Designing and Evaluating an Automatic Forensic Model for Fast Response of Cross-Border E-Commerce Security Incidents

Designing and Evaluating an Automatic Forensic Model for Fast Response of Cross-Border E-Commerce Security Incidents

Chia-Mei Chen, Zheng-Xun Cai, Dan-Wei (Marian) Wen
Copyright: © 2022 |Pages: 19
DOI: 10.4018/JGIM.20220301.oa5
Article PDF Download
Open access articles are freely available for download


The rapid development of cross-border e-commerce over the past decade has accelerated the integration of the global economy. At the same time, cross-border e-commerce has increased the prevalence of cybercrime, and the future success of e-commerce depends on enhanced online privacy and security. However, investigating security incidents is time- and cost-intensive as identifying telltale anomalies and the source of attacks requires the use of multiple forensic tools and technologies and security domain knowledge. Prompt responses to cyber-attacks are important to reduce damage and loss and to improve the security of cross-border e-commerce. This article proposes a digital forensic model for first incident responders to identify suspicious system behaviors. A prototype system is developed and evaluated by incident response handlers. The model and system are proven to help reduce time and effort in investigating cyberattacks. The proposed model is expected to enhance security incident handling efficiency for cross-border e-commerce.
Article Preview


The explosive expansion of information technologies offers unprecedented opportunities for businesses to expand their markets through cross-border e-commerce, which accounted for roughly 20% of total global online transactions in 2015 (MEDICI Team, 2015) and continues to increase rapidly. The use of ICT is a critical factor in improving service productivity in e-commerce (Rabeh, Islam, Samer, Adnan, & Mustafa, 2019), and the growth of cross-border multi-national e-commerce has set trends for a major overhaul of the online industry (Sanjeev et al., 2019). Many governments consider now cross-border e-commerce as a new dimension of trade (Lianos, Mantzari, Durán, Darr, & Raslan, 2019). However, this increase in cross-border e-commerce activity has been accompanied by a commensurate increase in cyber-crime (Lau, 2018; Shrivastava, 2016). Not only have financial firms suffered serious losses due to cyberattacks (Ismail, 2018), governments, academic institutions, and high-tech firms have also experienced severe information breaches, with significant impacts on policy, research results, and competitive advantage. It is suggested that a serious cyberattack occurs every 39 seconds and that cybercrime could cost businesses up to $5.2 trillion over the next five years (Bera, 2019).

Privacy and security have emerged as two key requirements for successful cross border e-commerce (Karwatzki, Dytynko, Trenz, & Veit, 2017; Sung, 2006; Sutton, Khazanchi, Hampton, & Arnold, 2008). To prevent cyberattacks, businesses promote security awareness through information security education, training and awareness programs which have shown to improve employee security behavior (Winfred, Daniel Okyere, & Peace, 2019). In addition to national regulatory frameworks to promote user privacy protection, trans-national measures have been implemented to ensure cross-border e-commerce security. For instance, in 2016 the Organization for Economic Cooperation and Development (OECD) published its “Consumer Protection in E-commerce” (OECD, 2016) to stress the importance of consumer data security, especially for cross-border e-commerce. In addition, beginning in 2018, EU member states have implemented the General Data Protection Regulation (Tikkinen-Piri, Rohunen, & Markkula, 2018) and the European Data Protection Regulations to harmonize data privacy laws.

In addition to these overarching guidelines for securing e-commerce safety, new attention has focused on measures related to responding to security incidents. As defined in the RFC 2350 (“Expectations for Computer Security Incident Response”) (Brownlee & Guttman, 1998), a security incident is any adverse event which compromises some aspect of computer or network security. Generally, it is related to the compromise of confidentiality (e.g., user privacy), integrity (e.g., alteration of confidential information) or availability of information (e.g., Denial of Service attacks). The security incident response process includes evidence collection to facilitate rigorous investigations to protect cybersecurity (Baryamureeba & Tushabe, 2004), entailing evidence acquisition, collection and preservation, analysis, examination, and result reporting (Ademu, Imafidon, & Preston, 2011) using multiple forensic tools and technologies and comprehensive security domain knowledge. This makes identifying and tracking cyberattacks a time- and cost-intensive task for businesses. Moreover, prompt incident response is essential to reducing damage and loss from cyber-attacks.

Complete Article List

Search this Journal:
Volume 32: 1 Issue (2024)
Volume 31: 9 Issues (2023)
Volume 30: 12 Issues (2022)
Volume 29: 6 Issues (2021)
Volume 28: 4 Issues (2020)
Volume 27: 4 Issues (2019)
Volume 26: 4 Issues (2018)
Volume 25: 4 Issues (2017)
Volume 24: 4 Issues (2016)
Volume 23: 4 Issues (2015)
Volume 22: 4 Issues (2014)
Volume 21: 4 Issues (2013)
Volume 20: 4 Issues (2012)
Volume 19: 4 Issues (2011)
Volume 18: 4 Issues (2010)
Volume 17: 4 Issues (2009)
Volume 16: 4 Issues (2008)
Volume 15: 4 Issues (2007)
Volume 14: 4 Issues (2006)
Volume 13: 4 Issues (2005)
Volume 12: 4 Issues (2004)
Volume 11: 4 Issues (2003)
Volume 10: 4 Issues (2002)
Volume 9: 4 Issues (2001)
Volume 8: 4 Issues (2000)
Volume 7: 4 Issues (1999)
Volume 6: 4 Issues (1998)
Volume 5: 4 Issues (1997)
Volume 4: 4 Issues (1996)
Volume 3: 4 Issues (1995)
Volume 2: 4 Issues (1994)
Volume 1: 4 Issues (1993)
View Complete Journal Contents Listing