Choice and Chance: A Conceptual Model of Paths to Information Security Compromise

被引:123
作者
Ransbotham, Sam [1 ]
Mitra, Sabyasachi [2 ]
机构
[1] Boston Coll, Carroll Sch Management, Chestnut Hill, MA 02467 USA
[2] Georgia Inst Technol, Coll Management, Atlanta, GA 30308 USA
来源
INFORMATION SYSTEMS RESEARCH | 2009年 / 20卷 / 01期
关键词
information security management; computer crime; information systems risk management; COMPUTER ABUSE; CRIME; SYSTEMS; MARKET; PUNISHMENT; MANAGEMENT; JUDGMENTS; ETHICS; ISSUES;
D O I
10.1287/isre.1080.0174
中图分类号
G25 [图书馆学、图书馆事业]; G35 [情报学、情报工作];
学科分类号
1205 ; 120501 ;
摘要
No longer the exclusive domain of technology experts, information security is now a management issue. Through a grounded approach using interviews, observations, and secondary data, we advance a model of the information security compromise process from the perspective of the attacked organization. We distinguish between deliberate and opportunistic paths of compromise through the Internet, labeled choice and chance, and include the role of countermeasures, the Internet presence of the firm, and the attractiveness of the firm for information security compromise. Further, using one year of alert data from intrusion detection devices, we find empirical support for the key contributions of the model. We discuss the implications of the model for the emerging research stream on information security in the information systems literature.
引用
收藏
页码:121 / 139
页数:19
相关论文
共 50 条
  • [21] Information Security Model to Military Organizations in Environment of Information Warfare
    Martins, Jose
    Santos, Henrique
    Nunes, Paulo
    Silva, Rui
    PROCEEDINGS OF THE 11TH EUROPEAN CONFERENCE ON INFORMATION WARFARE AND SECURITY, 2012, : 172 - 179
  • [22] A Conceptual Model of the Cognitive Processing of Environmental Distance Information
    Montello, Daniel R.
    SPATIAL INFORMATION THEORY, PROCEEDINGS, 2009, 5756 : 1 - 17
  • [23] A CONCEPTUAL MODEL FOR COMMUNICATING AN INTEGRATED INFORMATION SYSTEMS CURRICULUM
    May, Jeffrey
    Lending, Diane
    JOURNAL OF COMPUTER INFORMATION SYSTEMS, 2015, 55 (04) : 20 - 27
  • [24] IT Value Model driven by Information and Services: A Conceptual Approach
    Suhardi
    Kurniawan, Novianto Budi
    Putro, Budi Laksono
    Yustianto, Purnomo
    PROCEEDINGS OF 2016 INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY SYSTEMS AND INNOVATION (ICITSI), 2016,
  • [25] A Security Management Assurance Model to holistically assess the Information Security posture
    Tashi, Igli
    Ghernaouti-Helie, Solange
    2009 INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY (ARES), VOLS 1 AND 2, 2009, : 756 - 761
  • [26] Risk Evaluation Process Model of Information Security
    Liu Jing
    2009 INTERNATIONAL CONFERENCE ON MEASURING TECHNOLOGY AND MECHATRONICS AUTOMATION, VOL II, 2009, : 321 - 324
  • [27] Model of enterprise's information security management
    Omelchenko, Tatiana
    Umnitsyn, Mikhail
    Nikishova, Arina
    Sadovnikova, Natalia
    PROCEEDINGS OF THE IV INTERNATIONAL RESEARCH CONFERENCE INFORMATION TECHNOLOGIES IN SCIENCE, MANAGEMENT, SOCIAL SPHERE AND MEDICINE (ITSMSSM 2017), 2017, 72 : 182 - 187
  • [28] Organisational Information Security Management Maturity Model
    Zammani, Mazlina
    Razali, Rozilawati
    Singh, Dalbir
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2021, 12 (09) : 668 - 678
  • [29] Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation
    Bernik, Igor
    Prislan, Kaja
    PLOS ONE, 2016, 11 (09):
  • [30] A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETs
    Das, Saini
    Mukhopadhyay, Arunabha
    Saha, Debashis
    Sadhukhan, Samir
    INFORMATION SYSTEMS FRONTIERS, 2019, 21 (05) : 959 - 977
12345