Development of a framework for risks and security in B2C e-business

Abstract

The aim of this paper is to develop a framework for analysing risks, security and controls for business to consumer electronic commerce over the Internet. An initial framework was developed from the literature and was validated by comparing it against current industry practice. To achieve this, a number of semi-structured interviews were conducted with a range of industry professionals who were representatives from EC consultants, Independent security consultants, BIG 5 audit and security consultants, Web based assurance service providers, Internal audit and Law enforcement agencies. These interviews validated much of the framework and identified additional risks and controls that were added to the framework. In the process, a matrix was developed to match the identified risks with their mitigating controls, which was further validated by the practitioners. This matrix can be used as a support for practitioners seeking to identify and mitigate risks for Internet commerce as well as providing a springboard for future research. © 2003 by Springer Science+Business Media New York.