Risk analysis for electronic commerce using case-based reasoning

Electronic commerce (EC) appears to be essential for an organization’s survival and growth. Then the security of the EC systems, which ensures authorized and correct transaction processing, becomes one of the most critical issues in implementing the systems. The analysis of risk that a system faces is the core part of security management since risk analysis can identify the principal assets, the threats and the vulnerabilities of those assets, and the risks confronting the assets. This study intends to develop a risk analysis system in an EC environment using the case-based reasoning (CBR) technique. The process of the proposed system is composed of four steps: initial data collection, asset evaluation, threat and vulnerability evaluation, and result generation of risk analysis. This process follows the traditional risk analysis process. This system employs the casebase of past analyses and security accidents. Although some studies introduced several case-based systems for risk analysis of traditional information system, none of them is under an EC environment. The proposed system is the first to apply the CBR technique for risk analysis of an EC system. Copyright © 1999 John Wiley & Sons, Ltd.