E-Commerce or Electronics Commerce is a methodology of modern business, which addresses the requirements of business organizations. It can be broadly defined as the process of buying or selling of goods or services using an electronic medium such as the Internet. Vendors and customers to reduce cost and improve the quality of goods and services while increasing the speed of delivery. The rapid evolution of computing and communication technologies and their standardizations have made the boom in e-commerce possible. Lowering of the cost of operation, increase in the speed of transactions, and easy global reach to customers and vendors have been the reasons for the overwhelming popularity of this new way of commerce. This article examines the issues related to the security of the assets and transactions in the e-commerce components and activities. Since large public money is involved in the transactions, the role of information security and privacy is not exaggerated in this kind of business. After examining the technologies used in e-commerce, the article goes on to identify the security requirement of e-commerce systems from perceived threats. Then e-commerce security is viewed as an engineering management problem and a life cycle approach is put forward. How the e-commerce systems can be made secure using the life cycle approach is outlined. Electronic commerce can help enterprises reducing costs, obtaining greater market and improving relationships between buyers and sellers. At the same time, new risks and threats have also occurred, such as, mutual trust, intellectual property, network attacks and so on. This paper analyzes the threat classification and control measures, and on this basis, a conceptual risk management framework is provided. Enterprises engaged in e-commerce can use the framework to improve their security.