Conceptual foundation for organizational information security awareness

Information Management and Computer Security

Volumn 8, Issue 1, 2000, Pages 31-41

  Siponen, Mikko T ^a  

^a UNIVERSITY OF OULU   (Finland)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION DISSEMINATION; INFORMATION RETRIEVAL SYSTEMS;

INFORMATION SECURITY AWARENESS;

SECURITY OF DATA;

EID: 0033683516     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220010371394     Document Type: Article

References (57)

1. Adams , D.A., Nelson, R.R. and Todd, P.A. (1992), "Perceived usefulness, easy of use, and usage of information technology: a replication", MIS Quarterly, Vol. 16 No. 2, pp. 227-47.
2. Ajzen, I. (1991), "The theory of planned behavior", Organizational Behavior and Human Decision Processes, Vol. 50, pp. 179-211.
3. Bartol, K.M. and Martin, D.C. (1994), Management, Second international edition, McGraw-Hill, New York, NY.
4. Baskerville, R. (1989), "Logical controls specification: an approach to information system security", in Klein, H. and Kumar, K. (Eds), Systems Development for Human Progress, North-Holland, Amsterdam.
5. Carrol , A.B. (1987), "In search of the moral manager", Business Horizons, March-April, p. 8.
6. Ceraolo, J.P. (1996), "Penetration testing through social engineering", Information Systems Security, Vol. 4 No. 4, Winter.
7. Chalmers, A.F. (1982), What Is the Thing Called Science? Second edition, Open University Press, Milton Keynes.
8. Chau, P (1996), "An empirical assessment of a modified technology acceptance model", Journal of Management Information Systems, Vol. 13 No. 2, pp. 185-205.
9. Conner, D.L. and Patterson, R.W. (1982), "Building commitment to organizational change", Training and Development Journal, April, pp. 18-30.
10. Dancy, J. (1994), "Why there is really no such things as the theory of motivation", Proceedings of the Aristotelian Society.
11. Davis , F. (1989), "Perceived usefulness, perceived ease of use, and user acceptance of information technology", MIS Quarterly, Vol. 13 No. 3, September, pp. 319-40.
12. Deci, E.L. (1975), Intrinsic Motivation, Plenum Press. New York, NY.
13. Deci, E.L. and Ryan, R.M. (1985), Intrinsic Motivation and Self-determination in Human Behaviour, Plenum Press, New York, NY.
14. Fishbein, M. and Ajzen, I. (1975), Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research, Addison-Wesley, Reading, MA.
15. Goleman, D. (1995), Emotional Intelligence, Bantam Books, New York, NY.
16. Goodhue, D.L. and Straub, D.W. (1989), "Security concerns of system users: a proposed study of user perceptions of the adequacy of security measures", Proceedings of the 21st Hawaii International Conference on System Science (HICSS), Kona, HA, January.
17. Hare, R.M. (1952), The Language of Morals, Clarendon Press, Oxford.
18. Hare, R.M. (1963), Freedom and Reason, Oxford University Press, Reprinted in 20th century Ethical theory, in Cahn, S.M. and Haber, J.G. (Eds), R.M Hare: A Moral Argument, 1995, Prentice-Hall, Englewood Cliffs, NJ.
19. Hare, R.M. (1997), Sorting Out Ethics, Oxford University Press, Oxford.
20. Hart, H.L.A. (1968), Responsibility and Retribution, Oxford University Press, Oxford.
21. Hoffer, J.A. and Straub, D.W. (1989), "The 9 to 5 underground: are you policing computer crimes?", Sloan Management Review, Vol. 30 No. 4, Summer.
22. Igbaria, M. and Zinatelli, N. (1997), "Personal computing acceptance factors in small firms: a structural equation model", MIS Quarterly, Vol. 21 No. 3.
23. Järvinen, P. (1997), "The new classification of research approaches", The IFIP Pink Summary - 35 Years of IFIP, Edited by Zemanek, H., IFIP, Laxenburg.
24. Kesar, S. and Rogerson, S. (1997), "Developing ethical practices to minimise computer misuse", Proceedings of International IEEE Symposium on Technology and Society: "Technology and Society at a Time of Sweeping Change", IEEE Computer Society Press, Piscataway, NJ.
25. Kohlberg, L. (1981), The Philosophy of Moral Development, San Francisco. CA.
26. Koski, L. (1996), "The truth, the quality, and the interpretation", in Julkunen, K. (Ed.), Qualitative Methodology in Educational Research, University of Joensuu, Bulletins of the Faculty of Education, No. 60, Joensuu, Finland.
27. Ladd, J. (1982), "Collective and individual moral responsibility in engineering: some questions", IEEE Technology and Society, Vol. 1 No. 2, pp. 3-10.
28. Locke, E.A. (1991), "The motivation sequence, the motivation hub, and the motivation core", Organizational Behavior and Human Decision Processes, Vol. 50, pp. 288-99.
29. Maslow, A.H. (1954), Motivation and Personality, Harper & Row, New York, NY.
30. Mathieson, K. (1991), "Predicting user intentions: comparing the technology acceptance model with the theory of planned behaviour", Information System Research, Vol. 3 No. 2, pp. 173-91.
31. McLean, K. (1992), "Information security awareness - selling the cause", Proceedings of the IFIP TC11/Sec'92, 27-29 May, Singapore.
32. Morwood, G. (1998), "Business continuity: awareness and training programmes", Information Management & Computer Security, Vol. 6 No. 1, pp. 28-32.
33. (The) NIST Handbook (1995), An Introduction to Computer Security, NIST special publications in October.
34. NIST (1998), Information Technology Security Training Requirements: A Role-and Performance-Based Model (supersedes NIST Spec. Pub.500-172), SP 800-16, March.
35. Parker, D.B. (1998), Fighting Computer Crime - A New Framework for Protecting Information, Wiley Computer Publishing, New York, NY.
36. Peltonen, M. (1989), Management in the 1990s, Aavaranta Serie. No. 14, (in Finnish) Otava, Keuruu, Finland.
37. Perry, W.E. (1985), Management Strategies for Computer Security, Butterworth Publisher, Boston, MA.
38. Polanyi, M. (1966), The Tacit Dimension, Routledge & Kegan Paul, London.
39. Rawls, J. A. (1972), A Theory of Justice, Oxford University Press, Oxford.
40. Senge, P.M. (1990), The Fifth Discipline: The Art and Practice of the Learning Organization, Doubleday Currency, New York, NY.
41. Siponen, M.T. and Kajava, J. (1998), "Ontology of organizational IT security awareness From theoretical foundations to practical framework", Third International Workshop on Enterprise Security, IEEE 7th International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WET ICE '98), IEEE Computer Society Press, Los Alamitos, CA.
42. Smith, M. (1984), The Moral Problem, Blackwell, Oxford.
43. Spruit, M.E.M. (1998), "Competing against human failing. 15th IFIP World Computer Congress, 'The Global Information Society on the way to the next millennium"', Proceedings of the SEC'98, TC11, Vienna.
44. Spurling, P. (1995), "Promoting security awareness and commitment", Information Management and Computer Security, Vol. 3 No. 2, pp. 20-6.
45. SSE-CMM (1998a), The Model, v2.0, http:// www.sse-cmm.org.
46. SSE-CMM (1998b), The Appraisal Method, v2.0. http://www.sse-cmm.org.
47. Stevenson, C.L. (1944), Ethics and Language, New Haven, CT.
48. Straub, D.W. (1990), "Effective IS security; an empirical study", Information System Research, Vol. 1 No. 2, June, pp. 255-77.
49. Straub, D., Carson, P. and Jones, E. (1992), "Deterring highly motivated computer abuses: a field experiment in computer security", Proceedings of the IFIP TC11/ Sec'92, Security and Control: From Small Systems to Large, Singapore, 27-29 May.
50. Straub, D.W., Keil, M. and Brenner, W. (1997), "Testing the technology acceptance model across cultures: a three country study", Information & Management, Vol. 31 No. 1, November, pp. 1-11.
51. Straub, D.W. and Welke, R.J. (1998), "Coping with systems risk: security planning models for management decision making", MIS Quarterly, Vol. 22 No. 4, p. 441-64.
52. Swain, A. and Guttman, H. (1983), Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications, Nuclear Regulatory Commission, Washington, DC.
53. Taylor, W.A. (1995), "Senior executives and ISO 9000: attitudes, behaviours and commitment", International Journal of Quality & Reliability Management, Vol. 22 No. 4, pp 40-57.
54. Telanne, M. (1997), Intrinsic Motivation - Some Theoretical and Empirical Observations, Research of Management (Hallinnon tutkimus), No. 3:237-245, in Finnish.
55. Thomson, M.E. and von Solms, R. (1997), "An effective information security awareness program for industry", Proceedings of the WG 11.2 and WG 11.1 of the TC11 IFIP.
56. Thomson, M.E. and von Solms, R. (1998), "Information security awareness: educating our users effectively", Information Management & Computer Security, Vol. 6 No. 4, pp. 167-73.
57. Warman, A.R. (1992), "Organizational computer security policy: the reality", European Journal of Information Systems, Vol. 1 No. 5, pp. 305-10.