Browse > Article
http://dx.doi.org/10.13089/JKIISC.2004.14.4.61

A Empirical Validation of Risk Analysis Model in Electronic Commerce  

김종기 (부산대학교)
이동호 (부산대학교 경영경제연구)
서창갑 (동명정보대학교)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.14, no.4, 2004 , pp. 61-74 More about this Journal
Abstract
Risk analysis model is systematic and structural process that considers internal security problems and threat factors of the information systems to find optimal level of security control. But, the risk analysis model is just only defined conceptually and there are not so many empirical studies. This research used structural equation modeling(SEM) research methodology with rigorously validated research instrument. Based on results of this study, risk analysis methodology was proved to be practically useful in e-commerce environment. Factors like threat and control were significantly related to risk. In conclusion, the results of this study can be applied to general situation or environment of information security for analyzing and managing the risk and providing new approach to comprehend concept of risk in e-commerce environment.
Keywords
Risk Analysis Model; E-Commerce; IS Security; SEM;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Mayer, R., J. Davis. and F. Schoorman, 'An Integrative Model of Organizational Trust,' Academy of Mahagement Review, Vol. 20, No.3, pp. 709-734, 1995   DOI   ScienceOn
2 Salam. F., R. Rao. and C. Pegels, 'An Investigation of Consumer-perceived Risk on Electronic Commerce Transactions: The Role of Institutional Trustand Economic Incentive in a Social Exchange Framework,' Proceedings of Americas Conference on Information Systems, pp. 335-337, 1998
3 Pavlou, P., 'Institution-based trust in interorganizational exchange relationships: the role of online B2B marketplaces on trust formation,' Strategic Information Systems, Vol. 11. No.3, pp. 215-243, 2002   DOI   ScienceOn
4 이성만, 이필중, '해외의 보안위험분석 방법론 현황 및 분석,' 한국통신정보보호학회지, 4권 1호, pp. 316-323. 1994   과학기술학회마을
5 KPMG Peat Marwick LLP, Vulnerability Assessment Framework 1.1, Critical Infrastructure Assurance Office, October 1998
6 Gerbing. D.. and J. Anderson. 'An Updated Paradigm for Scale Development Incorporating Unidimensionality and Its Assessment.' Journal of Marketing Research. Vol. 25. pp. 186-192. 1988   DOI   ScienceOn
7 Fornell. C.. and D. Larcker, 'Evaluating Structural Equation Models with Unobservable Variables and Measurement Error.' Journal of Marketing Research. Vol. 18. pp. 39-50, 1981   DOI   ScienceOn
8 Gefen. D., 'Assessing Unidimensionality through LISREL: An Explanation and Example,' Communications of the Association for Information Systems. Vol. 12. pp. 23-47. 2003
9 Jarvenpaa, S.. N. Tractinsky, and M. Vitale, 'Consumer trust in an Internet store.' Information Technology and Management. Vol. 1. No. 1. pp. 45-71, 2000   DOI   ScienceOn
10 BSI, BS7799: Code of Practices for information Security Management, United Kingdom, 1999
11 CSI, IPAK : Information Protection Assessment Kit, Computer Security Institute, 1997
12 채서일, 사회과학 조사방법론, 2판, 학현사 1995
13 CSE, Guide to Security Risk Management for IT Systems. Government of Canada, Communications Security Establishment, 1996
14 ISO/IEC 17799: 2000. Information technology- Code of practice for information security management. 2000
15 GAO, Information Security Risk Assessment- Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office. August 1999
16 Peltier, T., Information Security Risk Analysis, Auerbach, 2001
17 Torkzadeh, G., and G. Dhillon, 'Measuring Factors the Influence the Sucess of Internet Commerce,' Information System Research, Vol. 13. No. 2, pp. 187-204. 2002   DOI   ScienceOn
18 Chau. P.. 'On the use of construct reliability in MIS research: a meta analysis.' Information and Management. Vol. 35. No.4. pp. 217-228. 1999   DOI   ScienceOn
19 ISO/IEC JTC1 SC27. Guidelines for the management of IT security(GMITS) -Part 1: Concepts and models of IT security. TR 13335-1. 2000
20 Garver. M., and J .. Mentzer. 'Logistics Research Methods : Employing Structural Equation Modeling to Test for Construct Validity.' Journal of Business Logistics. Vol. 20. No. 1. pp. 33-57. 1999
21 CMU/SEI Operationally Critical Threat. Asset, Vulnerability Evaluation(OCTAVE) Framework, Version 1.0. CMU/SEI-99-TR -017, June 1999
22 Peter. J.. 'Reliability: A Review of Psychometric Basics and Recent Marketing Practices.' Journal of Marketing Research. Vol. 16 No. 1. pp. 6-17. 1979   DOI   ScienceOn
23 CCTA, United Kingdom Government CRAMM User Guide, 2001
24 Gefen. D.. 'E-Commerce: The Role of Familiarity and Trust.' Omega, Vol. 28. No.6. pp. 725-737. 2000   DOI   ScienceOn
25 김영걸, 이종만, 이재남, '정보시스템의 위험도 분석에 대한 연구: 통합적 분석 틀을 중심으로.' 경영정보학연구, 8권 2호, pp. 37-53, 1998
26 Otwell. K.. and B. Aldridge, 'The Role of Vulnerability in Risk Management.' IEEE Proceedings of the Fifth Annual Computer Security Application Conference, pp. 32-38, 1989
27 Kim, D., Y. Song. S. Braynov, and R. Rao, 'A B-To-C Trust Model for On-Line Exchange,' Proceedings of Seventh Americas Conference on Information Systems, pp. 784-787. 2001
28 Bagozzi. R., and L. Phillips, 'Representing and Testing Organizational Theories : A Holistic Construct,' Administrative Science Quarterly. Vol. 23. No.3, pp. 459-489. 1982
29 Anderson. J., 'An Approach for Confirmatory Measurement and Structural Equation Modeling of Organizational Properties,' Management Science. Vol. 33. No.4. pp. 525-541, 1987   DOI   ScienceOn
30 Burt. S.. 'Interpretational Confounding of Unobserved Variables in Structural Equation Models,' Sociological Methods and Research. Vol. 5. pp. 3-52. 1976   DOI
31 Loch, K., H. Carr, and M. Warkentin. 'Threats to Information Systems: Today's Reality, Yesterday's Understanding,' MIS Quarterly, Vol. 16, No. 2, Pp. 173-186, 1992   DOI   ScienceOn
32 NIST, Risk Management Guide for Information Technology Systems- Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-30, October 1998
33 Gefen. D.. E. Karahanna. and D. Straub. 'Trust and TAM in Online Shopping: An Integrated Model.' MIS Quarterly. Vol. 27. No. 1. pp. 51-90. 2003
34 Kim, K., and B. Prabhakar, 'Initial Trust, Perceived Risk, and the Adoption of Internet Banking,' Proceedings of International Conference on Information Systems. pp. 537-543, 2000