According to the Four-Factor Model of Information Security, all threats to information security and all information security solutions involve four valuable business assets: (1) people, (2) processes, (3) proprietary information, and (4) property (both virtual and actual). Proprietary information is any information a business holds in confidence, including marketing strategies, development plans, competitive business techniques, and the personal identifying information of its own employees and of customers. Financial and all other institutions can secure these forms of proprietary business information by securing their people, processes, and property.

In the preceding chapters, the first project team developed Security Standards that, when implemented and maintained, are guaranteed to secure the people front from thefts of proprietary information, including the personal identities of customers and employees.

The goals for the second project team (composed of employees from the same department), described here through Chapter 22, are to:

1. Secure the process front.
2. Secure the property front—the virtual Web site.
3. Create a customer assistance program for victims of identity theft.
4. Develop an extensive list of e-commerce “best practices” for customers.
5. Design identity theft legislation that promotes a competitive advantage and does not impact a company’s budget or business operations.

Additionally, Chapter 23, dedicated ...