Coping with systems risk: Security planning models for management decision making

MIS Quarterly: Management Information Systems

Volumn 22, Issue 4, 1998, Pages 441-464

  Straub, Detmar W ^a,b   Welke, Richard J ^a  

^a GEORGIA STATE UNIVERSITY   (United States)

^b GEORGIA STATE UNIVERSITY   (United States)

Author keywords

Action research; Information security planning; Security awareness training; Systems security risk

Indexed keywords

DECISION MAKING; ENGINEERING RESEARCH; FEEDBACK; PERSONNEL TRAINING; RISK ASSESSMENT; STRATEGIC PLANNING; SYSTEMS ANALYSIS;

ACTION RESEARCH; INFORMATION SECURITY PLANNING; SECURITY AWARENESS TRAINING; SYSTEMS SECURITY RISK;

SECURITY SYSTEMS;

EID: 0001133137     PISSN: 02767783     EISSN: None     Source Type: Journal    
DOI: 10.2307/249551     Document Type: Article

References (19)

1. Schein, E. H. The Clinical Perspective in Fieldwork, Sage Publications, Newbury Park, CA, 1987.
2. Schwartz, M. "Computer Security: Planning to Protect Corporate Assets," Journal of Business Strategy (11:1), January-February 1990, pp. 38-41.
3. Senge, P. The Fifth Discipline, Doubleday, New York, 1990.
4. Simon, H. The New Science of Management Decision, Harper and Brothers, New York, 1960.
5. Smith, S. "LAVA's Dynamic Tree Analysis," Proceedings of the Twelfth National Computer Security Conference, Baltimore, MD, 1989.
6. Steiner, G. A. Strategic Planning: What Every Manager Must Know, Free Press, New York, 1979.
7. Stone, E. Research Methods in Organizational Behavior, Goodyear Publishing Company, Inc., Santa Monica, CA, 1978.
8. Straub, D. W. "Computer Abuse and Computer Security: Update on an Empirical Study," Security, Audit, and Control Review (4:2), Spring 1986a, pp. 21-31.
9. Straub, D. W. Deterring Computer Abuse: the Effectiveness of Deterrent Counter-measures in the Computer Security Environment, unpublished doctoral dissertation, Indiana University Graduate School of Business, 1986b.
10. Straub, D. W. "Effective IS Security: An Empirical Study," Information Systems Research (1:3), 1990, pp. 255-276.
11. Straub, D. W., and Nance, W. D. "Discovering and Disciplining Computer Abuse in Organizations: A Field Study," MIS Quarterly (14:1), March 1990, pp. 45-62.
12. Straub, D. W., and Widom, C. S. "Deviancy by Bits and Bytes: Computer Abusers and Control Measures," in Computer Security: A Global Challenge, J. H. Finch and E. G. Dougall (eds.), Elsevier Science Publishers B.V. (North Holland), Amsterdam, 1984, pp. 431-442.
13. Straub, D. W., Carlson, P. J., and Jones, E. H. "Deterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security," in IT Security: The Need for International Cooperation, G. G. Gable and W. J. Caelli (eds.), North-Holland, Amsterdam, 1992, pp. 309-324.
14. Straub, D. W., Carlson, P. J., and Jones, E. H. "Deterring Cheating by Student Programmers: A Field Experiment in Computer Security," Journal of Management Systems (5:1), 1993, pp. 33-48.
15. Venkatraman, N. "Research on MIS Planning: Some Guidelines from Strategic Planning Research," Journal of Management Information Systems (2:3), Winter 1985-86, pp. 65-77.
16. von Solms, R., van de Haar, H., von Solms, S. H., and Caelli, W. J. "A Framework for Information Security Evaluation," Information & Management (26:3), March 1994, pp. 143-153.
17. Weiss, J. "A System Security Engineering Process," Proceedings of the Fourteenth National Computer Security Conference, Washington, D.C., 1991.
18. Wood, C. C. "A Context for Information Systems Security Planning," Computers & Security (7:5), October 1988, pp. 455-465.
19. Yin, R. K. Case Study Research: Design and Methods, Sage Publications, Thousand Oaks, CA, 1994.