Professional Documents
Culture Documents
Article information:
To cite this document:
M. Warren W. Hutchinson, (2003),"A security risk management approach for e-commerce", Information Management &
Computer Security, Vol. 11 Iss 5 pp. 238 - 242
Permanent link to this document:
http://dx.doi.org/10.1108/09685220310509028
Downloaded on: 16 June 2015, At: 01:19 (PT)
References: this document contains references to 7 other documents.
To copy this document: permissions@emeraldinsight.com
The fulltext of this document has been downloaded 2412 times since 2006*
Access to this document was granted through an Emerald subscription provided by emerald-srm:499410 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service
information about how to choose which publication to write for and submission guidelines are available for all. Please
visit www.emeraldinsight.com/authors for more information.
M. Warren
School of Information Technology, Deakin University, Geelong, Australia
W. Hutchinson
School of Computer and Information Science, Edith Cowan University,
Mt Lawley, Australia
Keywords
Electronic commerce,
Risk analysis, Information systems
Abstract
The current issue and full text archive of this journal is available at
http://www.emeraldinsight.com/0968-5227.htm
Introduction
Information systems are now heavily utilized
by all organizations and relied upon to the
extent that it would be impossible to manage
without them. This has been encapsulated by
the recent development of e-commerce in a
consumer and business environment. The
situation now arises that information
systems are at threat from a number of
security risks and what is needed is a
security method to allow for these risks to be
evaluated and ensure that appropriate
security countermeasures are applied.
Security methods
The aim of the research was too combine a
information systems modeling method with a
baseline security method to form a hybrid
security method. This method could be used
to evaluate high and low level security risks
associated with e-commerce. The methods
used in this model are the viable system
model (VSM) and baseline security approach.
The VSM is used to model an organisation's
basic functions and associated data flows,
whilst the baseline security approach is used
to implement appropriate security
countermeasures.
[ 238 ]
Figure 1
The viable system model
[ 239 ]
[ 240 ]
Validation of research
To validate the model the authors looked at a
number of security risks that could impact
organisations in relation to e-commerce. In
this section we will look at the impact of
viruses. The type of virus attack that is being
modeled would be a ``Word macro'' virus
infection similar to the ``Lovebug'' virus.
Figure 2
Software developed by authors to model VSM situations
.
.
Conclusion
The paper has shown that hybrid security
risk analysis models can be used to model
complex security solutions in relation to
e-commerce. The aim of the research is not to
fully replace detailed security risks analysis
methods but to offer an easier alternative
that can be used to model different
e-commerce security risks and determine the
impact of appropriate security
countermeasures.
[ 241 ]
Figure 3
Security baseline tool
References
[ 242 ]