In defense of the realm: Understanding the threats to information security

International Journal of Information Management

Volumn 24, Issue 1, 2004, Pages 43-57

  Whitman, Michael E ^a  

^a KENNESAW STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (STANDARDS); COMPUTER VIRUSES; COMPUTER WORMS; INTERNET; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS;

INFORMATION SYSTEM;

INFORMATION MANAGEMENT;

EID: 1242265154     PISSN: 02684012     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijinfomgt.2003.12.003     Document Type: Article

References (66)

1. Anonymous (2001). Chinese hackers call truce in China-US Cyberwar. USAToday. WWW Document, accessed 1/10/2004, http://www.usatoday.com/tech/news/2001-05-09-chinese-hackers-truce.htm .
2. ASIS, (2001). Professional Development. American Society for Industrial Security, WWW Document, accessed 09/12/2001, http://www.asisonline.org/education/index/xml .
3. August, R. S. (1983). Turning the computer into a criminal. Barrister, 13.
4. Baskerville R. Information systems security design methods. Implications for information systems development ACM Computing Surveys. 25(4):1993;375-414.
5. Bergeron F., Berube C. End users talk computer policy. Journal of Systems Management. 41(12):1990;14-32.
6. Bloombecker B. Spectacular computer crimes. What they area and how they cost american business half a billion dollars a year:1990;Dow Jones-Irwin, Homewood, IL.
7. Blumstein, A. (1978). Introduction. In Blumstein, A. C., & D. Nagin (Eds.), Deterrence and Incapacitation: Estimating the Effects of Crime Sanctions on Criminal Rates. Report of the Panel of Deterrence and Incapacitation, National Academy of Sciences, Washington, DC2.
8. Boulanger A. Catapults and grappling hooks. The tools and techniques on information warfare IBM Systems Journal. 37(1):1998;106-114.
9. Brancheau J., Wetherbe J.C. Key issues in information systems. 1986 MIS Quarterly. 11(1):1987;23-45.
10. Cheng H.K., Sims R., Teegen H. To purchase or to pirate software. An empirical study Journal of Management Information Systems. 13(4):1997;49-60.
11. Chin, S. -K., Irvine, C., & Frinke, D. (1997). An information security education initiative for engineering and computer science. In Naval postgraduate school technical report npscs-97-003. Monterey, CA: Naval Postgraduate School.
12. Clyde, R. A. (1999). Enterprise security - built on sound policies. Enterprise Systems Journal, December, 69-72.
13. Colton K.W., Tien J.M., Tvedt S., Dunn B., Barnett A.R. Electronic fund transfer systems and crime. 1982;US Department of Justice, Bureau of Justice Statistics, Washington, DC.
14. Cote J., Buckley M.R. Estimating trait, method, and error variance. Generalizing across 70 construct validation studies Journal of Marketing Research. 24:1987;315-318.
15. Cryton S.H., Tie R. A CPA's guide to the top issues in technology. Journal of Accountancy. 191(5):2001;71-77.
16. Cutter Consortium (1999). Nearly 20% of companies have no formal IT security policy or standard. Cutter Consortium, WWW Document, accessed 06/12/2003, http://www.cutter.com/press/990907.html .
17. Davis, B. (1997). Security survey: Is it safe?, Information Week.
18. Ernst, & Whinney (1990). Ernst & Whinney 1989 computer security survey report. Pamphlet. Ernst & Young, 1400 Pillsbury Center, Minneapolis, MS 55402.
19. Fites P., Johnston P., Kartz M. The computer virus crisis. 1989;Van Nostrand Reinhold, New York, NY.
20. Gopal R.D., Sanders G.L. Preventive and deterrent controls for software piracy. Journal of Management Information Systems. 13(4):1997;29-47.
21. Hafner K., Markoff J. Cyberpunk. Outlaws and hackers on the computer frontier:1991;Simon and Schuster, New York, NY.
22. Harrington S.J. Computer crime and abuse by is employees. Something to worry about? Journal of Systems Management. 46(2):1995;6-11.
23. Harrington S.J. The effects of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Quarterly. 20(3):1996;257-278.
24. Hayam A., Oz E. Integrating data security into the systems development life cycle. Journal of Systems Management. 44(8):1993;16-20.
25. Hoffer J.A., Straub D.W. Jr. The 9 to 5 underground. Are you policing computer crimes? Sloan Management Review. 30(4):1989;35-42.
26. Hruska J. Computer viruses and anti-virus warfare. 1990;Ellis Horwood, New York, NY.
27. Hulme, G. V. (2001). Security policies: How much is enough? Information Week.
28. Igbaria M., Zinatelli N., Cragg P., Cavaye A. Personal computing acceptance factors in small firms. A structural equation model MIS Quarterly. 21(2):1997;279-305.
29. Irvine, C. E. (1996). Goals for Computer Security Education. Proceedings of the IEEE Symposium on Security and Privacy, May, 24-25.
30. Irvine, C. E., Chin, S. -K., & Frincke, D. (1998). Integrating Security into the Curriculum. IEEE Computer, December, 25-30.
31. Kusserow R.P. Computer-related fraud and abuse in government agencies. 1983;US Department of Health and Human Services, Washington, DC.
32. Landreth B. Out of the inner circle. The true story of a computer intruder capable of cracking the nation's most secure computer systems:1989;Tempus, Redmond, WA.
33. Leinfuss, E. (1986). Computer crime: How deep does it go. MIS Week, 41(7).
34. Leming J.S. Cheating behavior, situational influence, and moral development. Journal of Educational Research. 71:1978;214-217.
35. Loch K.D., Carr H.H., Warkentin M.E. Threats to information systems. Today's reality, yesterday's understanding MIS Quarterly. 16(2):1992;173-186.
36. Madnick, S. (1978). Management policies and procedures needed for effective computer security. Sloan Management Review, Fall, 61-74.
37. Martin J. Security accuracy and privacy in computer systems. 1973;Prentice Hall, Englewood Cliffs, NJ.
38. McFadden P.J. Guarding computer data. Journal of Accountancy. 184(1):1997;77-79.
39. Niederman F., Brancheau J.C., Wetherbe J.C. Information systems management issues for the 1990s. MIS Quarterly. 15(4):1991;475-495.
40. NIST, (1989). Computer security trainings guidelines (special publication 500-172). National Institute of Standards and Technology Computer Security Resource Center.
41. NIST, (1998). Information technology security training requirements: A role- and performance-based model (special publication 800-16). National Institute of Standards and Technology Computer Security Resource Center.
42. NSA (2003). Centers of Academic Excellence in Information Assurance Education. WWW Document, accessed 04/10/2003, http://www.nsa.gov/isso/programs/coeiae/index.htm .
43. Paradice D.B., Dejoie R.M. The ethical decision-making processes of information systems workers. Journal of Business Ethics. 10(1):1991;1-22.
44. Parker D.B. Fighting computer crime. 1998;Wiley, New York, NY.
45. Podsakoff P.M., Organ D.W. Self-reports in organizational research. Problems and prospects Journal of Management. 12(4):1986;531-544.
46. Richardson, R. (2003). 2003 CSI/FBI Computer Crime and Security Survey. WWW Document, accessed 10/15/2003, http://www.gocsi.com .
47. Rubin, A. (2001). List of crypto and security courses by state. Avi Rubin. WWW Document, viewed 2/2/2002. http://avirubin.com/courses.html .
48. Segars A.H., Grover V. Profiles of strategic information systems planning. Information Systems Research. 10(3):1999;199-232.
49. Stoll C. The cuckoo's egg. Tracking a spy through the maze of computer espionage:1989;Doubleday, New York, NY.
50. Straub D.W. Jr. Effective is security. An empirical study Information Systems Research. 1(3):1990;255-276.
51. Straub D.W. Jr., Carlson P.J., Jones E.H. Deterring cheating by student programmers. A field experiment in computer security Journal of Management Systems. 5(1):1993;33-48.
52. Straub D.W. Jr., Nance W.D. Discovering and disciplining computer abuse in organizations. MIS Quarterly. 14(1):1990;45-60.
53. Straub D.W. Jr., Welke R.J. Coping with systems risk. Security planning models for management decision making MIS Quarterly. 22(4):1998;441-469.
54. Straub D.W. Jr., Widom C.S. Deviancy by bits and bytes. Computer abusers and control measures Dougall J.H.F.a.E.G. Computer security: A global challenge. 1984;91-102 Science Publishers BV North Holland, Amsterdam.
55. Sword & Shield. (2001). Top 10 list of proactive security measures. Sword & Shield Security Consultants, WWW Document, accessed 09/15/2001, http://www.sses.net/top10.html .
56. Tzu S. The art of war. Translation by Samuel B. Griffith:1988;Oxford University Press, Oxford.
57. Vaughn R.B., Bogess J.E. III Integration of computer security into software engineering and computer science programs. The Journal of Systems and Software. 49(2,3):1999;149-153.
58. Wadlow T.A. The process of network security. 2000;Addison-Wesley, Reading, MA.
59. Whiteside T. Computer capers. Tales of electronic thievery, embezzlement, and fraud:1978;Fitzhenry and Whiteside, Toronto.
60. Whitman M.E., Townsend A.M., Aalberts R.J. Information systems security and the need for policy. Dhillon G. Information security management: Global challenges in the next millennium. 2000;9-18 Idea Group Publishing, Hershey, PA.
61. Whitman M.E., Townsend A.M., Hendrickson A.R. Cross-national differences in computer-use ethics. A nine country study The Journal of International Business Studies. 30(4):1999;673-687.
62. Whitman M.E., Townsend A.M., Hendrickson A.R., Fields D.A. An examination of cross-national differences in computer-related ethical decision making. ACMSIG Computers and Society. 28(4):1998;22-27.
63. Wilson J.L., Turban E., Zviran M. Information systems security. A managerial perspective International Journal of Information Management. 12(2):1992;105-119.
64. Wong, K. (1985). Computer crime-risk management and computer security. Computers and Security, 4, 287-295.
65. Wood C.C. Information security policies made easy. 1999;Baseline Software Inc, Sausalito, CA.
66. Zviran M., Haga W.J. Password security. An empirical study Journal of Management Information Systems. 15(4):1999;161-185.