4. Controlling Information Risk in E-commerce

“The wise hear in silence, the wise see in the invisible”, which illustrates the importance of e-commerce enterprises to prevent information security risks. This chapter presents the information security risk management process, participants, and their responsibilities, and explains what is information security risk assessment. This paper introduces the form of information security risk assessment, the process of information security risk assessment, as well as the process and method of information security risk disposal, and analyzes the information security risk control measures, mainly including technical measures and normative measures. Among them, technical measures include cryptography, key management technology, network encryption and information protection technology, emerging encryption technology, digital signature technology, authentication technology, digital certificates, and public key infrastructure, while normative measures include information security management measures, information security management organizations, information security standards, information security laws and regulations, etc.