Threats and countermeasures for information system security: A cross-industry study

Information and Management

Volumn 44, Issue 5, 2007, Pages 480-491

  Yeh, Quey Jen ^a   Chang, Arthur Jung Ting ^b  

^a NATIONAL CHENG KUNG UNIVERSITY   (Taiwan)

^b CHIN MIN INSTITUTE OF TECHNOLOGY   (Taiwan)

Author keywords

Countermeasures; IS security; IS threats; Security adoption; Threat mitigation

Indexed keywords

INFORMATION SYSTEM SECURITY; SECURITY ADOPTION; SECURITY COUNTERMEASURES; THREAT MITIGATION;

COMPUTER CRIME; DATA ACQUISITION; ELECTRONIC CRIME COUNTERMEASURES; SECURITY OF DATA;

INFORMATION SYSTEMS;

EID: 34447298085     PISSN: 03787206     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.im.2007.05.003     Document Type: Article

References (35)

1. Banker R.D., Bardhan I.R., Chang H., and Lin S. Plant information systems, manufacturing capabilities, and plant performance. MIS Quarterly 30 2 (2006) 315-337
2. BS7799-2, Information Security Management. Part 2. Information Security Management Systems Specification with Guidance for Use (2002), British Standards Institution, London
3. Chiasson M.W., and Davidson E. Taking industry seriously in information systems research. MIS Quarterly 29 4 (2005) 591-605
4. CNSS, National Information Assurance (IA) Glossary (CNSS Instruction No. 4009), Committee on National Security Systems, revised in June 2006, http://www.cnss.gov/instructions.html (cited July 5, 2006).
5. Davamanirajan P., Kauffman R.J., Kriebel C.H., and Mukhopadhyay T. Systems design, process performance, and economic outcomes in international banking. Journal of Management Information Systems 23 2 (2006) 65-90
6. Eloff M.M., and von Solms S.H. Information security management: a hierarchical framework for various approaches. Computers and Security 19 3 (2000) 243-256
7. Fitzgerald K.J. Information security baselines. Information Management & Computer Security 3 2 (1995) 8-12
8. Galliers R.D., and Sutherland A.R. Information systems management and strategy formulation: the "stages of growth" model revisited. Journal of Information Systems 1 (1991) 89-114
9. Gibson D., and Nolan R.L. Managing the four stages of EDP growth. Harvard Business Review 52 1 (1974)
10. Goodhue D.L., and Straub D.W. Security concerns of system users: a study of perceptions of the adequacy of security. Information and Management 20 1 (1991) 13-22
11. Gordon L.A., Loeb M.P., and Sohail T. A framework for using insurance for cyber risk management. Communications of the ACM (2003) 81-85
12. Iacovou C.L., Benbasat I., and Dexter A.S. Electronic data interchange and small organizations: adoption and impact of technology. MIS Quarterly 19 4 (1995) 465-485
13. Icove D., Seger K., and Vonstorch W. Computer Crime-A Crimefighter's Handbook (1999), O'Reilly & Associates, Inc.
14. Jung B., Han I., and Lee S. Security threats to Internet: a Korean multi-industry investigation. Information and Management 38 8 (2001) 487-498
15. Kankanhalli A., Teo H.H., Tan B.C.Y., and Wei K.K. An integrative study of information systems security effectiveness. International Journal of Information Management 23 (2003) 139-154
16. King W.R. Organizational characteristics and information systems planning: an empirical study. Information Systems Research 5 2 (1994) 75-109
17. Kotulic A.G., and Clark J.G. Why there aren't more information security research studies. Information and Management 41 5 (2004) 597-607
18. Kraemer K.L., Gibbs J., and Dedrick J. Impacts of globalization on e-commerce use and firm performance: a cross-country investigation. Information Society 21 5 (2005) 323-340
19. Lee Y., and Kozar K.A. Investigating factors affecting the adoption of anti-spyware systems. Communications of the ACM 48 8 (2005) 72-78
20. Loch K.D., Carr H.H., and Warkentin M.E. Threats to information systems: today's reality, yesterday's understanding. MIS Quarterly 16 2 (1992) 173-186
21. Mohr J.J. The management and control of information in high-technology firms. The Journal of High Technology Management Research 7 2 (1996) 245-268
22. NIST SP 800-30, Risk Management Guide for Information Technology Systems (Special Publication 800-30) (2002), National Institute of Standards and Technology Computer Security Resource Center
23. Olnes J. Development of security policies. Computers and Security 13 8 (1994) 628-636
24. Peltier T.R. Information Security Risk Analysis (2001), Auerbach, New York
25. Rainer Jr. R.K., Snyderr C.A., and Carr H.H. Risk analysis for information technology. Journal of Management Information Systems (1991) 192-197
26. Richardson R. 2003 CSI/FBI Computer Crime and Security Survey (2003), Computer Security Institute. http://www.gocsi.com/ http://www.gocsi.com/ (cited September 20, 2003)
27. Rogers E.M. Diffusion of Innovations. 3rd ed. (1983), The Free Press, New York, NY
28. Straub D.W., and Nance W.D. Discovering and disciplining computer abuse in organization: a field study. MIS Quarterly (1990) 45-55
29. Straub D.W., and Welke R.J. Coping with systems risk: security planning models for management decision making. MIS Quarterly (1998) 441-469
30. Suh B., and Han I. The IS risk analysis based on a business model. Information and Management 41 2 (2003) 149-158
31. von Solms B., and von Solms R. The 10 deadly sins of information security management. Computers and Security 23 5 (2004) 371-376
32. von Solms R., van de Haar H., von Solms S.H., and Caelli W.J. A framework for information security evaluation. Information and Management 26 3 (1994) 143-153
33. White G.B., Fisch E.A., and Pooch U.W. Computer System and Network Security (1996), CRC Press, Boca Raton, FL
34. Whitman M.E. Enemy at the gates: threats to information security. Communication of the ACM 46 8 (2003) 91-95
35. Zmud R.W. An examination of push-pull theory applied to process innovation in knowledge work. Management Science 30 6 (1984) 727-738