The author presents a broad view of security as it applies to e-commerce. To facilitate understanding and allow the reader to better organize the concepts and ideas, the book is organized in five parts. The first part provides the reader with fundamental knowledge on the concepts of information security. It starts with security threats and how these threats make it necessary to perform risk management. It then expands on how risk is reduced by the use of security services, which in turn are implemented using security mechanisms. The book provides an interesting classification of security mechanisms. It also describes the most widely used mechanisms. The remaining parts of the book focus on specific areas of e-commerce where security measures may be applied: electronic payment, communication, the Web, and mobile systems. Each part contains a description of the area as well as a risk assessment, and describes how security services and mechanisms are applied.
The book’s structured approach indicates that it is intended for students taking a course on computer security as applied to e-commerce. The author builds on previously covered topics, which makes the book easy to read and understand. The book is appropriate for senior-level students in an undergraduate college program. Clearly, the book can also be understood by and helpful to computer professionals working in (or wanting to learn more about) security issues in e-commerce. I would also recommend the book to any graduate student who wants to better understand information security in general and in the context of e-commerce. The structure of the book also allows a person familiar with security mechanisms to go directly to a specific area of interest. The reader can always go back to the section describing the mechanisms in more detail when required. In fact, the cross-references properly support that type of reader.
I liked the book’s style of presentation. The author goes directly to the point and does not linger on unnecessary details. When required, she does present sufficient mathematical details to properly understand the different cryptographic mechanisms used in information security. I also appreciated the structured approach. The concepts are clearly defined and organized. For each application area, a risk assessment gives the reader a clear understanding of the issues and challenges, which puts the use of security services and mechanisms in perspective.
The only major drawback of the book is the number of typographical errors. In fact, I even noted errors in some of the mathematical formulae, which made them harder to understand. Despite these problems, I would gladly recommend this book to anyone who wants to learn more about security as applied to e-commerce.