Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
Authentication, access control, and audit
ACM Computing Surveys (CSUR)
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Modeling IT ethics: a study in situational ethics
MIS Quarterly
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Morality and Computers: Attitudes and Differences in Judgments
Information Systems Research
The Security of Confidential Numerical Data in Databases
Information Systems Research
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Security and privacy issues of handheld and wearable wireless devices
Communications of the ACM - Why CS students need math
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
The Value of Intrusion Detection Systems in Information Technology Security Architecture
Information Systems Research
Market for Software Vulnerabilities? Think Again
Management Science
International Journal of Electronic Commerce
Editor's comment: theoretically speaking
MIS Quarterly
Internet infrastructure security: a taxonomy
IEEE Network: The Magazine of Global Internetworking
Detecting complex account fraud in the enterprise: The role of technical and non-technical controls
Decision Support Systems
Are markets for vulnerabilities effective?
MIS Quarterly
Institutional Influences on Information Systems Security Innovations
Information Systems Research
Hacker Behavior, Network Effects, and the Security Software Market
Journal of Management Information Systems
Patch Release Behaviors of Software Vendors in Response to Vulnerabilities: An Empirical Analysis
Journal of Management Information Systems
Hi-index | 0.00 |
No longer the exclusive domain of technology experts, information security is now a management issue. Through a grounded approach using interviews, observations, and secondary data, we advance a model of the information security compromise process from the perspective of the attacked organization. We distinguish between deliberate and opportunistic paths of compromise through the Internet, labeled choice and chance, and include the role of countermeasures, the Internet presence of the firm, and the attractiveness of the firm for information security compromise. Further, using one year of alert data from intrusion detection devices, we find empirical support for the key contributions of the model. We discuss the implications of the model for the emerging research stream on information security in the information systems literature.