What is an appropriate level of security?

Protecting the security and privacy of information exchanged is absolutely critical to the success of Web based services. At VillageMall we have a challenge: how do we design a security framework that is: (a) simple; (b) deployable within our client community; and (c) meets the privacy requirements of all involved parties? 

So what are the questions? 

For additional information about "what is appropriate security for your company" contact VillageMall