چکیده:
The fast pace of advancement of the electronic communications post war has
transformed many traditional aspects of social and technological life from the
ubiquitous access to global information to personal mobile contact with friends
and family. In the commercial sector, the electronic commerce or electronic
business encompass any form of commercial transaction using Electronic Data
Interchange (EDI), Electronic Funds Transfer (EFT) or other technologies to
facilitate such exchange. Having its roots in late seventies, and spurred by a host
of emerging technologies since its introduction, e-commerce faces a myriad of
challenges and risks due to its pervasive nature.
Major developments in personal (credit cards, ATMs) and business (ERP)
transactions during late seventies through to nineties have fuelled the rapid
growth of the electronic business culminating in the current explosion of the
world wide web based transactions. However, in view of their impersonal and
pervasive nature, electronic transactions are generally susceptible to fraud and
improper use.
The management of Risks is regarded as a key element of good business
approach and governance. Whilst many aspects of business activities entail
degree of risk often left to the discretion of the enterprise, the safety,
environmental and governance issues are increasingly scrutinized and regulated.
This lecture introduces a generic risk based framework founded on a
number of systematic and systemic principles & a review of best practice in
systems safety, security and sustainability. A candidate framework comprising
assessment and management dimensions each founded on 7 key principles is
synthesised and proposed for adoption across all e-commerce applications from
business to business (B2B) to business to consumer (B2C). The framework
offers a strategic yet coherent and scalable approach to risk assessment and
management which can be mapped to the specific requirements of an
organization or industry sector as appropriate.
The framework as a strategic paradigm encompasses many matters of
concern to the current and future of e-Commerce including security, trust,
commercial and reputational risks, governance transparency and statutory
compliance. It provides a robust systems foundation for a holistic and
comprehensive incorporation of policies, tools and practices for decision
support, monitoring of performance, detecting trends and timely detection of
mishaps and activation of remedial actions and loss control plans.
خلاصه ماشینی:
A framework for management of risks should inherently address all life-cycle phases and issues comprising; • Identification/recognition of fundamental threats, faults and failures (causes of hazards), • Prediction of realisation/occurrence of hazardous states arising from threats, faults and failures, • Assessment of potential escalation of hazardous states into accidents/loss scenarios & • Coverage of post accident scenarios, actions and recovery processes • Human organisation, capabilities, resourcing, procedures and competencies • An inherent monitoring, measurement and enhancement regime On the other hand, assurance is synonymous with gaining increasing confidence about the performance of an often complex product, service, process or system so that; • It delivers an optimal level of essential and desirable properties/performance • It is free form an unacceptable level of undesirable properties/performance A systems framework based on a complete and inter-related set of principles for performance assurance would enhance the degree of confidence that apart from the delivery of required functionality, the product, service, process or system is free from potentially harmful properties and behaviours hence assurance.
Advantages The quantitative framework for assessment of risks arising from hazards of undertakings, services, products and processes, yields a number of major advantages over its qualitative counterpart; • generates a quantified measure of risks in complex situations; • capable of addressing uncertainty and statistical variations in input data; • capable of addressing dependencies in the input parameters/data; • capable of generating confidence intervals for the quantified risks; • capable of demonstrating compliance with ALARP and other Industry Benchmarks; • auditable objective process with scope for review and improvement; • does not employ arbitrary tolerability criteria popularised by risk matrices; • does not require customisation or a specific form of a ranking matrix; • provides an auditable and traceable approach to decision support; • employs the same framework and principles as in the qualitative approach.