| At present, the Internet has been integrated into all aspects of social life for the promotion between the economic globalization and informationization, which profoundly changed people’s production and life style. However, the issuses of the information security become increasingly prominent which lead to the information system and platform facing the huge security risk for the openness of the Internet, the defects of the information system, the leakage of the sensitive information, the spread of the compute virus and the the invasion of the hackers. A variety of new computing resources, calculation method and the new network environment were constantly emerging,such as mobile commerce, cloud computing data and Internet finance which made the information security problems aggravated. At the same while, with the gradually increasing of accessing to the internert, user perception of information security risks also changed deeply, which has become an important factor in whether the users were willing to use the information system.Recently, the enterprises focused on reducing the informatin security riks through the security risk analysis, and ignored the informaiton security risk perception of the external users, which would bring the great losses to the enterprises because the user did not use the information system even though the riks value of the enterprise was low.Therefore, the study focused on combining the analysis of the information security riks and the perception of information security risk in order to bring more benifts to the enterprises through reducing the losses of information security of enterprises and improving the user’s trust, satisfaction and loyalty.The main contents of this paper are the following five aspects:1.The domestic and international information security risk management research findings was analyzed.Based on the summary of the domestic and international information security standards and evaluation methods, research status of current information security perception is analyzed from the perspective of social engineering.Through the above analysis, the following problems are found: the existing quantitative risk assessment methods can not solve the complex problems of relationship between assessment factors and much more the subjective risk factors; risk assessment quantification methods under the cloud computing environment are less; comprehensive analysis of the influencing factors and the relationship between factors of information security perception under the e-commerce environment is short; study on the influence factors of information security perception of Internet finance is still in the blank.2.The information security risk assessment and risk decision models were researched. According to the information security risk factors influence each other, theevaluation model of information security risk based on analytic network process was put forward; in view of the existing large subjective information security risk in the process of decision-making, the risk decisionmodel of information securityfor multiple attribute group decision making based on TOPSIS was put forward,the former helped to solve the problem between the evaluation factors influencing each other,the latter helped to reduce the subjective factors for the enterprise risk decision making.3.A quantitative information security risk under the cloud computing environment calculation method was put forward. The information security risk analysis of cloud computing was analyzed from the cloud computing architecture, and the risk quantitative analysis method under the cloud was proposed which was based on the Fault Tree and Monte-Carlo simulation. The relationship between risk and risk factors was built by Fault Tree, and the value of the risk factors was assigned by the probability distribution. Through the Monte-Carlo simulation method, the probability distribution of the risk result was obtained, and the inverse cumulative distribution function showed the probability that exceeding the given risk cost. The advantage of this method is that the probability of risk factors was not a specific values,but assume a probability distribution. Through the Monte-Carlo analysis, the rank of risk factors can be obtained and the invest under a given risk probability can be obtained, which can better the risk control of the enterprise, moreover, it was easy to modify the input of the model to get the new result when the risk factor changed,which can help to the risk decision of the enterprise.4.The influence of factors of B2Ce-commerce user info.rmation security perception was studied. Although it was very important to study the information security from the view of the technical and engineering point, it could not be ignored to research from theview of social science and management point, the user perception of information security has become an importantfactor in user consumer purchase decision.Such as B2 C e-commerce,study the factors and the relationship between factors that influence the B2 C e-commerce users’ information security perception.The factors that influence the information security peception were extracted from the existing literature,which were five factors named website design, technology protection, internal assurance,external assurance and website reputation. According to the factors, the structrual equation model was bulit.The result showed that the users’ perception of information security just be significally influenced by the technical protection and reputation,and other factors influenced the information security perception was not significant.Moreover,the factor of the website design influenced the technical protection positive significantly and the external assurance influenced the internal assurance significantly.5.The factors that influenced the the information security perception of P2 P lending was studied.The development of E-commerce provided the opportunity for the finance industry, and various new payment way and finance service appeared,the internet finance was the most important service model in 2013.The Internet finance was engaged in relevant finace work which was based on the big data, search engine technology,social network. The risk of information security brought from the business process was highlighted.This paper takes P2 P network lending as an example,and the factors of the technology protection, external assurance, website reputation, transaction process were chosen to analyze the influence of the information security perception.Through establishing the structural equation model,the results show that: the external insurance did influence the information security perception positively, and technical protection and reputation are merged into one factor,which positive influenced user information security perception, transaction process of positive influenced the information security perception.This study provided a new idea for the enterprise’s information security risk management and put forward that the enterprises should pay attention to the combination of the analysis of information security risks and the perception of the information security. The enterprises focused on reducing not only the value of the information security risks but also the perception of the users. The paper proposed information security risk assessment of information security and risk decision-making model, put forward the quanifying analysis method under the cloud computing environment; studied the factors that impacted of B2 C electronic commerce transaction information security perception, and researched the factors that influenced P2 P network lending information security perception.Through the study, the enterprises can control the risks to the right range through the analysis of the information security risks and can reduce the perception to the security risks through designing better websites,taking technical protection more effectively and improving the reputation of the enterprises,which would make the enterprises get more benefits.
|
PDF Full Text Request