With the explosive growth of the Internet and its continued potential, e-commerce security has evolved from an information technology infrastructure concern to a business concern. e-Commerce Security is a technical reference guide that lives up to its intended use, which is to provide "information system security, control and audit practitioners with a concise guidebook of specific technologies, procedures, protocols and best practices relating to secure Internet-enabled e-commerce." By having these technologies, procedures and protocols in place, e-business continuity can be maintained.
Lack of privacy, integrity and confidentiality can cause tremendous damage to an organization and its business, along with system slowdowns and downtime. It is imperative that e-business or e-commerce has the organizational, architectural and procedural approaches in place so security, reliability and availability of e-business transactions are consistently in working order.
e-Commerce Security embraces the complete business transaction not only from the IT infrastructure inside an organization's network, but also from the view of the consumers and suppliers on the outside who link to an enterprise and execute e-business transactions. With this approach, security levels can be blended with e-transactions. Some of the areas on which it focuses include knowing the customer, establishing secure relationships, the role of trusted third parties, carrying identification forward utilizing PKI, and the use of digital signatures. The book also contains a plethora of vital information.
The frequently asked questions at the end of the text, along with the self-assessment questionnaire and recommendations for the audit professional, provide an extremely helpful wrap-up of this reference book. The final appendices also are concise, practical and useful.
The target audience of this educational reference, as mentioned above, includes IS security professionals, control and audit practitioners, as well as anyone with an interest in e-commerce security, including faculty members who teach information security courses.
This is an excellent resource that can be used not only in business and industry, but also by law enforcement and public safety organizations, as well as training and educational programs focusing on information technology and security. This reference source would prove to be valuable to all readers and is a definite must to add to one's library.
Linda M. Kinczkowski, Ph.D.
is the graduate program coordinator for the information security program at Eastern Michigan University (USA). Prior to coming to EMU, she spent approximately 20 years in public safety and three years in business and industry. She also served as a member of the International Olympic Security Team in Atlanta, Georgia, USA, in 1996.
e-Commerce Security: Trading Partner Identification, Registration and Enrollment is available now from the ISACA Bookstore. For information see the ISACA Bookstore Supplement in this Journal, visit www.isaca.org/bookstore, e-mail firstname.lastname@example.org or telephone +1.847.253.1545, ext. 401.