Table of Contents

Cover

Part I: Overview of Commerce

Chapter 1: Internet Era: E-Commerce

Evolution of Commerce

Payment

Distributed Computing: Adding E to Commerce

Summary

Notes

Chapter 2: Mobile Commerce

Consumer Electronics Devices

Mobile Phone and M-Commerce

Mobile Technologies: Mosquito on Steroids

Summary

Chapter 3: Important “Ilities” in Web Commerce Security

Confidentiality, Integrity, and Availability

Extensibility

Fault Tolerability

Interoperability

Maintainability

Manageability

Modularity

Monitorability

Operability

Portability

Predictability

Reliability

Ubiquity

Usability

Scalability

Accountability

Audit Ability

Traceability

Summary

Notes

Part II: E-Commerce Security

Chapter 4: E-Commerce Basics

Why E-Commerce Security Matters

What Makes a System Secure

Risk-Driven Security

Security and Usability

Scalable Security

Securing Your Transactions

Summary

Notes

Chapter 5: Building Blocks: Your Tools

Cryptography

Access Control

System Hardening

Summary

Notes

Chapter 6: System Components: What You Should Implement

Authentication

Authorization

Non-Repudiation

Privacy

Information Security

Data and Information Classification

System and Data Audit

Defense in Depth

Principle of Least Privilege

Trust

Isolation

Security Policy

Communications Security

Summary

Notes

Chapter 7: Trust but Verify: Checking Security

Tools to Verify Security

Summary

Notes

Chapter 8: Threats and Attacks: What Your Adversaries Do

Basic Definitions

Common Web Commerce Attacks

Summary

Chapter 9: Certification: Your Assurance

Certification and Accreditation

Standards and Related Guidance

Related Standards Bodies and Organizations

Certification Laboratories

The Systems Security Engineering Capability Maturity Model

Value of Certification

Certification Types

Summary

Appendix A: Computing Fundamentals

Introduction

Hardware

Software

Summary

Appendix B: Standardization and Regulatory Bodies

ANSI

COBIT

COSO

CSA

Ecma

ETSI

FIPS

GlobalPlatform

IANA

IEC

IETF

ISO

Kantara

NIST

OASIS

OAuth

OpenID

OpenSAF

PCI

SAF

SOX

The Open Group

W3C

WASC

Appendix C: Glossary of Terms

Appendix D: Bibliography

Foreword

Foreword

Introduction

How This Book Is Organized

Who Should Read This Book

Summary