Information security: Management's effect on culture and policy

Information Management and Computer Security

Volumn 14, Issue 1, 2006, Pages 24-36

  Knapp, Kenneth J ^a,b   Marshall, Thomas E ^b   Rainer Jr , R Kelly ^b   Ford, F Nelson ^b  

^a UNITED STATES AIR FORCE ACADEMY   (United States)

^b AUBURN UNIVERSITY   (United States)

Author keywords

Information control; Management effectiveness; Organizational culture; Surveys

Indexed keywords

LAW ENFORCEMENT; MATHEMATICAL MODELS; PROFESSIONAL ASPECTS; PUBLIC POLICY; SECURITY OF DATA;

INFORMATION CONTROL; MANAGEMENT EFFECTIVENESS; ORGANIZATIONAL CULTURE;

MANAGEMENT INFORMATION SYSTEMS;

EID: 33644533141     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220610648355     Document Type: Article

References (29)

1. Allen, B. (1968), "Danger ahead! Safeguard your computer", Harvard Business Review, pp. 97-101, November/December.
2. Bagchi, K. and Udo, G. (2003), "An analysis of the growth of computer and internet security breaches", Communications of the Association for Information Systems, Vol. 12 No. 46, pp. 1-29.
3. Brancheau, J.C., Janz, B.D. and Wetherbe, J.C. (1996), "Key issues in information systems management: 1994-95 SIM results", Management Information Systems Quarterly, Vol. 20 No. 2, pp. 225-42.
4. Byrne, B.M. (2001), Structural Equation Modeling with Amos, Erlbaum, Mahwah, NJ.
5. Computer Emergency Response Team (CERT) (2004), "CERT statistics", available at: www.cert.org/stats/ certa_stats.html#incidents (accessed May 2004).
6. Detert, J.R., Schroeder, R.G. and Mauriel, J.J. (2000), "A framework for linking culture and improvement in organizations", Academy of Management Review, Vol. 25 No. 4, pp. 850-63.
7. DeVellis, R.F. (2003), Scale Development. Theory and Applications, 2nd ed.,Vol. 26, Sage, Thousand Oaks, CA.
8. Dutta, A. and McCrohan, K. (2002), "Management's role in information security in a cyber economy", California Management Review, Vol. 45 No. 1, pp. 67-87.
9. Garg, A., Curtis, J. and Halper, H. (2004), "Quantifying the financial impact of IT security breaches", Information Management & Computer Security, Vol. 11 No. 2, pp. 74-83.
10. Glaser, B.G. and Strauss, A.L. (1967), The Discovery of Grounded Theory: Strategies for Qualitative Research, Aldine Publishing, New York, NY.
11. Gordon, L.A., Loeb, M.P., Lucyshyn, W. and Richardson, R. (2004), 2004 CSI/FBI Computer Crime and Security Survey, Computer Security Institute, San Francisco, CA.
12. Hair, J.F., Anderson, R.E., Tatham, R.L. and Black, W.C. (1998), Multivariate Analysis, 5th ed., Pearson Education, Delhi.
13. Hinkin, T.R. (1998), "A brief tutorial on the development of measures for use in survey questionnaires", Organizational Research Methods, Vol. 1 No. 1, pp. 104-121.
14. Im, K.S. and Grover, V. (2004), "The use of structural equation modeling in IS research: Review and recommendations", in Whitman, M.E. and Woszczynski, A.B. (Eds), The Handbook of Information Systems Research, Idea Group Publishing, Hershey, PA.
15. Kankanhalli, A., Hock-Hai, T., Bernard, C.Y.T. and Kwok-Kee, W. (2003), "An integrative study of information systems security effectiveness", International Journal of Information Management, Vol. 23, pp. 139-54.
16. Kaplan, B. and Duchon, D. (1988), "Combining qualitative and quantitative methods in information systems research: A case study", Management Information Systems Quarterly, Vol. 12 No. 4, pp. 571-87.
17. Klein, A.S., Masi, R.J. and Weidner, C.K. (1995), "Organization culture, distribution, and amount of control and perceptions of quality", Group & Organization Management, Vol. 20 No. 2, pp. 122-48.
18. 2 Survey Results, Auburn University, Auburn, AL.
19. Kotulic, A.G. and Clark, J.G. (2004), "Why there aren't more information security research studies?", Information & Management, Vol. 41 No. 5, pp. 597-607.
20. Miles, M.B. and Huberman, A.M. (1994), Qualitative Data Analysis, Sage, Thousand Oaks, CA.
21. Nunnally, J. (1978), Psychometric Theory, McGraw-Hill, New York, NY.
22. Parker, D.B. (1981), Computer Security Management, Reston Publishing Company, Reston, VA.
23. President (2003), "National strategy to secure cyberspace", available at: www.whitehouse.gov/pcipb (accessed May 2004).
24. Segars, A.H. (1998), "Strategic information systems planning success: An investigation of the construct and its measurement", Management Information Systems Quarterly, Vol. 22 No. 2, pp. 139-63.
25. Straub, D.W. (1990), "Effective IS security: An empirical study", Information Systems Research, Vol. 1 No. 3, pp. 255-76.
26. Straub, D.W. and Welke, R.J. (1998), "Coping with systems risk: security planning models for management decision making", Management Information Systems Quarterly, Vol. 22 No. 4, pp. 441-69.
27. Strauss, A. and Corbin, J. (1998), Basics of Qualitative Research. Techniques and Procedures for Developing Grounded Theory, 2nd ed., Sage, Thousand Oaks, CA.
28. Van Tassel, D. (1972), Computer Security Management, Prentice-Hall, Englewood Cliffs, NJ.
29. Whitman, M.E. and Woszczynski, A.B. (2004), "The problem of common method variance in IS research", in Whitman, M.E. and Woszczynski, A.B. (Eds), The Handbook of Information Systems Research, Idea Group Publishing, Hershey, PA.