Publication | Closed Access
Effective IS Security: An Empirical Study
723
Citations
27
References
1990
Year
Information Security ManagementThreat (Computer)EngineeringSecurity ManagementEffective Is SecurityInformation SecurityAccountingRisk ManagementManagementBusinessSecurityComputer AbuseSecurity GovernanceSecurity AwarenessGeneral DeterrenceInformation ManagementTechnologyData Security
Information security is often neglected by managers, leading many organizations to accept light or no protection and risk significant losses from computer abuse. Using general deterrence theory, the study examines whether managerial investment in IS security reduces computer abuse. Surveying 1,211 organizations, the study finds that deterrent administrative procedures combined with preventive software significantly lower computer abuse, informing key security decisions.
Information security has not been a high priority for most managers. Many permit their installations to be either lightly protected or wholly unprotected, apparently willing to risk major losses from computer abuse. This study, based on the criminological theory of general deterrence, investigates whether a management decision to invest in IS security results in more effective control of computer abuse. Data gathered through a survey of 1,211 randomly selected organizations indicates that security countermeasures that include deterrent administrative procedures and preventive security software will result in significantly lower computer abuse. Knowledge about these relationships is useful for making key decisions about the security function.
| Year | Citations | |
|---|---|---|
Page 1
Page 1