They should also be able to learn how to select and adopt standards, best practices and guidelines. Raising awareness among staff and service providers about information security issues is a good idea that the e-commerce community could consider doing. They could also discover the impact of security events on business processes and the organization as a whole. They can learn to always ask themselves the three questions: are you doing the right things?, are you doing them in the right way?. And are you doing them well enough? And if not, what are you going to do?