Current state of information security research in IS

Communications of the Association for Information Systems

Volumn 24, Issue 1, 2009, Pages 557-596

  Zafar, Humayun ^a   Clark, Jan Guynes ^a  

^a UNIVERSITY OF TEXAS AT SAN ANTONIO   (United States)

Author keywords

Computer crime; Computer viruses; Hacking; Information security; Intrusion detection systems; Network security; Password protection; Privacy; Security management; Security models; Spyware

Indexed keywords

COMPUTER CRIME; COMPUTER PRIVACY; COMPUTER VIRUSES; DATA PRIVACY; INFORMATION MANAGEMENT; INTRUSION DETECTION; MALWARE; PERSONAL COMPUTING; SECURITY OF DATA;

INTRUSION DETECTION SYSTEMS; NETWORKED ENVIRONMENTS; PASSWORD PROTECTION; REFERENCE MODELING; SECURITY MANAGEMENT; SECURITY MODEL;

NETWORK SECURITY;

EID: 70349309259     PISSN: 15293181     EISSN: None     Source Type: Journal    
DOI: 10.17705/1cais.02434     Document Type: Article

References (178)

1. Adams, D. A. and S. Y. Chang. (1993). An Investigation of Keypad Interface Security, Information & Management (24). 53-59.
2. Adam N. and D. H. Jones. (1989). Security of Statistical Databases with an Output Perturbation Technique, Journal of Management Information Systems (6)1. 101-110.
3. Ahluwalia, P. and U. Varshney. (2005). Supporting Quality-of-Service of Mobile Commerce Transactions, Communications of the Association for Information Systems (16). 421-434.
4. Alder, G. S., T. W. Noel, and M. L. Ambrose. (2006). Clarifying the Effects of Internet Monitoring on Job Attitudes: The Mediating Role of Employee Trust, Information & Management (43). 894-903.
5. Anderson, J. M. (2003). Why We Need a New Definition of Information Security, Computers & Security (22)4. 308-313.
6. Angell, I. (2007). Ethics and Morality: A Business Opportunity for the Amoral?, Journal of Information System Security (3)1. 3-18.
7. Ariss, S. S. (2002) Computer Monitoring: Benefits and Pitfalls Facing Management Information & Management (39). 553-558.
8. Asif, Z. and M. Mandviwalla. (2005). Integrating the Supply Chain with RFID: A Technical and Business Analysis, Communications of the Association for Information Systems (15). 393-427.
9. Avourdiadis, N., A. Blyth, and P. Thomas. (2005). SoapSY: Unifying Security Data from Various Heterogeneous Distributed Systems into a Single Database Architecture, Journal of Information System Security (1)2. 26-52.
10. Ba, S. et al. (2005). Choice of Transaction Channels: The Effects of Product Characteristics on Market Evolution, Journal of Management Information Systems (21)4. 173-197.
11. Backhouse, J., J. Baptista, and C. Hsu. (2006a). Rating Certificate Authorities: A Market Approach to the Lemons Problem, Journal of Information System Security (2)2. 3-14.
12. Backhouse, J. and G. Dhillon. (1996). Structures of Responsibility and Security of Information Systems, European Journal of Information Systems (5). 2-9.
13. Backhouse, J., C. W. Hsu, and L. Silva. (2006b). Circuits of Power in Creating De Jure Standards: Shaping an International Information Systems Security Standard, Management Information Systems Quarterly (30). 413-438.
14. Bagchi, K. and G. Udo. (2003). An Analysis of the Growth of Computer and Internet Security Breaches, Communications of the Association for Information Systems (12). 684-700.
15. Bajaj, A. (2000). A Study of Senior Information Systems Managers Decision Models in Adopting New Computer Architecture, Journal of the Association for Information Systems (1) Paper 4. 1-55.
16. Ballard, L., and D. Lopresti. (2007). Forgery Quality and Its Implications for Behavioral Biometric Security, IEEE Transactions on Systems, Man, and Cybernetics Part B: Cybernetics. (37)5. 1107-1118.
17. Baskerville, R. (1993). Information Systems Security Design Methods: Implications for Information Systems Development, ACM Computing Surveys (25). 375-414.
18. Baskerville, R. (2005). Information Warfare: A Comparative Framework for Business Information Security, Journal of Information System Security (1)1. 23-50.
19. Bass, T. (2000). Intrusion Detection Systems and Multisensor Data Fusion, Communications of the ACM (43)2. 99-105.
20. Beebe, N. L. and J. G. Clark. (2007). A Model for Predicting Hacker Behavior, Journal of Information System Security (3) 3. 3-20.
21. Belanger, F., J. S Hiller, and W. J. Smith. (2004). Trustworthiness in Electronic Commerce: The Role of Privacy, Security, and Site Attributes, The Journal of Strategic Information Systems (11)3-4.245-270.
22. Benbasat, I. and R. W. Zmud. (2003). The Identity Crisis Within the IS Discipline: Defining and Communicating the Disciplines Core Properties, Management Information Systems Quarterly (27)2. 183-194.
23. Bento, A. and R. Bento. (2004). Empirical Test of a Hacking Model: An Exploratory Study, Communications of the Association for Information Systems (14). 678-690.
24. Biros, D., J. F. George, and R. W. Zmud. (2002). Inducing Sensitivity to Deception in Order to Improve Decision Making Performance: A Field Study, Management Information Systems Quarterly (26)2. 119-144.
25. Bishop, M. (2003).Computer Security, Art and Science. Addison-Wesley, Boston, MA.
26. Boncella, R. (2004). Web Services and Web Services Security, Communications of the Association for Information Systems (14). 344-363.
27. Boockholdt J. L. (1987). Security and Integrity Controls for Microcomputers: A Summary Analysis, Information & Management (13). 33-41.
28. Boockholdt, J. L. (1989). Implementing Security and Integrity in Micro-Mainframe Networks, Management Information Systems Quarterly (13)2. 134-144.
29. Bose, I. and A. C. M. Leung. (2007). Unveiling the Mask of Phishing: Threats, Preventive Measures, and Responsibilities, Communications of the Association for Information Systems (19). 1-39.
30. Boukhonine, S., V. Krotov, and B. Rupert. (2005). Future Security Approaches and Biometrics, Communications of the Association for Information Systems (16). 937-966.
31. Bussolati U. and G. Martella. (1981). Treating Data Privacy in Distributed Systems, Information & Management (4). 305-315.
32. Campbell, K. et al. (2003). The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market, Journal of Computer Security (11)3. 431-448.
33. Carlsson, B. and A. Jacobsson. (2006). Security Consistency in Information Ecosystems: Structuring the Risk Environment on the Internet, Journal of Information System Security (2)1. 3-26.
34. Cattela, R. C. (1981).Information as a Corporate Asset, Information & Management (4). 29-37.
35. Cavusoglu, H., M. Birendra, and S. Raghunathan. (2004a). The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers, International Journal of Electronic Commerce (9)1. 69-104.
36. Cavusoglu, H., M. Birendra, and S. Raghunathan. (2005). The Value of Intrusion Detection Systems in Information Technology Security Architecture, Information Systems Research (16)1. 28-46.
37. Cavusoglu, H., H. Cavusoglu, and S. Raghunathan. (2004b). Economics of IT Security Management: Four Improvements to Current Security Practices, Communications of the Association for Information Systems (14). 65-75.
38. Cazier, J. and B. D. Medlin. (2006). How Secure Is Your Password? An Analysis of E-Commerce Passwords and Their Crack Times, Journal of Information System Security (2)3. 69-82.
39. Chellappa, R. K. and S. Shivendu. (2007). An Economic Model of Privacy: A Property Rights Approach to Regulatory Choices for Online Personalization, Journal of Management Information Systems (24)3. 193-225.
40. Choobineh, J., G. Dhillon, M. R. Grimaila, and J. Rees. (2007). Management of Information Security: Challenges and Research Directions, Communications of the Association for Information Systems (20. 958-971.
41. Christie, B. (1981). Face to File Communication: A Psychological Approach to Information Systems. New York: Wiley.
42. Croker, A. (1987). Improvements in Database Concurrency Control with Locking, Journal of Management Information Systems (4)2. 74-92.
43. Currie, W. and P. Seltsikas. (2001). Exploring the Supply-Side of IT Outsourcing: Evaluating the Emerging Role of Application Service Providers, European Journal of Information Systems (10). 123-134.
44. DArcy, J. and A. Hovav. (2007). Towards a Best Fit Between Organizational Security Countermeasures and Information Systems Misuse Behaviors, Journal of Information System Security (3)2. 3-30.
45. Da Veiga, A. and J. H. P. Eloff. (2007). An Information Security Governance Framework, Information Systems Management (24. 361-372.
46. Davis, F. D. (1989). Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology, Management Information Systems Quarterly, Sep.
47. Dhillon, G. and J. Backhouse. (2001). Current Directions in IS Security Research: Towards Socio-Organizational Perspectives, Information Systems Journal (11)2. 127-153.
48. Dhillon, G. and S. Chapman. (2007). To Opt On, or to Opt Out? ThIs Is the Question: A Case Study, Journal of Information System Security (2) 2. 46-55.
49. Dhillon, G. and G. Torkzadeh. (2006). Value-Focused Assessment of Information System Security in Organizations, Information Systems Journal (16). 293-314.
50. Dinev, T. and P. Hart. (2006). An Extended Privacy Calculus Model for E-Commerce Transactions, Information Systems Research (17)1. 61-80.
51. Dinev, T. and Q. Hu. (2007). The Centrality of Awareness in the Formation of User Behavioral Intention toward Protecting Information Technologies, Journal of the Association for Information Systems (8) 7. 386-408.
52. Duffy, N. M. (1980). Countdown Services: Fire and its Aftermath in a Computer Bureau, Information & Management (3). 103-111.
53. Egyhazy, C. (1985). Using Database Machines in Embedded Computer Systems, Information & Management (8). 197-203.
54. Faja, S. and S. Trimi. (2003). Influence of the Web Vendors Interventions on Privacy-Related Behaviors in E- Commerce, Communications of the Association for Information Systems (17). 2-68.
55. Fang, X. et al. (2005). Moderating Effects of Task Type on Wireless Technology Acceptance, Journal of Management Information Systems (22)3. 123-157.
56. Fjermestad, J. et al. (2006). Moving Towards Mobile Third Generation Telecommunication Standards: The Good and Bad of the Anytime/Anywhere Solutions, Communications of the Association for Information Systems (17). Article 3. 2-33.
57. Frank, J., B. Shamir, and W. Briggs. (1991). Security-Related Behavior of PC Users in Organizations, Information & Management (21). 127-135.
58. Gal-Or, E. and A. Ghose. (2005). The Economic Incentives for Sharing Security Information, Information Systems Research (16)2. 186-208.
59. Garfinkel, R., R. Gopal, and S. Thompson. (2007). Releasing Individually Identifiable Microdata with Privacy Protection against Stochastic Threat: An Application to Health Information, Information Systems Research (18)1. 23-41.
60. Gattiker, U. and H. Kelley. (1999). Morality and Computers: Attitudes and Differences in Moral Judgments, Information Systems Research (10)3. 233-254.
61. Goodhue, D. L. and D. W. Straub. (1991). Security Concerns of System Users. A Study of Perceptions of the Adequacy of Security, Information & Management (20). 13-27.
62. Goel, S., A. Baykal, and D. Pon. (2005). Botnets: The Anatomy of a Case, Journal of Information System Security (1)3. 45-60.
63. Goel, S., D. Pon, and H. Weistroffer. (2006). Managing Information Security: Demystifying the Audit Process for Security Officers, Journal of Information System Security (2)2. 25-44.
64. Goodman, S. E., and R. Ramer. (2007). Global Sourcing of IT Sources and Information Security: Prudence before Playing, Communications of the Association for Information System (20) article 50. 812-823.
65. Greenaway, K. E. and Y. E. Chan. (2005). Theoretical Explanations for Firms Information Privacy Behaviors, Journal of the Association for Information Systems (6) 6. 171-198.
66. Gupta, A., Y. A. Tung, and J. R. Marsden. (2004). Digital Signature: Use and Modification to Achieve Success in Next Generational E-business Processes, Information & Management (41). 561-575.
67. Halonen, R. (2006). Building User Authentication in an -Organizational Information System, Journal of Information System Security (2)3. 49-68.
68. Hammer, C. (1977). A Forecast of the Future of Computation, Information & Management (1). 3-10.
69. Hammer, C. (1988). Is Todays Office Receiving Full Value from its Computers? Information & Management (15). 15-23.
70. Han, S., and S. Cho. (2006). Evolutionary Neural Networks for Anomaly Detection Based on the Behavior of a Program, IEEE Transactions on Systems, Man, and Cybernetics -Part B: Cybernetics. (36)3. 559-570.
71. Hann, I. et al. (2007). Overcoming Online Information Privacy Concerns: An Information-Processing Theory Approach, Journal of Management Information Systems (24)2. 13-42.
72. Harrington, S. (1996). The Effect of Code of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions, Management Information Systems Quarterly (20)3. 257-278.
73. Herzberg, A. (2003). Payments and Banking with Mobile Personal Devices, Communications of the ACM (46)5. 53-58.
74. Hui, K., H. H. Teo, and S. T. Lee. (2007). The Value of Privacy Assurance: An Exploratory Field Experiment, Management Information Systems Quarterly (31)1. 19-33.
75. IBM. (2006). IBM Information Security Reference Model, web.esaugumas.lt/storage/conference2006/IBM-ISF%20presentation. %2016-17%20Nov%202006%20(RRT). pps (current as of Nov. 7, 2008).
76. Im, J. H. and P. D. V. Epps. (1992). Software Piracy and Software Security Measures in Business Schools, Information & Management (23). 193-203.
77. Ives, B. and V. Krotov. (2006). Anything You Search Can Be Used against You in a Court of Law: Data Mining in Search Archives, Communications of the Association for Information Systems (18). Article 29. 1-28.
78. Jain, A. K., A. Ross, and S. Pankanti. (2006). Biometrics: A Tool for Information Security, IEEE Transactions on Information Forensics and Security (1)2. 125-143.
79. JISSEC. (2008). Home Page www.jissec.org (current as of Nov. 7, 2008).
80. Joseph, G. W. and J. E. Blanton. (1992). Computer Infectors. Prevention, Detection, and Recovery, Information & Management (23). 205-216.
81. Kim, D. and I. Benbasat. (2003). A Web Assurance Services Model of Trust for B2C E-commerce, International Journal of Accounting Information Systems (4)2. 95-114.
82. Kim, D. and I. Benbasat. (2006). The Effects of Trust-Assuring Arguments on Consumer Trust in Internet Stores: Application of Toulmins Model of Argumentation, Information Systems Research (17)3. 286-300.
83. Kim, H-W., Y. Xu and K. Koh. (2004b). A Comparison of Online Trust Building Factors between Potential Customers and Repeat Customers, Journal of the Association for Information Systems (5) 10. 392-420.
84. Kim, J. et al. (2002). Businesses as Buildings: Metrics for the Architectural Quality of Internet Businesses, Information Systems Research (13)3. 239-254.
85. Knapp, K. et al. (2003). Defense Mechanisms of Biological Cells: A Framework for Network Security Thinking, Communications of the Association for Information Systems (12). 701-719.
86. Koh, C. E. and H. J. Watson. (1998). Data Management in Executive Information Systems, Information & Management (33). 301-312.
87. Korzyk, A., J. W. Sutherland, and H. Weistroffer. (2006). A Conceptual Model for Integrative Information Systems Security, Journal of Information System Security (2)1. 44-59.
88. Kotulic, A. G. and J. G. Clark. (2004). Why There Arent More Information Security Research Studies, Information & Management (41). 597-607.
89. Lee, S. (2003). Business Use of Internet-Based Information Systems: The Case of Korea, European Journal of Information Systems (12). 168-181.
90. Lewis, B. R. and T. A. Byrd. (2003). Development of a Measure for the Information Technology Infrastructure Construct, European Journal of Information Systems (12). 93-109.
91. Lewis B., C. A. Snyder, R. K. Rainer, Jr. (1995). An Empirical Assessment of the Information Resource Management Construct, Journal of Management Information Systems (12)1. 199-223.
92. Li, Y. and L. Guo. (2007). An Active Learning Based TCM-KNN Algorithm for Supervised Network Intrusion Detection, Computers & Security (26) 7-8. 459-467. (Pubitemid 350191973)
93. Li, X. and S. Sarkar. (2004). Privacy Protection in Data Mining: A Perturbation Approach for Categorical Data, Information Systems Research (17)3. 254-270.
94. Lim, N. (2006). Crime Investigation: A Course in Computer Forensics, Communications of the Association for Information Systems (18). Article 10. 2-34.
95. Littlewood, B. et al. (1993). Towards Operational Measures of Computer Security, Journal of Computer Security 2(3). 211-229.
96. Loch, K. D., H. C. Carr, and M. E. Warkentin. (1992). Threats to Information Systems: Todays Reality, Yesterdays Understanding, Management Information Systems Quarterly (16)2. 173-186.
97. Lockman A. and N. Minsky. (1989). Designing Financial Information Systems for Auditability, Journal of Management Information Systems (1)1. 50-62.
98. Looi, H. C. (2005). E-Commerce Adoption in Brunei Darussalam: A Quantitative Analysis of Factors Influencing its Adoption, Communications of the Association for Information Systems (15). 61-81.
99. Lucas, H. C. (1985). Social Security Administrations Progress in Modernizing its Computer Operations, Information & Management (9). 283-290.
100. Ma, Q. and J. M. Pearson. (2005). ISO 17799: Best Practices in Information Security Management?Communications of the Association for Information Systems (15). 577-591.
101. Malhotra N., S. S. Kim, and J. Agarwal. (2004). Internet Users Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model, Information Systems Research (15)4. 336-355.
102. McFadzean, E., J. Ezingeard, and D. Birchall. (2006). Anchoring Information Security Governance Research: Sociological Groundings and Future Directions, Journal of Information System Security (2)3. 3-47.
103. Molla, A., R. Heeks, and I. Balcells. (2006). Adding Clicks to Bricks: A Case Study of E-Commerce Adoption by a Catalan Small Retailer, European Journal of Information Systems (15). 424-438.
104. Morin, J-H. and M. Pawlak. (2006). Towards a Global Framework for Corporate and Enterprise Digital Policy Management, Journal of Information System Security (2)2. 15-24.
105. Muntermann, J. and R. Heiko. (2006). Security Issues and Capabilities of Mobile Brokerage Services and Infrastructures, Journal of Information System Security (2)1. 27-43.
106. Murray, T. J. (1979). Cryptographic Transformation of Data Relationships, Information & Management (2). 95-98.
107. Panko, R. R. (2003). Slammer: The First Blitz Worm, Communications of the Association for Information Systems (11). 207-218.
108. Park, I. et al. (2007). The Effect of Spam and Privacy Concerns on E-Mail Users Behavior, Journal of Information System Security (3)1. 39-62.
109. Paulson, L. D. (2002). Wanted: More Network-Security Graduates and Research, Computer (35)2. 22-24.
110. Pavlou, P. A., H. Liang, and Y. Xue. (2007). Understanding and Mitigating Uncertainty in Online Exchange Relationships: A Principal-Agent Perspective, Management Information Systems Quarterly (31)1. 105-136.
111. Payne, C. (2002). On the Security of Open Source Software, Information Systems Journal (12). 61-78.
112. Payne, J. E. (2004) Regulation and Information Security: Can Y2K Lessons Help Us?, IEEE Security and Privacy Magazine (2)2. 58-61.
113. Perlman, R. (2005). The Ephemerizer: Making Data Disappear, Journal of Information System Security (1)1. 51-68.
114. Peffers, K. et al. (2007). A Design Science Research Methodology for Information Systems Research, Journal of Management Information Systems (24)3. 45-77.
115. Peffers, K. and Y. Tang. (2003). Identifying and Evaluating the Universe of Outlets for Information Systems Research: Ranking the Journals, The Journal of Information Technology Theory and Application (5)1. 63-84.
116. Peltier, T. (2001). Information Security Risk Analysis, Auerbach Publications, Boca Raton, FL.
117. Post, G. and A. Kagan. (2000). Management Tradeoffs in Anti-Virus Strategies, Information & Management (37). 13-24.
118. Ramachandran, S. and G. W. White. (2005). Methodology to Assess the Impact of Investments in Security Tools and Products, Journal of Information System Security (1)2. 3-25.
119. Rangnathan, C. and S. Ganapathy. (2002). Key Dimension of Business-to-Consumer Web Sites, Information & Management (39). 457-465.
120. Ratnasingham, P. (1998). Trust in Web-Based Electronic Commerce Security, Information Management and Computer Security (6)4. 162-166. (Pubitemid 128623422)
121. Ray, I., E. Kim, and D. Massey. (2007). A Framework to Facilitate Forensic Investigation of Falsely Advertised BGP Routes, Journal of Information System Security (3)2. 32-65.
122. Reed, A. (2005). Information Technology and Systems II: Server Administration Networks, Communications of the Association for Information Systems (15). 642-660.
123. Roberts, C. (2007). Biometric Attack Vectors and Defences, Computers & Security (26) 1. 14-25.
124. Rodwell, P. M., S. M. Furnell, and P. L. Reynolds. (2007). A Non-Intrusive Biometric Authentication Mechanism Utilising Physiological Characteristics of the Human Head, Computers & Security (26) 7-8. 468-478.
125. Rogers, E. (1995). Diffusion of Innovation. New York: Free Press.
126. Roos, H. (1981). Confidentiality of Information, Information & Management (4). 17-21.
127. Ryan, S. D. and B. Bordoloi. (1997) Evaluating Security Threats in Mainframe and Client/Server Environments, Information & Management (32). 137-146.
128. Sarathy R. and K. Muralidhar. (2002). The Security of Confidential Numerical Data in Databases, Information Systems Research (13)4. 389-403.
129. Schryen, G. (2007). Do Anti-Spam Measures Effectively Cover the E-Mail Communication Network? A Formal Approach, Journal of Information System Security (3)2. 66-90.
130. Senior Scholars. (2006) Letter to AIS http://home.aisnet.org/ associations/7499/files/Senior%20Scholars%20Letter.pdf (Current as of Nov. 7, 2008).
131. Shadish, W. R., T. D. Cook, and D. T. Campbell. (2002). Experimental and Quasi-Experimental Designs for Generalized Causal Reference. Boston-NY: Houghton Mifflin Company.
132. Shanley, R. and G. Premkumar. (2005). WIDS: A Wireless Intrusion Detection System for Detecting Man-in-the-Middle Attacks, Journal of Information System Security (1)3. 18-44.
133. Shao, M., J. J. Hwang, and S. Wu. (2005). A Transactional-Cycle Approach to Evidence Management for Dispute Resolution, Information & Management (42). 607-618.
134. Sharpe, S. (2003). An ASEAN Way to Security Cooperation in Southeast Asia? The Pacific Review (16)2 231-250.
135. Shim, J. P., U. Varshney, and S. Dekleva. (2006). Wireless Evolution 2006: Cellular TV, Wearable Computing, and RFID, Communications of the Association for Information Systems (18). Article 24. 1-37.
136. Shim, J. P. et al. (2007). Cell Phone TV, Wireless Networks in Disaster Management, Ubiquitous Computing, and Adoption of Future Wireless Applications, Communications of the Association for Information Systems (20) Article 29. 1-27.
137. Siponen, M. T. (2005). An Analysis of the Traditional IS Security Approaches: Implications for Research and Practice, European Journal of Information Systems (14). 303-315.
138. Siponen, M., R. Baskerville and J. Heikka. (2006). A Design Theory for Secure Information Systems Design Methods, Journal of the Association for Information Systems (7) 11. 725-770.
139. Siponen, M. and J. Iivari. (2006). Six Design Theories for IS Security Policies and Guidelines, Journal of the Association for Information Systems (7) 7. 445-472.
140. Slevin, C. (2007). After Cyber Attack, Rockies Are Set to Resume Online Ticket Sales, http://www.redorbit.com/news/technology/1114025/rockies-to-try- online-ticket-sales-again/index.html (current Nov. 7, 2008).
141. Soliman, K. S. and B. D. Janz. (2004). An Exploratory Study to Identify the Critical Factors Affecting the Decision to Establish Internet-Based Interorganizational Information Systems, Information & Management (41). 697-706.
142. Spiekermann, S. and H. Ziekow. (2005). RFID: A Systematic Analysis of Privacy Threat and A Seven-point Plan to Address Them, Journal of Information System Security (1)3. 2-18.
143. Sridhar, V. and D. K. Ahuja. (2007). Challenges in Managing Information Security in Academic Institutions: Case of MDI India, Journal of Information System Security (3) 3. 51-78.
144. Stafford, T. F. and A. Urbaczewski. (2004). Spyware: The Ghost in the Machine, Communications of the Association for Information Systems (14). 291-306.
145. Stephens, C. S. and C. A. Snyder. (1991). An Alternative to Emulation for Micro-Mainframe Data Exchange, Information & Management (20). 105-116.
146. Straub, D. W. (1990a). Effective IS Security: An Empirical Study, Information Systems Research (1)3. 255-276.
147. Straub, D. W. (1990b). Key Information Liability Issues Facing Managers: Software Piracy, Proprietary Databases, and Individuals Rights to Privacy, Management Information Systems Quarterly (14)2. 143-156.
148. Straub, D. W. and W. D. Nance. (1990). Discovering and Disciplining Computer Abuse in Organizations: A Field Study, Management Information Systems Quarterly (14)1. 45-60.
149. Straub, D. W. and R. J. Welke. (1998). Coping with Systems Risk: Security Planning Models for Management Decision Making, Management Information Systems Quarterly (22)4. 441-469.
150. Sumner, M. R. (1986). An Assessment of Alternative Application Development Approaches, Information & Management (10). 197-206.
151. Sun L., R. P. Srivastava, and T. J. Mock. (2006). An Information Systems Security Risk Assessment Model Under the Dempster-Shafer Theory of Belief Functions, Journal of Management Information Systems (22)4. 109-142.
152. Swanson, E. B. (1982). Measuring User Attitudes in MIS Research: A Review, OMEGA, (10)-157-165.
153. Tam, K. Y. (1989). Information Systems for Security Trading, Information & Management (16). 105-114.
154. Tan, M. and T. S. H. Teo. (2000). Factors Influencing the Adoption of Internet Banking, Journal of the Association for Information Systems (1) Article 5. 1-42.
155. Thuraisingham, B. (1993). Multilevel Security for Information Retrieval Systems, Information & Management (24). 93-103.
156. Thuraisingham, B. (1995). Multilevel Security for Information Retrieval Systems II, Information & Management (28). 49-61.
157. Toulmin, S. E. (1958). The Use of Argument. Cambridge University Press: Cambridge, UK.
158. Tryfonas, T. (2007). On Security Metaphors and How They Shape the Emerging Practice of Secure Information Systems Development, Journal of Information System Security (3)3. 21-50.
159. Turn, R. (1978). Privacy Protection in Record-Keeping Systems, Information & Management (1). 187-197.
160. Urbach, R. R. and G. A. Kibel. (2004). Adware/Spyware: An Update Regarding Pending Litigation and Legislation, Intellectual Property & Technology Law Journal, (16)7. 12-16.
161. Van Slyke, C. et al. (2006). Concern for Information Privacy and Online Consumer Purchasing, Journal of the ssociation for Information Systems (7) 6. 415-444.
162. Varshney, U. (2003). Wireless I: Mobile and Wireless Information Systems: Applications, Networks, and Research Problems, Communications of the Association for Information Systems (12). 155-166.
163. Verdon, D. (2006). Security Policies and the Software Developer, IEEE Security and Privacy Magazine (4)4. 42-49.
164. Verhagen, T., S. Meents, and Y. Tan. (2006), Perceived Risk and Trust Associated with Purchasing at Electronic Marketplaces, European Journal of Information Systems (15). 542-555.
165. von Solms, B. (2006). Information Security: The Fourth Wave, Computers & Security (25) 3. 165-168.
166. von Solms, R. et al. (2005). A Framework for Information Security Evaluation, Information & Management (26). 143-153.
167. Wang, P. (1994). Information Systems Management Issues in the Republic of China for the 1990s, Information & Management (26). 341-352.
168. Whitworth, B. and M. Zaic. (2003). The WOSP Model: Balanced Information System Design and Evaluation, Communications of the Association for Information Systems (12). 258-282.
169. Willison, R. and J. Backhouse. (2006). Opportunities for Computer Crime: Considering Systems Risk from a Criminological Perspective, European Journal of Information Systems (15). 403-414.
170. Wise Geek, What Is Information Security? www.wisegeek.com/what-is- information-security.htm (Current as of Nov.7, 2008).
171. Wong, C. K., M. Gouda, and S. S. Lam. (2000). Secure Group Communications Using Key Graphs, IEEE/ACM Transactions on Networking (TON) (8)1. 16-30.
172. Yang, S. C., S. Chatterjee, and C. C. Chen. (2004). Wireless Communications: Myths and Reality, Communications of the Association for Information Systems (13). 682-696.
173. Yang, J. and S. S. Huang. (2007). Mining TCP/IP Packets to Detect Stepping-Stone Intrusion, Computers & Security (26) 7-8. 479-484.
174. Ye, M., G. Premkumar, and D. Zhu. (2007). An Evaluation of Size-Based Traffic Feature for Intrusion Detection, Journal of Information System Security (3)1. 19-38.
175. Yeh, Q. and A. J. Chang. (2007). Threats and Countermeasures for Information System Security: A Cross-Industry Study, Information & Management (44). 480-491.
176. Yue W. and M. Cakanyildirim. (2007). Intrusion Prevention in Information Systems: Reactive and Proactive Responses, Journal of Management Information Systems (24)1. 329-353.
177. Zviran, M. and Z. Erlich. (2006). Identification and Authentication: Technology and Implementation Issues, Communications of the Association for Information Systems (17) Article 4. 2-30.
178. Zviran M. and W. Haga. (1999). Password Security: An Empirical Study, Journal of Management Information Systems (15)4. 161-185.