April 2011
Intermediate to advanced
504 pages
14h 51m
English
Content preview from Web Commerce Security Design and DevelopmentBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Information Security
The information and data associated with Web commerce transactions have to be secured to a have a viable Internet economy. Therefore, it is important to understand the difference between information and data and how to secure both entities. Data are raw facts that pertain to variables that, when processed and structured, yield meaningful results called information.
Information security involves a variety of concepts such as security management, policies, awareness, and risk management, which define a system's security posture.
Security Management Concepts
Information security management concepts comprise the following elements:
- The system security life cycle
- The three fundamental principles of security: confidentiality, integrity, and availability
- The implementing of security controls to reduce the impact of threats and the likelihood of their occurrence
System Security Life Cycle
Security, like other aspects of an IT system, is best managed if planned for throughout the IT system life cycle. There are many models for the IT system life cycle, but most contain the following five basic phases3:
- Initiation phase: The need for a system is expressed and the purpose of the system is documented.
- Development/acquisition phase: The system is designed, purchased, programmed, developed, or otherwise constructed.
- Implementation phase: The system is tested and installed or fielded.
- Operation/maintenance phase: The system performs its work. The system is almost always ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.