Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

A Empirical Validation of Risk Analysis Model in Electronic Commerce

전자상거래환경에서 위험분석방법론의 타당성에 대한 연구

  • Published : 2004.08.01
Download PDF
⟨ Previous Next ⟩

Abstract

Risk analysis model is systematic and structural process that considers internal security problems and threat factors of the information systems to find optimal level of security control. But, the risk analysis model is just only defined conceptually and there are not so many empirical studies. This research used structural equation modeling(SEM) research methodology with rigorously validated research instrument. Based on results of this study, risk analysis methodology was proved to be practically useful in e-commerce environment. Factors like threat and control were significantly related to risk. In conclusion, the results of this study can be applied to general situation or environment of information security for analyzing and managing the risk and providing new approach to comprehend concept of risk in e-commerce environment.

위험분석모델은 정보시스템 보안과 관련된 위험을 자산, 위협, 취약성, 보안통제의 관계를 통해서 설명하는 체계화 된 방법이다. 그러나 위험분석모델의 실증적인 연구가 이루어진 경우는 상당히 드물며, 특히 위험분석모델의 타당성 논의는 거의 없는 실정이다. 구조방정식모델을 적용하여 전자상거래 환경에서 위험분석모델의 타당성에 대한 실증적 분석을 한 결과, 위험의 수준에 영향을 미치는 요인으로 언급되는 위협과 보안통제는 통계적으로 유의한 것으로 나타났다. 본 연구는 전자상거래 이용자의 위험인지에 영향을 미치는 요인을 위험분석 접근법을 이용하여 모델 화하여 검증함으로써 전자상거래 위험에 영향을 미치는 선행요인을 규명할 뿐만 아니라 위험분석접근법을 통한 전자상거래에 대한 새로운 관점에서의 접근을 가능하게 한다.

Keywords

References

  1. ISO/IEC JTC1 SC27. Guidelines for the management of IT security(GMITS) -Part 1: Concepts and models of IT security. TR 13335-1. 2000
  2. ISO/IEC 17799: 2000. Information technology- Code of practice for information security management. 2000
  3. 김영걸, 이종만, 이재남, '정보시스템의 위험도 분석에 대한 연구: 통합적 분석 틀을 중심으로.' 경영정보학연구, 8권 2호, pp. 37-53, 1998
  4. Mayer, R., J. Davis. and F. Schoorman, 'An Integrative Model of Organizational Trust,' Academy of Mahagement Review, Vol. 20, No.3, pp. 709-734, 1995 https://doi.org/10.2307/258792
  5. Salam. F., R. Rao. and C. Pegels, 'An Investigation of Consumer-perceived Risk on Electronic Commerce Transactions: The Role of Institutional Trustand Economic Incentive in a Social Exchange Framework,' Proceedings of Americas Conference on Information Systems, pp. 335-337, 1998
  6. Jarvenpaa, S.. N. Tractinsky, and M. Vitale, 'Consumer trust in an Internet store.' Information Technology and Management. Vol. 1. No. 1. pp. 45-71, 2000 https://doi.org/10.1023/A:1019104520776
  7. Kim, K., and B. Prabhakar, 'Initial Trust, Perceived Risk, and the Adoption of Internet Banking,' Proceedings of International Conference on Information Systems. pp. 537-543, 2000
  8. Pavlou, P., 'Institution-based trust in interorganizational exchange relationships: the role of online B2B marketplaces on trust formation,' Strategic Information Systems, Vol. 11. No.3, pp. 215-243, 2002 https://doi.org/10.1016/S0963-8687(02)00017-3
  9. 이성만, 이필중, '해외의 보안위험분석 방법론 현황 및 분석,' 한국통신정보보호학회지, 4권 1호, pp. 316-323. 1994
  10. BSI, BS7799: Code of Practices for information Security Management, United Kingdom, 1999
  11. CCTA, United Kingdom Government CRAMM User Guide, 2001
  12. KPMG Peat Marwick LLP, Vulnerability Assessment Framework 1.1, Critical Infrastructure Assurance Office, October 1998
  13. CSE, Guide to Security Risk Management for IT Systems. Government of Canada, Communications Security Establishment, 1996
  14. GAO, Information Security Risk Assessment- Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office. August 1999
  15. CSI, IPAK : Information Protection Assessment Kit, Computer Security Institute, 1997
  16. Peltier, T., Information Security Risk Analysis, Auerbach, 2001
  17. Loch, K., H. Carr, and M. Warkentin. 'Threats to Information Systems: Today's Reality, Yesterday's Understanding,' MIS Quarterly, Vol. 16, No. 2, Pp. 173-186, 1992 https://doi.org/10.2307/249574
  18. Otwell. K.. and B. Aldridge, 'The Role of Vulnerability in Risk Management.' IEEE Proceedings of the Fifth Annual Computer Security Application Conference, pp. 32-38, 1989
  19. Torkzadeh, G., and G. Dhillon, 'Measuring Factors the Influence the Sucess of Internet Commerce,' Information System Research, Vol. 13. No. 2, pp. 187-204. 2002 https://doi.org/10.1287/isre.13.2.187.87
  20. Kim, D., Y. Song. S. Braynov, and R. Rao, 'A B-To-C Trust Model for On-Line Exchange,' Proceedings of Seventh Americas Conference on Information Systems, pp. 784-787. 2001
  21. NIST, Risk Management Guide for Information Technology Systems- Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-30, October 1998
  22. CMU/SEI Operationally Critical Threat. Asset, Vulnerability Evaluation(OCTAVE) Framework, Version 1.0. CMU/SEI-99-TR -017, June 1999
  23. Garver. M., and J .. Mentzer. 'Logistics Research Methods : Employing Structural Equation Modeling to Test for Construct Validity.' Journal of Business Logistics. Vol. 20. No. 1. pp. 33-57. 1999
  24. Burt. S.. 'Interpretational Confounding of Unobserved Variables in Structural Equation Models,' Sociological Methods and Research. Vol. 5. pp. 3-52. 1976 https://doi.org/10.1177/004912417600500101
  25. Gerbing. D.. and J. Anderson. 'An Updated Paradigm for Scale Development Incorporating Unidimensionality and Its Assessment.' Journal of Marketing Research. Vol. 25. pp. 186-192. 1988 https://doi.org/10.2307/3172650
  26. Gefen. D.. 'E-Commerce: The Role of Familiarity and Trust.' Omega, Vol. 28. No.6. pp. 725-737. 2000 https://doi.org/10.1016/S0305-0483(00)00021-9
  27. Gefen. D.. E. Karahanna. and D. Straub. 'Trust and TAM in Online Shopping: An Integrated Model.' MIS Quarterly. Vol. 27. No. 1. pp. 51-90. 2003
  28. Chau. P.. 'On the use of construct reliability in MIS research: a meta analysis.' Information and Management. Vol. 35. No.4. pp. 217-228. 1999 https://doi.org/10.1016/S0378-7206(98)00089-5
  29. Peter. J.. 'Reliability: A Review of Psychometric Basics and Recent Marketing Practices.' Journal of Marketing Research. Vol. 16 No. 1. pp. 6-17. 1979 https://doi.org/10.2307/3150868
  30. Fornell. C.. and D. Larcker, 'Evaluating Structural Equation Models with Unobservable Variables and Measurement Error.' Journal of Marketing Research. Vol. 18. pp. 39-50, 1981 https://doi.org/10.2307/3151312
  31. 채서일, 사회과학 조사방법론, 2판, 학현사 1995
  32. Gefen. D., 'Assessing Unidimensionality through LISREL: An Explanation and Example,' Communications of the Association for Information Systems. Vol. 12. pp. 23-47. 2003
  33. Bagozzi. R., and L. Phillips, 'Representing and Testing Organizational Theories : A Holistic Construct,' Administrative Science Quarterly. Vol. 23. No.3, pp. 459-489. 1982
  34. Anderson. J., 'An Approach for Confirmatory Measurement and Structural Equation Modeling of Organizational Properties,' Management Science. Vol. 33. No.4. pp. 525-541, 1987 https://doi.org/10.1287/mnsc.33.4.525