E-Commerce is the purchase and sale of goods, services and exchange of information based on communications networks and the Internet. Information, information systems, computers, computer networks, and other electronic means play an especially important role. These objects are valuable assets and targeted attacks by cybercriminals. E-commerce risk management is to protect the development of e-commerce. It includes setting information security objectives, assessing vulnerabilities, threats and attacks, and selecting countermeasures. The paper presents the theory of e-commerce risk management, analysing the Vietnam Airlines e-commerce risk management case, using the DREAD model. The paper provides the discussions and short recommendations to other enterprises in e-commerce risk management nowadays.

Alessandro Deidda (2009), A New Standard for Security Risk Management, ISO/IEC 27005:2008, Symantec

Anni Piiparinen (2016), China's Secret Weapon in the South China Sea: Cyber Attacks, http://thediplomat.com/2016/07/chinas-secret-weapon-in-the-south-china-sea-cyber-attacks/

Gary Stoneburner, Alice Goguen, and Alexis Feringa (2002), Risk Management Guide for Information Technology Systems, NIST, Special Publication 800-30

Hengzhe Li (2011), Threat Modeling, Microsoft Security Development Lifecycle (SDL)

Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. p. 46

ISO / IEC 27000: 2009, Information security management systems — Overview and vocabulary, https://www.iso.org/obp/ui/#iso:std:iso-iec:27000:ed-1:v1:en

ITU (2015), Global Cybersecurity Index & Cyberwellness Profiles

Martin Petty (2016), Hackers hit Vietnam airports with South China Sea messages, https://www.reuters.com/article/us-vietnam-hacking-idUSKCN1091YL

Pooja Kungwani (2014), Risk Management- An Analytical Study, Journal of Business and Management (IOSR-JBM) e-ISSN: 2278-487X, p-ISSN: 2319-7668. Volume 16, Issue 3. Ver. III (Feb. 2014), PP 83-89

Vietnam national assembly, Information Security Act 2015

William Stallings (2014), Cryptography and Network Security: Principles and Practice, Sixth Edition, Pearson

Wu Yanyan (2014), Research on e-commerce Security based on Risk Management Perspective, International Journal of Security and Its Applications Vol.8, No.3 (2014), pp. 153-162.

List of websites

Chinese hackers attack VN’s airports and Vietnam Airlines’ website

http://vietnamnews.vn/society/300416/chinese-hackers-attack-vns-airports-and-vietnam-airlines-website.html#ADrOeQGUzEm0qtDP.99

Vietnamese airports hackings,

https://en.wikipedia.org/wiki/Vietnamese_airports_hackings

Hackers target flight info screens at Vietnam's airports, http://www.dw.com/en/hackers-target-flight-info-screens-at-vietnams-airports/a-19437977

Cyber-terrorists attack flight info screens at Vietnam's 2 major airports

http://e.vnexpress.net/news/news/cyber-terrorists-attack-flight-info-screens-at-vietnam-s-2-major-airports-3444504.html

Hackers hit Vietnam airports with South China Sea messages

https://www.reuters.com/article/us-vietnam-hacking-idUSKCN1091YL

Malware attacking Vietnam Airlines appears in many other agencies,

http://security.bkav.com/home/-/blogs/malware-attacking-vietnam-airlines-appears-in-many-other-agenci-1/normal?p_p_auth=DHFn7deT

http://acriafrica.com/risks.htm African Cyber risk Institute

https://www.owasp.org/index.php/Threat_Risk_Modeling#DREAD

https://wiki.openstack.org/wiki/Security/OSSA-Metrics#DREAD