The rapid evolution of computing and communication technologies and their standardizations have made the boom in e-commerce possible. Lowering of the cost of operation, increase in the speed of transactions, and easy global reach to customers and vendors have been the reasons for the overwhelming popularity of this new way of commerce. This article examines the issues related to the security of the assets and transactions in the e-commerce components and activities. Since large public money is involved in the transactions, the role of information security and privacy is not exaggerated in this kind of business. After examining the technologies used in e-commerce, the article goes on to identify the security requirement of e-commerce systems from perceived threats and vulnerabilities. Then e-commerce security is viewed as an engineering management problem and a life cycle approach is put forward. How the e-commerce systems can be made secure using the life cycle approach is outlined. The relevant standards and laws are also discussed in the perspective of e-commerce. The article closes with some future research directions and conclusions.
Keywordse-Commerce security threats and vulnerabilities security engineering life cycle security standards IT act
Unable to display preview. Download preview PDF.
- Bums S 2002 Unique characteristics of e-commerce technologies and their effects upon payment systems. GSEC (GIAC Security Essentials Certification) —Version 1.3Google Scholar
- COBIT 2000 Control objectives for information and related technology: COBIT, 3rd edn, July 2000, Released by the COBIT Steering Committee and the IT Governance InstituteGoogle Scholar
- Duggal P 2000Cyberlaw in India — An analysis (New Delhi: Saaksharth)Google Scholar
- ISO/TEC 2000 Information technology — Code of practice for information security management. ISO/IEC 17799: 2000(E)Google Scholar
- Kalakota R, Whinston A B 1999Frontiers of e-commerce (Reading, MA: Addison-Wesley/Longman)Google Scholar
- Mazumdar C, Barik M S, Das S, Roy J, Barkat M A 2003 Final technical report for project development of validated security processes and methodologies for webbased enterprisesGoogle Scholar
- Schneider G P, Perry J T 2001Electronic commerce. Course Technology, Cambridge, MAGoogle Scholar
- SSE-CMM 2003 Systems security engineering capability maturity model. SSE-CMM, Model Description Document Version 3.0, June 15, 2003Google Scholar
- Varshney U, Vetter R J, Kalakota R 2000 Mobile commerce: a new frontier.Computer Oct.: 32–38Google Scholar