The so-called endogenous risk prevention system of e-commerce enterprises refers to the integration of risk prevention institutions, mechanisms, countermeasures, methods and measures established within e-commerce enterprises.
Raise awareness of risk prevention
Conduct systematic and comprehensive e-commerce operation and safety management education for IT employees, cultivate their awareness of risk prevention, give more training and qualification certification, and make them have a comprehensive and objective understanding of the application of e-commerce in enterprises.
Strengthen the internal management mechanism
The concept of "three-point technology and seven-point management" can not only stay in the theoretical stage, but more importantly, enterprises should turn it into concrete operations. The basic principle of internal management mechanism design is that all behaviors in the system should be defined and meet the requirements of program control, and all behaviors should have audit records. The effectiveness of management can solve many risk problems that cannot be solved at the technical level.
Implement risk prevention level management
This can learn from the "information security level protection policy" implemented in China. For enterprises, risks can be divided into important risks and general risks. Enterprises should adhere to the principle of balancing safety costs and risks, grasp the key points according to the actual needs of enterprises, and strive to be specific, clear, in place and pay attention to actual results.
Establish an active security infrastructure
Vince Steckler, Vice President of Symantec Asia Pacific, delivered a speech on "Building Active Security Infrastructure in Enterprises" at the Asia Pacific Security Forum on March 5, 2004. The main purpose is to provide enterprises with various forward-looking measures, effectively identify and manage vulnerabilities by implementing sound security measures within enterprises, and combine security strategies with business strategies to build an important line of defense against escalating risk threats.
Exogenous risk prevention system refers to the sum of relevant laws and regulations, credit, logistics, electronic payment and other social systems to prevent the risks of e-commerce enterprises.
Legal system construction of e-commerce security
On the premise of referring to the international Model Law on Electronic Commerce, according to China's national conditions, we will formulate a law or regulation to regulate electronic commerce activities and solve the legal and regulatory problems faced by the development of electronic commerce. The scope of application of China's e-commerce legislation should include the validity of electronic contracts, electronic payment and financial management, taxation and insurance, network management and information security protection, legal identification of electronic evidence and electronic signatures, compulsory measures and review mechanism of the government, market access rules, intellectual property protection, protection of consumers' legitimate rights and interests, international jurisdiction and international judicial assistance, and so on.
Establishing the credit system environment of e-commerce
E-commerce transactions involve the credit problems of manufacturers, merchants, websites, banks, consumers and other stakeholders, and it is difficult to solve them in isolation. It is necessary to establish a social credit system environment. The whole society should first establish the mentality of keeping promises by itself, by everyone and by others. Secondly, it is necessary to improve the credit system, set up a reasonable operating mechanism and operating standards, and ensure that all parties to the transaction pay for goods and deliver goods on time, with good quality and quantity.
Accelerate the construction of logistics distribution system
First, gradually open the market and welcome domestic and foreign logistics companies to participate in the competition. Through competition, China's logistics distribution system will be improved day by day. Second, we should attach importance to the cultivation of logistics talents. In addition to the training of talents in schools, we should also speed up the pace of professional qualification certification of logistics engineers. Third, strengthen the innovation of logistics management in technicalization, informationization, flexibility and integration.
Perfecting the payment means of e-commerce
E-commerce transactions need information flow, logistics and capital flow to be unblocked at the same time. Therefore, it is necessary to improve the electronic payment system, improve the electronic payment level of banks, establish a safe, rigorous and reliable social electronic money payment system, set up an e-commerce certification body, set up a unified online settlement center as soon as possible, and gradually develop online settlement business with foreign customers.
Internal and external collaborative prevention system of e-commerce enterprise
The cooperative prevention system of e-commerce enterprises refers to the sum of technical research, personnel training, coordination mechanism construction and alliance establishment that e-commerce enterprises and external parties need to complete.
Strengthen the research of e-commerce security technology
Relevant departments (which can be the joint efforts of the government, scientific research institutions, universities and enterprises) should organize a capable security technology research team and concentrate on solving the security technology problems of e-commerce as soon as possible, including encryption technology, firewall technology, digital signature technology, message digest technology, authentication technology, leaving traces technology and so on. And with the development of computer and e-commerce technology, we can constantly improve these technologies. We should establish an e-commerce security system and an authoritative and fair CA certification body. In addition, a corresponding national security control center system should be established, which should include international entry and exit (information customs) monitoring, electronic transaction certificate authorization, key management, security product evaluation and certification, virus detection and prevention, system attack and counter-attack.
Vigorously cultivate e-commerce talents and popularize e-commerce knowledge.
We must strengthen the cultivation of e-commerce talents, vigorously publicize and popularize the knowledge about e-commerce, on the one hand, further strengthen the construction of e-commerce specialty in colleges and universities, on the other hand, further promote the professional qualification certification training of e-commerce teachers and implement the system of holding certificates.
Establish a coordination mechanism
This requires enterprises to cooperate closely with information security centers at all levels and information security industry associations to exchange risk early warning information and maintain the security of e-commerce transactions. At the same time, it is necessary to strengthen the coordination between the theoretical research of risk management in scientific research units and colleges and the practical application of safety enterprises, so as to truly integrate theory with practice and realize the real combination of theory and practice.