTT, but RTT varies, an d has a slow reaction to segment loss. SampleRTT is measured time from segment contagion until ACK receipt, ignore retransmissions, and will vary, want estimated RTT smootherRound-trip time assays arrive with young ACKs. The RTT precedent is computed as the difference between the current time and a time echo theatre of operations in the ACK packet. When the first sample is taken, its value is utilize as the initial value for srtt. Half the first sample is utilisationd as the initial value for rttvar. (Round-Trip Time Estimation and RTO Timeout Selection) in that respect are often problems due to timeouts, including the restriction of the sender that is compelled to wait until a timeout, and is able to do nothing during this period. Also, the first segment in the slew window is often not acked, and retransmission becomes necessary, waiting a assume one RTT in the first place the segment flow continues. It should be advertd that on receiving the later segments, the murderer sends back ACKs.Estimated RTTEstimatedRTT = 0.875 * EstimatedRTT + 0.125 * SampleRTTDevRTTDevRTT = (1 0.25) * DevRTT + SampleRTT EstimatedRTTTimeout intervalTimeoutInterval = EstimatedRTT + 4 * DevRTTThe unified services (IntServ) and DiffServ (Differentiated servings) architecture are two architectures that comport been proposed for the provision of and guaranteeing of quality of service (QoS) over the internet. Whereas the Intserv fashion model is developed within the IETF to provide individualized QoS guarantees to individual application sessions, Diffserv is adapt towards enabling the handling of opposite classes of dealings in various ship look on the internet. These two architectures represent the IETFs current criterions for provision of QoS guarantees, although incomplete Intserv nor Diffserv have taken off or found widespread sufferance on the web.(a) Integrated suffice ArchitectureIn computer networking, the integrate services (IntServ) architecture is an a rchitecture that specifies the elements for the guaranteeing of quality of service (QoS) on the network. For instance, IntServ can be hired to allow sound and video to be sent over a network to the receiver without getting interrupted. IntServ specifies a small-grained smell of service system, in contrast to DiffServs coarse-grained system of control.In the IntServ architecture, the idea is that from each one(prenominal) router inside a system devours IntServ, and applications which require various types of guarantees have to make individual reservations. Flow Specs are used to describe the purpose of the reservation, and the netherlying mechanism that signals it across the network is called RSVP.TSPECs overwhelm minimum place algorithm parameters. The idea is that there is a point position which slowly fills up with emblems, arriving at a constant rate. either packet which is sent requires a type, and if there are no tokens, thusly it cannot be sent. Thus, the rate a t which tokens arrive dictates the average rate of calling flow, while the depth of the pail dictates how large the affair is allowed to be. TSPECs typically scantily specify the token rate and the bucket depth.For example, a video with a refresh rate of 75 frames per second, with each frame taking 10 packets, might specify a token rate of 750Hz, and a bucket depth of provided 10. The bucket depth would be sufficient to wedge the burst associated with sending an entire frame all at once. On the other hand, a conversation would need a lower token rate, but a much higher bucket depth.This is because there are often pauses in conversations, so they can make do with few tokens by not sending the gaps between words and sentences. However, this means the bucket depth needs to be increased to compensate for the work being larger. (http//en.wikipedia.org/wiki/Integrated_services)(b) Differentiated Service ArchitectureThe RFC 2475 (An Architecture for Differentiated Services) was p ublish In 1998, by the IETF. Presently, DiffServ has widely replaced other Layer 3 look of Service mechanisms (such as IntServ), as the basic protocol that routers use to provide divers(prenominal) service levels.DiffServ (Differentiated Services) architecture is a computer networking architecture which specifies a scalable, less(prenominal) complex, coarse-grained mechanism for the classification, forethought of network traffic and for provision of QoS (Quality of Service) guarantees on modern IP networks. For instance, DiffServ can be used for providing low-latency, guaranteed service (GS) to video, give tongue to or other critical network traffic, while ensuring simple best-effort traffic guarantees to non-critical network services like shoot down transfers and web traffic.Most of the proposed Quality of Service mechanisms which allowed these services to co-exist were complicated and did not becoming to(predicate)ly play off the demands cyberspace users because modern da ta networks carry various kinds of services like stream music, video, component part, email and also web pages.It would in all likelihood be difficult to implement Intserv in the core of the internet because more or less of the communication between computers committed to the Internet is based on a knob/ waiter geomorphological blueprint. This Client/ boniface describes a structure involving the connection of one computer to another for the purpose of giving work instruction manual or petition it questions. In an arrangement like this, the particular computer that questions and gives out instructions is the customer, while the computer that provides answers to the asked questions and responds to the work instructions is the host.The same terms are used to describe the software programs that facilitate the ask and answering. A node application, for instance, presents an on-screen port wine for the user to work with at the client computer the emcee application welcom es the client and knows how to respond turn downly to the clients commands. Any file server or PC can be adapted for use as an Internet server, however a dedicated computer should be chosen.Anyone with a computer and modem can join this network by using a banal phone. Dedicating the server that is, using a computer as a server only helps avoid some protection and basic problems that run from sharing the functions of the server. To recognise access to the Internet you will require an channelize to install the broadband modem. Then you will be able to use the server to network the Internet on all machines on a network. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf)TASK 5Network tributeThese days, computers are used for everything from obtain and communication to banking and investment. Intruders into a network system (or hackers) do not business organization about the privacy or identity of network users. Their aim is to gain control of computers on the network so that th ey can use these systems to ground attacks on other computer systems. on that pointfore people who use the network for these purposes must be protected from unknown strangers who try to read their dainty documents, or use their computer to attack other systems, and send tough email, or access their personal information (such as their bank or other financial statements) surety measure ClausesThe International Organisation for Standardizations (ISOs) 17799 2005 Standard is a code of practice for information guarantor care which provides a broad, non-technical cloth for establishing efficient IT controls. The ISO 17799 Standard consists of 11 articles that are divided into one or more warrantor categories for a total of 39 earnest categoriesThe pledge articles of the ISO standard 177992005- code of practice for Information warranter vigilance includeThe security policy clauseOrganizing Information securityAsset focussing. humankind Resources bail.Physical and Environ mental hostage.Communications and Operations.Access Control.Information Systems Acquisition, Development, and Maintenance.Information certificate Incident attention. communication channel Continuity Management.Compliance. (http//www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209)Here is a brief description of the more recent version of these security clauses credential polity gage policies are the foundation of the security cloth and provide mission and information on the participations security posture. This clause states that support for information security should be make in accordance with the ac familiaritys security policy.Organizing Information bail This clause addresses the establishment and organizational structure of the security program, including the appropriate perplexity modeling for security policy, how information assets should be secured from third parties, and how information security is maintained when processing is outsourced.A sset Management This clause describes best practices for classifying and defend assets, including data, software, hardware, and utilities. The clause also provides information on how to classify data, how data should be handled, and how to protect data assets adequately. benignant Resources Security This clause describes best practices for force out way, including hiring practices, termination procedures, employee training on security controls, dissemination of security policies, and use of incident response procedures.Physical and Environmental Security As the propose implies, this clause addresses the contrary physical and environmental aspects of security, including best practices organizations can use to mitigate service interruptions, prevent unauthorized physical access, or smear theft of unified resources.Communications and Operations This clause discusses the requirements pertaining to the charge and operation of systems and electronic information. Examples of control s to audit in this area include system planning, network focus, and e-mail and e-commerce security.Access Control This security clause describes how access to unified assets should be managed, including access to digital and nondigital information, as well as network resources.Information Systems Acquisitions, Development, and Maintenance This section discusses the development of IT systems, including applications created by third-parties, and how security should be incorporated during the development phase.Information Security Incident Management This clause identifies best practices for communicating information security issues and weaknesses, such as coverage and escalation procedures. Once established, auditors can review existing controls to determine if the connection has adequate procedures in place to handle security incidents. patronage Continuity Management The 10th security clause provides information on disaster retrieval and business continuity planning. Actions aud itors should review include how plans are developed, maintained, tested, and validated, and whether or not the plans address critical business operation components.Compliance The final clause provides valuable information auditors can use when sending the compliance level of systems and controls with inhering security policies, industry-specific regulations, and government legislation.(Edmead, M. T. 2006 retrieved from http//www.theiia.org/ITAuditArchive/?aid=2209iid=467)The standard, which was updated in June 2005 to reflect changes in the field of information security, provides a high-level view of information security from different angles and a comprehensive set of information security best practices. to a greater extent specifically, ISO 17799 is designed for companies that wish to develop effective information security management practices and grow their IT security efforts.Control ObjectivesThe ISO 17799 Standard contains 11 clauses which are cut off into security categor ies, with each category having a clear control objective. in that respect are a total of 39 security categories in the standard. The control objectives in the clauses are designed to tack together the risk assessment requirements and they can serve as a practical guideline or super acid basis for development of effective security management practices and plaqueal security standards. therefore, if a play along is compliant with the ISO/IEC 17799 Standard, it will most likely meet IT management requirements found in other laws and regulations. However, because different standards strive for different general objectives, auditors should point out that compliance with 17799 alone will not meet all of the requirements postulate for compliance with other laws and regulations. Establishing an ISO/IEC 17799 compliance program could recruit a beau mondes information security controls and IT environment greatly.Conducting an audit evaluation of the standard provides organizations wit h a quick snapshot of the security infrastructure. Based on this snapshot, aged managers can obtain a high-level view of how well information security is being implemented across the IT environment. In fact, the evaluation can highlight gaps present in security controls and discover areas for improvement.In addition, organizations face to enhance their IT and security controls could keep in mind other ISO standards, in particular current and next standards from the 27000 series, which the ISO has set aside for guidance on security best practices. (Edmead, M. T. 2006 retrieved from http//www.theiia.org/ITAuditArchive/?aid=2209iid=467)Tree topographic anatomyTree topologies bind bigeminal star topologies together onto a bus. In its most simple form, only hub devices are directly affiliated to the tree bus and the hubs function as the root of the device tree.This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub ports) alone. Topologies remain an important part of network design theory. It is very simple to build a groundwork or small business network without sympathy the difference between a bus design and a star design, but sagacity the concepts behind these gives you a deeper chthonicstanding of important elements like hubs, broadcasts, ports, and routes. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf)Use of the ring topology should be considered for use in medium sized companies, and the ring topology would also be the best topology for small companies because it is ensures ease of data transfer.Ring topologyIn a ring network, there are two neighbors for each device, so as to change communication. Messages are passed in the same military commission, through a ring which is effectively either counterclockwise or clockwise. If any cable or device fails, this will break the loop and coul d hinder the entire network.Bus network topologyBus networks utilize a plebeian backbone to connect various devices. This backbone, which is a single cable, functions as a shared medium of communication which the devices tap into or attach to, with an interface connector.A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf)Star analysis situsThe star topology is used in a lot of spot networks. A star network consists of a central connection point or hub that can be in the form of an actual hub, or a switch. Usually, devices will connect to the switch or hub by an unshielded Twisted Pair (UTP) Ethernet.Compared to the bus topology, a star network in the main requires more cable, but a failure in any star network cable will only take down one computers network access and not the entire LAN. If the hub fails, however, the entire network also fails. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf)Relating the security clauses and control objectives to an organisationIn an organisation like the Nurhts Institute of Information Technology (NIIT), the above mentioned security clauses and control objectives provide a high-level view of information security from different angles and a comprehensive set of information best security practices. Also, the ISO 17799 is designed for companies like NIIT, which aim to enhance their IT security, and to develop effective information security management practices.At NIIT, the local network relies to a considerable degree, on the discipline implementation of these security practices and other algorithms so as to avoid congestion collapse, and preserve network stability. An attacker or hacker on the network can cause TCP endpoints to react in a more aggressive way in the face of congestion, by the forging of inordinate d ata point of references, or excess duplicate acknowledgments. Such an attack could maybe cause a portion of the network to go into congestion collapse.The Security Policy clause states that support for information security should be done in accordance with the companys security policy. (Edmead, M. T. 2006). This provides a foundation of the security fabric at NIIT, and also provides information and direction on the organisations security posture. For instance, this clause helps the company auditors to determine whether the security policy of the company is properly maintained, and also if indeed it is to be disseminated to every employee.The Organizing Information Security clause stipulates that there should be appropriate management mannikin for the organisations security policy. This takes care of the organizational structure of NIITs security program, including the right security policy management framework, the securing of information assets from third parties, and the care of information security during outsourced processing.At NIIT, the Security clauses and control objectives define the companys stand on security and also help to identify the vital areas considered when implementing IT controls. The ISO/IEC 17799s 11 security clauses enable NIIT to accomplish its security objectives by providing a comprehensive set of information security best practices for the company to utilize for enhancement of its IT infrastructure.ConclusionDifferent businesses require different computer networks, because the type of network utilized in an organisation must be suitable for the organisation. It is advisable for smaller businesses to use the LAN type of network because it is more reliable. The WAN and MAN would be ideal for larger companies, but if an organisation decides to expand, they can thusly change the type of network they have in use. If an organisation decides to go international, then a Wireless Area Network can be very usefulAlso, small companies sho uld essay to set up their network by using a client/server approach. This would help the company to be more secure and enable them to keep in touch with the activities of others are doing. The client/server would be much better than a peer-to-peer network, it would be more cost-effective.On the average, most organisations have to spend a good totality of money and resources to fasten and maintain a reliable and successful network that will be and easy to maintain in the long run.For TCP Congestion Control, when CongWin is beneath Threshold, sender in slow-start phase, window grows exponentially. If CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold, and threshold set to CongWin/2 and CongWin is set to 1 MSS when a timeout occurs.For a Small Office/Home Office (SOHO), networks such as piano tuner networks are very suitable. In such a network, there wont be any need to run wires through walls and under carpets for connectivity.The SOHO user need not worry about plugging their laptop into go in stations every time they come into the plaza or float for clumsy and unattractive network cabling. Wireless networking provides connectivity without the hassle and cost of outfit and expensive berth stations. Also, as the business or home office grows or shrinks, the need for equip new-made computers to the network is nonexistent. If the business moves, the network is ready for use as soon as the computers are moved. For the pumped up(p) impossible networks such as those that might be found in warehouses, wireless will al slipway be the only attractive alternative. As wireless speeds increase, these users have only brighter days in their future. (http//www.nextstep.ir/network.s hypertext mark-up language)It is essential to discover that the computer network installed in an organisation represents more than effective a simple ch ange in the method by which employees communicate. The impact of a particular computer network may dramatically affect the way employees in an organisation work and also affect the way they think.BibliographyBusiness Editors High-Tech Writers. (2003, July 22). International VoIP CouncilLaunches Fax-Over-IP Working Group. Business Wire. Retrieved July 28,2003 from ProQuest database.Career Directions (2001 October). Tech Directions, 61(3), 28 Retrieved July 21, 2003from EBSCOhost databaseEdmead, M. T. (2006) Are You Familiar with the Most Recent ISO/IEC 17799 Changes?(Retrieved from http//www.theiia.org/ITAuditArchive/?aid=2209iid=467)FitzGerald, J. (1999), Business entropy Communications And Networking saloon John Wiley SonsForouzan, B. (1998), Introduction To information Communications And Networking ginmill Mc-Graw Hillhttp//www.theiia.org/itaudithttp//www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209http//www.psc.edu/networking/projects/tcpfriendly/ISO /IEC 177992000 Code of practice for information security management barlished by ISO and the British Standards Institute http//www.iso.org/ISO/IEC 177992005, Information technology Security techniques Code ofpractice for information security management. taphouselished by ISOhttp//www.iso.org/iso/en/prods-services/popstds/informationsecurity.hypertext markup languageKurose, J. F. Ross, K. W. 2002. Computer Networking A Top-Down ApproachFeaturing the Internet, 2nd Edition, ISBN 0-321-17644-8 (the internationaledition), ISBN 0-201-97699-4, published by Addison-Wesley, 2002www.awl.com/csMing, D. R. Sudama (1992) NETWORK MONITORING EXPLAINED DESIGNAND APPLICATION Pub Ellis HorwoodRigney, S. (1995) NETWORK PLANNING AND MANAGMENT YOUR PERSONALCONSALTANTRound-Trip Time Estimation and RTO Timeout Selection (retrieved fromhttp//netlab.cse.yzu.edu.tw/ns2/html/doc/node368.html)Shafer, M. (2001, June 11). Careers not so secure? Network Computing, 12(12), 130-Retrieved July 22, 2003 from EBSCOhost databaseStevens, W. and Allman, M. (1998) TCP performance Working Group (retrieved fromhttp//www.ietf.org/proceedings/98aug/I-D/draft-ietf-tcpimpl-cong-control-00.txt)Watson, S (2002). The Network Troubleshooters. Computerworld 36(38), 54. (Retrieved July 21, 2003 from EBSCOhost database)Wesley, A. (2000), Internet Users race to Network Resource Tools 1st Ed, PubNetskilswww.microsoft.co.ukwww.apple.comwww.apple.co.ukwww.bized.comhttp//www.nextstep.ir/network.shtmlwww.novell.comwww.apple.com/businesswww.microsoft.com/networking/e-mailswww.engin.umich.eduwww.microsoft.comComputer Network Security within OrganisationsComputer Network Security within OrganisationsNetworking and ManagementIntroductionA computer network is a connection of two or more computers in order to share resources and data. These shared resources can include devices like printers and other resources like electronic mail, internet access, and file sharing. A computer network can also be seen as a collec tion of Personal computers and other related devices which are machine-accessible together, either with cables or wirelessly, so that they can share information and communicate with one another. Computer networks vary in size. Some networks are needed for areas within a single office, while others are vast or even span the globe.Network management has grown as a career that requires specialized training, and comes with management of important responsibilities, thus creating future opportunities for employment. The resulting expect increase in opportunities should be a determining and persuasive factor in for graduates to consider going into network management.Computer networking is a discipline of design that involves communication between various computer devices and systems. In computer networking, protocols, routers, routing, and networking across the public internet have specifications that are defined in RFC documents. Computer networking can be seen as a sub-category of com puter science, telecommunications, IT and/or computer applied science. Computer networks also depend largely upon the practical and theoretical applications of these engineering and scientific disciplines.In the vastly technological environment of today, most organisations have some kind of network that is used every day. It is essential that the day-to-day operations in such a company or organisation are carried out on a network that runs smoothly. Most companies employ a network administrator or manager to oversee this very important aspect of the companys business. This is a significant position, as it comes with great responsibilities because an organisation will experience significant operational losses if problems arise within its network.Computer networking also involves the setting up of any set of computers or computer devices and enabling them to exchange information and data. Some examples of computer networks includeLocal area networks (LANs) that are made up of small n etworks which are constrained to a relatively small geographic area.Wide area networks (WANs) which are usually bigger than local area networks, and cover a large geographic area.Wireless LANs and WANs (WLAN WWAN). These represent the wireless equivalent of the Local Area Network and Wide Area NetworksNetworks involve interconnection to allow communication with a variety of different kinds of media, including twisted-pair copper wire cable, coaxial cable, optical fiber, and various wireless technologies. The devices can be separated by a few meters (e.g. via Bluetooth) or nearly infinite distances (e.g. via the interconnections of the Internet. (http//en.wikipedia.org/wiki/Computer_networking)TASK 1TCP connection congestion control any application, whether it is a small or large application, should perform adaptive congestion control because applications that perform congestion control use a network more efficiently and are generally of better performance.Congestion control algori thms prevent the network from entering Congestive Collapse. Congestive Collapse is a situation where, although the network links are being heavily utilized, very little useful work is being done. The network will soon begin to require applications to perform congestion control, and those applications which do not perform congestion control will be harshly penalized by the network, probably in the form of preferentially dropping their packets during times of congestion (http//www.psc.edu/networking/projects/tcpfriendly/)Principles of Congestion ControlInformally, congestion entails that too many sources are sending too much data, and sending them too fast for the network to handle. TCP Congestion Control is not the same as flow control, as there are several differences between TCP Congestion Control and flow control. Other principles of congestion control include Global versus point-2-point, and orthogonal issues.Congestion manifests itself by causing loss of packets (buffer overflow at routers), and long delays (queuing in router buffers). Also, during congestion, there is no explicit feedback from network routers, and there is congestion inferred from end-system sight loss. In network-assisted congestion control, routers provide feedback to end systems, and the explicit rate sender sends at Choke Packet. Below are some other characteristics and principles of congestion controlWhen CongWin is below Threshold, sender in slow-start phase, window grows exponentially.When CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly.When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold.When timeout occurs, Threshold set to CongWin/2 and CongWin is set to 1 MSS.Avoidance of CongestionIt is necessary for the TCP sender to use congestion avoidance and slow start algorithms in controlling the amount of outstanding data that is injected into a network.In order to implement these algorithms, two variabl es are added to the TCP per-connection state. The congestion window (cwnd) is a sender-side limit on the amount of data the sender can transmit into the network before receiving an acknowledgment (ACK), while the receivers advertised window (rwnd) is a receiver-side limit on the amount of outstanding data. The minimum of cwnd and rwnd governs data transmission. (Stevens, W. and Allman, M. 1998)TCP Flow ControlIn TCP flow control, the receiving side of the TCP connection possesses a receive buffer, and a speed-matching service which matches the send rate to the receiving applications drain rate. During flow control, Rcvr advertises any spare room by including value of RcvWindow in segments, and the sender limits unACKed data to RcvWindow. TCP flow control also ensures that there is no overflow of the receive buffer.Round-trip Time Estimation and TimeoutTCP Round Trip Time and Timeout are usually longer than RTT, but RTT varies, and has a slow reaction to segment loss. SampleRTT is m easured time from segment transmission until ACK receipt, ignore retransmissions, and will vary, want estimated RTT smootherRound-trip time samples arrive with new ACKs. The RTT sample is computed as the difference between the current time and a time echo field in the ACK packet. When the first sample is taken, its value is used as the initial value for srtt. Half the first sample is used as the initial value for rttvar. (Round-Trip Time Estimation and RTO Timeout Selection)There are often problems due to timeouts, including the restriction of the sender that is compelled to wait until a timeout, and is able to do nothing during this period. Also, the first segment in the slip window is often not acked, and retransmission becomes necessary, waiting again one RTT before the segment flow continues. It should be noted that on receiving the later segments, the receiver sends back ACKs.Estimated RTTEstimatedRTT = 0.875 * EstimatedRTT + 0.125 * SampleRTTDevRTTDevRTT = (1 0.25) * DevRTT + SampleRTT EstimatedRTTTimeout intervalTimeoutInterval = EstimatedRTT + 4 * DevRTTThe integrated services (IntServ) and DiffServ (Differentiated Services) architecture are two architectures that have been proposed for the provision of and guaranteeing of quality of service (QoS) over the internet. Whereas the Intserv framework is developed within the IETF to provide individualized QoS guarantees to individual application sessions, Diffserv is geared towards enabling the handling of different classes of traffic in various ways on the internet. These two architectures represent the IETFs current standards for provision of QoS guarantees, although neither Intserv nor Diffserv have taken off or found widespread credenza on the web.(a) Integrated Service ArchitectureIn computer networking, the integrated services (IntServ) architecture is an architecture that specifies the elements for the guaranteeing of quality of service (QoS) on the network. For instance, IntServ can be used to allow sound and video to be sent over a network to the receiver without getting interrupted. IntServ specifies a fine-grained Quality of service system, in contrast to DiffServs coarse-grained system of control.In the IntServ architecture, the idea is that each router inside a system implements IntServ, and applications which require various types of guarantees have to make individual reservations. Flow Specs are used to describe the purpose of the reservation, and the underlying mechanism that signals it across the network is called RSVP.TSPECs include token bucket algorithm parameters. The idea is that there is a token bucket which slowly fills up with tokens, arriving at a constant rate. both packet which is sent requires a token, and if there are no tokens, then it cannot be sent. Thus, the rate at which tokens arrive dictates the average rate of traffic flow, while the depth of the bucket dictates how large the traffic is allowed to be. TSPECs typically just specify the token rate and the bucket depth.For example, a video with a refresh rate of 75 frames per second, with each frame taking 10 packets, might specify a token rate of 750Hz, and a bucket depth of only 10. The bucket depth would be sufficient to concur the burst associated with sending an entire frame all at once. On the other hand, a conversation would need a lower token rate, but a much higher bucket depth.This is because there are often pauses in conversations, so they can make do with fewer tokens by not sending the gaps between words and sentences. However, this means the bucket depth needs to be increased to compensate for the traffic being larger. (http//en.wikipedia.org/wiki/Integrated_services)(b) Differentiated Service ArchitectureThe RFC 2475 (An Architecture for Differentiated Services) was published In 1998, by the IETF. Presently, DiffServ has widely replaced other Layer 3 Quality of Service mechanisms (such as IntServ), as the basic protocol that routers use to provide differe nt service levels.DiffServ (Differentiated Services) architecture is a computer networking architecture which specifies a scalable, less complex, coarse-grained mechanism for the classification, management of network traffic and for provision of QoS (Quality of Service) guarantees on modern IP networks. For instance, DiffServ can be used for providing low-latency, guaranteed service (GS) to video, voice or other critical network traffic, while ensuring simple best-effort traffic guarantees to non-critical network services like file transfers and web traffic.Most of the proposed Quality of Service mechanisms which allowed these services to co-exist were complicated and did not adequately meet the demands Internet users because modern data networks carry various kinds of services like float music, video, voice, email and also web pages.It would probably be difficult to implement Intserv in the core of the internet because most of the communication between computers connected to the I nternet is based on a client/server geomorphologic design. This Client/server describes a structure involving the connection of one computer to another for the purpose of giving work instructions or asking it questions. In an arrangement like this, the particular computer that questions and gives out instructions is the client, while the computer that provides answers to the asked questions and responds to the work instructions is the server.The same terms are used to describe the software programs that facilitate the asking and answering. A client application, for instance, presents an on-screen interface for the user to work with at the client computer the server application welcomes the client and knows how to respond correctly to the clients commands. Any file server or PC can be adapted for use as an Internet server, however a dedicated computer should be chosen.Anyone with a computer and modem can join this network by using a standard phone. Dedicating the server that is, usin g a computer as a server only helps avoid some security and basic problems that result from sharing the functions of the server. To gain access to the Internet you will require an engineer to install the broadband modem. Then you will be able to use the server to network the Internet on all machines on a network. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf)TASK 5Network securityThese days, computers are used for everything from obtain and communication to banking and investment. Intruders into a network system (or hackers) do not care about the privacy or identity of network users. Their aim is to gain control of computers on the network so that they can use these systems to order attacks on other computer systems.Therefore people who use the network for these purposes must be protected from unknown strangers who try to read their subtle documents, or use their computer to attack other systems, and send bad email, or access their personal information (such as their bank or other financial statements)Security ClausesThe International Organisation for Standardizations (ISOs) 17799 2005 Standard is a code of practice for information security management which provides a broad, non-technical framework for establishing efficient IT controls. The ISO 17799 Standard consists of 11 clauses that are divided into one or more security categories for a total of 39 security categoriesThe security clauses of the ISO standard 177992005- code of practice for Information Security Management includeThe security Policy clauseOrganizing Information SecurityAsset Management.Human Resources Security.Physical and Environmental Security.Communications and Operations.Access Control.Information Systems Acquisition, Development, and Maintenance.Information Security Incident Management.Business Continuity Management.Compliance. (http//www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209)Here is a brief description of the more recent version of these security clausesSecurity Policy Security policies are the foundation of the security framework and provide direction and information on the companys security posture. This clause states that support for information security should be done in accordance with the companys security policy.Organizing Information Security This clause addresses the establishment and organizational structure of the security program, including the appropriate management framework for security policy, how information assets should be secured from third parties, and how information security is maintained when processing is outsourced.Asset Management This clause describes best practices for classifying and defend assets, including data, software, hardware, and utilities. The clause also provides information on how to classify data, how data should be handled, and how to protect data assets adequately.Human Resources Security This clause describes best practices for power management, including hiring practices, termi nation procedures, employee training on security controls, dissemination of security policies, and use of incident response procedures.Physical and Environmental Security As the anatomy implies, this clause addresses the different physical and environmental aspects of security, including best practices organizations can use to mitigate service interruptions, prevent unauthorized physical access, or pick at theft of corporate resources.Communications and Operations This clause discusses the requirements pertaining to the management and operation of systems and electronic information. Examples of controls to audit in this area include system planning, network management, and e-mail and e-commerce security.Access Control This security clause describes how access to corporate assets should be managed, including access to digital and nondigital information, as well as network resources.Information Systems Acquisitions, Development, and Maintenance This section discusses the development of IT systems, including applications created by third-parties, and how security should be incorporated during the development phase.Information Security Incident Management This clause identifies best practices for communicating information security issues and weaknesses, such as reporting and escalation procedures. Once established, auditors can review existing controls to determine if the company has adequate procedures in place to handle security incidents.Business Continuity Management The 10th security clause provides information on disaster recuperation and business continuity planning. Actions auditors should review include how plans are developed, maintained, tested, and validated, and whether or not the plans address critical business operation components.Compliance The final clause provides valuable information auditors can use when identifying the compliance level of systems and controls with inborn security policies, industry-specific regulations, and government leg islation.(Edmead, M. T. 2006 retrieved from http//www.theiia.org/ITAuditArchive/?aid=2209iid=467)The standard, which was updated in June 2005 to reflect changes in the field of information security, provides a high-level view of information security from different angles and a comprehensive set of information security best practices. more than specifically, ISO 17799 is designed for companies that wish to develop effective information security management practices and enhance their IT security efforts.Control ObjectivesThe ISO 17799 Standard contains 11 clauses which are flare up into security categories, with each category having a clear control objective. There are a total of 39 security categories in the standard. The control objectives in the clauses are designed to meet the risk assessment requirements and they can serve as a practical guideline or jet basis for development of effective security management practices and organisational security standards.Therefore, if a compa ny is compliant with the ISO/IEC 17799 Standard, it will most likely meet IT management requirements found in other laws and regulations. However, because different standards strive for different boilersuit objectives, auditors should point out that compliance with 17799 alone will not meet all of the requirements needed for compliance with other laws and regulations. Establishing an ISO/IEC 17799 compliance program could enhance a companys information security controls and IT environment greatly.Conducting an audit evaluation of the standard provides organizations with a quick snapshot of the security infrastructure. Based on this snapshot, ripened managers can obtain a high-level view of how well information security is being implemented across the IT environment. In fact, the evaluation can highlight gaps present in security controls and identify areas for improvement.In addition, organizations looking for to enhance their IT and security controls could keep in mind other ISO s tandards, especially current and future standards from the 27000 series, which the ISO has set aside for guidance on security best practices. (Edmead, M. T. 2006 retrieved from http//www.theiia.org/ITAuditArchive/?aid=2209iid=467)Tree TopologyTree topologies bind seven-fold star topologies together onto a bus. In its most simple form, only hub devices are directly connected to the tree bus and the hubs function as the root of the device tree.This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub ports) alone. Topologies remain an important part of network design theory. It is very simple to build a home or small business network without understanding the difference between a bus design and a star design, but understanding the concepts behind these gives you a deeper understanding of important elements like hubs, broadcasts, ports, and routes. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf)Use of the ring topology should be considered for use in medium sized companies, and the ring topology would also be the best topology for small companies because it is ensures ease of data transfer.Ring TopologyIn a ring network, there are two neighbors for each device, so as to enable communication. Messages are passed in the same direction, through a ring which is effectively either counterclockwise or clockwise. If any cable or device fails, this will break the loop and could incapacitate the entire network.Bus TopologyBus networks utilize a harsh backbone to connect various devices. This backbone, which is a single cable, functions as a shared medium of communication which the devices tap into or attach to, with an interface connector.A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually ac cepts and processes the message. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf)Star TopologyThe star topology is used in a lot of home networks. A star network consists of a central connection point or hub that can be in the form of an actual hub, or a switch. Usually, devices will connect to the switch or hub by an unprotected Twisted Pair (UTP) Ethernet.Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computers network access and not the entire LAN. If the hub fails, however, the entire network also fails. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf)Relating the security clauses and control objectives to an organisationIn an organisation like the Nurhts Institute of Information Technology (NIIT), the above mentioned security clauses and control objectives provide a high-level view of information security from different angles and a comprehensive set of information best security prac tices. Also, the ISO 17799 is designed for companies like NIIT, which aim to enhance their IT security, and to develop effective information security management practices.At NIIT, the local network relies to a considerable degree, on the correct implementation of these security practices and other algorithms so as to avoid congestion collapse, and preserve network stability. An attacker or hacker on the network can cause TCP endpoints to react in a more aggressive way in the face of congestion, by the forging of undue data acknowledgments, or excess duplicate acknowledgments. Such an attack could perhaps cause a portion of the network to go into congestion collapse.The Security Policy clause states that support for information security should be done in accordance with the companys security policy. (Edmead, M. T. 2006). This provides a foundation of the security framework at NIIT, and also provides information and direction on the organisations security posture. For instance, this clause helps the company auditors to determine whether the security policy of the company is properly maintained, and also if indeed it is to be disseminated to every employee.The Organizing Information Security clause stipulates that there should be appropriate management framework for the organisations security policy. This takes care of the organizational structure of NIITs security program, including the right security policy management framework, the securing of information assets from third parties, and the criminal maintenance of information security during outsourced processing.At NIIT, the Security clauses and control objectives define the companys stand on security and also help to identify the vital areas considered when implementing IT controls. The ISO/IEC 17799s 11 security clauses enable NIIT to accomplish its security objectives by providing a comprehensive set of information security best practices for the company to utilize for enhancement of its IT infrastructur e.ConclusionDifferent businesses require different computer networks, because the type of network utilized in an organisation must be suitable for the organisation. It is advisable for smaller businesses to use the LAN type of network because it is more reliable. The WAN and MAN would be ideal for larger companies, but if an organisation decides to expand, they can then change the type of network they have in use. If an organisation decides to go international, then a Wireless Area Network can be very usefulAlso, small companies should aim to set up their network by using a client/server approach. This would help the company to be more secure and enable them to keep in touch with the activities of others are doing. The client/server would be much better than a peer-to-peer network, it would be more cost-effective.On the average, most organisations have to spend a good amount of money and resources to procure and maintain a reliable and successful network that will be and easy to ma intain in the long run.For TCP Congestion Control, when CongWin is below Threshold, sender in slow-start phase, window grows exponentially. If CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold, and threshold set to CongWin/2 and CongWin is set to 1 MSS when a timeout occurs.For a Small Office/Home Office (SOHO), networks such as wireless networks are very suitable. In such a network, there wont be any need to run wires through walls and under carpets for connectivity.The SOHO user need not worry about plugging their laptop into docking stations every time they come into the office or mess for clumsy and unattractive network cabling. Wireless networking provides connectivity without the hassle and cost of wiring and expensive docking stations. Also, as the business or home office grows or shrinks, the need for wiring new computers to the network is no nexistent. If the business moves, the network is ready for use as soon as the computers are moved. For the fit out impossible networks such as those that might be found in warehouses, wireless will always be the only attractive alternative. As wireless speeds increase, these users have only brighter days in their future. (http//www.nextstep.ir/network.shtml)It is essential to note that the computer network installed in an organisation represents more than just a simple change in the method by which employees communicate. The impact of a particular computer network may dramatically affect the way employees in an organisation work and also affect the way they think.BibliographyBusiness Editors High-Tech Writers. (2003, July 22). International VoIP CouncilLaunches Fax-Over-IP Working Group. Business Wire. Retrieved July 28,2003 from ProQuest database.Career Directions (2001 October). Tech Directions, 61(3), 28 Retrieved July 21, 2003from EBSCOhost databaseEdmead, M. T. (2006) Are You Familiar with the Most Recent ISO/IEC 17799 Changes?(Retrieved from http//www.theiia.org/ITAuditArchive/?aid=2209iid=467)FitzGerald, J. (1999), Business Data Communications And Networking Pub John Wiley SonsForouzan, B. (1998), Introduction To Data Communications And Networking Pub Mc-Graw Hillhttp//www.theiia.org/itaudithttp//www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209http//www.psc.edu/networking/projects/tcpfriendly/ISO/IEC 177992000 Code of practice for information security management Published by ISO and the British Standards Institute http//www.iso.org/ISO/IEC 177992005, Information technology Security techniques Code ofpractice for information security management. Published by ISOhttp//www.iso.org/iso/en/prods-services/popstds/informationsecurity.htmlKurose, J. F. Ross, K. W. 2002. Computer Networking A Top-Down ApproachFeaturing the Internet, 2nd Edition, ISBN 0-321-17644-8 (the internationaledition), ISBN 0-201-97699-4, published by Addiso n-Wesley, 2002www.awl.com/csMing, D. R. Sudama (1992) NETWORK MONITORING EXPLAINED DESIGNAND APPLICATION Pub Ellis HorwoodRigney, S. (1995) NETWORK PLANNING AND MANAGMENT YOUR PERSONALCONSALTANTRound-Trip Time Estimation and RTO Timeout Selection (retrieved fromhttp//netlab.cse.yzu.edu.tw/ns2/html/doc/node368.html)Shafer, M. (2001, June 11). Careers not so secure? Network Computing, 12(12), 130-Retrieved July 22, 2003 from EBSCOhost databaseStevens, W. and Allman, M. (1998) TCP performance Working Group (retrieved fromhttp//www.ietf.org/proceedings/98aug/I-D/draft-ietf-tcpimpl-cong-control-00.txt)Watson, S (2002). The Network Troubleshooters. Computerworld 36(38), 54. (Retrieved July 21, 2003 from EBSCOhost database)Wesley, A. (2000), Internet Users thread to Network Resource Tools 1st Ed, PubNetskilswww.microsoft.co.ukwww.apple.comwww.apple.co.ukwww.bized.comhttp//www.nextstep.ir/network.shtmlwww.novell.comwww.apple.com/businesswww.microsoft.com/networking/e-mailswww.engin.umich .eduwww.microsoft.com

Ecommerce in Tourism Industry

E affair in Tourism Industry2.1. installation to e-Commerceelectronic commerce (e-Commerce) is such(prenominal) a serve offering pot the opportunity to do their shopping via modern tuition and communication technologies at home (Schultz, 2007). It en adequates every 1 to manoeuvre line of descent via the ne 2rk. The and term is a opiner and a association to the lucre.The term e-Commerce is becoming increasingly grand in the dictionary of at presents touristry managers both around the founding. This is reflected in the development of the boilers suit online impress market turnoer in europium r for each oneing a total of EUR 70 billion in the category 2008 (V-I-R, Verband mesh Reisevertrieb, 2009). The groundwork of the internet represented both, major(ip) opportunities as easy as threats, for the touristry exertion.The internet erased visible b sets and en up to(p)s everyone to participate in a global marketplace. The further requi billet is a computer a nd an internet insane asylum. This component explores the current dynamics in spite of appearance the broader bea of e-Commerce and provides explanations for the incorporating positions of none dealingss via the meshwork.The world(a) proliferation of the internet lead to the birth of electronic enrapture of traffical schooling. E-Commerce flourished because of the openness, speed, anonymity, digitization, and global additionibility characteristics of the internet, which facilitated real- epoch commerce (Yu et al., 2002).One stomach of course beg, whether the anonymity of the cyberspace is still sound today. Maya Gadzheva (2008) for example, suggests that the achievement of unobserv big businessman and anonymity in the network is waiver to be oermuch to a greater extent than difficult in the future, come on-of-pocket to the surmise of unlimited gathering of data.Through the aide of the internet touristry companies argon adequate to(p) to market and se ll their carrefours to a far greater bargain which represents self-coloured f etceterath opportunities for them. gibe to Porter (2001), the profit engine room provides rectify opportunities for companies to break distinctive, strategic positioning than did previous generations of nurture engineering. However, those opportunities raise as rise as represent burdens for companies participating in minutes via the profits.Those companies be now more(prenominal)(prenominal) than ever forced to keep their meshing sites cutting-edge and to provide real selective education. Since the net income is a very agile ever-changing speciality, it requires their participants, in this courtship the e-merchants, to keep up with this pace. In case the companies derriere non forgather these requirements, they forget ilkly face a shift of clients to the emulation. Especially the ara of tourism, be labeled as generally bedledge driven (Morgan et al., 2001) requires unceasingly updated and reliable data. Customers look at to get under ones skin every development they require on the web. They collect to be where to try and they pauperisation to be convinced of the verifyworthiness and dependableness of this information.The susceptibility to inform clients and to sell and market productionions in the practical(prenominal) marketplace is a critical success factor for economic endure of tourism companies forecastly and in the future. The website is consequently a digital business tease apart of tourism companies and one of their most effective gross r up to nowue persons at the same time.Internet engine room provides debauchers with easier recover to information ab let on products and suppliers, thus bolstering buyer dicker force (Porter, 2001). This ordain a the likewise decrease the cost of exchange suppliers (or tourism companies). That is the downturn of the Internet. Competitors atomic subprogram 18 nevertheless a a few(prenominal) mouse clicks off (Porter, 2001) and the unit of measurement industry becomes more transp arnt. Just roughly every troupe participating in e-Commerce is obviously forced to harken hurts of their vacation components. This facilitates the compargon of tourism run.Customers do now scram access to all kinds of information that facilitate as substantiallyspring as charm their pass choice. Since tourism companies coffin nail no long-acting variediate themselves from the competition by ready marrow, the corporate website, and the online ap mindment butt on of a holiday becomes progressively more grand. This involves the appearance of the website, including usability and content related features, but excessively everything tutelageing the actual involvement edge and effect handling.The tourism comp any (the marketer) and the guest (the buyer) conducting business over the internet conduct usually never seen each a nonher(prenominal) face-to -face, nor do they telephone exchange currency or hard copies of documents hand-to-hand. When put ups be to be make over a tele communication theory ne twainrk such as the internet, accuracy and warranter become critical (Yu et al., 2002).In new(prenominal) speech communication this would mean that nodes take in to transfer extremely private information like swan card details to a complete st cheatr.Summarizing this section it tush be tell that Internet and e-Commerce present miscellaneous payoffs for tourism nodes, since companies and offers atomic follow 18 more transp arnt and easier to comp argon. Furthermore, improvements in IT technology exit enhance the search for relevant information and facilitate the navigation in the mankind wide of the mark Web.However, in that location be too threatening factors for tourism companies. Competition result become stronger, since competitors ar only a few mouse clicks a personal manner, switching costs for gue sts atomic number 18 much hourlong and due to their access to intimately unlimited information the guests bargaining situation go out increase. Nonetheless, tourism companies who sens keep up with the fast pace of the Internet and who are able to convince nodes of the reliability, thinkworthiness and timeliness of their displayed offers and information leave take in from the Internet.2.2. Online swear or e blasphemeWhat is (online) conjecture? A kickoff whole step towards the answer of this read/write head underside be made by expression at various definitions of the term send. Trust is defined as the trait of believing in the honesty and reliability of early(a)s (Wordnet, Princeton University, 2006). agree to this definition, buyers conducting minutes via the Internet bequeath harbour to rely on a person or governing body they whitethorn suck never seen or still heard of.This would reservoirizedly be non adequate as an assurance for most of us. A no nher definition defines consecrate as to hope or wish (Wordnet, Princeton University, 2006). Summarizing this would mean that we necessitate to rely on the good leave behind of the other party and hope or wish that it will act as it was counterd. Those definitions might be a good starting purport in explaining the meaning of put, but they truely do non front to be convenient for most of us.Bhle et al. (2000) argue that self-assertion is a precondition for flourishing e-Commerce. Shankar et al. (2002) advance a different view, although they class (online) arrogance as being most-valuable in both business-to-business and business-to-consumer e-business. Koufaris and Hampton-Sosa (2004) lease a similar vogue of argumentation. They suggest that wish of place in online companies is a primary(a) reason why many a(prenominal) users do non shop online. Another author, Peter Landrock (2002), founder and managing conductor of Cryptomathic UK Ltd., one of the worlds leading providers of earnest solutions to businesses, points out that without such trust, neither businesses nor consumers will conduct minutes or sensitive communications across this medium (the Internet).This argument is being supported by a recently conducted sphere by Ernst Young and the Information Technology experience of America who cogitate that trust represents one of the most fundamental issues impacting the branch of e-Commerce (Talwatte, 2000). Strader and Shaw (Chadwick, 2001) point out that consumers are more likely to buy from an online club they trust, when price differences are depressed. Thos would in turn imply that whenever price differences are bell ringerifi fuckt, clients are willing to accept a higher direct of uncertainty and perceive risk in transactions with companies they do not know or trust. agree to those argumentations one pile say that trust is the major precondition for both, businesses as well as consumers to conduct transactions via the Int ernet. Trust is a key challenge to the customer acceptance of e-Commerce the contain of trust is an important reason for the hesitant ontogeny in e-Commerce and for the hesitation of consumers to suck in online buying transactions (Schultz, 2007).A Forrester Survey from 2000 say that 51% of companies would not do business with parties they do not trust over the web (Shankar et al., 2002). However, this would also mean that 49% of companies would do business with companies they do not trust. Trust postulate to be potently unite with uncertainty and ambiguity. The more information a buyer has about the marketer, the better give the axe he or she estimates whether the vender will act as it was promised. Thus, the better the information about a seller the better tramp he or she be trusted. Good examples for this assumption are online marketplaces like eBay or Amazon.Those two providers offer nearly everyone the speculation to participate in e-Business. Since they recogniz ed the change magnitude postulate from customers for information about sellers, they introduced up-to-date ratings. every seller can be rated after transactions whether buyers switch been conform to with the transaction function or not. The higher and better the rating, the more trustworthy is the seller (in a simplified way).These ratings are good indications for (un discoverd) buyers, since they equip them with information about the sellers past performance in transactions. early(a) ways in creating trustworthiness are so-called trust seals. Those seals are issued by third base parties to verify the commitment of an e-vendor (Cook and Luo, 2003 Hu et al., 2003 Kaplan and Nieschwitz, 2003 Koufaris and Hampton-Sosa, 2004 Loebbecke, 2003 Patton and Jsang, 2004 Urban et al., 2000 Yang et al., 2006 in Schultz, 2007).Trust seals are generally indicated via symbols on the web site of the seller. Those seals are a sign that the seller conducts business according to the bills of t he third party, the trust seal provider, and/or that the seller conducts business as promised by the statements and policies on the web site (Schultz, 2007).Further measures to increase trust are gage features, the availability of resource allowance orders, privacy, security measure and return policies and feedback mechanisms and consumer communities (Schultz, 2007). Security is the chief(prenominal) concern of consumers onwards engaging in e-business with a seller (Schultz, 2007 Hinde 1998). Sellers need to incorporate certain security features into the design of their web sites in pitch of battle to ensure the synthetic rubber of the whole transaction process (see Credit Card) (Schultz, 2007). offer alternative methods of stipend is another approach of the seller to signal the willingness to oblige to the customers needs. Being able to aim a method of allowance equips the customer with the perceived power over a part of the transaction process.It is inhering to di splay the rules of the lame. Privacy, security and return policies need to present on every sellers web site in come in to inform the customer properly. This will not only increase trust but will also facilitate processes in case of complaints or other problems. The preparation of customer feedback mechanism (ratings, reply forms, forums, etc.) is another way for customers to increase cognition and gather information about a seller.The advantage is that customers can exchange with previous customers of the seller. This way they can obtain an purpose evaluation of the seller. However, sellers can also manipulate those forums by uploading faked ratings or deleting nix ratings or feedbacks. Again, the customer needs to develop trust in these kinds of information.Furthermore, customers do also need to develop trust in the IT bag they are victimisation, since this will be the mean of communicating the transactional data among the seller and the buyer. In other words, consumers not trusting the technology they are utilize for an intended transaction via the Internet will not participate in any e-Business transaction unless they feel confident with the security.When con grimacering security issues, a frequent key infrastructure (PKI) that can provide unafraid(p) enfranchisement on the Internet is an important step towards firm Internet transactions. It can stand by to build trust, inhibit the potential for fraud, ensure privacy and provide merchants with non-repudiation (Bhle et al., 2000).It is inborn for the merchant that the customer can trust him, his connection and Website and the defrayal body use. separatewise in that follow will not be any transactions amidst the two parties.Summarizing this section it can be utter that information is the key to (nearly) everything. A higher take aim of information about the other transactional party will increase the level of trust, since uncertainty and ambiguity can be erased at least to a certain extent. Furthermore, it is essential to throw cognisance for technologies and tools demand for security improvements and the development of trust. These tools and technologies can involve finespun components like trust seals and customer feedback forums. The harder components are engraft in the aspect of IT infrastructure. This includes improvements in the encryption and network and database security.2.3. Electronic Payment SystemsMonetary transactions via the Internet do always involve risks and uncertainty. In most of the cases, there is no ad hominem interaction problematical.That means that the customer has to put a considerable inwardness of trust in the sellers promise to fulfil everything that has been hold upon during the confirmation of the acquire (e.g. the bringing of the ordered products or profits on time, in the dependable quality and that the concur quantity of money is charged) (Schultz, 2007 Chadwick, 2001).According to Lammer (2006) Electronic Payme nt Systems or e-Payment Systems may be defined as all compensations that are initiated, processed and received electronically.The main concern with electronic earnings bodys is the level of security in each step of the transaction, because money and switch are transferred duration there is no direct contact between the two sides involved in the transaction. If there is even the slightest possibility that the recompense arrangement may not be secure, trust and assumption in this system will cast down to erode, destroying the infrastructure compulsory for electronic commerce (Yu et al., 2002).The customer is concerned right from the point he is connected to the website of the seller. The risk of losing private information like contact details, cite card or hope theme information is a primary concern of the customer. Therefore, it is necessary that both, the seller as well as the customer take care for the security of their own network as well as with the data exchanged d uring the transaction.In Germany, there are before long up to ten different electronic defrayment methods used with protean frequency and success. The author will only tinge to those remuneration systems which are applicable for nonphysical goods, such as holidays.The definitions downstairs are base on the work of Stroborn et al. (2004), who were arguing that one way to classify different remuneration instruments is by the point of time when the liquid state effect sets in from the payers point of view that means the exact point in time when the customers broadsheet is charged with the retribution. Following this premise, one can distinguish between pre compensable, pay-now and pay-later systems (Stroborn et.al, 2004).Other authors (Yu et al., 2002, Dannenberg Ulrich, 2004) categorized payment systems with regard to the pursuit variables. The first variable is the size of it or the gist of the payment (e.g. micro-payments). The second variable depends on the emblem of transaction, e.g. recognise card, paying via e- send out (PayPal), etc. It can be argued which of these two different approaches in classifying e-payment systems is the most appropriate. However, the author decides to use the categorization of Stroborn et al. (2004) for the reason that this type of classification can be better utilise to the underlying topic of this work, due to the following facts.The ability to differentiate e-Payment systems by the time, the liquidity effect sets in is important within the industry of tourism. spend components, especially jaunts are often generation financed using prepayments of customers. Therefore, it is particularly important for cruise lines to know which of the offered payment systems allow them to use prepayments as financing means. On the other hand, customers do always want a certain level of security, especially when they purchase a holiday, which is certainly not an everyday cost with regard to the amount charged.Therefore , equipping customers with the perceived power of determining the point of time when the actual payment will be processed will result in a beneficial sense of touch on the side of the customer. This equipment of perceived power is another way of demonstrating willingness to reconcile to customer needs. Customers seem to have all under control, since they receive the product before they have to pay for it. So the seller has already delivered the agreed upon product or expediency.2.3.1 Pre-Paid-payment systemsThe different Pre-Paid-payment systems currently in use in Germany will not be further explained. Systems like GeldKarte, MicroMoney or WEB.Cent are being used to settle small-or micro-payments up to usually 100. In this respect an application within the tourism industry is of no relevance. According to the DRV (Deutscher Reiseverband, 2008), the bulk of holidays booked via the Internet was between 500 - 1.500 (55, 1% of all holidays).2.3.2 Pay-Now-payment systemsSo called p ay-now systems debit the chronicle of the customer at the exact time the customer purchases aroundthing. Cash-on-Delivery (COD) and debit entree are well established examples today (Stroborn et al., 2004).Online carryAccording to Monika E. Hartmann (Lammer, 2006) online transfer can be defined as followsThese service are embedded in the online shopping process, e.g. via an automatic popup window connecting to the service provider and already containing all necessary transaction details. The customer is invited to choose a payment option and provide his fib details. The terminate transaction data set will be routed to the relevant payment service provider for authorization. later on palmy payment authorization the bank (or the payment service provider) confirms the payment to the merchant so that the purchase transaction can be completed (Lammer, 2006).COD (Cash-on-Delivery)COD is usually used for the colonization of amounts for physical goods. Customers order their craved a rticles over the website of an online merchant. The goods are then delivered by a mail service. In appurtenance to the price of the delivered goods, the customer pays also COD charges to the delivery service. The mail delivery service then mails a money order to the internet merchant.Due to the simultaneous exchange of physical goods and money, COD is said to protect consumer and merchant at the same time. Nevertheless, it is considered not to be cost-efficient and awkward for the consumer, who needs to be present for the delivery. Additionally, this payment method cannot be used for goods delivered electronically (Stroborn et al., 2004).M-Payments (Mobile Payments)M-Payment is such a service, where the fluent phone of the customer in combination with a PIN number deals as authentication device. Whenever the customer wants to purchase goods or transfer money, he or she is called by a third party, e.g. Paybox (www.paybox.net), on his or her unstable phone. He needs to confirm th e transaction with a PIN. The sum of the transaction is then debited from the customers bank account (Stroborn et al., 2004).According to a recent ingest conducted by the Verband Internet Reisevertrieb, v-i-r (2007), only two per centum of all holiday purchases have been settled using mpayments. However, this payment method is expected to grow tremendously in the future. This is already indicated by the awareness level of m-payments. Although only two percent had used m-payments to settle their online purchases, more than 23% of all respondents are aware of the possibility of using mobile payments.Debit entreThe process of a debit entry requires the receiving system of the payment, the seller, to inform his banking institution to charge the account of the buyer with a certain amount. This amount is in turn booked on the account of the seller (www.wikipedia.org).PayPalWith over one hundred fifty million registered accounts worldwide (PayPal, 2009), PayPal is one of the most succe ssful internet-based payment schemes. stylemark is done via the personal e-mail address of the customer in improver to the entry of a password. The amount is then debited from the customers PayPal account. Customers using PayPal will benefit since they will no longer have to break out their debit or character card number. Furthermore, the whole transaction process is speeded up due to the fact that customers no longer need to move into their address details. PayPal also promotes its product as being more secure in comparison with other e-payment schemes.2.3.3 Pay-Later-payment systemsIn basis of pay-later-systems (e.g. credit cards), the customer actually receives the goods before being debited (Stroborn et al., 2004). However, this depends upon the point in time when the customers bank account is being debited. It is also possible, particularly within the welkin of tourism that the bank account is debited before the holiday is consumed. at heart the tourism industry it is a c ommon practice to book and purchase holidays long time in advance.Especially in footing of family holidays, customers like to book in advance, since they do only have a small time gear up (namely the school holidays) where they can go on holiday. So, holidays in these periods are strongly demanded. Thus there is an incentive for customers to book as early in advance as possible. In this case, the classification of Stroborn et al. (2004) is not valid anymore. The holiday is purchased long before it is consumed and thus the bank account will also be debited before the consumption.Credit Card cave in payments via the use of the credit card is the most commonly used payment method worldwide. closely 90 % of all items and goods purchased via the Internet are paid by credit card (Dannenberg Ulrich, 2004). Stroborn et al. differentiate between three base ways of credit card payments via the InternetAn unsecured transactionA transaction via substantial Socket Layer (SSL), which is a s ort of digital envelope. SSL is the de facto standard for secure online transactions, preventing eavesdroppers from learn customers account details (Ashrafi Ng, 2009). The SSL technology establishes a secure communication pass between the participants of an online transaction.a transaction employing Secure Electronic Transaction communications protocol (SET), which is currently considered as the safest credit-card-based payment systems on the Internet (Stroborn et al., 2004).Recapitulating this section once more highlights the importance of awareness. According to Monika Hartmann (Lammer, 2006) many payment solutions did not succeed in reaching a critical mass of users. This can be seen in within the example of Mpayments. Payment methods may be very useful, except if they do not manage to reach a critical mass of users, they will not succeed in the market. So customers need to be enlightened about the different payment methods purchasable and the advantages and disadvantages in volved. In addition the aspect of trust reappears in this section. Customers need to trust the security of their Internet connection in the first place before they are conducting any business transactions.3.1 Factors favouring the growth of e-Commerce in tourismThe introduction of the internet as well as the ability to pay for goods and services via electronic payment systems created potential advantages for customers as well as for tourism companies. The marketing of an intangible product such as tourism largely depends upon visual monstrance (Morgan et al., 2001). With the Internet, marketers finally found the perfect tool. The capability of combination the presentation of facts and figures, unrestrained pictures and the whole booking process is a great asset for tourism companies. Buhalis (Morgan et al., 2001) stated that organizations and destinations which need to compete will be forced to compute. Thereby, he assigns companies participating in e-Commerce a monumental comp etitive advantage.According to a recent study of the VIR (Verband Internet Reisevertrieb, 2007) customers tax the easy and fast way of booking trips via the internet. Furthermore, they appreciate the possibility to custom-make their trips, to see if their desired holiday is still available and the extensive range of offerings. The possibility to pay per credit card and the nest egg in terms of time they need to invest are also big advantages for German customers booking their trips and holidays via the Internet.Cheyne et al. (2006) suggested that the Internet is providing the means for suppliers and consumers to bypass the fail divisor and interact directly. Furthermore, many writers propose that the Internet furnishes live on consumers with more information, faster responses and often cut down prices than they can achieve when make trip out arrangements with a conventional travel instrument (Cheyne et al., 2006).Tania Lang, a senior consultant at tough Gemini Ernst Young, stated in her work in 2000 that there are a mannikin of factors providing advantages and benefits for the users of the Internet. Amongst those factors is the access for availability enquiries and bookings when consumers want to research and purchase travel. Customers are no longer curtail to the opening times of their local travel agency.According to Buhalis (Lang, 2000), the ability to access information which is detail and up to date assists the travel consumer by making the product more tangible in their mind. Another important advantage of e-Commerce in tourism is the bypass of travel promoter fees and the access to online discounts. Lang (2000) stated that there is a cost advantage in acquire travel online as a result of the market becoming more competitive. These cost advantages can also be explained by decreasing dissemination costs. reason this section it can be suggested that customers will benefit tremendously from e-Commerce in the tourism industry. They wil l be faced with rase prices, since no intermediaries are involved any more so that potential cost savings can be achieved. In addition to this, the authors cited in a higher place implied that the visual way of holidays will improve due the recent and approaching developments in technology. According to this, there should not be any disadvantages for customers and conducting bookings via the Internet are the best solution for the future.However customers will also have to sacrifice in certain aspects as well as they will have to experience that bookings holidays via the Internet might not be that discriminatory as the following section will point out.3.2 Factors for the hesitant growth of e-Commerce in tourismIn 2009, Prashant Palvia argues that the Internet is far from achieving its potential due to the reluctance of consumers to engage in its use. Palvia (2009) stresses this assumption by a recent study, indicating that trades of online retailers were only 2, 2% of total good s sold in the U.S. in 2005. Moreover, analysts have predicted that even by 2011, e-Commerce sales would only account for only 7%. According to Tania Lang (2000), there are certain parapets or disadvantages of the Internet and the World Wide Web (WWW) for consumers.Amongst those factors, the lacks of a human interface and of confidence in the technology as well as security issues have a high relevance. There are a lot of situations, where a customer has built a strong blood to his travel agent. For some travellers, the actual booking process (whether via a travel agency or the Internet) is already part of the holiday itself. The booking process might even be some kind of ritual which is carried out in on the nose the same manner every time the customer goes on holiday. Those allegiance or relational factors are hard to be erased or replaced by the Internet which is in fact a major threat to electronic commerce in the tourism industry.A number of authors maintain that travel agent s provide better services, especially when more Byzantine products are to be purchased (Cheyne et al., 2006). Those conglomerate travel arrangements are more information intensive and thus needs consultation of travel agents compared to less complex holiday components such as flights or rail tickets. Other authors, including Inkpen, Lyle and Paulson (Cheyne et al., 2006) argue that travel agents can offer a more personalized service and provide neutral advices that add value for the customer. Concerning the latter assumption one can argue that this is true for inexperienced or first-time users.Customers, who are familiar with the Internet and know where to find the information they are looking for, will not need the advice of the travel agent no more. first gear of all, the travel agent might provide them with information they already know or find by themselves. Secondly, travel agents are biased too, regarding the amount of commissions they receive for the sale of products. An other case where customers do not need the advice of the travel agent are repeated holidays, meaning customers who always travel to the same hotel. Those customers will not benefit from a travel agents consultancy. Summarizing this, one can say that the service offered by travel agents is value adding for customers, who are inexperienced with the process of online booking and for customers who want to travel to a variety of different destinations (comparing Cheyne et al., 2006).The lack of confidence in the technology as well as the mistrust in security are the two other major disadvantages of the Internet that Tania Lang has determined. She points out that the main barrier stopping consumers from booking travel via the Internet is the perceived lack of a secure payment method (Lang, 2000). The main concern with electronic payment is the level of security in each step of the transaction, because money and merchandise are transferred while there is no direct contact between the two s ides involved in the transaction (Yu et al., 2002).If there is even the slightest possibility that the payment system may not be secure, trust and confidence in this system will begin to erode, destroying the infrastructure needed for electronic commerce (Yu et al., 2002). position this in other words, tourism companies may have the perfect product in terms of price quality ratio. However, the caller-up will not be able to sell its products to a greater mass if their payment system is lacking security. This will not only erode trust in the payment system itself, but may also affect the customers acceptance of the company, thus affecting the companys reputation, image and profits.In 1998, Haas surveyed that even though many Internet users go online to find product information, most users prefer to log off and buy their goods through traditionalistic sales channels. Of course, this trend has increasingly changed over the last historic period however, still today customers inform themselves over the Internet without performing tEcommerce in Tourism IndustryEcommerce in Tourism Industry2.1. Introduction to e-CommerceElectronic commerce (e-Commerce) is such a service offering people the opportunity to do their shopping via modern information and communication technologies at home (Schultz, 2007). It enables everyone to conduct business via the Internet. The only precondition is a computer and a connection to the Internet.The term e-Commerce is becoming increasingly important in the dictionary of todays tourism managers all around the world. This is reflected in the development of the overall online travel market turnover in Europe reaching a total of EUR 70 billion in the year 2008 (V-I-R, Verband Internet Reisevertrieb, 2009). The introduction of the internet represented both, major opportunities as well as threats, for the tourism industry.The internet erased physical borders and enables everyone to participate in a global marketplace. The only requisite is a computer and an internet access. This section explores the current dynamics within the broader area of e-Commerce and provides definitions for the incorporating aspects of business transactions via the Internet.The worldwide proliferation of the internet led to the birth of electronic transfer of transactional information. E-Commerce flourished because of the openness, speed, anonymity, digitization, and global accessibility characteristics of the internet, which facilitated real-time business (Yu et al., 2002).One can of course argue, whether the anonymity of the Internet is still valid today. Maya Gadzheva (2008) for example, suggests that the achievement of unobservability and anonymity in the Internet is going to be much more difficult in the future, due to the possibility of unlimited collection of data.Through the aide of the internet tourism companies are able to market and sell their products to a far greater mass which represents substantial growth opportunities for them. According to Porter (2001), the Internet technology provides better opportunities for companies to establish distinctive, strategic positioning than did previous generations of information technology. However, those opportunities can also represent burdens for companies participating in transactions via the Internet.Those companies are now more than ever forced to keep their web sites up-to-date and to provide reliable information. Since the Internet is a very fast changing medium, it requires their participants, in this case the e-merchants, to keep up with this pace. In case the companies cannot fulfil these requirements, they will probably face a shift of customers to the competition. Especially the area of tourism, being labelled as largely information driven (Morgan et al., 2001) requires constantly updated and reliable information. Customers need to find every information they require on the web. They need to know where to search and they need to be convinced of the trustwort hiness and reliability of this information.The ability to inform clients and to sell and market products in the virtual marketplace is a critical success factor for economic triumph of tourism companies nowadays and in the future. The website is thus a digital business card of tourism companies and one of their most effective sales persons at the same time.Internet technology provides buyers with easier access to information about products and suppliers, thus bolstering buyer bargaining power (Porter, 2001). This will also decrease the costs of switching suppliers (or tourism companies). That is the downturn of the Internet. Competitors are only a few mouse clicks away (Porter, 2001) and the whole industry becomes more transparent. Just about every company participating in e-Commerce is obviously forced to list prices of their holiday components. This facilitates the comparability of tourism services.Customers do now have access to all kinds of information that facilitate as well as influence their holiday choice. Since tourism companies can no longer differentiate themselves from the competition by pricing means, the corporate website, and the online booking process of a holiday becomes progressively more important. This involves the appearance of the website, including usability and content related features, but also everything concerning the actual booking process and transaction handling.The tourism company (the seller) and the customer (the buyer) conducting business over the internet have usually never seen each other face-to-face, nor do they exchange currency or hard copies of documents hand-to-hand. When payments are to be made over a telecommunications network such as the internet, accuracy and security become critical (Yu et al., 2002).In other words this would mean that customers need to transfer extremely private information like credit card details to a complete stranger.Summarizing this section it can be said that Internet and e-Commerce present various advantages for tourism customers, since companies and offers are more transparent and easier to compare. Furthermore, improvements in IT technology will enhance the search for relevant information and facilitate the navigation in the World Wide Web.However, there are also threatening factors for tourism companies. Competition will become stronger, since competitors are only a few mouse clicks away, switching costs for customers are much longer and due to their access to nearly unlimited information the customers bargaining power will increase. Nonetheless, tourism companies who can keep up with the fast pace of the Internet and who are able to convince customers of the reliability, trustworthiness and timeliness of their displayed offers and information will benefit from the Internet.2.2. Online Trust or eTrustWhat is (online) trust? A first step towards the answer of this question can be made by looking at various definitions of the term trust. Trust is defined as the trai t of believing in the honesty and reliability of others (Wordnet, Princeton University, 2006). According to this definition, buyers conducting transactions via the Internet will have to rely on a person or institution they may have never seen or even heard of.This would certainly be not sufficient as an assurance for most of us. Another definition defines trust as to hope or wish (Wordnet, Princeton University, 2006). Summarizing this would mean that we need to rely on the goodwill of the other party and hope or wish that it will act as it was promised. Those definitions might be a good starting point in explaining the meaning of trust, but they certainly do not seem to be convenient for most of us.Bhle et al. (2000) argue that trust is a precondition for flourishing e-Commerce. Shankar et al. (2002) advance a different view, although they classify (online) trust as being important in both business-to-business and business-to-consumer e-business. Koufaris and Hampton-Sosa (2004) pur sue a similar way of argumentation. They suggest that lack of trust in online companies is a primary reason why many users do not shop online. Another author, Peter Landrock (2002), founder and managing director of Cryptomathic UK Ltd., one of the worlds leading providers of security solutions to businesses, points out that without such trust, neither businesses nor consumers will conduct transactions or sensitive communications across this medium (the Internet).This argument is being supported by a recently conducted study by Ernst Young and the Information Technology Association of America who concluded that trust represents one of the most fundamental issues impacting the growth of e-Commerce (Talwatte, 2000). Strader and Shaw (Chadwick, 2001) point out that consumers are more likely to buy from an online company they trust, when price differences are small. Thos would in turn imply that whenever price differences are significant, customers are willing to accept a higher level o f uncertainty and perceived risk in transactions with companies they do not know or trust.According to those argumentations one can say that trust is the major precondition for both, businesses as well as consumers to conduct transactions via the Internet. Trust is a key challenge to the customer acceptance of e-Commerce the lack of trust is an important reason for the hesitant growth in e-Commerce and for the reluctance of consumers to engage in online buying transactions (Schultz, 2007).A Forrester Survey from 2000 stated that 51% of companies would not do business with parties they do not trust over the web (Shankar et al., 2002). However, this would also mean that 49% of companies would do business with companies they do not trust. Trust needs to be strongly combined with uncertainty and ambiguity. The more information a buyer has about the seller, the better can he or she estimates whether the seller will act as it was promised. Thus, the better the information about a seller t he better can he or she be trusted. Good examples for this assumption are online marketplaces like eBay or Amazon.Those two providers offer nearly everyone the possibility to participate in e-Business. Since they recognized the increased need from customers for information about sellers, they introduced up-to-date ratings. Every seller can be rated after transactions whether buyers have been satisfied with the transaction process or not. The higher and better the rating, the more trustworthy is the seller (in a simplified way).These ratings are good indications for (unexperienced) buyers, since they equip them with information about the sellers past performance in transactions. Other ways in creating trustworthiness are so-called trust seals. Those seals are issued by third parties to verify the commitment of an e-vendor (Cook and Luo, 2003 Hu et al., 2003 Kaplan and Nieschwitz, 2003 Koufaris and Hampton-Sosa, 2004 Loebbecke, 2003 Patton and Jsang, 2004 Urban et al., 2000 Yang et al ., 2006 in Schultz, 2007).Trust seals are generally indicated via symbols on the web site of the seller. Those seals are a sign that the seller conducts business according to the standards of the third party, the trust seal provider, and/or that the seller conducts business as promised by the statements and policies on the web site (Schultz, 2007).Further measures to increase trust are security features, the availability of alternative payment methods, privacy, security and return policies and feedback mechanisms and consumer communities (Schultz, 2007). Security is the main concern of consumers before engaging in e-business with a seller (Schultz, 2007 Hinde 1998). Sellers need to incorporate certain security features into the design of their web sites in order to ensure the safety of the whole transaction process (see Credit Card) (Schultz, 2007). Offering alternative methods of payment is another approach of the seller to signal the willingness to adapt to the customers needs. Be ing able to choose a method of payment equips the customer with the perceived power over a part of the transaction process.It is essential to display the rules of the game. Privacy, security and return policies need to present on every sellers web site in order to inform the customer properly. This will not only increase trust but will also facilitate processes in case of complaints or other problems. The provision of customer feedback mechanism (ratings, reply forms, forums, etc.) is another way for customers to increase knowledge and gather information about a seller.The advantage is that customers can exchange with previous customers of the seller. This way they can obtain an objective evaluation of the seller. However, sellers can also manipulate those forums by uploading faked ratings or deleting negative ratings or feedbacks. Again, the customer needs to develop trust in these kinds of information.Furthermore, customers do also need to develop trust in the IT infrastructure th ey are using, since this will be the mean of communicating the transactional data between the seller and the buyer. In other words, consumers not trusting the technology they are using for an intended transaction via the Internet will not participate in any e-Business transaction unless they feel confident with the security.When considering security issues, a public key infrastructure (PKI) that can provide secure authentication on the Internet is an important step towards secure Internet transactions. It can help to build trust, reduce the potential for fraud, ensure privacy and provide merchants with non-repudiation (Bhle et al., 2000).It is essential for the merchant that the customer can trust him, his connection and Website and the payment system used. Otherwise there will not be any transactions between the two parties.Summarizing this section it can be said that information is the key to (nearly) everything. A higher level of information about the other transactional party wi ll increase the level of trust, since uncertainty and ambiguity can be erased at least to a certain extent. Furthermore, it is essential to create awareness for technologies and tools needed for security improvements and the development of trust. These tools and technologies can involve soft components like trust seals and customer feedback forums. The harder components are embedded in the aspect of IT infrastructure. This includes improvements in the encryption and network and database security.2.3. Electronic Payment SystemsMonetary transactions via the Internet do always involve risks and uncertainty. In most of the cases, there is no personal interaction involved.That means that the customer has to put a considerable amount of trust in the sellers promise to fulfil everything that has been agreed upon during the confirmation of the purchase (e.g. the delivery of the ordered products or services on time, in the right quality and that the agreed amount of money is charged) (Schult z, 2007 Chadwick, 2001).According to Lammer (2006) Electronic Payment Systems or e-Payment Systems may be defined as all payments that are initiated, processed and received electronically.The main concern with electronic payment systems is the level of security in each step of the transaction, because money and merchandise are transferred while there is no direct contact between the two sides involved in the transaction. If there is even the slightest possibility that the payment system may not be secure, trust and confidence in this system will begin to erode, destroying the infrastructure needed for electronic commerce (Yu et al., 2002).The customer is concerned right from the point he is connected to the website of the seller. The risk of losing private information like contact details, credit card or bank account information is a primary concern of the customer. Therefore, it is necessary that both, the seller as well as the customer take care for the security of their own netwo rk as well as with the data exchanged during the transaction.In Germany, there are currently up to ten different electronic payment methods used with varying frequency and success. The author will only refer to those payment systems which are applicable for intangible goods, such as holidays.The definitions below are based on the work of Stroborn et al. (2004), who were arguing that one way to classify different payment instruments is by the point of time when the liquidity effect sets in from the payers point of view that means the exact point in time when the customers account is charged with the payment. Following this premise, one can distinguish between prepaid, pay-now and pay-later systems (Stroborn et.al, 2004).Other authors (Yu et al., 2002, Dannenberg Ulrich, 2004) categorized payment systems with regard to the following variables. The first variable is the size or the amount of the payment (e.g. micro-payments). The second variable depends on the type of transaction, e.g . credit card, paying via e-mail (PayPal), etc. It can be argued which of these two different approaches in classifying e-payment systems is the most appropriate. However, the author decides to use the classification of Stroborn et al. (2004) for the reason that this type of classification can be best applied to the underlying topic of this work, due to the following facts.The ability to differentiate e-Payment systems by the time, the liquidity effect sets in is important within the industry of tourism. Holiday components, especially cruises are oftentimes financed using prepayments of customers. Therefore, it is particularly important for cruise lines to know which of the offered payment systems allow them to use prepayments as financing means. On the other hand, customers do always want a certain level of security, especially when they purchase a holiday, which is certainly not an everyday expense with regard to the amount charged.Therefore, equipping customers with the perceived power of determining the point of time when the actual payment will be processed will result in a beneficial feeling on the side of the customer. This equipment of perceived power is another way of demonstrating willingness to adapt to customer needs. Customers seem to have all under control, since they receive the product before they have to pay for it. So the seller has already delivered the agreed upon product or service.2.3.1 Pre-Paid-payment systemsThe different Pre-Paid-payment systems currently in use in Germany will not be further explained. Systems like GeldKarte, MicroMoney or WEB.Cent are being used to settle small-or micro-payments up to usually 100. In this respect an application within the tourism industry is of no relevance. According to the DRV (Deutscher Reiseverband, 2008), the majority of holidays booked via the Internet was between 500 - 1.500 (55, 1% of all holidays).2.3.2 Pay-Now-payment systemsSo called pay-now systems debit the account of the customer at t he exact time the customer purchases something. Cash-on-Delivery (COD) and debit entry are well established examples today (Stroborn et al., 2004).Online TransferAccording to Monika E. Hartmann (Lammer, 2006) online transfer can be defined as followsThese services are embedded in the online shopping process, e.g. via an automatic popup window connecting to the service provider and already containing all necessary transaction details. The customer is invited to choose a payment option and provide his account details. The completed transaction data set will be routed to the relevant payment service provider for authorization. After successful payment authorization the bank (or the payment service provider) confirms the payment to the merchant so that the purchase transaction can be completed (Lammer, 2006).COD (Cash-on-Delivery)COD is usually used for the settlement of amounts for physical goods. Customers order their desired articles over the website of an online merchant. The goods are then delivered by a mail service. In addition to the price of the delivered goods, the customer pays also COD charges to the delivery service. The mail delivery service then mails a money order to the internet merchant.Due to the simultaneous exchange of physical goods and money, COD is said to protect consumer and merchant at the same time. Nevertheless, it is considered not to be cost-effective and awkward for the consumer, who needs to be present for the delivery. Additionally, this payment method cannot be used for goods delivered electronically (Stroborn et al., 2004).M-Payments (Mobile Payments)M-Payment is such a service, where the mobile phone of the customer in combination with a PIN number deals as authentication device. Whenever the customer wants to purchase goods or transfer money, he or she is called by a third party, e.g. Paybox (www.paybox.net), on his or her mobile phone. He needs to confirm the transaction with a PIN. The sum of the transaction is then debited from the customers bank account (Stroborn et al., 2004).According to a recent study conducted by the Verband Internet Reisevertrieb, v-i-r (2007), only two percent of all holiday purchases have been settled using mpayments. However, this payment method is expected to grow tremendously in the future. This is already indicated by the awareness level of m-payments. Although only two percent had used m-payments to settle their online purchases, more than 23% of all respondents are aware of the possibility of using mobile payments.Debit EntryThe process of a debit entry requires the receiver of the payment, the seller, to inform his banking institution to charge the account of the buyer with a certain amount. This amount is in turn booked on the account of the seller (www.wikipedia.org).PayPalWith over 150 million registered accounts worldwide (PayPal, 2009), PayPal is one of the most successful internet-based payment schemes.Authentication is done via the personal e-mail address of the customer in addition to the entry of a password. The amount is then debited from the customers PayPal account. Customers using PayPal will benefit since they will no longer have to reveal their debit or credit card number. Furthermore, the whole transaction process is speeded up due to the fact that customers no longer need to enter their address details. PayPal also promotes its product as being more secure in comparison with other e-payment schemes.2.3.3 Pay-Later-payment systemsIn terms of pay-later-systems (e.g. credit cards), the customer actually receives the goods before being debited (Stroborn et al., 2004). However, this depends upon the point in time when the customers bank account is being debited. It is also possible, particularly within the area of tourism that the bank account is debited before the holiday is consumed. Within the tourism industry it is a common practice to book and purchase holidays long time in advance.Especially in terms of family holidays, customers like to book in advance, since they do only have a small time frame (namely the school holidays) where they can go on holiday. So, holidays in these periods are strongly demanded. Thus there is an incentive for customers to book as early in advance as possible. In this case, the classification of Stroborn et al. (2004) is not valid anymore. The holiday is purchased long before it is consumed and thus the bank account will also be debited before the consumption.Credit CardSettling payments via the use of the credit card is the most commonly used payment method worldwide. Nearly 90 % of all items and goods purchased via the Internet are paid by credit card (Dannenberg Ulrich, 2004). Stroborn et al. differentiate between three basic ways of credit card payments via the InternetAn unsecured transactionA transaction via Secure Socket Layer (SSL), which is a sort of digital envelope. SSL is the de facto standard for secure online transactions, preventing eavesdroppers from learning cust omers account details (Ashrafi Ng, 2009). The SSL technology establishes a secure communication channel between the participants of an online transaction.a transaction employing Secure Electronic Transaction Protocol (SET), which is currently considered as the safest credit-card-based payment systems on the Internet (Stroborn et al., 2004).Recapitulating this section again highlights the importance of awareness. According to Monika Hartmann (Lammer, 2006) many payment solutions did not succeed in reaching a critical mass of users. This can be seen in within the example of Mpayments. Payment methods may be very useful, however if they do not manage to reach a critical mass of users, they will not succeed in the market. So customers need to be enlightened about the different payment methods available and the advantages and disadvantages involved. In addition the aspect of trust reappears in this section. Customers need to trust the security of their Internet connection in the first p lace before they are conducting any business transactions.3.1 Factors favouring the growth of e-Commerce in tourismThe introduction of the internet as well as the ability to pay for goods and services via electronic payment systems created potential advantages for customers as well as for tourism companies. The marketing of an intangible product such as tourism largely depends upon visual presentation (Morgan et al., 2001). With the Internet, marketers finally found the perfect tool. The capability of combining the presentation of facts and figures, emotional pictures and the whole booking process is a huge asset for tourism companies. Buhalis (Morgan et al., 2001) stated that organizations and destinations which need to compete will be forced to compute. Thereby, he assigns companies participating in e-Commerce a significant competitive advantage.According to a recent study of the VIR (Verband Internet Reisevertrieb, 2007) customers value the easy and fast way of booking trips via the internet. Furthermore, they appreciate the possibility to customize their trips, to see if their desired holiday is still available and the extensive range of offerings. The possibility to pay per credit card and the savings in terms of time they need to invest are also big advantages for German customers booking their trips and holidays via the Internet.Cheyne et al. (2006) suggested that the Internet is providing the means for suppliers and consumers to bypass the travel agent and interact directly. Furthermore, many writers propose that the Internet furnishes travel consumers with more information, quicker responses and often lower prices than they can achieve when making travel arrangements through a traditional travel agent (Cheyne et al., 2006).Tania Lang, a senior consultant at Cap Gemini Ernst Young, stated in her work in 2000 that there are a variety of factors providing advantages and benefits for the users of the Internet. Amongst those factors is the access for avai lability enquiries and bookings when consumers want to research and purchase travel. Customers are no longer restricted to the opening times of their local travel agency.According to Buhalis (Lang, 2000), the ability to access information which is detailed and up to date assists the travel consumer by making the product more tangible in their mind. Another important advantage of e-Commerce in tourism is the bypass of travel agent fees and the access to online discounts. Lang (2000) stated that there is a cost advantage in purchasing travel online as a result of the market becoming more competitive. These cost advantages can also be explained by decreasing distribution costs.Concluding this section it can be suggested that customers will benefit tremendously from e-Commerce in the tourism industry. They will be faced with lower prices, since no intermediaries are involved any more so that potential cost savings can be achieved. In addition to this, the authors cited above implied tha t the visual representation of holidays will improve due the recent and upcoming developments in technology. According to this, there should not be any disadvantages for customers and conducting bookings via the Internet are the best solution for the future.However customers will also have to sacrifice in certain aspects as well as they will have to experience that bookings holidays via the Internet might not be that advantageous as the following section will point out.3.2 Factors for the hesitant growth of e-Commerce in tourismIn 2009, Prashant Palvia argues that the Internet is far from achieving its potential due to the reluctance of consumers to engage in its use. Palvia (2009) stresses this assumption by a recent study, indicating that sales of online retailers were only 2, 2% of total goods sold in the U.S. in 2005. Moreover, analysts have predicted that even by 2011, e-Commerce sales would only account for only 7%. According to Tania Lang (2000), there are certain barriers or disadvantages of the Internet and the World Wide Web (WWW) for consumers.Amongst those factors, the lacks of a human interface and of confidence in the technology as well as security issues have a high relevance. There are a lot of situations, where a customer has built a strong relationship to his travel agent. For some travellers, the actual booking process (whether via a travel agency or the Internet) is already part of the holiday itself. The booking process might even be some kind of ritual which is carried out in exactly the same manner every time the customer goes on holiday. Those loyalty or relational factors are hard to be erased or replaced by the Internet which is in fact a major threat to electronic commerce in the tourism industry.A number of authors maintain that travel agents provide better services, especially when more complex products are to be purchased (Cheyne et al., 2006). Those complex travel arrangements are more information intensive and therefore needs co nsultation of travel agents compared to less complex holiday components such as flights or rail tickets. Other authors, including Inkpen, Lyle and Paulson (Cheyne et al., 2006) argue that travel agents can offer a more personalized service and provide unbiased advices that add value for the customer. Concerning the latter assumption one can argue that this is true for inexperienced or first-time users.Customers, who are familiar with the Internet and know where to find the information they are looking for, will not need the advice of the travel agent no more. First of all, the travel agent might provide them with information they already know or find by themselves. Secondly, travel agents are biased too, regarding the amount of commissions they receive for the sale of products. Another case where customers do not need the advice of the travel agent are repeated holidays, meaning customers who always travel to the same hotel. Those customers will not benefit from a travel agents cons ultancy. Summarizing this, one can say that the service offered by travel agents is value adding for customers, who are inexperienced with the process of online booking and for customers who want to travel to a variety of different destinations (comparing Cheyne et al., 2006).The lack of confidence in the technology as well as the mistrust in security are the two other major disadvantages of the Internet that Tania Lang has determined. She points out that the main barrier stopping consumers from booking travel via the Internet is the perceived lack of a secure payment method (Lang, 2000). The main concern with electronic payment is the level of security in each step of the transaction, because money and merchandise are transferred while there is no direct contact between the two sides involved in the transaction (Yu et al., 2002).If there is even the slightest possibility that the payment system may not be secure, trust and confidence in this system will begin to erode, destroying t he infrastructure needed for electronic commerce (Yu et al., 2002). Putting this in other words, tourism companies may have the perfect product in terms of price quality ratio. However, the company will not be able to sell its products to a greater mass if their payment system is lacking security. This will not only erode trust in the payment system itself, but may also affect the customers acceptance of the company, thus affecting the companys reputation, image and profits.In 1998, Haas surveyed that even though many Internet users go online to find product information, most users prefer to log off and buy their goods through traditional sales channels. Of course, this trend has increasingly changed over the last years however, still today customers inform themselves over the Internet without performing t