The information and data associated with Web commerce transactions have to be secured to a have a viable Internet economy. Therefore, it is important to understand the difference between information and data and how to secure both entities. Data are raw facts that pertain to variables that, when processed and structured, yield meaningful results called information.
Information security involves a variety of concepts such as security management, policies, awareness, and risk management, which define a system's security posture.
Information security management concepts comprise the following elements:
Security, like other aspects of an IT system, is best managed if planned for throughout the IT system life cycle. There are many models for the IT system life cycle, but most contain the following five basic phases3: