Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/an-integrated-system-theory-of-information-security-management-7FkME2REg0
References (26)
-
日本規格協会 (2002)
情報セキュリティマネジメントシステム : 仕様及び利用の手引 : 英国規格 : BS7799-2:2002 = Information security management systems : specification with guidance for use : british standards : BS 7799-2:2002 -
R.C. Reid, S.A. Floyd
Extending the risk analysis model to include market insurance -
R. Weber
Information System Control and Audit -
E. Schultz, R. Proctor, M. Lien, G. Salvendy (2001)
Usability and Security An Appraisal of Usability Issues in Information Security MethodsComput. Secur., 20
-
Marie Wright (1999)
Third generation risk management practicesComputer Fraud & Security, 1999
-
ISO/IEC 17799
Information Technology Code of Practice for Information Services -
M. Eloff, S. Solms (2000)
Information Security Management: An Approach to Combine Process Certification And Product EvaluationComput. Secur., 19
-
J. Sherwood (1996)
SALSA: A method for developing the enterprise security architecture and strategyComput. Secur., 15
-
F. Luthans, R. Schonberger, R. Morey (1976)
Introduction to management : a contingency approach -
Ma. Salas, A. Kaplan (1967)
The Conduct of Inquiry -
R. Drazin, A. Ven (1985)
Alternative forms of fit in contingency theory.Administrative Science Quarterly, 30
-
Randall Reid, Stephen Floyd (2001)
Refereed Extending the Risk Analysis Model to Include Market-InsuranceComputers & Security, 20
-
10.2307/256079
-
J. Tudor (2000)
Information Security Architecture -
BS 7799‐2
Information Security Management Part 2: Specification for Information Security Management Systems -
D. Gollmann (2010)
Computer securityWiley Interdisciplinary Reviews: Computational Statistics, 2
-
S. Garfinkel, Gene Spafford (1991)
Practical UNIX Security -
Mukul Gupta, A. Chaturvedi, S. Mehta, L. Valeri (2000)
The experimental analysis of information security management issues for online financial services -
M. Smith (1989)
Computer security-threats, vulnerabilities and countermeasuresInformation Age archive, 11
-
R. Solms, H. Haar, S. Solms, W. Caelli (1994)
A framework for information security evaluationInf. Manag., 26
-
日本規格協会 (2000)
情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 -
Nancy Flynn (2001)
The e-policy handbook : designing and implementing effective e-mail, internet, and software policies -
COBIT
COBIT: Control Objectives -
M.E. Kabay
The NCSA Guide to Enterprise Security -
S. Lee, F. Luthans, D. Olson (1982)
A management science approach to contingency models of organizational structure.Academy of Management journal. Academy of Management, 25 3
-
S.P. Robbins
Management
- Publisher
- Emerald Publishing
- Copyright
- Copyright © 2003 MCB UP Ltd. All rights reserved.
- ISSN
- 0968-5227
- DOI
- 10.1108/09685220310500153
- Publisher site
- See Article on Publisher Site
Abstract
With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.
Journal
Information Management & Computer Security – Emerald Publishing
Published: Dec 1, 2003
Keywords: Control systems; Risk management; Systems theory; Contingency planning