Towards Understanding Deterrence: Information Security Managers’ Perspective
作者: Sangseo Park , Anthonie B. Ruighaver , Sean B. Maynard , Atif Ahmad
DOI: 10.1007/978-94-007-2911-7_3
关键词: Computer science 、 Sanctions 、 Identification (information) 、 Computer security 、 Enforcement 、 Information security 、 Architecture 、 Perspective (graphical) 、 Policy enforcement 、 Deterrence theory
摘要: The enforcement of information security policy is an important issue in organisations. Previous studies approach using deterrence theory to deal with violations and focus on end-users’ awareness. This study investigates strategy within organisations from the perspective managers. results primarily reveal that current has little influence reducing because it only used as a prevention due lack means detection. Our suggests should shift detection identification violators, expand range sanctions. research also presents architecture strategies be operated coordinated manner for use deterring violations.
springer.com
sci-hub.st 参考文章(41)
Jaewoo Park, Jinseok Lee, Hyungwoo Kang, Sangseo Park, Gunwoo Nam, A New Intruder Traceback Mechanism based on System Process Structure. computer applications in industry and engineering. pp. 117- 121 ,(2003)
Hervé Debar, Benjamin Morin, Vincent Boissée, Didier Guérin, An Infrastructure for Distributed Event Acquisition Springer, Dordrecht. pp. 349- 365 ,(2005) , 10.1007/1-4020-3381-8_20
David Stephen Alberts, Defensive Information Warfare ,(1996)
Siponen, Vance, Neutralization: new insights into the problem of employee systems security policy violations Management Information Systems Quarterly. ,vol. 34, pp. 487- 502 ,(2010) , 10.2307/25750688
Detmar W. Straub, William D. Nance, Discovering and disciplining computer abuse in organizations: a field study Management Information Systems Quarterly. ,vol. 14, pp. 45- 60 ,(1990) , 10.2307/249307
Karen A. Forcht, Computer Security Management ,(1993)
S.J. Stolfo, Worm and attack early warning: piercing stealthy reconnaissance ieee symposium on security and privacy. ,vol. 2, pp. 73- 75 ,(2004) , 10.1109/MSP.2004.28
Sara Kraemer, Pascale Carayon, Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists Applied Ergonomics. ,vol. 38, pp. 143- 154 ,(2007) , 10.1016/J.APERGO.2006.03.010
Cheryl Vroom, Rossouw von Solms, Towards information security behavioural compliance Computers & Security. ,vol. 23, pp. 191- 198 ,(2004) , 10.1016/J.COSE.2004.01.012
Fred Cohen, Special feature: A note on the role of deception in information protection Computers & Security. ,vol. 17, pp. 483- 506 ,(1998) , 10.1016/S0167-4048(98)80071-0