Customer Reviews

Delivering Security and Privacy for E-Business

5 star:		(2)
4 star:		(1)
3 star:		(0)
2 star:		(0)
1 star:		(1)

 

 

From the author of E-commerce Security: Weak Links, Best Defenses, the first book on the topic, and now a classic--a must-read for anyone involved in e-commerce. This book is a follow-on companion to that book, and worth the read for Mr. Ghosh's clear and engaging expertise on security issues.

In just a matter of hours, a company can literally transform itself from an Internet Luddite to a glitzy e-commerce site. But once a company moves their storefront from small-town Main Street to the often-dangerous alleyways of the Information superhighway, there is a plethora of security and privacy issues that arise. But for many companies, they will take action on those security and privacy issues only after a security breach has occurred.

Security and Privacy for E-Business provides readers with a to get the point look at the issues involved in protecting an e-business from security threats, while having to simultaneously deal with their customer's privacy issues.

As Security Management readers know, the Internet is no longer a toy for academia. Billion dollar money transfers, transmission of patient data and other critical actions take place on the Internet daily. Without an effective security infrastructure, companies will find themselves with huge liabilities.

Anup Ghosh does a good job of showing how to build security into e-commerce systems. His style is ideal for those that don't have a background in security. At a little over 200 pages, readers will find enough information to give them a good introduction without being overly technical and abstract.

One of the author's areas of expertise is with writing secure software, and this is discussed at length in Chapter 3, where the book really comes alive. Ghosh's mantra throughout the book is that when it comes to e-commerce security, it's all about the software. Ghosh speaks at length about the need for effective engineering in the software development process. He lists numerous areas in the development cycle where security can be easily compromised, and it is in those areas where companies must ensure is secure.

While the book has privacy it its title, its coverage of privacy, while not as deep as I would have liked is valuable nonetheless.

Those needing a way to defend their networks against internal and external threats will find the book to be quite beneficial.

This book did a great job of explaining a host of complex topics in a digestible format. I have engineering degrees from several years ago, but no practical experience related to e-business security or privacy before or since my transition to management. As someone who was interested in learning what I "need to know" about security and privacy for doing business online, I was pleasantly surprised to read well written and interesting explanations that did not require me to have a PhD in Computer Science to understand. I now can speak intelligently about data-driven vs code-driven attacks, DOS/dDOS, buffer overrun attacks, mobile code risks, and other topics of which I was previously only dimly, if at all, aware. The author does become repetitive at times, if only to insure that the reader is able to logically link related discussions. The tone of the book is very light and readable throughout, but it is pretty obvious that the author's true passion is in the Privacy arena. This is not to detract from the excellent coverage of security issues from someone with great knowledge and insight, but in the Privacy section, phrases like "A laudable privacy policy by a company that cannot protect its data is not worth the HTML in which it is written" and "...once the brouhaha simmers down to a dull roar, will DoubleClick merge the databases under the radar of the watchful public eye?" almost make me cackle. Colorful writing like this is sprinkled throughout the book, but is concentrated most heavily in the final chapter. In conclusion, I wholeheartedly recommend this book to any manager, director, or concerned citizen eager to familiarize him/herself with the relevant issues in an entirely painless way. Kudos and Kadayus.

Ghosh's lack of reality clearly shows that he's been in academia too long. A nice fancy, eye-catching book title to pull the reader in with little content. For practical guidance, I'd recommend one of Hanson's works on e-Commerce privacy.