Why E-Commerce Security Matters
We all agree that security is important; but why? What is security anyway? Let's define some terms so that we are all on the same page. It is commonly said that security means different things to different people. This is not exactly true. Logicians might call this “assertion made without supporting facts.” Here is why. Where there is something of value, then by definition it requires protection if someone is interested in it: The protection mechanisms that exist (or should exist) for the valuable thing and the efficacy of those mechanisms are collectively called security. With this definition of security, it's not a different thing for different people. However, what that valuable thing is, what mechanisms exist to protect it, and how effective those mechanisms are, could be different from one system to another: The definition of security itself is not.
There is an important point in the definition of security that deserves special attention from a practical perspective: The protection mechanisms and the extent to which they should be implemented are a function of threats against the valuable item. In other words, if the item that you try to protect is not of interest to anybody, then from a security perspective it is not of value and therefore doesn't need security. This might sound obvious, but the authors have evaluated many systems with prohibitive, expensive, and performance-impacting security mechanisms in place, where none is needed. For ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
