메뉴 건너뛰기




Volumn 34, Issue SPEC. ISSUE 3, 2010, Pages 503-522

User participation in information systems security risk management

Author keywords

Information security; Sarbanes Oxley Act; Security risk management; User participation

Indexed keywords

COMPLIANCE CONTROL; INFORMATION SYSTEMS; INFORMATION USE; REGULATORY COMPLIANCE; RISK MANAGEMENT; SECURITY OF DATA; SURVEYS;

EID: 77957070672     PISSN: 02767783     EISSN: None     Source Type: Journal    
DOI: 10.2307/25750689     Document Type: Article
Times cited : (346)

References (66)
  • 2
    • 2642549662 scopus 로고    scopus 로고
    • Computer security and risky computing practices: A rational choice perspective
    • Aytes, K., and Connolly, T. 2004. "Computer Security and Risky Computing Practices: A Rational Choice Perspective," Journal of Organizational and End User Computing (16:3), pp. 22-40.
    • (2004) Journal of Organizational and End User Computing , vol.16 , Issue.3 , pp. 22-40
    • Aytes, K.1    Connolly, T.2
  • 3
    • 24044550516 scopus 로고
    • Rethinking the concept of user involvement
    • Barki, H., and Hartwick, J. 1989. "Rethinking the Concept of User Involvement,"MIS Quarterly (13:1), pp. 53-63.
    • (1989) MIS Quarterly , vol.13 , Issue.1 , pp. 53-63
    • Barki, H.1    Hartwick, J.2
  • 4
    • 18444418621 scopus 로고
    • Measuring user participation, user involvement, and user attitude
    • Barki, H., and Hartwick, J. 1994. "Measuring User Participation, User Involvement, and User Attitude," MIS Quarterly (18:1), pp. 59-82.
    • (1994) MIS Quarterly , vol.18 , Issue.1 , pp. 59-82
    • Barki, H.1    Hartwick, J.2
  • 5
    • 0022674542 scopus 로고
    • An empirical study of the impact of user involvement on system usage and information satisfaction
    • Baroudi, J. J., Olson, M. H., and Ives, B. 1986. "An Empirical Study of the Impact of User Involvement on System Usage and Information Satisfaction," Communications of the ACM (29:3), pp. 232-238.
    • (1986) Communications of the ACM , vol.29 , Issue.3 , pp. 232-238
    • Baroudi, J.J.1    Olson, M.H.2    Ives, B.3
  • 6
    • 0003095695 scopus 로고    scopus 로고
    • The partial least squares approach to structural equation modeling
    • G. A. Marcoulides (ed.), Mahwah, NJ: Lawrence Erlbaum Associates
    • Chin, W. W. 1998. "The Partial Least Squares Approach to Structural Equation Modeling," in Modern Methods for Business Research, G. A. Marcoulides (ed.), Mahwah, NJ: Lawrence Erlbaum Associates, pp. 295-336.
    • (1998) Modern Methods for Business Research , pp. 295-336
    • Chin, W.W.1
  • 7
    • 67649551429 scopus 로고    scopus 로고
    • User awareness of security countermeasures and its impact on information sy stems misuse: A deterrence approach
    • D'Arcy, J., Hovav, A., and Galletta, D. 2009. "User Awareness of Security Countermeasures and Its Impact on Information Sy stems Misuse: A Deterrence Approach," Information Systems Research (20:1), pp. 79-98.
    • (2009) Information Systems Research , vol.20 , Issue.1 , pp. 79-98
    • D'Arcy, J.1    Hovav, A.2    Galletta, D.3
  • 8
    • 3843085006 scopus 로고    scopus 로고
    • Response rate and response quality of internet-based surveys: An experimental study
    • Deutskens, E., de Ruyter, K., Wetzels, M., and Oosterveld, P. 2004. "Response Rate and Response Quality of Internet-Based Surveys: An Experimental Study," Marketing Letters (15:1), pp. 21-36.
    • (2004) Marketing Letters , vol.15 , Issue.1 , pp. 21-36
    • Deutskens, E.1    De Ruyter, K.2    Wetzels, M.3    Oosterveld, P.4
  • 9
    • 0002698747 scopus 로고    scopus 로고
    • Information system security management in the new millennium
    • Dhillon, G., and Backhouse, J. 2000. "Information System Security Management in the New Millennium," Communications of the ACM (43:7), pp. 125-128.
    • (2000) Communications of the ACM , vol.43 , Issue.7 , pp. 125-128
    • Dhillon, G.1    Backhouse, J.2
  • 10
    • 0035658603 scopus 로고    scopus 로고
    • Computer crimes: Theorizing about the enemy within
    • Dhillon, G., and Moores, S. 2001. "Computer Crimes: Theorizing About the Enemy Within," Computers & Security (20:8), pp. 715-723.
    • (2001) Computers & Security , vol.20 , Issue.8 , pp. 715-723
    • Dhillon, G.1    Moores, S.2
  • 11
    • 49049114397 scopus 로고    scopus 로고
    • The centrality of awareness in the formation of user behavioral intention toward protective information technologies
    • Dinev, T., and Hu, Q. 2007. "The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies," Journal of the Association for Information Systems (8:7), pp. 386-408.
    • (2007) Journal of the Association for Information Systems , vol.8 , Issue.7 , pp. 386-408
    • Dinev, T.1    Hu, Q.2
  • 12
    • 25144436981 scopus 로고    scopus 로고
    • Do information security policies reduce the incidence of security breaches: An exploratory analysis
    • Doherty, N. F., and Fulford, H. 2005. "Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis," Information Resources Management Journal (18:4), pp. 21-39.
    • (2005) Information Resources Management Journal , vol.18 , Issue.4 , pp. 21-39
    • Doherty, N.F.1    Fulford, H.2
  • 13
    • 41749105994 scopus 로고    scopus 로고
    • End-user security culture: A lesson that will never be learnt?
    • Furnell, S. 2008. "End-User Security Culture: A Lesson That Will Never Be Learnt?" Computer Fraud & Security (2008:4), pp. 6-9.
    • (2008) Computer Fraud & Security , vol.2008 , Issue.4 , pp. 6-9
    • Furnell, S.1
  • 14
    • 21344479361 scopus 로고
    • Integrating case study and survey research methods: An example in information systems
    • Gable, G. G. 1994. "Integrating Case Study and Survey Research Methods: An Example in Information Systems," European Journal of Information Systems (3:2), pp. 112-117.
    • (1994) European Journal of Information Systems , vol.3 , Issue.2 , pp. 112-117
    • Gable, G.G.1
  • 15
    • 77957053408 scopus 로고    scopus 로고
    • Comparative analysis of select provisions of the sarbanes-oxley act with the european union's eighth directive
    • Girasa, R. J., Ulinksi, M. 2007. "Comparative Analysis of Select Provisions of the Sarbanes-Oxley Act with the European Union's Eighth Directive," The Business Review (9:1), pp. 36-41.
    • (2007) The Business Review , vol.9 , Issue.1 , pp. 36-41
    • Girasa, R.J.1    Ulinksi, M.2
  • 16
    • 0001823869 scopus 로고
    • Security concerns of system users: A study of perceptions of the adequacy of security
    • Goodhue, D. L., and Straub, D. W. 1991. "Security Concerns of System Users: A Study of Perceptions of the Adequacy of Security," Information & Management (20), pp. 13-27.
    • (1991) Information & Management , vol.20 , pp. 13-27
    • Goodhue, D.L.1    Straub, D.W.2
  • 18
    • 84986097800 scopus 로고    scopus 로고
    • A business approach to effective information technology risk analysis and management
    • Halliday, S., Badenhorst, K., and von Solms, R. 1996. "A Business Approach to Effective Information Technology Risk Analysis and Management," Information Management & Computer Security (4:1), pp. 19-31.
    • (1996) Information Management & Computer Security , vol.4 , Issue.1 , pp. 19-31
    • Halliday, S.1    Badenhorst, K.2    Von Solms, R.3
  • 20
    • 85050649674 scopus 로고
    • Explaining the role of user participation in information system use
    • Hartwick, J., and Barki, H. 1994. "Explaining the Role of User Participation in Information System Use," Management Science (40:4), pp. 440-465.
    • (1994) Management Science , vol.40 , Issue.4 , pp. 440-465
    • Hartwick, J.1    Barki, H.2
  • 23
    • 0012213034 scopus 로고    scopus 로고
    • ISO/IEC 17799:2000(E), International Organization for Standardization (available online at)
    • ISO/IEC . 2000. "Information Technology-Code of Practice for Information Security Management," ISO/IEC 17799:2000(E), International Organization for Standardization (available online at httrp://www.iso.org/iso/ catalogue-detail?csnumber=33441).
    • (2000) Information Technology-Code of Practice for Information Security Management
  • 24
    • 14944365473 scopus 로고    scopus 로고
    • ITGI., Rolling Meadows, IL: IT Governance Institute.
    • ITGI. 2004. "IT Control Objectives for Sarbanes-Oxley," Rolling Meadows, IL: IT Governance Institute.
    • (2004) IT Control Objectives for Sarbanes-oxley
  • 25
    • 77957068095 scopus 로고    scopus 로고
    • ITGI., (4.0 ed.), Rolling Meadows, IL: IT Governance Institute.
    • ITGI. 2005. COBIT (4.0 ed.), Rolling Meadows, IL: IT Governance Institute.
    • (2005) COBIT
  • 26
    • 0001244239 scopus 로고
    • User involvement and mis success: A review of research
    • Ives, B., and Olson, M. H. 1984. "User Involvement and MIS Success: A Review of Research," Management Science (30:5), pp. 586-603.
    • (1984) Management Science , vol.30 , Issue.5 , pp. 586-603
    • Ives, B.1    Olson, M.H.2
  • 28
    • 0242424963 scopus 로고    scopus 로고
    • A critical review of construct indicators and measurement model misspecification in marketing and consumerresearch
    • Jarvis, C. B., Mackenzie, S. B., and Podsakoff, P. M. 2003. "A Critical Review of Construct Indicators and Measurement Model Misspecification in Marketing and ConsumerResearch,"Journal of Consumer Research (30:2), pp. 199-218.
    • (2003) Journal of Consumer Research , vol.30 , Issue.2 , pp. 199-218
    • Jarvis, C.B.1    MacKenzie, S.B.2    Podsakoff, P.M.3
  • 29
    • 55249113766 scopus 로고
    • Combining qualitative and quantitative methods in information systems research: A case study
    • Kaplan, B., and Duchon, D. 1988. "Combining Qualitative and Quantitative Methods in Information Systems Research: A Case Study," MIS Quarterly (12:4), pp. 571-586.
    • (1988) MIS Quarterly , vol.12 , Issue.4 , pp. 571-586
    • Kaplan, B.1    Duchon, D.2
  • 30
  • 31
    • 1242263532 scopus 로고    scopus 로고
    • Why there aren't more information security research studies
    • Kotulic, A., and Clark, J. G. 2004. "Why There Aren't More Information Security Research Studies," Information & Management (41), pp. 597-607.
    • (2004) Information & Management , vol.41 , pp. 597-607
    • Kotulic, A.1    Clark, J.G.2
  • 32
    • 84985239893 scopus 로고
    • Cognitive and motivational effects of participation: A mediator study
    • Latham, G. P., Winters, D. C., and Locke, E. A. 1994. "Cognitive and Motivational Effects of Participation: A Mediator Study," Journal of Organizational Behavior (15:1), pp. 49-63.
    • (1994) Journal of Organizational Behavior , vol.15 , Issue.1 , pp. 49-63
    • Latham, G.P.1    Winters, D.C.2    Locke, E.A.3
  • 33
    • 0346383178 scopus 로고
    • Lee, A. S. 1991. "Integrating Positivist and Interpretive Approaches to Organizational Research," Organization Science (2:4), pp. 342-365.
    • (1991) Organization Science , vol.2 , Issue.4 , pp. 342-365
    • Lee, A.S.1
  • 35
    • 33749667926 scopus 로고    scopus 로고
    • Participation in development and implementation-Updating an old, tired concept for today's is contexts
    • Markus, M. L., and Mao, J.-Y. 2004. "Participation in Development and Implementation-Updating an Old, Tired Concept for Today's IS Contexts," Journal ofthe Association for Information Systems (5:11-12), pp. 514-544.
    • (2004) Journal Ofthe Association for Information Systems , vol.5 , Issue.11-12 , pp. 514-544
    • Markus, M.L.1    Mao, J.-Y.2
  • 36
    • 77957079431 scopus 로고    scopus 로고
    • Information system risk assessment and documentation
    • D. W. Straub, S. Goodman, and R. L. Baskerville (eds.), Armonk, NY: M. E. Sharpe, Inc.
    • Mattord, H. J., and Want, T. 2008. "Information System Risk Assessment and Documentation," in Information Security: Policy, Processes, and Practices, D. W. Straub, S. Goodman, and R. L. Baskerville (eds.), Armonk, NY: M. E. Sharpe, Inc., pp. 69-111.
    • (2008) Information Security Policy Processes and Practices , pp. 69-111
    • Mattord, H.J.1    Want, T.2
  • 37
    • 15744399299 scopus 로고    scopus 로고
    • Security and risk management: A fundamental business issue
    • McAdams, A. 2004. "Security and Risk Management: A Fundamental Business Issue," Information Management Journal (38:4), pp. 36-44.
    • (2004) Information Management Journal , vol.38 , Issue.4 , pp. 36-44
    • McAdams, A.1
  • 40
    • 0035599029 scopus 로고    scopus 로고
    • Combining is research methods: Towards a pluralist methodology
    • Mingers, J. 2001. "Combining IS Research Methods: Towards a Pluralist Methodology," Information Systems Research (12:3), pp. 240-259.
    • (2001) Information Systems Research , vol.12 , Issue.3 , pp. 240-259
    • Mingers, J.1
  • 41
    • 33846313618 scopus 로고    scopus 로고
    • The qualitative interview in is research: Examining the craft
    • Myers, M. D., and Newman, M. 2007. "The Qualitative Interview in IS Research: Examining the Craft," Information and Organization (17:1), pp. 2-26.
    • (2007) Information and Organization , vol.17 , Issue.1 , pp. 2-26
    • Myers, M.D.1    Newman, M.2
  • 42
    • 8744278901 scopus 로고    scopus 로고
    • A typology of research purposes and its relationship to mixed methods research
    • A. Tashakkori and C. B. Teddlie (eds.), Thousand Oaks, CA: Sage Publications.
    • Newman, I., Ridenour, C., Newman, C., and DeMarco, G. M. P. 2002. "A Typology of Research Purposes and Its Relationship to Mixed Methods Research," in Handbook of Mixed Methods Social and Behavioral Research, A. Tashakkori and C. B. Teddlie (eds.), Thousand Oaks, CA: Sage Publications.
    • (2002) Handbook of Mixed Methods Social and Behavioral Research
    • Newman, I.1    Ridenour, C.2    Newman, C.3    Demarco, G.M.P.4
  • 43
    • 77957088104 scopus 로고    scopus 로고
    • NIST., 800-12, National Institute of Standards and Technology, U.S. Department of Commerce, Washington, DC.
    • NIST. 2004. "Chapter 7: Computer Security Risk Management," 800-12, National Institute of Standards and Technology, U.S. Department of Commerce, Washington, DC.
    • (2004) Chapter 7 Computer Security Risk Management
  • 45
    • 84986106204 scopus 로고    scopus 로고
    • Comparing respondents of e-mail and mail surveys: Understanding the implications of technology
    • Ranchhod, A., and Zhou, F. 2001. "Comparing Respondents of E-Mail and Mail Surveys: Understanding the Implications of Technology," Marketing Intelligence & Planning (19:4), pp. 254-262.
    • (2001) Marketing Intelligence & Planning , vol.19 , Issue.4 , pp. 254-262
    • Ranchhod, A.1    Zhou, F.2
  • 46
    • 77957059379 scopus 로고    scopus 로고
    • Implementing a security awareness program
    • H. Bidgoli (ed.), New York: John Wiley & Sons, Inc.
    • Rudolph, K. 2006. "Implementing a Security Awareness Program," in Handbook of Information Security, H. Bidgoli (ed.), New York: John Wiley & Sons, Inc., pp. 766-785.
    • (2006) Handbook of Information Security , pp. 766-785
    • Rudolph, K.1
  • 47
    • 85085787165 scopus 로고    scopus 로고
    • th Congress (available online at)
    • th Congress (available online at http://corporate.findlaw. com/industry/corporate/docs/publ107.204.pdf)
  • 48
    • 9744263513 scopus 로고    scopus 로고
    • Analysis by long walk: Some approaches to the synthesis of multiple sources of evidence
    • E. M. Trauth (ed.), Hershey, PA: IDEA Group Publishing
    • Sawyer, S. 2001. "Analysis by Long Walk: Some Approaches to the Synthesis of Multiple Sources of Evidence," in Qualitative Research in IS: Issues and Trends, E. M. Trauth (ed.), Hershey, PA: IDEA Group Publishing, pp. 163-189.
    • (2001) Qualitative Research in IS Issues and Trends , pp. 163-189
    • Sawyer, S.1
  • 49
    • 0033683516 scopus 로고    scopus 로고
    • A conceptual foundation for organizational information security awareness
    • Siponen, M. T. 2000a. "A Conceptual Foundation for Organizational Information Security Awareness," Information Management & Computer Security (8:1), pp. 31-41.
    • (2000) Information Management & Computer Security , vol.8 , Issue.1 , pp. 31-41
    • Siponen, M.T.1
  • 50
    • 8744290801 scopus 로고    scopus 로고
    • Critical analysis of different approaches to minimizing user-related faults in information systems security: Implications for research and practice
    • Siponen, M. T. 2000b. "Critical Analysis of Different Approaches to Minimizing User-Related Faults in Information Systems Security: Implications for Research and Practice," Information Management & Computer Security (8:5), pp. 197-210.
    • (2000) Information Management & Computer Security , vol.8 , Issue.5 , pp. 197-210
    • Siponen, M.T.1
  • 51
    • 53049103906 scopus 로고    scopus 로고
    • Five dimensions of information security awareness
    • Siponen, M. T. 2001. "Five Dimensions of Information Security Awareness," Computers and Society (31:2), pp. 24-29.
    • (2001) Computers and Society , vol.31 , Issue.2 , pp. 24-29
    • Siponen, M.T.1
  • 52
    • 24644436394 scopus 로고    scopus 로고
    • Analysis of modern is security development approaches: Towards the next generation of social and adaptable iss methods
    • Siponen, M. T. 2005. "Analysis of Modern IS Security Development Approaches: Towards the Next Generation of Social and Adaptable ISS Methods," Information and Organization (15:1), pp. 339-375.
    • (2005) Information and Organization , vol.15 , Issue.1 , pp. 339-375
    • Siponen, M.T.1
  • 53
    • 84883216570 scopus 로고    scopus 로고
    • A holistic risk analysis method for identifying information security risks
    • P. Dowland, S. Furnell, B. Thuraisingham, and X. S. Wang (eds.), New York: Springer
    • Spears, J. L. 2005. "A Holistic Risk Analysis Method for Identifying Information Security Risks," in Security Management, Integrity, and Internal Control in Information Systems, P. Dowland, S. Furnell, B. Thuraisingham, and X. S. Wang (eds.), New York: Springer, pp. 185-202.
    • (2005) Security Management Integrity and Internal Control in Information Systems , pp. 185-202
    • Spears, J.L.1
  • 57
    • 0001133137 scopus 로고    scopus 로고
    • Coping with systems risk: Security planning models for management decision making
    • Straub, D., and Welke, R. 1998. "Coping with Systems Risk: Security Planning Models for Management Decision Making," MIS Quarterly (22:4), pp. 441-469.
    • (1998) MIS Quarterly , vol.22 , Issue.4 , pp. 441-469
    • Straub, D.1    Welke, R.2
  • 58
    • 0141919268 scopus 로고    scopus 로고
    • The is risk analysis based on a business model
    • Suh, B., and Han, I. 2003. "The IS Risk Analysis Based on a Business Model," Information & Management (41:2), pp. 149-158.
    • (2003) Information & Management , vol.41 , Issue.2 , pp. 149-158
    • Suh, B.1    Han, I.2
  • 59
    • 0001230888 scopus 로고
    • Management information systems: Appreciation and involvement
    • Swanson, E. B. 1974. "Management Information Systems: Appreciation and Involvement," Management Science (21:2), pp. 178-188.
    • (1974) Management Science , vol.21 , Issue.2 , pp. 178-188
    • Swanson, E.B.1
  • 60
    • 0037521941 scopus 로고    scopus 로고
    • The choice of qualitative methods in is research
    • E. M. Trauth (ed.), Hershey, PA: IDEA Group Publishing
    • Trauth, E. M. 2001. "The Choice of Qualitative Methods in IS Research," in Qualitative Research in IS: Issues and Trends, E. M. Trauth (ed.), Hershey, PA: IDEA Group Publishing, pp. 1-19.
    • (2001) Qualitative Research in IS Issues and Trends , pp. 1-19
    • Trauth, E.M.1
  • 62
    • 1842503580 scopus 로고    scopus 로고
    • An encounter with grounded theory: Tackling the practical and philosophical issues
    • E. M. Trauth (ed.), Hershey, PA: IDEA Group Publishing
    • Urquhart, C. 2001. "An Encounter with Grounded Theory: Tackling the Practical and Philosophical Issues," in Qualitative Research in IS: Issues and Trends, E. M. Trauth (ed.), Hershey, PA: IDEA Group Publishing, pp. 104-140.
    • (2001) Qualitative Research in IS Issues and Trends , pp. 104-140
    • Urquhart, C.1
  • 63
    • 3042812983 scopus 로고    scopus 로고
    • The 10 deadly sins of information security management
    • von Solms, B., and von Solms, R. 2004. "The 10 Deadly Sins of Information Security Management," Computers & Security (23), pp. 371-376.
    • (2004) Computers & Security , vol.23 , pp. 371-376
    • Von Solms, B.1    Von Solms, R.2
  • 64
    • 34147134609 scopus 로고    scopus 로고
    • The weak link in it security
    • Wade, J. 2004. "The Weak Link in IT Security," Risk Management (51:7), pp. 32-37.
    • (2004) Risk Management , vol.51 , Issue.7 , pp. 32-37
    • Wade, J.1
  • 65
    • 1242265154 scopus 로고    scopus 로고
    • In defense of the realm: Understanding threats to information security
    • Whitman, M. E. 2004. "In Defense of the Realm: Understanding Threats to Information Security," International Journal of Information Management (24), pp. 43-57.
    • (2004) International Journal of Information Management , vol.24 , pp. 43-57
    • Whitman, M.E.1
  • 66
    • 85106093504 scopus 로고    scopus 로고
    • Security policy: From design to maintenance
    • D. W. Straub, S. Goodman, and R. L. Baskerville (eds.), Armonk, NY: M. E. Sharpe, Inc.
    • Whitman, M. E. 2008. "Security Policy: From Design to Maintenance," in Information Security: Policy, Processes, and Practices, D. W. Straub, S. Goodman, and R. L. Baskerville (eds.), Armonk, NY: M. E. Sharpe, Inc., pp. 123-151.
    • (2008) Information Security Policy Processes and Practices , pp. 123-151
    • Whitman, M.E.1


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.