Why there aren't more information security research studies

Authors:
Andrew G. Kotulic;Jan Guynes Clark
Affiliations:
Kent State University, Kent, OH;Department of Information Systems, The University of Texas at San Antonio, 6900 N. Loop 1604 West, San Antonio, TX
Venue:
Information and Management
Year:
2004

Citing 13
Cited 28

Determinants of success for computer usage in small business

MIS Quarterly
Managerial influence in the implementation of new technology

Management Science
Quality control of personal computing

Journal of Systems Management
Characteristics of risk taking executives

Management Science
Security concerns of system users: a study of perceptions of the adequacy of security

Information and Management
Executive involvement and participation in the management of information technology

MIS Quarterly
New information systems leaders: a changing role in a changing world

MIS Quarterly
Measurement: a blueprint for theory-building in MIS

Information and Management
A comparative framework for risk analysis methods

Computers and Security
Implementing information technology for competitive advantage: risk management issues

Information and Management
Shaping the future: business design through information technology

Shaping the future: business design through information technology
A model of user information satisfaction

ACM SIGMIS Database
Coping with systems risk: security planning models for management decision making

MIS Quarterly

Is Information Security Under Control?: Investigating Quality in Information Security Management

IEEE Security and Privacy
Threats and countermeasures for information system security: A cross-industry study

Information and Management
Danger is in the eye of the beholders: Social representations of Information Systems security in healthcare

The Journal of Strategic Information Systems
Human, organizational, and technological factors of IT security

CHI '08 Extended Abstracts on Human Factors in Computing Systems
Protection against unauthorized access and computer crime in Norwegian enterprises

Journal of Computer Security - The Third IEEE International Symposium on Security in Networks and Distributed Systems
Security practitioners in context: Their activities and interactions with other stakeholders within organizations

International Journal of Human-Computer Studies
Fuzzy cognitive map based on structural equation modeling for the design of controls in business-to-consumer e-commerce web-based systems

Expert Systems with Applications: An International Journal
Estimating the market impact of security breach announcements on firm values

Information and Management
Using data envelopment analysis and decision trees for efficiency analysis and recommendation of B2C controls

Decision Support Systems
Metrics for characterizing the form of security policies

The Journal of Strategic Information Systems
The hybrid model of neural networks and genetic algorithms for the design of controls for internet-based systems for business-to-consumer electronic commerce

Expert Systems with Applications: An International Journal
Assessing the severity of phishing attacks: A hybrid data mining approach

Decision Support Systems
Detecting complex account fraud in the enterprise: The role of technical and non-technical controls

Decision Support Systems
Circuits of power: a study of mandated compliance to an information systems security de jure standard in a government organization

MIS Quarterly
User participation in information systems security risk management

MIS Quarterly
Heuristics for evaluating IT security management tools

Proceedings of the Seventh Symposium on Usable Privacy and Security
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model

Journal of Management Information Systems
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory

Information and Management
The information security policy unpacked: A critical study of the content of university policies

International Journal of Information Management: The Journal for Information Professionals
Institutional Influences on Information Systems Security Innovations

Information Systems Research
Cyber security exercises and competitions as a platform for cyber security experiments

NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Choice of governance mechanisms to promote information sharing via boundary objects in the disaster recovery process

Information Systems Frontiers
Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis

Information Resources Management Journal
IS Security Policy Violations: A Rational Choice Perspective

Journal of Organizational and End User Computing
Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition

Information and Management
Employees' adherence to information security policies: An exploratory field study

Information and Management
Perceived information security of internal users in Indian IT services industry

Information Technology and Management
Insiders' protection of organizational information assets: development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors

MIS Quarterly

Quantified Score

Hi-index	0.00

Visualization

Abstract

Noting a serious lack of empirical research in the area of security risk management (SRM), we proposed a conceptual model based on the study of SRM at the firm level. Although considerable time and effort were expended in attempting to validate the usefulness of the proposed model, we were not successful. We provide here a description of our conceptual model, the methodology designed to test this model, the problems we faced while attempting to test the model, and our suggestions for those who attempt to conduct work in highly sensitive areas.