In defense of the realm: understanding the threats to information security

The popular press is replete with information about attacks on information systems. Viruses, worms, hackers, and employee abuse and misuse have created a dramatic need for understanding and implementing quality information security. In order to accomplish this, an organization must begin with the identification and prioritization of the threats it faces, as well as the vulnerabilities inherent in the systems and methods within the organization. This study seeks to identify and rank current threats to information security, and to present current perceptions of the level of severity these threats present. It also seeks to provide information on the frequency of attacks from these threats and the prioritization for expenditures organizations are placing in order to protect against them. The study then will compare these findings with those of previous surveys.

[1]  Susan J. Harrington,et al.  The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions , 1996, MIS Q..

[2]  Donn B. Parker,et al.  Fighting computer crime , 1983 .

[3]  Michael Grüninger,et al.  Introduction , 2002, CACM.

[4]  K ChengHsing,et al.  To purchase or to pirate software , 1997 .

[5]  Anthony M. Townsend,et al.  Information Systems Security and the Need for Policy , 2001 .

[6]  W StraubDetmar,et al.  Coping with systems risk , 1998 .

[7]  Rayford B. Vaughn,et al.  Integration of computer security into the software engineering and computer science programs , 1999, J. Syst. Softw..

[8]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[9]  S. Madnick Management policies and procedures needed for effective computer security. , 1978, Sloan management review.

[10]  Alan Boulanger Catapults and Grappling Hooks: The Tools and Techniques of Information Warfare , 1998, IBM Syst. J..

[11]  C. Stoll The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage , 1990 .

[12]  Ken Wong,et al.  Computer crime - Risk management and computer security , 1985, Comput. Secur..

[13]  Katie Hafner,et al.  Cyberpunk: Outlaws and Hackers on the Computer Frontier , 1991 .

[14]  Magid Igbaria,et al.  Personal Computing Acceptance Factors in Small Firms: A Structural Equation Model , 1997, MIS Q..

[15]  R. Power CSI/FBI computer crime and security survey , 2001 .

[16]  Anthony R. Hendrickson,et al.  Cross-national Differences in Computer-Use Ethics: A Nine-country Study , 1999 .

[17]  James Marting,et al.  Security, Accuracy, and Privacy in Computer Systems , 1973 .

[18]  Jan Hruska Computer Viruses and Anti-Virus Warfare , 1993 .

[19]  James C. Wetherbe,et al.  Key issues in information systems management , 1987 .

[20]  J. S. Leming,et al.  Cheating Behavior, Situational Influence, and Moral Development , 1978 .

[21]  Ram D. Gopal,et al.  Preventive and Deterrent Controls for Software Piracy , 1997, J. Manag. Inf. Syst..

[22]  D. Straub Effective IS Security , 1990 .

[23]  Cynthia E. Irvine,et al.  Goals for Computer Security Education , 1996, IEEE Symposium on Security and Privacy.

[24]  Mark Wilson,et al.  SP 800-16. Information Technology Security Training Requirements: a Role- and Performance-Based Model , 1998 .

[25]  BaskervilleRichard Information systems security design methods , 1993 .

[26]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[27]  David B. Paradice,et al.  The ethical decision-making processes of information systems workers , 1991 .

[28]  T. Whiteside,et al.  Computer capers : tables of electronic thievery, embezzlement, and fraud , 1978 .

[29]  Jr. D W Straub,et al.  Deviancy by bits and bytes: computer abusers and control measures , 1984 .

[30]  E. Turban,et al.  Information systems security: A managerial perspective , 1992 .

[31]  Jon Postel Book Review: The Cuckoo's Egg:Tracking a Spy through the Maze of Computer Espionage by Clifford Stoll (Doubleday 1989) , 1989, CCRV.

[32]  P. M. Podsakoff,et al.  Self-Reports in Organizational Research: Problems and Prospects , 1986 .

[33]  Patrick James McFadden Guarding Computer Data , 1997 .

[34]  Buck Bloombecker Spectacular Computer Crimes: What They Are and How They Cost American Business Half a Billion Dollars a Year , 1990 .

[35]  Philip E. Fites,et al.  The computer virus crisis , 1989 .

[36]  Charles C. Wood,et al.  Information Security Policies Made Easy , 1994 .

[37]  Joseph A. Cote,et al.  Estimating Trait, Method, and Error Variance: Generalizing across 70 Construct Validation Studies , 1987 .

[38]  Fred Niederman,et al.  Information Systems Management Issues for the 1990s , 1991, MIS Q..

[39]  Moshe Zviran,et al.  Password Security: An Empirical Study , 1999, J. Manag. Inf. Syst..

[40]  James C. Wetherbe,et al.  Key Issues in Information Systems - 1986 , 1987, MIS Q..

[41]  Anthony R. Hendrickson,et al.  An examination of cross-national differences , 1998, CSOC.

[42]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[43]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[44]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[45]  Detmar W. Straub,et al.  Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..

[46]  IgbariaMagid,et al.  Personal computing acceptance factors in small firms , 1997 .

[47]  Varun Grover,et al.  Profiles of Strategic Information Systems Planning , 1999, Inf. Syst. Res..

[48]  Cynthia E. Irvine,et al.  An Information Security Education Initiative for Engineering and Computer Science , 1997 .

[49]  Hsing K. Cheng,et al.  To Purchase or to Pirate Software: An Empirical Study , 1997, J. Manag. Inf. Syst..

[50]  Deborah A. Frincke,et al.  Integrating Security into the Curriculum , 1998, Computer.