On security preparations against possible IS threats across industries

Purpose – Modernized information systems (IS) have brought enterprises not only enormous benefits, but also linked information threats. Most enterprises solve their IS security‐related problems using technical means alone, and focus on technical rather than managerial controls, which may imply potential crises. This study examines whether the security preparation of firms matches the severity of IS threats they perceive in developing countries, especially in issues concerning “people” and “administration”. Additionally, this study discusses appropriate threat mitigation strategies for the four sectors as well.Design/methodology/approach – Using an empirical study, this study explores the past and current concerns of IS threats of firms in different industries, and the countermeasures prepared by them to protect themselves from such threats. The empirical data was provided by 109 Taiwanese enterprises from four sectors.Findings – The analytical results revealed the differences in both the IS threats concer...

[1]  日本規格協会 情報セキュリティマネジメントシステム : 仕様及び利用の手引 : 英国規格 : BS7799-2:2002 = Information security management systems : specification with guidance for use : british standards : BS 7799-2:2002 , 2002 .

[2]  Stephen Hinde The law, cybercrime, risk assessment and cyber protection , 2003, Comput. Secur..

[3]  Lawrence A. Gordon,et al.  A framework for using insurance for cyber-risk management , 2003, Commun. ACM.

[4]  Ingoo Han,et al.  Security threats to Internet: a Korean multi-industry investigation , 2001, Inf. Manag..

[5]  Karen A. Forcht,et al.  Information Compilation and Disbursement: Moral, Legal and Ethical Considerations , 1994, Inf. Manag. Comput. Secur..

[6]  Kenneth L. Kraemer,et al.  Institutional Factors in Information Technology Innovation , 1994, Inf. Syst. Res..

[7]  William R. King,et al.  Organizational Characteristics and Information Systems Planning: An Empirical Study , 1994, Inf. Syst. Res..

[8]  Houston H. Carr,et al.  Risk Analysis for Information Technology , 1991, J. Manag. Inf. Syst..

[9]  Rossouw von Solms Information security management: The second generation , 1996, Comput. Secur..

[10]  Karen A. Forcht,et al.  Computer Security Management , 1993 .

[11]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[12]  Donald L. Pipkin Information Security: Protecting the Global Enterprise , 2000 .

[13]  Carol A. Siegel,et al.  Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security , 2002, Inf. Secur. J. A Glob. Perspect..

[14]  Rossouw von Solms,et al.  A framework for information security evaluation , 1994, Inf. Manag..

[15]  Anne Powell,et al.  Information Systems Management , 1997 .

[16]  Detmar W. Straub,et al.  Security concerns of system users: A study of perceptions of the adequacy of security , 1991, Inf. Manag..

[17]  Rossouw von Solms,et al.  The 10 deadly sins of information security management , 2004, Comput. Secur..

[18]  David G. W. Birch,et al.  Risk analysis for Information Systems , 1992, J. Inf. Technol..

[19]  Jon Ølnes,et al.  Development of security policies , 1994, Comput. Secur..

[20]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[21]  Blake Ives,et al.  Information Technology and Corporate Strategy: A View from the Top , 1990, Inf. Syst. Res..

[22]  Rossouw von Solms,et al.  Information security awareness: educating your users effectively , 1998, Inf. Manag. Comput. Secur..

[23]  Udo W. Pooch,et al.  Computer system and network security , 1995 .

[24]  David Icove,et al.  Computer crime - a crimefighter's handbook , 1995, Computer security.

[25]  Rossouw von Solms,et al.  A framework for the governance of information security , 2004, Comput. Secur..

[26]  Young,et al.  The Ernst & Young International Information Security Survey 1995 , 1996, Inf. Manag. Comput. Secur..

[27]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[28]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[29]  S. Madnick Management policies and procedures needed for effective computer security. , 1978, Sloan management review.

[30]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[31]  Michael E. Whitman,et al.  In defense of the realm: understanding the threats to information security , 2004, Int. J. Inf. Manag..

[32]  Neil F. Doherty,et al.  The application of information security policies in large UK-based organizations: an exploratory investigation , 2003, Inf. Manag. Comput. Secur..

[33]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[34]  Detmar W. Straub,et al.  Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..

[35]  Atul Gupta,et al.  Information systems security issues and decisions for small businesses: An empirical examination , 2005, Inf. Manag. Comput. Security.