Risk Assessment for the Typical E-Commerce Web Application

This chapter is aimed at providing an insight into the risk assessment process for a typical Webbased e-commerce application. The chapter will delve into the processes of risk assessment, such as identification of critical information assets, threat profiling, impact evaluation and control, and identification and formulation of detailed security requirements. Risk assessment provides clarity on the security functionality that is to be designed and developed into the application based on its criticality, exposure to sensitive information, user base, volume of transactions, legal requirements, and impact of security breach.