نقشه شناختی فازی بر اساس مدل سازی معادلات ساختاری برای طراحی کنترل در سیستم های مبتنی بر وب تجارت الکترونیک بنگاه به مصرف کننده

Security and integrity of business-to-consumer e-commerce web-based systems (ECWS) is becoming a concern among ECWS adopters. The controls for ECWS are classified into controls for system continuity, access controls, communication controls, and informal controls. The control design for ECWS is not well structured and demands understanding of the complex causal relationships among environmental factors (infrastructure, organizational requirements for security), controls, implementation, and performance. In order to aid the design of ECWS controls, the application of a fuzzy cognitive map, ECFCM (EC-control design using a fuzzy cognitive map), was developed. Structural equation modeling was used to identify relevant relationships among the components and indicate their direction and strength. A standardized causal coefficient from structural equation modeling was then used to create a fuzzy cognitive map, through which the state or movement of one control component was shown to have an influence on the state or movement of others. Thus ECFCM provides a practical insight to IS auditors by addressing the applicability of soft approaches in capturing and illustrating the use of FCM in the design of ECWS controls.

As the Internet becomes a part of daily lives, and business-to-consumer e-commerce web-based systems (hereafter ECWS) become widely available, security and controls issue in the use of electronic commerce (EC) have received critical importance in the workplace and home. The Computer Security Institute/Federal Bureau of Investigation (CSI/FBI) (2006) found that total losses from security damages for 2006 amount to $52, 494, 290 for the 313 respondents that were willing and able to estimate losses. The CSI study indicated that 48% of companies had experienced one to five security incidents in the previous year and the 39% of respondents attributed a percentage of their organization’s losses greater than 20% to insiders. IS auditors have relied upon their experience and know-how to make decisions on the degree to which a system maintains integrity and security. It is difficult to accurately describe the tasks of evaluating and designing ECWS controls, as conducted by managers and internal auditors. Designing ECWS controls is hardly simple, as it demands understanding of the complex interrelationships among various components (Lee & Lee, 2007). A traditional technique for evaluating control systems is a checklist. The interactions among components, however, are such complex to be assessed using only a checklist method. ECWS auditors or managers can not easily quantify the strength and direction of the interrelationships among environmental factors, controls, implementation, and performance. A rigorous method is needed to integrate information from a number of data in order to assist ECWS auditors to fully understand the interrelationships among various components in controls design. This article proposes the use of an fuzzy cognitive map (FCM) approach in designing ECWS controls. This study suggests a causal structure of ECWS controls model where environmental factors, controls, implementation, and performance are causally interrelated. Sets of items to measure variables of environmental factors (infrastructure, organizational requirements for security), controls, implementation, and performance are assessed. The structural model is tested using data collected from firms adopting ECWS using a questionnaire survey method and associated measurements. This study adopts what-if simulation analysis using a FCM approach where input is operational performance and output is strategic performance to investigate interrelationships among the factors.

ECFCM is a graphical representation of the model of ECWS controls in terms of the most relevant factors of controls design. Their fuzziness can allow the representation of hazy degrees of causality between environmental factors (infrastructure, organizational requirements for security), controls, implementation, and performance in ECWS controls. ECFCM was suggested to aid ECWS auditors in discovering the most effective controls. ECFCM can provide an answer to “what-if” questions by entering an input case that, multiplied by the adjacency matrix offers an ordered list of consequences and diagnoses. Various combinations of input can be entered, depending on whether each state of infrastructure, organizational requirement for security, informal controls is activated. ECWS auditors can gain an idea of the desirable state of controls by reviewing controls that lead to high performance. The ECFCM can help auditors overcoming the cognitive limitations in the causal reasoning process of ECWS practitioners. ECWS will provide a consistent approach in processing relevant cases, interpreting them, and applying them to problem solving in controls design. Structural equation modeling is used to derive the causal relations among factors in ECWS controls and suggest the relative explanatory power of such relationships. This is an effective approach in estimating the causal relations as it allows ECWS staff members not to predict causal relations among a number of factors in ECWS controls but just to estimate the state of each factor of ECWS controls. This approach will increase the quality of decision making in the investment of IS resources for implementing controls. Illustrative examples for controls design based on multi-level FCMs are given in this study. The set of controls having high values in performance in each stage may be suggested as the most desirable controls set in the stage. The performance resulting from implementation of controls can be the criterion of controls selection and design. ECWS auditors can recognize the values of environmental factors, i.e., infrastructure and organizational requirement for security as they affect the values of ECWS controls, enabling control designers to find out the relation between environmental factors and ECWS and discover each relevant ECWS controls, as well as to develop a more accurate model of ECWS controls. ECWS auditors can improve their decision as to the initial state of controls for the highest future state of performance.