IS Security Research: An Analysis and Integrative Framework for Future Work

Increased organizational reliance on information systems (IS) has led to a corresponding increase in the number of IS security breaches and their impact on organizations. As a result, a growing body of academic research that focuses on various aspects of IS security management has emerged. This work can be divided into three main categories: technical, financial/economic, and behavioral. This paper introduces the current state of IS security research in each of the three categories, proposes an integrative framework for the study of IS security, and presents topics that call for further investigation.

[1]  Sanjay Ranka,et al.  Detecting Internet worms at early stage , 2005, IEEE Journal on Selected Areas in Communications.

[2]  Anat Hovav,et al.  Capital market reaction to defective IT products: The case of computer viruses , 2005, Comput. Secur..

[3]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[4]  Sunil Hazari Perceptions of End-Users on the Requirements in Personal Firewall Software: An Exploratory Study , 2005, J. Organ. End User Comput..

[5]  Steven Furnell,et al.  Why users cannot use security , 2005, Comput. Secur..

[6]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[7]  Huseyin Cavusoglu,et al.  The Value of Intrusion Detection Systems in Information Technology Security Architecture , 2005, Inf. Syst. Res..

[8]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[9]  Huseyin Cavusoglu,et al.  The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..

[10]  Kregg Aytes,et al.  Computer Security and Risky Computing Practices: A Rational Choice Perspective , 2004, J. Organ. End User Comput..

[11]  Sang M. Lee,et al.  An integrative model of computer abuse based on social control and general deterrence theories , 2004, Inf. Manag..

[12]  Huseyin Cavusoglu,et al.  Model for Evaluating , 2022 .

[13]  Anat Hovav,et al.  The Impact of Virus Attack Announcements on the Market Value of Firms , 2004, Inf. Secur. J. A Glob. Perspect..

[14]  Helmut Schneider,et al.  The domino effect of password reuse , 2004, CACM.

[15]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[16]  Ephraim R. McLean,et al.  Key Issues for IT Executives , 2004, MIS Q. Executive.

[17]  Jeffrey M. Stanton,et al.  Behavioral Information Security: Two End User Survey Studies of Motivation and Security Practices , 2004, AMCIS.

[18]  Rahul Roy,et al.  Dynamics of organizational information security , 2003 .

[19]  Jan H. P. Eloff,et al.  Security and human computer interfaces , 2003, Comput. Secur..

[20]  A. Hovav,et al.  The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms , 2003 .

[21]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[22]  Chen Wang,et al.  Taxonomy of security considerations and software quality , 2003, CACM.

[23]  Izak Benbasat,et al.  The Identity Crisis Within the IS Discipline: Defining and Communicating the Discipline's Core Properties , 2003, MIS Q..

[24]  Lei Zhou,et al.  The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[25]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[26]  Sonia Fahmy,et al.  Analysis of vulnerabilities in Internet firewalls , 2003, Comput. Secur..

[27]  Michael L. Ettredge,et al.  Information Transfer Among Internet Firms: The Case of Hacker Attacks , 2002, J. Inf. Syst..

[28]  Krishnamurty Muralidhar,et al.  Policy and its impact on medical record security , 2003 .

[29]  Raymond R. Panko,et al.  Slammer: The First Blitz Worm , 2003, Commun. Assoc. Inf. Syst..

[30]  Kallol Kumar Bagchi,et al.  An Analysis of the Growth of Computer and Internet Security Breaches , 2003, Commun. Assoc. Inf. Syst..

[31]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[32]  Der-Chyuan Lou,et al.  Steganographic Method for Secure Communications , 2002, Comput. Secur..

[33]  Maria Papadaki,et al.  An experimental comparison of secret-based user authentication technologies , 2002, Inf. Manag. Comput. Secur..

[34]  Christian Payne,et al.  On the security of open source software , 2002, Inf. Syst. J..

[35]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[36]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[37]  R. Power CSI/FBI computer crime and security survey , 2001 .

[38]  Mikko T. Siponen,et al.  Critical analysis of different approaches to minimizing user-related faults in information systems security: implications for research and practice , 2000, Inf. Manag. Comput. Secur..

[39]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[40]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[41]  Paul Cronan,et al.  The impact of deterrent countermeasures upon individual intent to commit misuse: a behavioral approach , 2000 .

[42]  Rossouw von Solms,et al.  Information security awareness: educating your users effectively , 1998, Inf. Manag. Comput. Secur..

[43]  Gerald V. Post,et al.  The use and effectiveness of anti-virus software , 1998, Comput. Secur..

[44]  Ram D. Gopal,et al.  Preventive and Deterrent Controls for Software Piracy , 1997, J. Manag. Inf. Syst..

[45]  Susan J. Harrington,et al.  The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions , 1996, MIS Q..

[46]  Rossouw von Solms,et al.  A framework for information security evaluation , 1994, Inf. Manag..

[47]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[48]  David G. W. Birch,et al.  Risk analysis for Information Systems , 1992, J. Inf. Technol..

[49]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[50]  Eugene H. Spafford,et al.  Crisis and aftermath , 1989, Commun. ACM.

[51]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[52]  Charles R. Tittle,et al.  Sanctions and social deviance: The question of deterrence , 1980 .

[53]  William L. Maxwell,et al.  On the implementation of security measures in information systems , 1972, CACM.

[54]  Thomas M. Chen Trends in Viruses and Worms , 1904 .