Friday, September 15, 2006

A Curriculum Design for E-commerce Security

The low cost and wide availability of the Internet have revolutionized electronic commerce (e-commerce) and its applications. Security, then, has become one of the most important issues that must be resolved first to ensure its success. To protect an e-commerce system from existing threats, there must be e-commerce security experts who can help ensure its reliable deployment. This paper presents a curriculum design for e-commerce security in which the Delphi method and the Analytic Hierarchy Process (AHP) method were used. The AHP method determines the priorities of the e-commerce security courses, and the results of the study provide useful guidelines in the design of the e-commerce security curriculum.
The low cost and wide availability of the Internet have sparked a revolution in electronic commerce (e-commerce) and its applications. Many organizations have begun exploiting the opportunities offered by Internet-based e-commerce, and many more are expected to follow. Exemplary applications include online shopping, telebanking and Internet banking, teleteaching and distance education, online gambling, and virtual casinos, as well as Pay-TV and video-on-demand services (Oppliger, 1999). While this offers convenience for both consumers and vendors, many consumers are concerned about security and their private information when purchasing products or services over the Internet (Wang, Cao, and Kambayashi, 2002). Recently, there have been attacks on popular websites that resulted in the possible theft of credit card numbers of several thousand customers (He and Wang, 2001). Indeed, security is a major factor in e-commerce services.
Recently, courses in e-commerce have been offered in many schools and departments. These courses can be classified as technical and non-technical courses. Non-technical courses frequently focus on the changes in the business and in the industry due to e-commerce, the development of e-commerce, marketing practices, the processes in marketing research, etc. In technical courses, many academic units provide the contexts to understand the technology, and its applications such as web page design and associated programming languages, linking of databases to the website, customer data collection, catalog development, etc. (Jenkins, 2001).
However, courses in e-commerce security are not enough despite the priority on security to ensure the success of e-commerce. Many schools and academic departments on e-commerce have only one or two courses that deal with e-commerce security. When considering the importance of security in e-commerce, there is a further need to train e-commerce security experts who can help ensure its reliable deployment.
To produce e-commerce security experts, e-commerce security education should be treated more significantly, and sound curricula in e-commerce security are required. In this paper, we suggest a curriculum design for e-commerce security that would be useful in training e-commerce security experts. An e-commerce security curriculum is designed in consideration of existing e-commerce threats and current information security curricula. To analyze the designed e-commerce security curriculum, the Delphi method and the Analytic Hierarchy Process (AHP) method are applied. The AHP method determines the relative importance of e-commerce security courses (Nam and Kim, 2003; Saaty, 1995). By using the AHP method, we can determine the priorities in e-commerce security courses. To produce e-commerce security experts, these priorities provide useful guidelines in the selection of e-commerce security courses.
The rest of the paper is organized as follows. section 2 analyzes e-commerce threats and current e-commerce curricula. In section 3, the e-commerce security curriculum is designed. section 4 introduces the methodology. section 5 shows the results of the Delphi and AHP methods. The conclusions are then discussed in section 6.
2. RELATED WORKS
2.1 E-commerce security
Without question, security is one of the most important issues that must be resolved to ensure the success of e-commerce. Researchers have studied how to protect e-commerce systems from threats. A number of papers have dealt with threats and related security issues in e-commerce applications (Oosthuizen, 1998; Wright, 2001).
Customer privacy is becoming the most common security issue in e-commerce (Udo, 2001). No customer wants to use a business that distributes sensitive customer data, such as credit card information, without his knowledge or permission. Encryption technologies are widely used to protect customers' privacy. Encryption algorithms and digital signatures support secure applications in E-mail and electronic payment schemes. Public key infrastructure (PKI) also plays an important role in secure e-commerce transactions (Gollmann, 2000).
Hacking and distribution of viruses are also serious threats to e-commerce. They mostly attack networks or e-commerce sites to render e-services unavailable. Businesses mainly use firewalls to protect their internal networks. Firewalls have now become the main points of defense in the business security architecture. Various complementary systems, such as Intrusion Detection System (IDS), Virtual Private Network (VPN), Information Retrieval System, etc., have also been applied (Marchany and Tront, 2002).

No comments: