On security preparations against possible is threats across industries

Information Management and Computer Security

Volumn 14, Issue 4, 2006, Pages 343-360

  Chang, Arthur Jung Ting ^a   Yeh, Quey Jen ^b  

^a CHIN MIN INSTITUTE OF TECHNOLOGY   (Taiwan)

^b NATIONAL CHENG KUNG UNIVERSITY   (Taiwan)

Author keywords

Data security; Information systems

Indexed keywords

DEVELOPING COUNTRIES; INFORMATION MANAGEMENT; MANAGEMENT INFORMATION SYSTEMS;

INFORMATION SYSTEMS; MITIGATION STRATEGIES; SECURITY PREPARATIONS; SYSTEM SECURITY;

SECURITY OF DATA;

EID: 33746622997     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220610690817     Document Type: Article

References (39)

1. Birch, D.G.W. and McEvoy, N.A. (1992), "Risk analysis for information systems", Journal of Information Technology, Vol. 7, pp. 44-53.
2. BS7799-2 (2002), Information Security Management-Part 2: Information Security Management Systems Specification with Guidance for Use, British Standards Institution, London.
3. CSI/FBI (2003), CSI/FBI 2003 Computer Crime and Security Survey, Computer Security Institute, San Francisco, CA.
4. CSI/FBI (2004), CSI/FBI 2004 Computer Crime and Security Survey, Computer Security Institute, San Francisco, CA.
5. CNS17800 (2003), "Bureau of standards, metrology, and inspection", The Information Security Management Systems-Specification with Guidance for Use, M.O.E.A., Taiwan.
6. Ernst & Young (1996), "The Ernst & Young international information security survey 1995", Information Management & Computer Security, Vol. 4 No. 4, pp. 26-33.
7. Ernst & Young (2004), Global Information Security Survey 2004, Ernst & Young.
8. Forcht, K.A. (1994), Computer Security Management, Boyd and Fraser, Danvers, MA.
9. Fulford, H. and Doherty, N.F. (2003), "The application of information security policies in large UK-based organizations: An exploratory investigation", Information Management & Computer Security, Vol. 11 No. 3, pp. 106-14.
10. Gordon, L.A., Gordon, M.P.L. and Sohail, T. (2003), "A framework for using insurance for cyber risk management", Communciations of the ACM, March, pp. 81-5.
11. Goodhue, D.L. and Straub, D.W. (1991), "Security concerns of system users: A study of perceptions of the adequacy of security", Information & Management, Vol. 20, pp. 13-22.
12. Gupta, A. and Hammond, R. (2005), "Information systems security issues and decisions for small business", Information Management & Computer Security, Vol. 13 No. 4, pp. 297-310.
13. Hinde, S. (2003), "The law, cybercrime, risk assessment and cyber protection", Computers and Security, Vol. 22 No. 2, pp. 90-5.
14. Icove, D., Seger, K. and Vonstorch, W. (1999), Computer Crime - A Crimefighter's Handbook, O'Reilly & Associates, Inc., Sebastopol, CA.
15. Jarvenpaa, S.L. and Ives, B. (1990), "Information technology and corporate strategy: A view from the top", Information Systems Research, Vol. 1 No. 4, pp. 351-75.
16. Jung, B., Han, I. and Lee, S. (2001), "Securtity threats to internet: A Korean multi-industry investigation", Information & Management, Vol. 38, pp. 487-98.
17. Kankanhalli, A., Teo, H.-H., Tan, B.C.Y. and Wei, K.-K. (2003), "An integrative study of information systems security effectiveness", International Journal of Information Management, Vol. 23, pp. 139-54.
18. Keller, S., Powell, A., Horstmann, B., Predmore, C. and Crawford, M. (2005), "Information security threats and practices in small businesses", Information Systems Management, Spring, pp. 7-19.
19. King, W.R. (1994), "Organizational characteristics and information systems planning: An empirical study", Information Systems Research, Vol. 5 No. 2, pp. 75-109.
20. Loch, K.D., Carr, H.H. and Warkentin, M.E. (1992), "Threats to information systems: Today's reality, yesterday's understanding", MIS Quarterly, Vol. 16 No. 2, pp. 173-86.
21. Madnick, E.S. (1978), "Management policies and procedures needed for effective computer security", Sloan Management Review, Fall, pp. 61-74.
22. NIST (2002), Risk Management Guide for Information Technology Systems (Special Publication 800-30), National Institute of Standards and Technology Computer Security Resource Center.
23. Ølnes, J. (1994), "Development of security policies", Computers & Security, Vol. 13, pp. 628-36.
24. Peltier, T.R. (2001), Information Security Risk Analysis, Auerbach, New York, NY.
25. Pipkin, D.L. (2000), Information Security Protecting the Global Enterprise, Hewlett-Packard, New Jersey.
26. Posthumus, S. and von Solms, R. (2004), "A framework for the governance of information security", Computer & Security, Vol. 23, pp. 638-46.
27. Rainer, R.K. Jr, Snyderr, C.A. and Carr, H.H. 1991, "Risk analysis for information technology", Journal of Management Information Systems, Summer, pp. 192-7.
28. Siegel, C.A., Sagalow, T.R. and Serritella, P. (2002), "Cyber-risk management: Technical and insurance controls for enterprise-level security", Security Management Practices, September/October, pp. 33-49.
29. Straub, D.W. (1986), "Computer abuse and computer security: Update on an empirical study", Security, Audit, and Control Review, Vol. 4 No. 2, pp. 21-31.
30. Straub, D.W. (1990), " Effective IS security: An empirical study", Information Systems Research, Vol. 1 No. 3, pp. 255-76.
31. Straub, D.W. and Nance, W.D. (1990), "Discovering and disciplining computer abuse in organization: A field study", MIS Quarterly, March, pp. 45-55.
32. Straub, D.W. and Welke, R.J. (1998), "Coping with systems risk: security planning models for management decision making", MIS Quarterly, December, pp. 441-69.
33. Thomson, M.E. and von Solms, R. (1998), "Information security awareness: Educating your users effectively", Information Management & Computer Security, Vol. 6 No. 4, pp. 167-73.
34. Von Solms, R. (1996), "Information security management: The second generation", Computers & Security, Vol. 15 No. 4, pp. 281-8.
35. Von Solms, B. and von Solms, R. (2004), "The 10 deadly sins of information security management", Computer & Security, Vol. 23, pp. 371-6.
36. Von Solms, R., van de Haar, H., von Solms, S.H. and Caelli, W.J. (1994), "A framework for information security evaluation", Information & Management, Vol. 26, pp. 143-53.
37. Vroom, C. and von Solms, R. (2004), "Towards information security behavioural compliance", Computers & Security, Vol. 23, pp. 191-8.
38. White, G.B., Fisch, E.A. and Pooch, U.W. (1996), Computer System and Network Security, CRC Press, Boca Raton, FL.
39. Whitman, M.E. (2004), "In defense of the realm: Understanding the threats to information security", International Journal of Information Management, Vol. 24, pp. 43-57.