The information and data associated with Web commerce transactions have to be secured to a have a viable Internet economy. Therefore, it is important to understand the difference between information and data and how to secure both entities. Data are raw facts that pertain to variables that, when processed and structured, yield meaningful results called information.
Information security involves a variety of concepts such as security management, policies, awareness, and risk management, which define a system's security posture.
Security Management Concepts
Information security management concepts comprise the following elements:
- The system security life cycle
- The three fundamental principles of security: confidentiality, integrity, and availability
- The implementing of security controls to reduce the impact of threats and the likelihood of their occurrence
System Security Life Cycle
Security, like other aspects of an IT system, is best managed if planned for throughout the IT system life cycle. There are many models for the IT system life cycle, but most contain the following five basic phases3:
- Initiation phase: The need for a system is expressed and the purpose of the system is documented.
- Development/acquisition phase: The system is designed, purchased, programmed, developed, or otherwise constructed.
- Implementation phase: The system is tested and installed or fielded.
- Operation/maintenance phase: The system performs its work. The system is almost always ...