Information security management objectives and practices: A parsimonious framework

Information Management and Computer Security

Volumn 16, Issue 3, 2008, Pages 251-270

  Qingxiong, Ma ^a   Johnston, Allen C ^b   Pearson, J Michael ^c  

^a UNIVERSITY OF CENTRAL MISSOURI   (United States)

^b UNIVERSITY OF ALABAMA AT BIRMINGHAM   (United States)

^c SOUTHERN ILLINOIS UNIVERSITY   (United States)

Author keywords

Communication technology; Data security

Indexed keywords

ACCESS CONTROL; INDUSTRIAL MANAGEMENT; INFORMATION MANAGEMENT; INFORMATION SERVICES; RELIABILITY; SECURITY SYSTEMS; STANDARDIZATION; STANDARDS;

A-PRIORI; BUSINESS MANAGERS; COMMUNICATION TECHNOLOGY; CRITICAL INFORMATION; DATA SECURITY; DESIGN/METHODOLOGY/APPROACH; EMPIRICAL ANALYSES; EXTERNAL-; INFORMATION INTEGRITY; INFORMATION SECURITY; INFORMATION SECURITY MANAGEMENT; INFORMATION SECURITY PROFESSIONALS; ISO 17799; ORGANIZATIONAL INFORMATION; PRACTICAL IMPLICATIONS; SECURITY OBJECTIVES; SURVEY DATA;

SECURITY OF DATA;

EID: 49249127269     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220810893207     Document Type: Article

References (36)

1. Avolio, F. (2000), "Best practices in network security", available at: www.networkcomputing.com/1105/1105f2.html?ls=NCJS_1105bt (accessed February 2007).
2. Bachman, D. (2002), "Information systems security: Principles and perspectives", Sprint E/Solutions White Paper, Overland Park, KS.
3. Baskerville, R. and Siponen, M. (2002), "An information security meta-policy for emergent organizations", Journal of Logistics Information Management, Vol. 15 Nos 5/6, pp. 337-46.
4. Bell, D. and La Padula, A. (1976), Secure Computer Systems: Unified Exposition and Multics Interpretation, MITRE Corp., Bedford, MA.
5. Boykin, P. (2003), "Practical cryptography and internet applications", available at: www.ee.ucla.edu/~boykin/ crypto_course/crypto_alg.ppt (accessed February 2007).
6. Briney, A. and Prince, F. (2002), "Does size matter?", available at: www.infosecuritymag.com/2002/sep/2002survey.pdf (accessed February 2007).
7. Browne, P. (1979), Security: Checklist for Computer Center Self Audits, AFIPS Press, Arlington, VA.
8. Bruce, L. (2003), "Information security - key issues and developments", available at: www.pwcglobal.com/jm/images/pdf/ Information%20Security%20Risk.pdf (accessed February 2007).
9. Byrnes, F. and Proctor, P. (2002), "Information security must balance business objectives", available at: Http://informit.com (accessed February 2007).
10. Dhillon, G. and Blackhouse, J. (2001), "Current directions in IS security research: Towards socio-organizational perspectives", Information Systems Journal, Vol. 11 No. 2, pp. 127-53.
11. Dhillon, G. and Torkzadeh, G. (2006), "Value-focused assessment of information system security in organizations", Information Systems Journal, Vol. 16 No. 3, pp. 293-314.
12. EarthWeb (2003), "IT management", available at: Http:// itmanagement.webopedia.com/TERM/N/nonrepudiation.html (accessed February 2007).
13. Filipek, R. (2007), "Information security becomes a business priority", Internal Auditor, Vol. 64 No. 1, p. 18.
14. Hoffer, J. and Straub, D. (1989), "The 9 to 5 underground: Are you policing computer crimes?", Sloan Management Review, Vol. 30 No. 4, pp. 35-43.
15. Host, R. (2001), "New information security requirements for federal agencies", available at: www.sans.org/rr/policy/fed.php (accessed February 2007).
16. Hutt, A., Bosworth, S. and Hoyt, D. (1995), Computer Security Handbook, 3rd ed., Wiley, New York, NY.
17. Johnston, A. and Hale, R. (2007), "Improved security through information security governance", Communications of the ACM, Fall (in press).
18. Kauffman, R. and Mohtadi, H. (2003), "Analyzing interorganizational information sharing strategies in B2B e-commerce supply chains", Proceedings of INFORMS Conference on Information Systems and Technology, Atlanta, GA.
19. Kinsey, J. and Ashman, S. (2000), "Information technology in the retail food industry", Technology in Society, Vol. 22 No. 1, pp. 83-96.
20. Krauss, L. (1980), SAFE: Security Audit and Field Evaluation for Computer Facilities and Information Systems, Amacon, New York, NY.
21. Krauss, M. and Tipton, H. (2002), Handbook of Information Security Management, CRC Press, Boca Raton, FL.
22. Leiwo, J., Gamage, C. and Zheng, Y. (1999), "Organizational modeling for efficient specification of information security requirements", Advances in Databases and Information Systems: 3rd East European Conference, ADBIS'99, Maribor, pp. 247-60.
23. Long, C. (1999), "A socio-technical perspective on information security knowledge and attitudes", unpublished dissertation, The University of Texas at Austin, Austin, TX.
24. Mercuri, R. (2003), "Standards insecurity", Communications of the ACM, Vol. 46 No. 12, pp. 21-5.
25. Parker, D. (2002), "Toward a new framework for information security", in Bosworth, S. and Kabay, M.E. (Eds), Computer Security Handbook, Wiley, New York, NY.
26. Peltier, T. (2003), "Establishing business controls for electronic mail communications", Information Systems Security, Vol. 12, pp. 34-43.
27. Power, R. (2002), "2002 CSI/FBI computer crime and security survey", Computer Security Issues &Trends, Vol. 8 No. 1, pp. 1-22.
28. Rannenberg, K., Pfitzmann, A. and Muller, G. (1999), "IT security and multilateral security", in Muller, G. and Rannenberg, K. (Eds), Multilateral Security in Communications - Technology, Infrastructure, Economy, Addison-Wesley-Longman, Reading, MA.
29. Rosenthal, D. (2002), "Intrusion detection technology: Leveraging the organization's security posture", Information Systems Management, Vol. 19 No. 1, pp. 35-44.
30. Setty, H. (2003), "System administrator - security best practices", available at: www.sans.org/rr/practice/sysadmin.php (accessed February 2007).
31. Siponen, M. (2000), "A conceptual foundation for organizational information security awareness", Information Management & Computer Security, Vol. 8 No. 1, pp. 31-41.
32. Siponen, M., Baskerville, R. and Heikka, J. (2006), "A design theory for secure information systems design methods", Journal of the Association for Information Systems, Vol. 7 No. 11, pp. 725-70.
33. Stefanek, G. (2002), Information Security Best Practices 205 Rules, Butterworth-Heinemann, Boston, MA.
34. Straub, D. and Welke, R. (1998), "Coping with systems risk: security planning models for management decision making", MIS Quarterly, Vol. 22 No. 4, pp. 441-69.
35. Summers, R. (2002), Secure Computing: Threats and Safeguards, McGraw-Hill, New York, NY.
36. Zviran, M. and Haga, W. (1999), "Password security: An empirical study", Journal of Management Information Systems, Vol. 15 No. 4, pp. 161-85.