Books > Best Practices in  Internet Commerce  Security

Best Practices in  Internet Commerce  Security
by Charles Cresson Wood, CISA, CISSP

Price: $295.00

Read Review

As more and more firms set up shop on the Internet, the need for Internet commerce security is growing. However, because Internet commerce is relatively new, merchant’s have no place to turn for a definitive list of actions that should be taken to protect their online store and their customers. Best Practices in Internet Commerce Security provides online retailers with just this type of list and helps merchants understand what types of security controls that they must put in place.

Best Practices In Internet Commerce Security contains a description of 240 specific control measures. Areas covered include user and system authentication, fraud and embezzlement prevention and detection, user privilege restriction, intellectual property protection, privacy and confidentiality preservation, service continuation and restoration, data integrity preservation, and information security management.

Best Practices In Internet Commerce Security is written by independent information security consultant Charles Cresson Wood, CISA, CISSP who has over 20 years of experience in information security at hundreds of companies worldwide. The book offers a knowledge base on Internet commerce security along with a summary of information derived from a survey of Internet merchants, Internet Service Providers (ISPs), Internet Commerce Hosting Firms, Internet Trusted Third Parties (TTPs), and Internet Commerce Software Vendors.

{ top }

About the Author

Charles Cresson Wood is an author and independent information security consultant based in Sausalito, California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute) as well as lead network security consultant at the Bank of America. He has done information security work with over 120 organizations -- many of them Fortune 500 companies -- including a large number of financial institutions and high-tech companies. His consulting work has taken him to over twenty different countries around the world.

He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi- departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear and action-oriented documents.

He has published over 225 technical articles and five books in the information security field. In addition to TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented cutting-edge information security ideas at over 100 technical and professional conferences around the globe.

Mr. Wood is Senior North American Editor for the journals 'Computers & Security' and 'Computer Fraud & Security Bulletin,' as well as a monthly columnist for 'Computer Security Alert.' He holds an MBA in financial information systems, an MSE in computer science, and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania. He has passed the Certified Public Accountant (CPA) examination and is both a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP). In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for "sincere dedication to the computer security profession."

{ top }

Review

• How the Internet has changed both business and technical risks
• How to determine which Internet commerce controls are needed by merchants
• Highlights of over 200 specific control measures now used to protect Internet commerce systems

With this invaluable systems design and auditing guide, any online merchant can quickly identify the major security issues and proceed with confidence, knowing that they are establishing systems which are consistent with the standard of due care. In addition to a discussion about the risks that Internet commerce presents, the report includes a quick risk assessment process which allows merchants to focus their search for appropriate commercial products and services.

Third party reviews:

"This is a great comprehensive document."
-- Paul Finster, InterWorld

"The document is extremely well-written, and presents in a simple, readable and easy to understand fashion, crucial elements of an EC system that must be deployed."
-- Kumar V. Vemuri, Lucent Technologies

"Very comprehensive and informative; I liked it very much."
-- Dean Clothier, Edward Jones

Best Practices in Internet Commerce Security
Softcover, 84 pages
Written by Charles Cresson Wood, CISA, CISSP
Published by PentaSafe Security Technologies

{ top }