THE IMPORTANCE OF INFORMATION SECURITY IN DIGITAL COMMERCE: CYBER RISKS AND SUPPLY CHAIN GOVERNANCE IN THE DROPSHIPPING MODEL
DOI:
https://doi.org/10.56238/rcsv16n1-009Keywords:
Information Security, Dropshipping, Digital Supply Chain, Risk Management, Information GovernanceAbstract
The growth of electronic commerce has fostered business models strongly based on digital platforms and the intensive outsourcing of processes, among which dropshipping stands out. Although this model reduces operational costs, it intensifies the fragmentation of the digital supply chain and increases exposure to cyber risks. Considering this context, this article aims to analyze, from an Information Security perspective, the risks associated with the dropshipping model, emphasizing the responsibility of data controllers and the need for structured security governance. To this end, a qualitative, exploratory, and descriptive study was conducted, based on a single case study of the Pawzzi online store, using documentary analysis, data flow mapping, theoretical threat modeling, and comparative analysis with consolidated normative references such as the NIST Cybersecurity Framework, the NIST Cybersecurity Supply Chain Risk Management (C-SCRM), ISO/IEC 27001:2022, and Brazil’s General Data Protection Law (LGPD). The findings indicate that dropshipping significantly expands the attack surface by dispersing sensitive data across multiple operators, exposing controllers to systemic risks, particularly supply chain attacks, integration failures, and human-related vulnerabilities. This study concludes that the sustainability of dropshipping depends on the adoption of information security governance grounded in continuous risk management and distributed controls throughout the digital supply chain.
Downloads
References
ALLEN, J. Tudo sobre Dropshipping: Como fazer dropshipping na prática no Brasil, começar a importar e como funciona o processo para te dar liberdade financeira. Ebook Kindle, 2021.
BOENTE, J. G. P.; BIANCHI, J. M. B.; BOENTE, A. M. P.; BOENTE, R. M. P. Empreendedorismo Digital: Uma estratégia de marketing digital com e-commerce e dropshipping. ERR01, [S. l.], v. 10, n. 5, p. e9365 , 2025. DOI: 10.56238/ERR01v10n5-047. Disponível em: https://periodicos.newsciencepubl.com/err01/article/view/9365. Acesso em: 12 dez. 2025.
BOENTE , J. G. P.; BIANCHI , J. M. B.; BOENTE , A. N. P.; BOENTE , R. M. P.; SANTOS , R. M. dos; FERREIRA , V. M. da S. Comércio Eletrônico e Dropshipping: Um estudo de caso em Marketing Digital. Revista de Gestão e Secretariado, [S. l.], v. 16, n. 11, p. e5400, 2025. DOI: 10.7769/gesec.v16i11.5400. Disponível em: https://ojs.revistagesec.org.br/secretariado/article/view/5400. Acesso em: 12 dez. 2025.
BOYSON, S. Cyber supply chain risk management: revolutionizing the strategic control of critical IT systems. Technovation, Amsterdam, v. 34, n. 7, p. 342–353, 2014.
BRASIL. Lei nº 13.709, de 14 de agosto de 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). Diário Oficial da União, Brasília, DF, 2018.
CHOPRA, S.; SODHI, M. S. Managing risk to avoid supply-chain breakdown. MIT Sloan Management Review, v. 46, n. 1, p. 53–61, 2014.
DONEDA, Danilo et al. Lei Geral de Proteção de Dados Pessoais: Comentários à Lei nº 13.709/2018. São Paulo: Revista dos Tribunais, 2019.
ENISA. Threat Landscape Report. European Union Agency for Cybersecurity, edições recentes, 2025.
ISACA. COBIT 2019 Framework: Governance and Management Objectives. Rolling Meadows, IL, 2019.
ISO/IEC. ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection – Information security management systems – Requirements. Geneva, 2022.
KUROSE, J. F.; ROSS, K. W. Redes de computadores e a Internet: uma abordagem top-down. 8. ed. São Paulo: Pearson, 2021.
LAUDON, K. C.; LAUDON, J. P. Sistemas de informação gerenciais. 16. ed. São Paulo: Pearson, 2021.
LOPES, S. A Web Mobile: Design responsivo e além para uma web adaptada ao mundo mobile. São Paulo: Editora Casa do Código, 2014.
NIST. Framework for improving critical infrastructure cybersecurity. Version 1.1. Gaithersburg, 2018.
NIST. Cybersecurity supply chain risk management practices for systems and organizations. NIST SP 800-161 Rev. 1. Gaithersburg, 2022.
OECD. Digital Security Risk Management for Economic and Social Prosperity. Paris, 2015.
OWASP. OWASP Top 10: The Ten Most Critical Web Application Security Risks. 2023.
PAWZZI. E-Commerce da Loja Pawzzi. Disponível em: https://www.pawzzi.com.br. Acesso em: 08/01/2026.
STALLINGS, W. Criptografia e segurança de redes: princípios e práticas. 7. ed. São Paulo: Pearson, 2020.
VERIZON. Data Breach Investigations Report (DBIR). Edições recentes, 2025.
VON SOLMS, R.; VAN NIEKERK, J. From information security to cyber security. Computers & Security, Oxford, v. 38, p. 97–102, 2013.
WHITMAN, M. E.; MATTORD, H. J. Principles of information security. 6. ed. Boston: Cengage Learning, 2018.
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
