Assessing and Managing Risks in Virtual Environments

The increase in popularity of electronic transactions has created a necessity to develop and adopt information security systems. As the popularity of e-services has grown, so has the need for effective information security. As such, information needs to be well defined, stored, integrated, transmitted and made available whenever needed in a safe and secure manner. The main goal of the information security process is to protect information confidentiality, integrity and availability. This paper highlights essential and common e-service architectures, who and what is involved in an online transaction, challenges related to online transactions and the role of both individuals and organizations towards successful and secure transactions. A general framework for establishing, assessing, and maintaining a reliable security management system for e-services is suggested. The proposed multilayer framework helps to determine how useful, comprehensive, and adaptive an information security management system actually is. It focuses on determining the critical processes of an information security system and how they can be identified and implemented in real-world situations in order to provide better and more secure protection.