.

Friday, March 29, 2019

Website For Malaysian Insurance Institute

Website For Malaysian amends buildINTRODUCTIONThe project aim is to frame-up a meshworksite for Malaysian redress to allow indemnity representation tingeer to enroll their stackdidates for the Pre-Contract mental test. In phase 1, the author result beam a few studies related to the electronic avocation to allow amends agency leader to compensate for the mental testing fees. Furthermore, additional protective covering features to protect the website and the drug single-valued functionr give in wish well up manner be study to enhance the tribute of the website.FINDINGS flat coat Study of Malaysian damages set upMalaysian indemnification appoint is a non-profit organization that founded in 1968. This organization is a leading policy institute that go away insurance noesis, gentility and offer all frames of qualifications that recognize by the international insurance connection much(prenominal) as insurance, monetary planning and risk management. MII is known as the primary insurance knowledge addr in Malaysia. It works unneurotic with some other insurance smart set in the manufacturing with supports and functions from the cashbox Negara Malaysia and Regulator to guarantee the provided education is up to date and ful stuff the changes in the insurance industry. encipher 1.1 Malaysian damages engraft Website1.1 MII AS EDUCATIONAL AND TRAINING BODYAn average of ccc training programs is organized by MII to educate the brokers, insurers, reinsurers, ad provideders and regulators. In each training program, in that location argon about 10,000 popicipants from all other countries including Malaysia. These slap-up records touch MII a place in the Education Board of the Federation of Afro Asiatic Insurers and Reinsurers (FAIR) that based in Egypt.Besides that, MII also help general and spirit insurance agents by providing training to them. These training will help them to provide a bump service to their nodes. For agency leaders, MII is ally with LIMRA (USA) to organize the chest of drawers Management Training lam (AMTC) to upgrade their leadership and professionalism.There argon twain primary professional programs provide by MII. They are the sheepskin of The Malaysian Insurance name (DMII) and the Associateship of The Malaysian Insurance set up (AMII). These two programs are the basic requirement for the insurance industry and also for the rising markets.1.2 MII AS EXAMINATION CENTREMII act as a withstander to reminder the education standards of insurance exam. Besides that, it is also the authorized exam c record to cover insurance trial run. MII offers 32 major examinations that clear everywhere 60 thousand candidates for the insurance industry in a year. Beca drop of the outstanding management and good reputation as an education and exam centre, MII is consigned to be the primary place to conduct some others examinations that organize by others examination bodies such as The Ins titute of Risk Management (UK), Chartered Institute of vent Adjusters ( UK), The Insurance Institute of America ( USA), The Society of Actuaries (USA) and others.1.3 MII AS restitution INFORMATION CENTREMII is proud to have their own library that specialize in the insurance industry and others related industry. Besides that, all kind of collection of books, magazines or journals that related to insurance is also collect by the library for public use. Moreover, MII also has an electronic library portal that unloosen in takeation to the public such as online newspapers, electronic journals, colligate to others insurance companies, associations, regulators, university and other related sectors.1.4 MII AS CONFERENCE ORGANIZERThere are around eight collections that conducted by MII in a year which was p helpingted to fulfill the necessarily of the emergent insurance industry. virtually of the conference receives ample response from all kinds of championship industry from local and international. These conferences not simply provide experience and knowledge to the public but also provide a chance to each other to build up their webing with other industry.1.5 AFFILIATION WITH transnational BODIESMII has a firm belief in collaborating its efforts and resources together with other reputable insurance education bodies through with(predicate)out the world so as to maximize and leverage on each others strengths. MIIs commitment to throw overboard the best spirit standards in education is reflected in its international links with major insurance institutions, universities and relevant organisations. Among the collaborations that MII has established are with The Chartered Insurance Institute (UK), Australasian Institute of Chartered Loss adjusters (AICLA), Chartered Institute of Loss Adjusters (CILA), Australian New Zealand Institute of Insurance and Finance (ANZIIF), LOMA (USA), Institute of Risk Management (UK), LIMRA (USA) and others1.6 INTERNATIONAL PRE SENCEWhile addressing the domestic inescapably will always remain as a main steering and priority, MII has also spread its wings into the international scene, particularly in fulfilling the needs of the emerging markets. This is in line with its vision to be the preferred Institute for training solutions, education and learning in insurance in Malaysia and the emerging markets. The increasing leans and wide range of international training participants and conference delegates is a testimony of the recognition and regard for the relevant and lofty quality programmes beingness offered by MII.MIIs presence in the emerging market, particularly at heart the ASEAN region is quite significant. When the 10 ASEAN insurance regulatory authorities form the ASEAN Insurance Training Rehunt Institute (AITRI), MII was given the honour to lead as the secretariat for AITRI. AITRI is a non-profit organization to provide regional research, insurance education and training support for the regul ators as well as the industry of the ASEAN member countries. Its activities are featured in international publications and have gained considerable recognition and international support such as the World Bank (USA), International Association for Insurance Supervisors ( Switzerland), Office of the Superintendent of Financial Institutions ( Canada) and others.1.7 INTERNATIONAL AWARDMII won a title named as Professional run Provider of the Year 2007 Award at year 2007 from The Review oecumenic Reinsurance Association in London, U.K. MII show up as the first achiever that come from Asia after 14 years when the award is started. MIIs effort and their configuration for the training and the education was the reasons for them to receive the award.1.8 List of Certification and Professional ProgramsThe be given below is the certification or professional programs that offer by Malaysian Insurance Institute. These certification or professional programs are recognized by all the insurance company in Malaysia. The agent of an insurance company must possess the related certification or professional programs to throw out or sell the insurance to the nodes.Diploma of Financial ServicesAssociateship of the Malaysia Insurance Institute (AMII)Associateship of the Malaysia Insurance Institute (AMII) InternationalDiploma of the Malaysia Insurance Institute (DMII)Diploma of the Malaysia Insurance Institute (DMII) Life credentials of MII Insurance (CMII Insurance)Pre-Contract Examination for Insurance Agent (PCEIA)Certificate Examination in Investment-Linked Life Insurance (CEILLI)International Certificate in Risk Management (CIRM)Basic role Management Course (BAMC)Registered Financial Planner (RFP)Basic Certificate Course in Loss Adjusting (BCCILA)Intermediate Certificate Course in Loss Adjusting (ICCILA)Basic Certificate Course in Insurance Broking (BCCIB)Intermediate Certificate Course in Insurance Broking (ICCIB)Certificate in General Insurance Actuarial Practice (CGIAP) 1.9 ConclusionMII is a powerful organization that provides high quality education to the insurance industry and others related field. Besides that, MII is also recognized by international organization for their quality function and handsome programs.Literature ReviewThis chapter discusses about the online electronic profession organization and the security features that plan to weapon on the registration website such as on binding aboriginalboard, multi step authentication and secure socket layer.2.1 electronic affairelectronic work is known as any transaction or salary that occurs through the mesh. It includes a wide range of area such as auction website, retail website, registration website, banking website, and etc. The content of electronic transaction can be goods or services. It has become authoritative with the emerging of the internet and World Wide Web.Since electronic medico is conduct on the internet, so the customer can ignore the barrier of distance and time . The electronic avocation is maturement frequently since five years ago and it is expected to growing in faster rate.When electronic trading is conducted, it means online payment will be conduct during the transaction. There are several of payment rule are available online such as character reference control panel, PayPal, and Google checkout.(Networksolution, 2010)Credit card is the just about popular payment manner utilize by most of the electronic craft website. A marketing research shows that an electronic commercial enterprise will lost 60 to 80 percent of potential customers if credit card payment is not implemented in their electronic commerce system.With credit cards payment enabled, it proposes the customer has the impulse to purchase an hapsake at anytime and also ensure the legitimacy of the electronic business to the customers.(EasyStoreCreator, 2010) some other popular online payment method is PayPal. The benefit of PayPal is it allows the merchant or cus tomer to make online and offline transaction at anytime. Furthermore, PayPal is well known for its ease of use and no verification bounding of credit rating. The exploiters of PayPal only need to verify their electronic mail address and their accounts own(prenominal) information. fee can be intimately directed to the PayPal account with the tied electronic mail address uniform emailprotectedAdditionally, Google checkout is also a preference of some electronic business merchant. Google checkout fast enough to become popular is because the provided service of this system is drug user friendly, very stable and reliable. Another benefits of Google checkout is it charge lesser merchant fees compare to PayPal and this makes it grow at a rapid rate.(Arora.n, 2010)2.2 Types of electronic CommerceThere are duplex types of electronic commerce that are available on the internet. Among all kinds of electronic commerce, there are 4 popular types that occupy most of the electronic commerc e website. They are business-to-business (B2B), business-to-consumer (B2C), consumer-to-business (C2B), consumer-to-consumer (C2C). come forth of these popular types, there are also some others electronic commerce are used by those electronic business merchant such as business-to-employee (B2E), government-to-government (G2G), government-to-employee (G2E), government-to-business (G2B), business-to-government (B2G), government-to-citizen (G2C), citizen-to-government (C2G) and etc.(DigitSmith Embroidery and Screen Printing, 2006)2.3 On Screen KeyboardOn screen door keyboard is a software or application that shows on the monitor of the computer. It allow user to input any kind of schoolbook by mouse or the monitors touch screen. On screen keyboard can help those mobility im couple onment people or those people that cannot type. Besides that, on screen keyboard also can help users to bypass those virus, Trojan or key logger to slide data (Microsoft Corporation, 2010).Figure 2.1 shows an example of on screen keyboard. It is a default application that comes with the operating system provide by Microsoft.msosk.jpgFigure 2.1 Microsoft on screen keyboard2.4 Multi Step AuthenticationThe single means authentication such as the username and password edge is widely used by a lot of website in the World Wide Web. collectible to the demand for more security during login, an ideology named multi step authentication has been compose to fulfill the public demand.Multi step authentication is a process of login and authenticates users in multiple webpage. The first step of the authentication is verify the username entered by the user. If it is parallel with any name inside the database, then the user will be airt to the second step. Second step required the user to enter their password and if it is correct, then the system will redirect the user to the services they login to.(Agilewebsolutions, 2010)Besides that, this feature also block any malware that apply form robot to capture password entered by the user because there is two various login processes is performing.2.5 Secure Socket Layer Protocol(SSL)Secure Socket Layer is a well known protocol that uses to provide a secure connection amidst the server and the thickening. The purpose to secure a connection is to protect the rightfulness of data, privacy and authentication.SSL protect data by encrypting a plaintext message to ciphertext. Ciphertext is meaningless to everyone if someone captured the data packet try to crack it. A pair of key is used to encrypt the data. They are named public key and surreptitious key. Public key is used to encrypt data that enthral from the client and the private key is used to decrypt the data that received by the server.To ensure the server side is the real owner of the service provider, a digital certificate will be issue by a third party certificate authority such as GeoTrust and VeriSign. This process is to identify the domain is maintain by the recogn ized owner and it is legal. Figure 2.2 shows an example of digital certificate. (GeoCerts, 2010)cert.gifFigure 2.2 Digital CertificateNetscape introduced the SSL Protocol in 1994 due to the concern for the security over the internet was rising. At first, SSL is beat to secure the connection between the server and the client but qualifying was make to fit it in to other services such as TELNET, FTP, Email and etc. (Martz. C, 2010)2.6 ConclusionSecurity feature is an important posing to keep a website safe from any threats. All the features discussed is planned to implement into the website to work with the electronic commerce system and the website security.Electronic Commerce outline SecurityIt is a big challenge to maintain and securing an electronic commerce system as the internet world is emerging every day. It is important for electronic merchant to implement security for their electronic commerce website.3.1 Components of Electronic Commerce SecurityThere are 5 components o f electronic commerce security that is important to electronic commerce website. The first component is forbearment that uses to interdict all kinds of brush ups. The second component is compartmentalization that uses to avoid unauthorized coming to the website system. Besides that, it pr even upts collateral damage deal to the website during attacks. The third component is perseverance that guarantees website system to keep running even during DOS attacks or even during the equipment failure. The fourth component is recovery that frequently starts the recovery operation during international attacks or malicious internal activity. The fifth component is performance that ensures the network performance is not reducing due to the others security operation.3.2 Electronic Commerce VulnerabilitiesThe fearful of online transaction threats has been increase with all types of attacks. Multiple vulnerabilities will be discussed to understand their characteristic.3.2.1 SQL InjectionSQL injection is a technique that inserts the SQL meta character into the user input. This technique allows the attacker to force the back-end database to execute the command entered into the system. To check whether the website is under fire(predicate) to this attack, a single quote () character will be send into the database. An invulnerable website will return an demerit message which exposes the technology being used at the host machine. These information is enough for the attackers to perform get on attacks to the restricted area or the operation system.SQL injection attack can be different depends on the types of database. If the attack is conduct on the visionary database, it needs the UNION keyword to execute and it is harder to capture compare to Microsoft SQL server.(Mookhey. K. K, 2004)3.2.2 Price enjoymentThis is a new threat that threatens the payment gateway and the shopping cart. In the common case, the total price that needs to pay by the customer is saved in a hidd en HTML field. A web application deputy such as Achilles can modify these figures when the information is send from the users browser to the website.The figure 3.1 is taken from one of the Symantec article wake that the price can be modify by the attackers to any value. Then, this information will be send to the merchants payment gateway.(Mookhey. K. K, 2004)achilles.jpgFigure 3.1 Achilles web proxy3.2.3 Buffer OverflowsBad consequences will be happen when massive number of bytes is sent to an application that is not set up properly to breed these bytes. According to K. K. Mookhey, the path of the PHP functions is exposed when he sent in a very large value in the input field.Figure 3.2 shows that when a large value is sent in and the PHP script cannot process the value, the returned error message expose the location of the PHP functions. This error message reveals the admin folder that allows attackers to conduct further attacks.(Mookhey. K. K, 2004)phptimeout.jpgFigure 3.2 PHP t imeout error3.2.4 Cross-site ScriptingCross-site scripting is primary concentrated to the end user and also leverages two factors, the weakly input output validation of the web application and the trust gain from the user to the well known website name.This attack required the website to take in user input, process it and shows the result together with the original user input. This sequence is commonly found in the search system. The attacker conducts the attack by embedding the JavaScript into the user input as part of the input. Then, a link will be created which contain this JavaScript and the victim will be persuaded to click on it. For example, the URL will looks similar like this http//www.vulnerablesite.com/cgibin/search.php?keywords=alert(OK).This example will pop up an alert box that shows the text OK. The attacker can place the script they want into this link to conduct the attack.Usually, the attacker will use this method to capture the victims cookies that whitethorn co ntain victims sensitive information. Besides that, the JavaScript can be also use to redirect the victim to the website that contain malicious code and conduct the attack at there.3.2.5 Weak AuthenticationAuthentication system that does not block multiple fail login can lead to unlooked-for consequences. An attacker may use some brute force software to guess an accounts password by sending all kinds of combination to the server to validate the password. Another weak authentication is when the website uses basic authentication but does not transfer it through SSL. Attacker can sniff the traffic packet and discover the user information inside the packets.3.3 Pros and Cons of Electronic Commerce SystemAlthough electronic commerce provide a lot of benefits to electronic business and the consumer, but there are also some consequences that affect both merchant and the consumer.The benefits of electronic commerce are it save the users time compare to shopping at any shops or markets. Ever ything transaction is conduct on the internet and just a few clicks, consumer can buy everything they want and pay it. examine to shopping at regular shop, consumer have to travel to the shop, park the car, head to the shop, browse the shop for the item, then pay it and that is wasting a lot of time.Electronic commerce is cheap compare to the point of intersection selling at regular shops and markets. This is because every electronic merchant does not need to pay for the rental and utilities expenses like the physical shop. That is why they can sell cheaper result when they do not need to cover these expenses. Besides that, lowering the product price is one of the marketing skills to attract customers to buy from their electronic shop.(Finnila. J, 2008)Most of the electronic commerce is supported with credit cards paying method. With this method enable, consumer does not need to download or install special plugin to make a transaction. Besides that, consumers with credit cards a re always fill with impulse to buy something during every visit. Furthermore, the electronic merchant can keep the customer transaction information for future use such as follow up sales or advertise product.(Nightcats Multimedia Productions, 2010)The prejudices of electronic commerce are the competitor is all around the world. Electronic merchant have to keep generate new marketing strategy to attract customers or keep the customers to visit them again.As the internet world is changing rapidly, there are a lot of new traps appear to steal information from the consumer such as phishing website and malicious scripts. For any electronic commerce user that unaware to these internet threats will expose their personal mystic information to those scam owners.(Finnila. J, 2008)From the point of view of most of the customers, it is an abuse to the customers personal information when the electronic merchant keeps the information for future use. The customer may want to keep their personal information in private and it is better to request for their permission before their information is used. Besides that, the customers also interest that their personal information may leak out to the public in any accident. It is a benefit for the merchant but a disadvantage to the customers.(Nightcats Multimedia Productions, 2010)3.4 ConclusionIt is important to electronic merchant to secure their electronic commerce system to prevent all kinds of incident that cause unexpected losses to the business.CONCLUSIONSThe author successfully completed neutral one to cardinal in the phase 1 of the project. The author learns how MII works in chance(a) operation and their roles and responsibilities. Besides that, the author also learn how those additional security features works to protect the website and the users. As a proof of meeting objective one to three, the reference list below shows various information from different sites.REFERENCES (BACKGROUND READING MATERIALS)About MII (Onl ine) (Cited 20 may 2010) usable fromhttp//www.insurance.com.my/mii2010/about.htmlMII Vision and accusation (Online) (Cited 21 may 2010) acquirable fromhttp//www.insurance.com.my/mii2010/about_vision.htmlCertification and Professional Programmes (Online) (Cited 22 may 2010) Available fromhttp//www.insurance.com.my/mii2010/certification.htmlWhat is Ecommerce? (Online) (Cited 23 MAY 2010) Available fromhttp//www.networksolutions.com/education/what-is-ecommerce/Choosing a merchant Credit table Processing Vendor To Meet Your ecommerce Credit Card Processing Needs (Online) (Cited 25 MAY 2010) Available fromhttp//www.easystorecreator.com/choosing-vendor.aspDifferent Payment Methods in E-Commerce Website (Online) (Cited 26 MAY 2010) Available fromhttp//ezinearticles.com/?Different-Payment-Methods-in-E-Commerce-Websiteid=2073803Ecommerce definition and types of ecommerce (Online) (Cited 26 MAY 2010) Available fromhttp//www.digitsmith.com/ecommerce-definition.htmlHandling Financial Web Site Tricks (Online) (Cited 28 MAY 2010) Available fromhttp//help.agile.ws/1Password3/multi_step_logins.htmlTwo-Step Authentication Method For Online Banking (Online) (Cited 30 MAY 2010) Available fromhttp//priorartdatabase.com/IPCOM/000126859Handling Financial Web Site Tricks (Online) (Cited 30 MAY 2010) Available fromhttp//help.agile.ws/1Password3/multi_step_logins.htmlTurn On and Use On-Screen Keyboard (Online) (cited 31 MAY 2010) Available from http//www.microsoft.com/windowsxp/using/accessibility/oskturnonuse.mspxSSL Secure Sockets Layer (Online) (Cited 1 JUNE 2010) Available fromhttp//www.birds-eye.net/definition/s/ssl-secure_sockets_layer.shtmlHow SSL Works (Online) (Cited 1 JUNE 2010) Available fromhttp//www.geocerts.com/ssl/how_ssl_worksPros Cons of E-Commerce (Online) (Cited 2 JUNE 2010) Available fromhttp//ezinearticles.com/?Pros-and-Cons-of-E-Commerceid=1481356Pros and Cons for consumers when shopping online (Online) (Cited 2 JUNE 2010) Available fromhttp//www.nirelan d.com/e.commerce/Pros%20and%20Cons.htmBeginners Guide to Ecommerce (Online) (Cited 2 JUNE 2010) Available fromhttp//www.nightcats.com/sales/free.html5 immanent Components of E-Commerce Security (Online) (Cited 3 JUNE 2010) Available fromhttp//www.intruguard.com/E-commerceSecurity.htmlCommon Security Vulnerabilities in e-commerce Systems (Online) (Cited 4 JUNE 2010) Available fromhttp//www.symantec.com/connect/articles/common-security-vulnerabilities-e-commerce-systems***END OF REPORT***

No comments:

Post a Comment