A Reclassification of IS Security Analysis Approaches

The role of security management in the development and operation of information systems has a long tradition of research in computer science, information systems and management science. Integrating the economic, organizational, and technical aspects of information systems security analysis and assessment requires a bridging of these different research streams. We examined major articles published concerning IS security using a new classification scheme for IS security analysis and assessment approaches. We looked at approaches discussed in recent publications as well those examined as in past articles that have attempted to classify various approaches to IS security. This paper therefore organizes a diverse collection of literature into a cohesive whole with the aim of providing IS management with an overview of current security analysis approaches, thereby offering management an effective aide for selecting the methods best suited to their needs. Furthermore, this work structures IS security research into a classification scheme that can also be used in future research and practice.

[1]  Mikko T. Siponen,et al.  An analysis of the traditional IS security approaches: implications for research and practice , 2005, Eur. J. Inf. Syst..

[2]  Gurpreet Dhillon,et al.  Value‐focused assessment of information system security in organizations , 2006, Inf. Syst. J..

[3]  Shirley Gregor,et al.  The Nature of Theory in Information Systems , 2006, MIS Q..

[4]  Sebastiaan H. von Solms,et al.  Information Security Management: A Hierarchical Framework for Various Approaches , 2000, Comput. Secur..

[5]  Vincent LeVeque,et al.  Information Security: A Strategic Approach , 2006 .

[6]  Ulrich Faisst,et al.  Management operationeller Risiken : Status, Systemanforderungen und Perspektiven (Teil 2) , 2002 .

[7]  S. Berg Snowball Sampling—I , 2006 .

[8]  R. Nosofsky,et al.  Rules and exemplars in categorization, identification, and recognition. , 1989, Journal of experimental psychology. Learning, memory, and cognition.

[9]  C. Brodsky The Discovery of Grounded Theory: Strategies for Qualitative Research , 1968 .

[10]  Peter S. Browne,et al.  Security : Checklist for computer center self-audits , 1979 .

[11]  Richard T. Watson,et al.  Analyzing the Past to Prepare for the Future: Writing a Literature Review , 2002, MIS Q..

[12]  Huseyin Cavusoglu,et al.  Model for Evaluating , 2022 .

[13]  Yacov Y. Haimes,et al.  Are we forgetting the risks of information technology? , 2000, Computer.

[14]  Michael M. May,et al.  How much is enough? A risk management approach to computer security , 2000 .

[15]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[16]  Günter Müller Budgeting process for information security expenditures , 2006, Wirtsch..

[17]  Maia Daneva,et al.  Applying Real Options Thinking to Information Security in Networked Organizations , 2006 .

[18]  Evangelos A. Kiountouzis,et al.  The use of business process modelling in information systems security analysis and design , 2000, Inf. Manag. Comput. Secur..

[19]  Mikko T. Siponen,et al.  A Critical Assessment of IS Security Research between 1990-2004 , 2007, ECIS.

[20]  Robert Willison,et al.  A Critical assesment if IS Security Research Between , 2007 .

[21]  A. Sunyaev,et al.  IT-Standards and Standardization Approaches in Healthcare , 2008 .

[22]  Leonard I. Krauss,et al.  Safe: Security Audit and Field Evaluation for Computer Facilities and Information Systems , 1981 .

[23]  Marco Cremonini,et al.  Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA) , 2005, WEIS.

[24]  H. Raghav Rao,et al.  Security in grid computing: A review and synthesis , 2008, Decis. Support Syst..

[25]  Mikko T. Siponen,et al.  Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods , 2005, Inf. Organ..

[26]  Lawrence A. Gordon,et al.  Information Security Expenditures and Real Options: A Wait-and-See Approach , 2003 .

[27]  H. Mohr,et al.  A Critical Assessment , 1985, The Federal Estate Tax.

[28]  Ibrahim Sogukpinar,et al.  ISRAM: information security risk analysis method , 2005, Comput. Secur..

[29]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[30]  Ulrich Faisst,et al.  Ein Modell zur dynamischen Investitionsrechnung von IT-Sicherheitsmaßnahmen , 2007 .

[31]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[32]  Lawrence Bodin,et al.  Evaluating information security investments using the analytic hierarchy process , 2005, CACM.

[33]  Ketil Stølen,et al.  Model-based risk assessment to improve enterprise security , 2002, Proceedings. Sixth International Enterprise Distributed Object Computing.

[34]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[35]  Xiaomeng Su,et al.  An Overview of Economic Approaches to Information Security Management , 2006 .

[36]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[37]  A. Strauss,et al.  The discovery of grounded theory: strategies for qualitative research aldine de gruyter , 1968 .