1985 Opinion survey of MIS managers: Key issues
MIS Quarterly
Computer abuse and security: Update on an empirical pilot study
ACM SIGSAC Review
Deviancy by bits and bytes: computer abusers and control measures
Proceedings of the 2nd IFIP international conference on Computer security: a global challenge
Designing information systems security
Designing information systems security
A context for information systems security planning
Computers and Security
Risk analysis and computer security: towards a theory at last
Computers and Security
Framework of a methodology for the life cycle of computer security in an organization
Computers and Security
Security concerns of system users: a study of perceptions of the adequacy of security
Information and Management
One approach to risk assessment
Computers and Security
Risk analysis as a source of professional knowledge
Computers and Security
Disaster recovery: an unnecessary cost burden or an essential feature of DP installation?
Computers and Security
A report on the joint CIMA and IIA computer fraud survey
Computers and Security
The effect of preventive and deterrent software piracy strategies on producer profits
ICIS '92 Proceedings of the thirteenth international conference on Information systems
Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
Communications of the ACM
A comparative framework for risk analysis methods
Computers and Security
A framework for information security evaluation
Information and Management
Modeling IT ethics: a study in situational ethics
MIS Quarterly
Diversity in information systems action research methods
European Journal of Information Systems
Computer Security Management
Information Systems Security
Fighting Computer Crime
Security, Accuracy, and Privacy in Computer Systems
Security, Accuracy, and Privacy in Computer Systems
Detering Highly Motivated Computer Abusers: A Field Experiment in Computer Security
IFIP/Sec '92 Proceedings of the IFIP TC11, Eigth International Conference on Information Security: IT Security: The Need for International Cooperation
Preventive and deterrent controls for software piracy
Journal of Management Information Systems
Security risk assessment in electronic data processing systems
AFIPS '77 Proceedings of the June 13-16, 1977, national computer conference
Current technological impediments to business-to-consumer electronic commerce
Communications of the AIS
Professional ethics in information systems: a personal perspective
Communications of the AIS
Five dimensions of information security awareness
ACM SIGCAS Computers and Society
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Enemy at the gate: threats to information security
Communications of the ACM - Program compaction
Development of a measure for the information technology infrastructure construct
European Journal of Information Systems
Journal of Computer Security - IFIP 2000
Managing vulnerabilities of information systems to security incidents
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
Communications of the ACM - Mobile computing opportunities and challenges
Why there aren't more information security research studies
Information and Management
An integrative model of computer abuse based on social control and general deterrence theories
Information and Management
ICEC '04 Proceedings of the 6th international conference on Electronic commerce
Efficiency analysis of controls in EDI applications
Information and Management
Spyware: a little knowledge is a wonderful thing
Communications of the ACM - Spyware
A review of information security issues and respective research contributions
ACM SIGMIS Database
Understanding the perpetration of employee computer crime in the organisational context
Information and Organization
Journal of Management Information Systems
Threats and countermeasures for information system security: A cross-industry study
Information and Management
The Journal of Strategic Information Systems
Consumer and Business Deception on the Internet: Content Analysis of Documentary Evidence
International Journal of Electronic Commerce
Network externalities, layered protection and IT security risk management
Decision Support Systems
Necessary measures: metric-driven information security risk assessment and decision making
Communications of the ACM
Deterring internal information systems misuse
Communications of the ACM
Understanding the effects of relationships on the intention of a firm to adopt e-banking
International Journal of Electronic Finance
Integrating security and usability into the requirements and design process
International Journal of Electronic Security and Digital Forensics
Do secure information system design methods provide adequate modeling support?
Information and Software Technology
Knowledge management within information security: the case of Barings Bank
International Journal of Business Information Systems
Internet privacy concerns and beliefs about government surveillance - An empirical investigation
The Journal of Strategic Information Systems
Computers in Human Behavior
The near real time statistical asset priority driven (nrtsapd) risk assessment methodology
SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
Improved security through information security governance
Communications of the ACM - Rural engineering development
Gaining Access with Social Engineering: An Empirical Study of the Threat
Information Systems Security
Journal of the American Society for Information Science and Technology
In a 'trusting' environment, everyone is responsible for information security
Information Security Tech. Report
Conceptual framework on risk management in IT outsourcing projects
WSEAS Transactions on Information Science and Applications
International Journal of Human-Computer Studies
Studying users' computer security behavior: A health belief perspective
Decision Support Systems
Formalizing information security knowledge
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Information Systems Research
Choice and Chance: A Conceptual Model of Paths to Information Security Compromise
Information Systems Research
National information security policy and its implementation: A case study in Taiwan
Telecommunications Policy
Building a better password: the role of cognitive load in information security training
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
The impact of trust, risk and optimism bias on E-file adoption
Information Systems Frontiers
Firm objectives, IT alignment, and information security
IBM Journal of Research and Development
A web-based multi-perspective decision support system for information security planning
Decision Support Systems
Metrics for characterizing the form of security policies
The Journal of Strategic Information Systems
Proceedings of the 2010 workshop on New security paradigms
Detecting complex account fraud in the enterprise: The role of technical and non-technical controls
Decision Support Systems
Does deterrence work in reducing information security policy abuse by employees?
Communications of the ACM
An information systems security risk assessment model under uncertain environment
Applied Soft Computing
Information systems resources and information security
Information Systems Frontiers
Journal of Management Information Systems
Cultural and organisational commitment in the context of e-banking
International Journal of Internet Technology and Secured Transactions
Are markets for vulnerabilities effective?
MIS Quarterly
International Journal of Information Management: The Journal for Information Professionals
International Journal of Information Management: The Journal for Information Professionals
The information security policy unpacked: A critical study of the content of university policies
International Journal of Information Management: The Journal for Information Professionals
In defense of the realm: understanding the threats to information security
International Journal of Information Management: The Journal for Information Professionals
An integrative study of information systems security effectiveness
International Journal of Information Management: The Journal for Information Professionals
Institutional Influences on Information Systems Security Innovations
Information Systems Research
Explaining investors' reaction to internet security breach using deterrence theory
International Journal of Electronic Finance
Information Systems and e-Business Management
Theorizing Information Security Success: Towards Secure E-Government
International Journal of Electronic Government Research
A Six-View Perspective Framework for System Security: Issues, Risks, and Requirements
International Journal of Information Security and Privacy
Project Commitment in the Context of Information Security
International Journal of Information Technology Project Management
The effects of sanctions and stigmas on cyberloafing
Computers in Human Behavior
Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis
Information Resources Management Journal
Examining Digital Piracy: Self-Control, Punishment, and Self-Efficacy
Information Resources Management Journal
Journal of Organizational and End User Computing
Journal of Organizational and End User Computing
Information Resources Management Journal
Understanding insiders: An analysis of risk-taking behavior
Information Systems Frontiers
Style composition in action research publication
MIS Quarterly
The economic impact of cyber terrorism
The Journal of Strategic Information Systems
Managing SaaS Risk in Higher Education Organisations: A Case Study
International Journal of E-Business Research
Determining the antecedents of digital security practices in the general public dimension
Information Technology and Management
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
Journal of Organizational and End User Computing
A novel approach to evaluate software vulnerability prioritization
Journal of Systems and Software
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
Journal of Organizational and End User Computing
Information security strategies: towards an organizational multi-strategy perspective
Journal of Intelligent Manufacturing
Hi-index | 0.05 |
The likelihood that the firm's information systems are insufficiently protected against certain kinds of damage or loss is known as "systems risk." Risk can be managed or reduced when managers are aware of the full range of controls available and implement the most effective controls. Unfortunately, they often lack this knowledge, and their subsequent actions to cope with systems risk are less effective than they might otherwise be. This is one viable explanation for why losses from computer abuse and computer disasters today are uncomfortably large and still so potentially devastating after many years of attempting to deal with the problem. Results of comparative qualitative studies in two information services Fortune 500 firms identify an approach that can effectively deal with the problem. This theory-based security program includes (1) use of a security risk planning model, (2) education/training in security awareness, and (3) Countermeasure Matrix analysis.