An empirical study of information security policy on information security elevation in Taiwan

Information Management & Computer Security

Volumn 14, Issue 2, 2006, Pages 104-115

  Hong, Kwo Shing ^a   Chi, Yen Ping ^b   Chao, Louis R ^c   Tang, Jih Hsing ^d  

^a Overall Planning Department   (Taiwan)

^b NATIONAL CHENGCHI UNIVERSITY   (Taiwan)

^c TAMKANG UNIVERSITY   (Taiwan)

^d NATIONAL DONG HWA UNIVERSITY   (Taiwan)

Author keywords

Critical path analysis; Data security; Security products

Indexed keywords

CRITICAL PATH ANALYSIS; ELECTRONIC COMMERCE; INFORMATION MANAGEMENT; SOCIETIES AND INSTITUTIONS;

INFORMATION SECURITY ELEVATION; INFORMATION SECURIY POLICY; ORGANIZATION'S SECURITY LEVEL; SECURITY PRODUCTS;

SECURITY OF DATA;

EID: 33745838617     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220610655861     Document Type: Article

References (17)

1. Blacharski, D. (1998), Network Security in a Mixed Environment, Hungry Minds, Tom Swan, Foster City, CA.
2. Connolly, P.J. (2000), “Security starts from within”, Infoworld, July, pp. 39-40.
3. Dhillon, G. and Backhouse, J. (2001), “Current directions in IS security research: towards socio-organizational perspectives”, Information Systems Journal, Vol. 11, pp. 127-53.
4. Flynn, N.L. (2001), The E-Policy Handbook: Designing and Implementing Effective E-mail, Internet and Software Policies, American Management Association, New York, NY.
5. Fulford, H. and Doherty, N.F. (2003), “The application of information security policies in large UK-based organizations: an exploratory investigation”, Information Management & Computer Security, Vol. 11 No. 3, pp. 106-14.
6. Gupta, M., Chaturvedi, A.R., Mehta, S. and Valeri, L. (2000), “The experimental analysis of information security management issues for online financial services”, Proceedings of the Twenty First International Conference on Information Systems, Brisbane, Australia.
7. Hinde, S. (2002), “Security survey spring crop”, Computers & Security, Vol. 21 No. 4, pp. 310-21.
8. Höne, K. and Eloff, J.H.P. (2002a), “Information security policy – what do international information security standards say?”, Computers & Security, Vol. 21 No. 5, pp. 402-9.
9. Höne, K. and Eloff, J.H.P. (2002b), “What makes an effective information security policy?”, Network Security, Vol. 6, pp. 14-16.
10. Hong, K.S., Chi, Y.P., Chao, L.R. and Tang, J.H. (2003), “An integrated system theory of information security management”, Information Management & Computer Security, Vol. 11 No. 5, pp. 243-8.
11. ISO/IEC 17799 (2000), Information Technology Code of Practice for Information Services, ISO, Geneva.
12. Kühnhauser, W.E. (1999), “Policy groups”, Computers & Security, Vol. 18 No. 4, pp. 351-63.
13. Lindup, K.R. (1995), “A new model for information security policies”, Computers & Security, Vol. 14 No. 8, pp. 691-5.
14. Loch, K.D., Carr, H.H. and Warkentin, M.E. (1992), “Threats to information systems: today's reality, yesterday's understanding”, MIS Quarterly, Vol. 16 No. 2, pp. 173-86.
15. Osborne, K. (1998), “Auditing the IT security function”, Computers & Security, Vol. 17 No. 1, pp. 34-41.
16. Ryan, S.D. and Bordoloi, B. (1997), “Evaluating security threats in mainframe and client/server environments”, Information & Management, Vol. 32 No. 3, pp. 137-46.
17. Ward, P. and Smith, C.L. (2002), “The development of access control policies for information technology systems”, Computers & Security, Vol. 21 No. 4, pp. 356-71.