Elsevier

Expert Systems with Applications

Volume 36, Issue 7, September 2009, Pages 10447-10460
Expert Systems with Applications

Fuzzy cognitive map based on structural equation modeling for the design of controls in business-to-consumer e-commerce web-based systems

https://doi.org/10.1016/j.eswa.2009.01.070Get rights and content

Abstract

Security and integrity of business-to-consumer e-commerce web-based systems (ECWS) is becoming a concern among ECWS adopters. The controls for ECWS are classified into controls for system continuity, access controls, communication controls, and informal controls. The control design for ECWS is not well structured and demands understanding of the complex causal relationships among environmental factors (infrastructure, organizational requirements for security), controls, implementation, and performance. In order to aid the design of ECWS controls, the application of a fuzzy cognitive map, ECFCM (EC-control design using a fuzzy cognitive map), was developed. Structural equation modeling was used to identify relevant relationships among the components and indicate their direction and strength. A standardized causal coefficient from structural equation modeling was then used to create a fuzzy cognitive map, through which the state or movement of one control component was shown to have an influence on the state or movement of others. Thus ECFCM provides a practical insight to IS auditors by addressing the applicability of soft approaches in capturing and illustrating the use of FCM in the design of ECWS controls.

Introduction

As the Internet becomes a part of daily lives, and business-to-consumer e-commerce web-based systems (hereafter ECWS) become widely available, security and controls issue in the use of electronic commerce (EC) have received critical importance in the workplace and home. The Computer Security Institute/Federal Bureau of Investigation (CSI/FBI) (2006) found that total losses from security damages for 2006 amount to $52, 494, 290 for the 313 respondents that were willing and able to estimate losses. The CSI study indicated that 48% of companies had experienced one to five security incidents in the previous year and the 39% of respondents attributed a percentage of their organization’s losses greater than 20% to insiders.

IS auditors have relied upon their experience and know-how to make decisions on the degree to which a system maintains integrity and security. It is difficult to accurately describe the tasks of evaluating and designing ECWS controls, as conducted by managers and internal auditors. Designing ECWS controls is hardly simple, as it demands understanding of the complex interrelationships among various components (Lee & Lee, 2007).

A traditional technique for evaluating control systems is a checklist. The interactions among components, however, are such complex to be assessed using only a checklist method. ECWS auditors or managers can not easily quantify the strength and direction of the interrelationships among environmental factors, controls, implementation, and performance. A rigorous method is needed to integrate information from a number of data in order to assist ECWS auditors to fully understand the interrelationships among various components in controls design. This article proposes the use of an fuzzy cognitive map (FCM) approach in designing ECWS controls. This study suggests a causal structure of ECWS controls model where environmental factors, controls, implementation, and performance are causally interrelated. Sets of items to measure variables of environmental factors (infrastructure, organizational requirements for security), controls, implementation, and performance are assessed. The structural model is tested using data collected from firms adopting ECWS using a questionnaire survey method and associated measurements. This study adopts what-if simulation analysis using a FCM approach where input is operational performance and output is strategic performance to investigate interrelationships among the factors.

Section snippets

Types of ECWS controls

ECWS controls can be described as the process through which an organization accomplishes its goals when implementing ECWS. The controls can safeguard IS resources, thereby accomplishing the system objectives of timeliness and accuracy. ECWS controls are classified into management and application controls, which is the most common classification scheme suggested in the literature of IS controls (Weber, 1999). Management controls are fundamental controls in that they encompass general IS

Need for FCM in the design of ECWS controls

A cognitive map (CM) represents the causal relationships among the elements of a given environment. It describes the perceptions of experts about the subjective world rather than objective reality. CMs can be generalized into fuzzy cognitive maps (FCMs) by fuzzifying edge values or causality values. FCMs give different strengths to each link and appear more reasonable to represent most cases. The FCM approach provides an inference mechanism that enables the fuzzy causal relations among factors

Research design

The data used in validating the research model was collected as part of a research project concerning ECWS implementation (Lee & Kim, 2007). A field survey was adopted in this study as it enables the test of significance of relations among variables using a larger statistically testable sample. Data for this research was collected by interviewing practitioners that manage ECWS. The researcher of this study prepared a series of questions and personally interviewed each respondent using a

Measurement properties

The content validity of the items is established from the adoption of constructs that have been validated by other researchers and a pretest with 10 IS professionals. Further, great care was taken during the previous stages of development and pilot testing of the items.

The items converged on appropriate constructs for latent variables, as originally envisaged from the result of separate exploratory factor analysis on the items that measured the eight inherent variables. Items with factor

Example of FCM application

The direction and strength of cause and effect linkages were found out using a number of cases representing the state of controls. In order to provide decision support from FCM in controls design, it is necessary to investigate the impact of positive and negative causalities when stimuli are given on one or more elements. The goal of the application is to show the recommendation of ECWS controls that lead to the highest ECWS performance. The adjacency matrix represents that the enhancement of

Conclusions

ECFCM is a graphical representation of the model of ECWS controls in terms of the most relevant factors of controls design. Their fuzziness can allow the representation of hazy degrees of causality between environmental factors (infrastructure, organizational requirements for security), controls, implementation, and performance in ECWS controls. ECFCM was suggested to aid ECWS auditors in discovering the most effective controls. ECFCM can provide an answer to “what-if” questions by entering an

References (55)

  • J. Anderson et al.

    Structural equation modeling in practice: A review and recommended two-step approach

    Psychological Bulletin

    (1988)
  • R. Bagozzi et al.

    On the evaluation of structural equation models

    Academy of Marketing Science

    (1988)
  • J.C. Brancheau et al.

    Key issues in information systems management: 1994–1995 SIM Delphi results

    MIS Quarterly

    (1996)
  • M. Broadbent et al.

    The implications of information technology infrastructure for business process redesign

    MIS Quarterly

    (1999)
  • A. Brungs et al.

    Identification of legal issues for computer forensics

    Information Systems Management

    (2005)
  • J.I. Cash et al.

    Corporate information systems management: Text and cases

    (1992)
  • E.A. Cavazos

    The legal risks of setting up shop in cyberspace

    Journal of Organizational Computing and Electronic Commerce

    (1996)
  • S. Chan et al.

    EDI for managers and auditors

    (1993)
  • P.Y.K. Chau et al.

    Factors affecting the adoption of open systems: An exploratory study

    MIS Quarterly

    (1997)
  • Computer Security Institute (CSI). (2006). CSI/FBI computer crime and security survey....
  • G. Dhillon et al.

    Information system security management in the new millennium

    Communications of the ACM

    (2000)
  • M.J. Garfield et al.

    Planning for Internet security

    Information Systems Management

    (1997)
  • V.C. Georgopoulos et al.

    A fuzzy cognitive map approach to differential diagnosis of specific language impairment

    Artificial Intelligence in Medicine

    (2002)
  • R.D. Gopal et al.

    Preventive and deterrent controls for software piracy

    Journal of Management Information Systems

    (1997)
  • V. Grover

    An empirically derived model for the adoption of customer-based interorganizational systems

    Decision Sciences

    (1993)
  • J.C. Henderson et al.

    Managing I/S design teams: A control theories perspective

    Management Science

    (1992)
  • ISACA

    EDI control guide

    (1990)
  • Cited by (33)

    • A scenario-based modeling method for controlling ECM performance

      2018, Expert Systems with Applications
      Citation Excerpt :

      The following subsection describes their active participation in building the FCM model. Different methods can be used to build FCM (Kang, Lee, & Choi, 2004; Sangjae Lee & Ahn, 2009; Papageorgiou et al., 2009; Schneider, Shnaider, Kandel, & Chew, 1998). Often each expert builds his/her own FCM.

    • Dynamic risks modelling in ERP maintenance projects with FCM

      2014, Information Sciences
      Citation Excerpt :

      In other words, we built our FCM of ERP maintenance risks. To support this work, various FCM development methods have been presented [45,51,57,81,91,92,95]. The characteristics of each study determine which method should be used.

    • Application of a fuzzy cognitive map based on a structural equation model for the identification of limitations to the development of wind power

      2013, Energy Policy
      Citation Excerpt :

      This study demonstrates that the application of SEM can help policy makers understand potential correlations and causal effects among existing or potentially existing shortcomings in different sectors, by considering the framework of complex causalities or decision environments. Furthermore, the application of FCM, with its systematic inference processes, can help to solve the issue of experience-based policy-making processes placing limitations on traditional professional systems (Kang et al., 2004; Lee and Ahn, 2009; Lee and Han, 2000; Lee et al., 2004, 1992). First, results of the SEM analysis showed that correlations do exist between constructs influencing wind power development.

    • RuleML representation and simulation of Fuzzy Cognitive Maps

      2013, Expert Systems with Applications
      Citation Excerpt :

      The applications of FCMs are numerous and scientists from a wide diversity of disciplines are studying and using them. For example FCMs were developed for analyzing success factors in retail industry (Büyüközkan & Vardaloğlu, 2012) and for the design of controls in business-to-consumer e-commerce systems (Lee & Ahn, 2009). Lee, Lee, and Lee (2012) used an FCM for personalized pricing of last minute theatre tickets, while Lee and Lee (2012), studied the creation of an Internet-based stock trading system, using an FCM.

    View all citing articles on Scopus
    1

    Tel.: +82 2 3408 3980; fax: +82 2 3408 4310.

    View full text