Is information security under control?: Investigating quality in information security management

IEEE Security and Privacy

Volumn 5, Issue 1, 2007, Pages 36-44

  Baker, Wade H ^a   Wallace, Linda ^a  

^a VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANTIVIRUS SOFTWARE; INFORMATION SECURITY RISK MANAGEMENT;

COMPUTER SOFTWARE; COMPUTER SYSTEM FIREWALLS; COMPUTER VIRUSES; CRYPTOGRAPHY; INFORMATION MANAGEMENT; SOCIETIES AND INSTITUTIONS; WEBSITES;

SECURITY OF DATA;

EID: 33847748221     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2007.11     Document Type: Article

References (13)

1. O.S. Saydjari, "Multilevel Security: Reprise," IEEE Security & Privacy, vol. 2, no. 5, 2004, pp. 64-67.
2. R.T. Mercuri, "Computer Security: Quality Rather than Quantity," Comm. ACM, vol. 45, no. 10, 2002, pp. 12-14.
3. D.W Straub and R.J. Welke, "Coping with Systems Risk: Security Planning Models for Management Decision-Making," MIS Quarterly, vol. 22, no. 4, 1998, pp. 441-470.
4. G. Dhillon and J. Backhouse, "Information Systems Security Management in the New Millennium," Comm. ACM, vol. 43, no. 7, 2000, pp. 125-128.
5. G. Stoneburner, A. Goguen, and A. Feringa, "Risk Management Guide for Information Technology Systems," Nat'l Inst. of Standards and Technology, US Dept of Commerce, 2002; http://csrc.nist.gov/publications/ nistpubs/800-30/sp800-30.pdf.
6. L. Gordon et al., Ninth Ann. CSI/FBI Computer Crime and Survey Report, Computer Security Inst., 2004.
7. M.E. Whitman, "Enemy at the Gate: Threats to Information Security," Comm. ACM, vol. 46, no. 8, 2003, pp. 91-95.
8. A.G. Kotulic and J.G. Clark, "Why There Aren't More Information Security Research Studies," Information & Management, vol. 41, 2004, pp. 597-607.
9. M. Bishop, "What is Computer Security?" IEEE Security & Privacy, vol. 1, no. 1, 2003, pp. 67-69.
10. T. Belchner et al., "Riptech Internet Security Threat Report," Riptech, 2002.
11. "The Internet Business Disruptions Benchmark Report," Aberdeen Group, 2004; www.aberdeen.com/summary/report/benchmark/ibd.asp.
12. L.A. Gordon and M.P. Loeb, "The Economics of Information Security Investment," ACM Trans. Information and System Security, vol. 5, no. 4, 2002, pp. 438-457.
13. A.V. Feigenbaum, "Total Quality Control," Harvard Business Rev., vol. 34, no. 6, 1956, p. 93.