Security is the process of protecting data, detecting when data have been compromised, and responding to those detections [Schneier, 2000]. The security process for B2B data exchanges involves not only the technology components of the system(s) involved, but the entire system(s). The interconnections of the technology components as well as the human issues involved with both the exchanges and the system(s) are important security considerations. As such, the security process includes using a set of procedures, practices, and technologies that should be aligned with an overall security policy [Garfinkel and Spafford, 1997].

Data security calls for the preservation of:
· availability - data are accessible when needed
· utility - data are able to be used when needed
· integrity - data are valid (can be trusted)
· authenticity - data are actually of the ascribed authorship or origin
· confidentiality - data privacy is maintained at appropriate levels for appropriate time periods
· possession of information - only authorized parties have data
from accidental or intentional:
· destruction
· interference
· use of false data
· modification or replacement
· misrepresentation or repudiation
· misuse or failure to use
· access
· observation or disclosure
· copying, stealing, or endangerment
by:
· avoidance
· deterrence
· prevention
· detection
· mitigation
· transference
· sanction
· recovery
· correction
to:
· meet a standard of due care (particularly important in the legal environment)
· avoid loss
· reduce loss
· eliminate loss [Parker 1998; Schneier, 2000].