Choice and Chance: A Conceptual Model of Paths to Information Security Compromise

被引：123

作者：

Ransbotham, Sam ^{[1
]}

Mitra, Sabyasachi ^{[2
]}

机构：

[1] Boston Coll, Carroll Sch Management, Chestnut Hill, MA 02467 USA

[2] Georgia Inst Technol, Coll Management, Atlanta, GA 30308 USA

来源：

INFORMATION SYSTEMS RESEARCH | 2009年 / 20卷 / 01期

关键词：

information security management; computer crime; information systems risk management; COMPUTER ABUSE; CRIME; SYSTEMS; MARKET; PUNISHMENT; MANAGEMENT; JUDGMENTS; ETHICS; ISSUES;

D O I：

10.1287/isre.1080.0174

中图分类号：

G25 [图书馆学、图书馆事业]; G35 [情报学、情报工作];

学科分类号：

1205 ; 120501 ;

摘要：

No longer the exclusive domain of technology experts, information security is now a management issue. Through a grounded approach using interviews, observations, and secondary data, we advance a model of the information security compromise process from the perspective of the attacked organization. We distinguish between deliberate and opportunistic paths of compromise through the Internet, labeled choice and chance, and include the role of countermeasures, the Internet presence of the firm, and the attractiveness of the firm for information security compromise. Further, using one year of alert data from intrusion detection devices, we find empirical support for the key contributions of the model. We discuss the implications of the model for the emerging research stream on information security in the information systems literature.

引用

页码：121 / 139

页数：19

共 50 条

[1] A Conceptual Model for Knowledge Sharing Towards Information Security Culture in Healthcare Organization
Hassan, Noor Hafizah
Ismail, Zuraini
Maarop, Norazean
2013 INTERNATIONAL CONFERENCE ON RESEARCH AND INNOVATION IN INFORMATION SYSTEMS (ICRIIS), 2013, : 516 - 520
[2] A Conceptual Model Approach to Manage and Audit Information Systems Security
Pereira, Teresa
Santos, Henrique
PROCEEDINGS OF THE 9TH EUROPEAN CONFERENCE ON INFORMATION WARFARE AND SECURITY, 2010, : 360 - 365
[3] A Conceptual Analysis of Information Security Education, Information Security Training and Information Security Awareness Definitions
Amankwa, Eric
Loock, Marianne
Kritzinger, Elmarie
2014 9TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2014, : 248 - 252
[4] Policy components - a conceptual model for modularizing and tailoring of information security policies
Rostami, Elham
Karlsson, Fredrik
Gao, Shang
INFORMATION AND COMPUTER SECURITY, 2023, 31 (03) : 331 - 352
[5] Conceptual Model of Online Pedagogical Information Security Laboratory: Toward an Ensemble Artifact
Iqbal, Sarfraz
Thapa, Devinder
Awad, Ali Ismail
Paivarinta, Tero
2015 48TH HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS), 2015, : 43 - 52
[6] A conceptual model of information security compliant behaviour based on the self-determination theory
Gangire, Yotamu
Da Veiga, Adele
Herselman, Marlien
2019 CONFERENCE ON INFORMATION COMMUNICATIONS TECHNOLOGY AND SOCIETY (ICTAS), 2019,
[7] Autonomous Vehicle Security: Conceptual Model
Al Zaabi, Abdulla O.
Yeun, Chan Yeob
Damiani, Ernesto
2019 IEEE TRANSPORTATION ELECTRIFICATION CONFERENCE AND EXPO, ASIA-PACIFIC (ITEC ASIA-PACIFIC 2019): NEW PARADIGM SHIFT, SUSTAINABLE E-MOBILITY, 2019, : 188 - 192
[8] A system dynamics model for information security management
Nazareth, Derek L.
Choi, Jae
INFORMATION & MANAGEMENT, 2015, 52 (01) : 123 - 134
[9] A New Network Security Evaluation Conceptual Model
Bian, Jinliang
COMPUTER-AIDED DESIGN, MANUFACTURING, MODELING AND SIMULATION III, 2014, 443 : 499 - 503
[10] Enhancing Security and Privacy in Healthcare: A Conceptual Model
Yaqub, Nadeem
Zhang, Jianbiao
Wang, Weiru
2023 IEEE INTERNATIONAL CONFERENCES ON INTERNET OF THINGS, ITHINGS IEEE GREEN COMPUTING AND COMMUNICATIONS, GREENCOM IEEE CYBER, PHYSICAL AND SOCIAL COMPUTING, CPSCOM IEEE SMART DATA, SMARTDATA AND IEEE CONGRESS ON CYBERMATICS,CYBERMATICS, 2024, : 188 - 195

← 1 2 3 4 5 →