An integrated system theory of information security management

被引：45

作者：

Hong, Kwo-Shing ^{[1
]}

Chi, Yen-Ping ^{[2
]}

Chao, Louis R. ^{[3
]}

Tang, Jih-Hsing ^{[4
]}

机构：

[1] Dept. of Management Info. Syst., Natl. Cheng-Chi Univ., and OPD, Control Yuan of Republic of China

[2] Dept. of Management Info. Syst., National Cheng-Chi University

[3] Institute of Management Science, Tamkang University, Control Yuan of Republic of China

[4] Tak Ming College, Taipei

来源：

Information Management and Computer Security | 2003年 / 11卷 / 05期

关键词：

Contingency planning; Control systems; Information systems; Risk management; Systems theory;

D O I：

10.1108/09685220310500153

中图分类号：

学科分类号：

摘要：

With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.

引用

页码：243 / 248

页数：5

共 22 条

[1]

Information Security Management Part 2: Specification for Information Security Management Systems, (1999)

[2]

COBIT: Control Objectives, (1998)

[3]

Drazin R., Van De Ven A.H., Alternative forms of fit in contingency theory, Administrative Science Quarterly, 30, 4, pp. 514-539, (1985)

[4]

Eloff M.M., Solms S.H.V., Information security management: An approach to combine process certification and product evaluation, Computers & Security, 19, 3, pp. 698-709, (2000)

[5]

Flynn N.L., The Epolicy Handbook: Designing and Implementing Effective E-mail, Internet and Software Policies, (2001)

[6]

Gollmann D., Computer Security, (1999)

[7]

Gupta M., Charturvedi A.R., Metha S., Valeri L., The experimental analysis of information security management issues for online financial services, ICIS 2000, pp. 667-675, (2001)

[8]

Information Technology Code of Practice for Information Services, (2000)

[9]

Kabay M.E., The NCSA Guide to Enterprise Security, (1996)

[10]

Kaplan A., The Conduct of Inquiry, (1964)

← 1 2 3 →