BKBPIICS.RVW   20031205

"Best Practices in Internet Commerce Security", Charles Cresson Wood,
2001, 1881585050, U$295.00
%A   Charles Cresson Wood
%C   1800-1233 West Loop South, Houston Texas   77027
%D   2001
%G   1881585050
%I   PentaSafe
%O   U$295.00 800-829-9955 infopolicy@pentasafe.com www.pentasafe.com
%O  http://www.amazon.com/exec/obidos/ASIN/1881585050/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1881585050/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1881585050/robsladesin03-20
%P   92 p.
%T   "Best Practices in Internet Commerce Security"

The management summary (also known as chapter one) states that this
book outlines the major controls necessary to perform business
functions over the Internet.  Chapter two, titularly asking "what's
new about Internet commerce," simply lists potential problems.  The
heart of the book is chapter three, a listing of 240 suggestions most
of which are in the form of "this practice prevents that risk."  Not
all are either terribly clear or useful, such as the statement that
"payment protocol with integrated digital certificates prevents
fraud," which adequately describes making a purchase using a credit
card over an SSL (Secure Sockets Layer) link to a Website, a practice
that would prevent neither merchant fraud, nor fraud involving stolen
credit cards.  (I assume that the author was thinking of the SET
[Secure Electronic Transactions] protocol, but the wording is not
specific.)  The bulk of the recommendations are reasonable in terms of
improving security, but the explanations are extremely limited.

As a quick once over lightly introduction to the requirements for
online commerce the book may have its uses, albeit in a very
restricted compass.

copyright Robert M. Slade, 2003   BKBPIICS.RVW   20031205