Information Security
The information and data associated with Web commerce transactions have to be secured to a have a viable Internet economy. Therefore, it is important to understand the difference between information and data and how to secure both entities. Data are raw facts that pertain to variables that, when processed and structured, yield meaningful results called information.
Information security involves a variety of concepts such as security management, policies, awareness, and risk management, which define a system's security posture.
Security Management Concepts
Information security management concepts comprise the following elements:
- The system security life cycle
- The three fundamental principles of security: confidentiality, integrity, and availability
- The implementing of security controls to reduce the impact of threats and the likelihood of their occurrence
System Security Life Cycle
Security, like other aspects of an IT system, is best managed if planned for throughout the IT system life cycle. There are many models for the IT system life cycle, but most contain the following five basic phases3:
- Initiation phase: The need for a system is expressed and the purpose of the system is documented.
- Development/acquisition phase: The system is designed, purchased, programmed, developed, or otherwise constructed.
- Implementation phase: The system is tested and installed or fielded.
- Operation/maintenance phase: The system performs its work. The system is almost always ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.