Information security in e-commerce based on ISO 27001: A systematic review
Abstract
In recent years, with the rapid popularization of eCommerce (electronic commerce), which greatly facilitates the lives of people who, with just one click, have the possibility of acquiring innumerable products regardless of the physical infrastructure of the real world. This growth goes hand in hand with the security of information due to its value, therefore it was necessary to analyze the evidence provided from the investigation to know the current state of information security management in the field of eCommerce. A systematic review has been carried out following the PRISMA guidelines of the published articles found in Scopus, including a total of 6 articles. The results consistently indicate that eCommerce systems are highly vulnerable, and this requires an improvement in information security management and security risk management aware of the threats that are increasing, in order to offer a good cybersecurity service. Currently there are many managers on the market that help to keep company information secure, which cover the needs of the systems and their vulnerabilities as a whole, corresponding to the management of information security related to eCommerce, but the ISO 27001 standard largely covers many areas of information security in a company, which provides greater protection and confidence in customer data.
Downloads
References
G. S. Torre y D. G. Codner, Fundamentos de Comercio, Buenos Aires: Universidad Virtual de Quilmes, 2013.
E. Turban, L. Volonino y G. R. Wood, Information Technology for Management, Nueva York: Wiley, 2010.
S. Carrasco Fernández, Venta online, Madrid: Ediciones Paraninfo, 2014.
K. Laudon y C. Traver, E Commerce: Business, Technology, Society, Nueva York: Pearson Prentice Hall, 2009.
A. Martínez Nadal, Comercio electrónico, firma digital y autoridades de certificación, Madrid: Aranzadi, 2001.
R. Mateu De Ros, El consentimiento y el proceso de contratación electrónica, Pamplona: Aranzadi, 2000.
C. M. Fernández, «La norma ISO 27001 del Sistema de Gestión de la Seguridad de la Información,» Calidad, pp. 40-44, 2012.
F. Pacheco, «Welivesecurity,» 10 Septiembre 2010. [En línea]. Available: https://www.welivesecurity.com/la-es/2010/09/10/la-importancia-de-un-sgsi/.
M. Podrecca, G. Culot, G. Nassimbeni y M. Sartor, «Information security and value creation: The performance implications of ISO/IEC 27001,» Computers in Industry, vol. 142, pp. 2-10, 2022.
D. Freitas, «Análisis y evaluación del riesgo de la información: caso de estudio Universidad Simón Bolivar,» Enlace, vol. 6, nº 1, p. 13, 2009.
A. Pérez, «OBS Business School,» 09 Octubre 2017. [En línea]. Available: https://www.obsbusiness.school/blog/seguridad-de-la-informacion-un-conocimiento-imprescindible.
H. A. García-Perdomo, «Conceptos fundamentales de las revisiones sistemáticas/metaanálisis,» Urología Colombiana, pp. 28-34, 2015.
L. Xiang, F. A. Sayed, K. A. Muhammad, K. Jingying, I. Muhammad, U.-H. Jabbar y A. Shujaat, «Cyber security threats: A never-ending challenge for e-commerce,» Frontiers in Psychology, vol. 13, nº 2, p. 7, 2022.
A. Nolte, A. Abasi-amefon y M. Raimundas, «Security Risk Management in E-commerce Systems: A Threat-driven Approach,» Modern Computing, vol. 8, nº 2, p. 28, 2020.
S. Khan, «Cyber Security Issues and Chanllenges in E-Commerce,» SSRN, vol. 10, nº 5, p. 8, 2019.
E. Sylvanus y O. Adepele, «A Formal Model of Distributed Security for Electronic Commerce Transactions Systems,» International Journal of Networked and Distributed Computing, vol. 7, nº 2, p. 17, 2019.
A. Ibrahim, «Integrated e-commerce security model for websites,» International Journal of Advanced and Applied Sciences, vol. 9, nº 4, p. 8, 2022.
A. O. Raphael, A. O. Sulaiman y O. M. Babatola, «A SECURITY MODEL FOR PREVENTING E-COMMERCE RELATED CRIMES,» Applied Computer Science, vol. 16, nº 3, p. 12, 2020.
K. Shweta y G. Charu, «Ensure Hierarchal Identity Based Data Security in Cloud Environment,» International Journal of Cloud Applications and Computing, vol. 9, nº 4, p. 16, 2019.
G. Culot, «The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda,» The TQM Journal, 2021.
X. Zhu y Y. Zhu, «Extension of ISO/IEC27001 to Mobile Devices Security Management,» Communications in Computer and Information Science, 2019.
Copyright (c) 2023 Innovation and Software
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors exclusively grant the right to publish their article to the Innovation and Software Journal, which may formally edit or modify the approved text to comply with their own editorial standards and with universal grammatical standards, prior to publication; Likewise, our journal may translate the approved manuscripts into as many languages as it deems necessary and disseminates them in several countries, always giving public recognition to the author or authors of the research.
