Information systems security: A managerial perspective

Wilson, Janet; Turban, Efraim; Zviran, Moshe

doi:10.1016/0268-4012(92)90017-k

Cited by 10 publications

(6 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…''If you ask a computer security professional what the single most important thing you can do to protect your network is, they will unhesitatingly say that it is to write a good security policy'' (Wadlow, 2000). This policy is then translated into action through an effective security plan focusing on the prevention, detection, and correction of threats (Wilson, Turban, & Zviran, 1992). According to the Cutter Consortium (Cutter Consortium, 1999), in 1999 over 20% of responding businesses had no security policy, and almost 14% had no plans to develop one in the near future.…”

Section: The Need For Policymentioning

confidence: 99%

In defense of the realm: understanding the threats to information security

Whitman

2004

International Journal of Information Management

125

View full text Add to dashboard Cite

Section: The Need For Policymentioning

confidence: 99%

In defense of the realm: understanding the threats to information security

Whitman

2004

International Journal of Information Management

125

View full text Add to dashboard Cite

“…A diversidade de alvos que podem ser atacados contribui para a importância de práticas e procedimentos de segurança cibernética [Wilson et al 1992].…”

Section: Segurança Cibernéticaunclassified

Análise da Punição, Deteção e Comportamento dos Pares como Influências na Intenção de Cumprimento das Políticas de Segurança Cibernética nas Organizações

Dini

Oliveira

2013

Atas Da 13ª Conferência Da Associação Portuguesa De Sistemas De Informação

View full text Add to dashboard Cite

ResumoSegurança cibernética é um desafio de gestão que vem sendo enfrentado pelos mais diversos tipos de empresas do mundo todo. Contramedidas de proteção contra ataques cibernéticos de diversos tipos vem sendo adotadas por empresas, e barreiras como invasão de privacidade e perda de produtividade são questões a serem consideradas na sua adoção. Este trabalho tem o objetivo de analisar influências na intenção de cumprimento de políticas empresariais para segurança cibernética por funcionários em diferentes organizações. A revisão de literatura indica que os principais fatores de influência são (i) severidade da punição, (ii) certeza da detecção e (iii) comportamento de pares. Neste trabalho foi desenvolvida uma pesquisa quantitativa e descritiva para analisar a relação destes três fatores sobre a (iv) intenção de cumprimento das políticas de segurança nas organizações. A pesquisa foi elaborada por meio de survey com questionário de 11 questões para serem respondidas com base em escala Likert de 7 pontos. Os resultados apontam que fatores de (ii) certeza de detecção e (iii) comportamento dos pares são predecessores da (iv) intenção de cumprimento das políticas de segurança.

show abstract

“…Insiders, by definition, attack their employing organization, and are, therefore, engaging in targeted attacks, although the timing may be opportunistic. Frequently, insiders are disgruntled employees, motivated by specific employmentrelated grievances [Wilson et al, 1992;Dhillon and Moores, 2001;Rogers, 2006]. Such grievances tend to rationalize, or justify computer crimes in the mind of the insider.…”

Section: Offender-victim Relationshipmentioning

confidence: 99%

Improving Organizational Information Security Strategy via Meso-Level Application of Situational Crime Prevention to the Risk Management Process

Beebe

Rao

2010

CAIS

View full text Add to dashboard Cite

Existing approaches to formulating IS security strategy rely primarily on the risk management process and the application of baseline security standards (e.g., ISO 27002, previously ISO 17799). The use of existing approaches generally leads to measures that emphasize target hardening and incident detection. While such measures are appropriate and necessary, they do not capitalize on other measures, including those that surface when situational crime prevention (SCP) is applied to specific crimes. In particular, existing approaches do not typically surface measures designed to reduce criminal perceptions of the net benefits of the crime, or justification and provocation to commit the crime. However, the methods prescribed to-date for implementing SCP are cumbersome, requiring micro-level, individual analysis of crimes. In the current article, we propose that concepts derived from SCP can be strategically applied at an intermediate (meso) level of aggregation. We show that such meso-level application of SCP, when combined with the traditional risk management process, can reduce residual information security risk by identifying new strategies for combating computer crime. Using three illustrative cases, we demonstrate that the application of the proposed strategic approach does surface meaningful countermeasures not identified by the traditional risk management process alone.

show abstract

Information systems security: A managerial perspective

Cited by 10 publications

References 18 publications

In defense of the realm: understanding the threats to information security

In defense of the realm: understanding the threats to information security

Análise da Punição, Deteção e Comportamento dos Pares como Influências na Intenção de Cumprimento das Políticas de Segurança Cibernética nas Organizações

Improving Organizational Information Security Strategy via Meso-Level Application of Situational Crime Prevention to the Risk Management Process

Contact Info

Product

Resources

About