Choice and Chance: A Conceptual Model of Paths to Information Security Compromise

被引:123
作者
Ransbotham, Sam [1 ]
Mitra, Sabyasachi [2 ]
机构
[1] Boston Coll, Carroll Sch Management, Chestnut Hill, MA 02467 USA
[2] Georgia Inst Technol, Coll Management, Atlanta, GA 30308 USA
来源
INFORMATION SYSTEMS RESEARCH | 2009年 / 20卷 / 01期
关键词
information security management; computer crime; information systems risk management; COMPUTER ABUSE; CRIME; SYSTEMS; MARKET; PUNISHMENT; MANAGEMENT; JUDGMENTS; ETHICS; ISSUES;
D O I
10.1287/isre.1080.0174
中图分类号
G25 [图书馆学、图书馆事业]; G35 [情报学、情报工作];
学科分类号
1205 ; 120501 ;
摘要
No longer the exclusive domain of technology experts, information security is now a management issue. Through a grounded approach using interviews, observations, and secondary data, we advance a model of the information security compromise process from the perspective of the attacked organization. We distinguish between deliberate and opportunistic paths of compromise through the Internet, labeled choice and chance, and include the role of countermeasures, the Internet presence of the firm, and the attractiveness of the firm for information security compromise. Further, using one year of alert data from intrusion detection devices, we find empirical support for the key contributions of the model. We discuss the implications of the model for the emerging research stream on information security in the information systems literature.
引用
收藏
页码:121 / 139
页数:19
相关论文
共 50 条
  • [31] An Integrative Behavioral Model of Information Security Policy Compliance
    Kim, Sang Hoon
    Yang, Kyung Hoon
    Park, Sunyoung
    SCIENTIFIC WORLD JOURNAL, 2014,
  • [32] Managing security risks for inter-organisational information systems: a multiagent collaborative model
    Feng, Nan
    Wu, Harris
    Li, Minqiang
    Wu, Desheng
    Chen, Fuzan
    Tian, Jin
    ENTERPRISE INFORMATION SYSTEMS, 2016, 10 (07) : 751 - 770
  • [33] AN EVALUATION MODEL OF INFORMATION SECURITY MANAGEMENT OF MEDICAL STAFF
    Liao, Kuo-Hsiung
    Chueh, Hao-En
    INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2012, 8 (11): : 7865 - 7873
  • [34] A situation awareness model for information security risk management
    Webb, Jeb
    Ahmad, Atif
    Maynard, Sean B.
    Shanks, Graeme
    COMPUTERS & SECURITY, 2014, 44 : 1 - 15
  • [35] Conceptual Model of Key Aspects of Security and Privacy Protection in a Smart City in Slovakia
    Kollarova, Michaela
    Granak, Tomas
    Strelcova, Stanislava
    Ristvej, Jozef
    SUSTAINABILITY, 2023, 15 (08)
  • [36] Intelligent Laboratory Resource Supply Chain Conceptual Network Model with Process and Information Integration, Visibility and Flexibility
    Hsu, Chin-Ming
    Chao, Hui-Mei
    ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, PROCEEDINGS, 2009, 5574 : 190 - +
  • [37] Conceptual Model for Integrating Environmental Impact in Managerial Accounting Information Systems
    Stanescu, Sorina Geanina
    Cucui, Ion
    Ionescu, Constantin Aurelian
    Paschia, Liliana
    Coman, Mihaela Denisa
    Nicolau, Nicoleta Luminita Gudanescu
    Uzlau, Marilena Carmen
    Lixandru, Mihaela Leasa
    INTERNATIONAL JOURNAL OF ENVIRONMENTAL RESEARCH AND PUBLIC HEALTH, 2021, 18 (04) : 1 - 21
  • [38] INTEGRATED INCIDENT MANAGEMENT MODEL FOR DATA PRIVACY AND INFORMATION SECURITY
    Dombora, Sandor
    XIV INTERNATIONAL MAY CONFERENCE ON STRATEGIC MANAGEMENT, VOL XIV, ISSUE (1) (2018), 2018, 14 (01): : 319 - 328
  • [39] Model for the management of information security and the risks associated with its use
    Altamirano Di Luca, Marlon
    AVANCES, 2019, 21 (02): : 248 - 263
  • [40] Information security policy noncompliance: An integrative social influence model
    Gwebu, Kholekile L.
    Wang, Jing
    Hu, Michael Y.
    INFORMATION SYSTEMS JOURNAL, 2020, 30 (02) : 220 - 269
12345