CHAPTER 9 Certification: Your Assurance

Two of the fundamental activities in securing Web commerce systems are the proper application of the determined security controls and the verification that these controls are, indeed, working as expected to protect the system. The latter endeavor is known as assurance.

More formally, assurance is defined as the measure of confidence that the security features and architecture of an information system accurately mediate and enforce an organization's information system security policy. A number of different approaches and methodologies have been developed to evaluate assurance. These techniques range from formal methods to probing and testing a network for vulnerabilities.

The primary assurance methodology is certification and accreditation (C&A).

Get Web Commerce Security Design and Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Web Commerce Security Design and Development by Hadi Nahari, Ronald L. Krutz

CHAPTER 9

Certification: Your Assurance

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly