An integrative study of information systems security effectiveness

Authors:
Atreyi Kankanhalli;Hock-Hai Teo;Bernard C. Y. Tan;Kwok-Kee Wei
Affiliations:
Department of Information Systems, School of Computing, National University of Singapore, 10 Kent Ridge Crescent, 119260, Singapore;Department of Information Systems, School of Computing, National University of Singapore, 10 Kent Ridge Crescent, 119260, Singapore;Department of Information Systems, School of Computing, National University of Singapore, 10 Kent Ridge Crescent, 119260, Singapore;Department of Information Systems, School of Computing, National University of Singapore, 10 Kent Ridge Crescent, 119260, Singapore
Venue:
International Journal of Information Management: The Journal for Information Professionals
Year:
2003

Citing 13
Cited 32

Computer abuse and security: Update on an empirical pilot study

ACM SIGSAC Review
Information systems security: management success factors

Computers and Security
Determinants of success for computer usage in small business

MIS Quarterly
Computer security policy: important issues

Computers and Security
Organization context and information systems success: a contingency approach

Journal of Management Information Systems
Discovering and disciplining computer abuse in organizations: a field study

MIS Quarterly
Security concerns of system users: a study of perceptions of the adequacy of security

Information and Management
Development of security policies

Computers and Security
Key issues in information systems management: 1994–95 SIM Delphi results

MIS Quarterly
Coping with systems risk: security planning models for management decision making

MIS Quarterly
Technical opinion: Information system security management in the new millennium

Communications of the ACM
Password security: an empirical study

Journal of Management Information Systems
Preventive and deterrent controls for software piracy

Journal of Management Information Systems

Threats and countermeasures for information system security: A cross-industry study

Information and Management
Preventing application software piracy: An empirical investigation of technical copy protections

The Journal of Strategic Information Systems
Global e-business: firm size, credibility and desirable modes of payment

International Journal of Business Information Systems
Human, organizational, and technological factors of IT security

CHI '08 Extended Abstracts on Human Factors in Computing Systems
Security lapses and the omission of information security measures: A threat control model and empirical test

Computers in Human Behavior
Voice enabling mobile financial services with multimodal transformation

International Journal of Mobile Communications
Studying users' computer security behavior: A health belief perspective

Decision Support Systems
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness

Decision Support Systems
Security practitioners in context: Their activities and interactions with other stakeholders within organizations

International Journal of Human-Computer Studies
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach

Information Systems Research
Fuzzy cognitive map based on structural equation modeling for the design of controls in business-to-consumer e-commerce web-based systems

Expert Systems with Applications: An International Journal
National information security policy and its implementation: A case study in Taiwan

Telecommunications Policy
Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers

Journal of Management Information Systems
Capturing user readiness to interact with information systems: an activity perspective

ACM SIGMIS Database
The role of task characteristics and organizational culture in non-work-related computing: a fit perspective

ACM SIGMIS Database
Using data envelopment analysis and decision trees for efficiency analysis and recommendation of B2C controls

Decision Support Systems
The hybrid model of neural networks and genetic algorithms for the design of controls for internet-based systems for business-to-consumer electronic commerce

Expert Systems with Applications: An International Journal
Assessing the severity of phishing attacks: A hybrid data mining approach

Decision Support Systems
An information systems security risk assessment model under uncertain environment

Applied Soft Computing
Neutralization: new insights into the problem of employee systems security policy violations

MIS Quarterly
Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness

MIS Quarterly
Information systems resources and information security

Information Systems Frontiers
Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies

Information and Management
Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea

Information and Management
A causal knowledge-based expert system for planning an Internet-based stock trading system

Expert Systems with Applications: An International Journal
Institutional Influences on Information Systems Security Innovations

Information Systems Research
The effects of multilevel sanctions on information security violations: A mediating model

Information and Management
Why aren't organizations adopting virtual worlds?

Computers in Human Behavior
Modifying smartphone user locking behavior

Proceedings of the Ninth Symposium on Usable Privacy and Security
Fuzzy Assessment of Health Information System Users' Security Awareness

Journal of Medical Systems
Perceived information security of internal users in Indian IT services industry

Information Technology and Management
Information security strategies: towards an organizational multi-strategy perspective

Journal of Intelligent Manufacturing

Quantified Score

Hi-index	0.00

Visualization

Abstract

As organizations become increasingly dependent on information systems (IS) for strategic advantage and operations, the issue of IS security also becomes increasingly important. In the interconnected electronic business environment of today, security concerns are paramount. Management must invest in IS security to prevent abuses that can lead to competitive disadvantage. Using the literature on security practices and organizational factors, this study develops an integrative model of IS security effectiveness and empirically tests the model. The data were collected through a survey of IS managers from various sectors of the economy. Small and medium-sized enterprises were found to engage in fewer deterrent efforts compared to larger organizations. Organizations with stronger top management support were found to engage in more preventive efforts than organizations with weaker support from higher management. Financial organizations were found to undertake more deterrent efforts and have stiffer deterrent severity than organizations in other sectors. Moreover, greater deterrent efforts and preventive measures were found to lead to enhanced IS security effectiveness. Implications of these findings for further research and practice are discussed.