An integrative study of information systems security effectiveness

International Journal of Information Management

Volumn 23, Issue 2, 2003, Pages 139-154

  Kankanhalli, Atreyi ^a   Teo, Hock Hai ^a   Tan, Bernard C Y ^a   Wei, Kwok Kee ^a  

^a NATIONAL UNIVERSITY OF SINGAPORE   (Singapore)

Author keywords

Information systems; Organizations; Security; Strategic advantage

Indexed keywords

FINANCE; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS; STRATEGIC PLANNING;

FINANCIAL ORGANIZATIONS;

MANAGEMENT INFORMATION SYSTEMS;

EID: 0037400028     PISSN: 02684012     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0268-4012(02)00105-6     Document Type: Article

References (55)

1. Anthes G.H. Lotsa talk, little walk. Computerworld. 32(38):1998;70-71.
2. Backhouse J., Dhillon G. Structures of responsibility and security of information systems. European Journal of Information Systems. 5(1):1996;2-9.
3. Bagozzi R.P. Advanced methods of marketing research. 1994;Blackwell, Cambridge, MA.
4. Barsanti C. Modern network complexity needs comprehensive security. Security. 36(7):1999;65-68.
5. Baskerville R. Risk analysis. An interpretive feasibility tool in justifying information systems security European Journal of Information Systems. 1:1991;121-130.
6. Blumstein A. Introduction. Blumstein A., Cohen J., Nagin D. Deterrence and incapacitation: Estimating the effects of criminal sanctions on crime rates. 1978;National Academy of Sciences, Washington, DC.
7. Brancheau J.C., Janz B.D., Wetherbe J.C. Key issues in information systems management. 1994-95 SIM Delphi results MIS Quarterly. 20(2):1996;225-242.
8. Burger K. The new age of anxiety. Insurance and Technology. 18(10):1993;48-54.
9. Champlain J.J. Auditing information systems: A comprehensive reference guide. 1998;Wiley, New York.
10. Chin W. PLS-Graph: Version 2.7. 1994;University of Calgary, Calgary, AB.
11. Comrey A.L. A first course in factor analysis. 1973;Academic Press, New York, NY.
12. Computer Security Institute, (2002). CSI/FBI computer crime and security survey, http://www.gocsi.com/press/20020407.html.
13. Cook, P. J. (1982). Research in criminal deterrence: Laying the groundwork for the second decade. In N. Morris & M. Tonry (Eds.), Crime and justice: An annual review of research (pp. 211-268). Chicago, IL: University of Chicago Press.
14. Cook T.D., Campbell D.T. Quasi-experimentation: Design and analysis issues for field setting. 1979;Houghton Mifflin, Boston, MA.
15. Damanpour F. Organizational innovation. A meta-analysis of effects of determinants and moderators Academy of Management Journal. 34(3):1991;555-590.
16. Delone W.H. Determinants of success for computer usage in small business. MIS Quarterly. 12(1):1988;51-61.
17. Dhillon G., Backhouse J. Information system security management in the new millennium. Communications of the ACM. 43(7):2000;125-128.
18. Ein-Dor P., Segev E. Organizational context and the success of management information systems. Management Science. 24(10):1978;1064-1077.
19. Eloff J.H.P. Computer security policy. Important issues Computers and Security. 7(6):1988;559-562.
20. Falk R.F., Miller N.B. A primer for soft modeling. 1992;University of Akron Press, Akron, OH.
21. Forcht K.A. Computer security management. 1994;Boyd and Fraser, Danvers, MA.
22. Fornell, C. (1982). A second generation of multivariate analysis: Methods, Vol. 1. New York, NY: Praeger.
23. Goodhue D.L., Straub D.W. Security concerns of system users. A study of perceptions of the adequacy of security Information and Management. 20(1):1991;13-27.
24. Gopal R.D., Sanders G.L. Preventive and deterrent controls for software piracy. Journal of Management Information Systems. 13(4):1997;29-47.
25. Hair J.F., Anderson R.E., Tatham R.L., Black W.C. Multivariate data analysis with readings. 1998;Prentice-Hall, Englewood Cliffs, NJ.
26. Hoffer, J. A., & Straub, D. W. (1994). The 9 to 5 underground: Are you policing computer crimes? In P. Gray, W. R. King, E. R. Mclean, & H. Watson (Eds.), Management of information systems (pp. 388-401). Fort Worth, TX: Harcourt Brace.
27. Jarvenpaa S.L., Ives B. Information technology and corporate strategy. A view from the top Information Systems Research. 1(4):1990;351-375.
28. King W.R. Organizational characteristics and information systems planning. An empirical study Information Systems Research. 5(2):1994;75-109.
29. Klete H. Some minimum requirements for legal sanctioning systems special emphasis on detection. Blumstein A., Cohen J., Nagin D. Deterrence and incapacitation: Estimating the effects of criminal sanctions on crime rates. 1978;National Academy of Sciences, Washington, DC.
30. Loch K.D., Carr H.H., Warkentin M.E. Threats to information systems. Today's reality, yesterday's understanding MIS Quarterly. 17(2):1992;173-186.
31. Madnick S. Management policies and procedures needed for effective computer security. Sloan Management Review. 20(1):1978;61-74.
32. Nance, W. D., & Straub, D. W. (1988). An investigation into the use and usefulness of security software in detecting computer abuse. Proceedings of the ninth annual international conference on information systems (pp. 283-294). Minneapolis, MN.
33. Nunnally J.C. Psychometric theory. 1978;McGraw-Hill, New York, NY.
34. Olnes J. Development of security policies. Computers and Security. 13(8):1994;628-636.
35. Panettieri J.C. Informationweek/Ernst and Young security survey. Informationweek. 555:1995;32-37.
36. Parker D.B. Computer security management. 1981;Reston Publishing, Reston, VA.
37. Parker D.B. Fighting computer crime. 1983;Scribner, New York, NY.
38. Pearson F.S., Weiner N.A. Toward an integration of criminological theories. Journal of Crime and Criminology. 76(1):1985;116-150.
39. Raymond L. Organizational context and information systems success. A contingency approach Journal of Management Information Systems. 6(4):1990;5-20.
40. Reich B.H., Benbasat I. An empirical investigation of factors influencing the success of customer oriented strategic systems. Information Systems Research. 1(3):1990;325-347.
41. Silberman M. Toward a theory of criminal deterrence. American Sociological Review. 41:1976;442-461.
42. Stone E. Research methods in organizational behavior. 1978;Goodyear, Santa Monica, CA.
43. Straub D.W. Computer abuse and computer security. Update on an empirical study Security, Audit, and Control Review. 4(2):1986;21-31.
44. Straub D.W. Effective IS security. An empirical study Information Systems Research. 1(3):1990;255-276.
45. Straub D.W., Nance W.D. Discovering and disciplining computer abuse in organizations. A field study MIS Quarterly. 14(1):1990;45-60.
46. Straub D.W., Welke R.J. Coping with systems risk. Security planning models for management decision making MIS Quarterly. 22(4):1998;441-469.
47. Thong J.Y.L., Yap C.S., Raman K.S. Top management support, external expertise and information systems implementation in small businesses. Information Systems Research. 7(2):1996;248-267.
48. Verton D. Disaster recovery planning still lags. Computerworld. 36(14):2002;10.
49. Ward J., Griffiths P. Strategic planning for information systems. 1996;Wiley, Chichester.
50. Weber R. EDP auditing. Conceptual foundations and practice:1988;McGraw-Hill, New York, NY.
51. White G.B., Fisch E.A., Pooch U.W. Computer system and network security. 1996;CRC Press, Boca Raton, FL.
52. Williams K.R., Hawkins R. Perceptual research on general deterrence. A critical review Law and Society. 20(4):1986;545-572.
53. Wood C.C. Information systems security. Management success factors Computers and Security. 4(6):1987;314-320.
54. Yap C.S., Soh C.P.P., Raman K.S. Information system success factors in small business. Omega. 20(5):1992;597-609.
55. Zviran M., Haga W. Password security. An empirical study Journal of Management Information Systems. 15(4):1999;161-185.