An in-depth look at the pressing issues involved in protecting an e-business from external threats while safeguarding customer privacy. With billions of dollars at stake in e-commerce, companies are becoming much more concerned about security and privacy issues. Hackers have made headlines by breaking into Web sites that aggregate sensitive information about all of us, which has caused growing public concern about personal and financial privacy. Some online businesses are inadvertently "sharing" data with others when they inter operate systems.
This book examines the external threats to a company's system and explains how to react if your system and business goals diverge. It also presents a nuts-and-bolts guide to enhancing security and safeguarding gateways. Readers will find an extensive reference section for the many tools, standards, and watchdog agencies that aid in the security/privacy effort.
Review By: Derek Mahlitz 07/21/2003This is an in-depth look at the pressing issues involved in protecting an eBusiness from external threats while safeguarding customer privacy. Companies are becoming much more concerned about security and privacy issues in the Internet age. Hackers have made headlines by breaking into high-profile Web sites that aggregate sensitive information about all of us, and this has caused growing public concern about personal and financial privacy.
This book examines the external threats to a company's system and explains how to react if your system and business goals diverge. It also presents an easy-to-follow guide for enhancing security and safeguarding valuable online information.
The book comprises seven chapters, including a background of e-commerce, a lively discussion of software and the risks it poses, risk management strategies for eBusiness, step-by-step procedures for building a secure eBusiness, discussion of mobile code such as applets, ActiveX components, mobile devices such as PDA’s and cell phones, and it ends with a chapter on general privacy risks.
This book did a great job of explaining a host of complex topics in a digestible form. I have an engineering background, but no practical experience related to eBusiness security or privacy before or since my transition to management. I was pleasantly surprised to read well-written and interesting explanations that did not require me to have a PhD in computer science to understand. The book will empower you to speak intelligently about a number of topics: data-driven versus code-driven attacks, DOS/dDOS, buffer overrun attacks, mobile code risks, and others. The author does become repetitive at times, if only to ensure that the reader is able to logically link related discussions. The tone of the book is very light and readable throughout, but it is pretty obvious that the author's true passion is in the privacy arena.
I wholeheartedly recommend this book to anyone involved in Web security, from software managers to future computer science graduates, to become familiar with the relevant issues in a painless way. It makes a great companion piece to Ghosh’s first security book, E-Commerce Security: Weak Links, Best Defenses.