An integrated system theory of information security management

Information Management and Computer Security

Volumn 11, Issue 5, 2003, Pages 243-248

  Hong, Kwo Shing ^a   Chi, Yen Ping ^a   Chao, Louis R ^b   Tang, Jih Hsing ^c  

^a NATIONAL CHENGCHI UNIVERSITY   (Taiwan)

^b TAMKANG UNIVERSITY   (Taiwan)

^c TAKMING UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Taiwan)

Author keywords

Contingency planning; Control systems; Information systems; Risk management; Systems theory

Indexed keywords

CONTROL SYSTEMS; CONTROL THEORY; ELECTRONIC COMMERCE; INFORMATION MANAGEMENT; RISK MANAGEMENT; SYSTEM THEORY;

AUDITING THEORY; CONTINGENCY PLANNING; INFORMATION SECURITY MANAGEMENT; MANAGEMENT SYSTEM THEORY; SECURITY POLICY THEORY;

SECURITY OF DATA;

EID: 0345327795     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220310500153     Document Type: Article

References (22)

1. BS 7799-2 (1999), Information Security Management Part 2: Specification for Information Security Management Systems, British Standards Institute, London.
2. COBIT (1998), COBIT: Control Objectives, ISACA, Rolling Meadows, IL.
3. Drazin, R. and Van de Ven, A.H. (1985), "Alternative forms of fit in contingency theory", Administrative Science Quarterly, Vol. 30 No. 4, pp. 514-39.
4. Eloff, M.M. and Solms, S.H.V. (2000), "Information security management: an approach to combine process certification and product evaluation", Computers & Security, Vol. 19 No. 3, pp. 698-709.
5. Flynn, N.L. (2001), The Epolicy Handbook: Designing and Implementing Effective E-mail, Internet and Software Policies, American Management Association, New York, NY.
6. Gollmann, D. (1999), Computer Security, John Wiley & Sons, New York, NY.
7. Gupta, M., Charturvedi, A.R., Metha, S. and Valeri, L. (2001), "The experimental analysis of information security management issues for online financial services", ICIS 2000, pp. 667-75.
8. ISO/IEC 17799 (2000), Information Technology Code of Practice for Information Services, International Organization for Standardization, Geneva.
9. Kabay, M.E. (1996), The NCSA Guide to Enterprise Security, McGraw-Hill, New York, NY.
10. Kaplan, A. (1964), The Conduct of Inquiry, Chandler Co., New York, NY.
11. Lee, S.M., Luthans, F. and Olson, D.L. (1982), "A management science approach to contingency models of organizational structure", Academy of Management Journal, Vol. 25 No. 3, pp. 553-66.
12. Luthans, F. (1976), Introduction to Management: A Contingency Approach, McGraw-Hill, New York, NY.
13. Reid, R.C. and Floyd, S.A. (2001), "Extending the risk analysis model to include market insurance", Computers & Security, Vol. 20 No. 4, pp. 331-9.
14. Robbins, S.P. (1994), Management, 4th ed., Prentice-Hall, Upper Saddle River, NJ.
15. Schultz, E.E., Proctor, R.W. and Lien, M.C. (2001), "Usability and security: an appraisal of usability issues in information security methods", Computers & Security, Vol. 20 No. 18, pp. 620-34.
16. Sherwood, J. (1996), "SALSA: a method for developing the enterprise security architecture and strategy", Computers & Security, Vol. 2, pp. 8-17.
17. Simson, G. and Gene, S. (1991), Practical UNIX Security, O'Reilly & Associates, Sebastopol, CA.
18. Smith, M. (1989), "Computer security - threats, vulnerabilities and countermeasures", Information Age, Vol. 11 No. 4, pp. 205-10.
19. Tudor, J.K. (2001), Information Security Architecture, CRC Press, Boca Raton, FL.
20. Von Solms, R., Van Haar, H., Von Solms, S.H. and Caelli, W.J. (1994), "A framework for information security evaluation", Information & Management, Vol. 26, No. 3, pp. 143-53.
21. Weber, R. (1999), Information System Control and Audit, Prentice-Hall, Englewood Cliffs, NJ.
22. Wright, M. (1999), "Third generation risk management practices", Computers & Security, Vol. 1999 No. 2, pp. 9-12.