Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
A Secure Service Framework for Handling Security Critical Data on the Public Cloud Read chapter Read first chapter

2012 | OriginalPaper | Chapter

3. Towards Understanding Deterrence: Information Security Managers’ Perspective

Authors : Sangseo Park, Anthonie B. Ruighaver, Sean B. Maynard, Atif Ahmad

Published in: Proceedings of the International Conference on IT Convergence and Security 2011

Publisher: Springer Netherlands

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The enforcement of information security policy is an important issue in organisations. Previous studies approach policy enforcement using deterrence theory to deal with information security violations and focus on end-users’ awareness. This study investigates deterrence strategy within organisations from the perspective of information security managers. The results primarily reveal that current deterrence strategy has little influence on reducing violations because it is only used as a prevention strategy due to the lack of means of detection. Our study suggests that organisations should shift to detection of violations and identification of violators, and expand the range of sanctions. The research also presents an architecture of information security strategies to be operated in a coordinated manner for use in deterring security violations.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter The Understanding of Building Trust Model on Smartphone Application: Focusing on Users’ Motivation
next chapter Design of Attribute-Based Access Control in Cloud Computing Environment
Literature
1.
Hayward C, Glendinning D (2010) Delivering enterprise-wide data protection controls for mobile computing devices. RSA conference 2010, San Francisco
2.
Richardson R (2011) 2010/2011 CSI computer security crime and security survey. Computer Security Institute
3.
Kessel PV (2009) Outpacing change: Ernst and Young’s 12th annual global information security survey. Ernst and Young
4.
Forcht KA (1994) Computer security management. Boyd and Fraser, DanversMATH
5.
Straub DW (1990) Effective is security: an empirical study. Inf Syst Res 1(3):255–276CrossRef
6.
Straub DW, Nance WD (1990) Discovering and disciplining computer abuse in organizations: a field study. MIS Q 14(1):45–62CrossRef
7.
Straub DW, Welke RJ (1998) Coping with systems risk: security planning models for management decision making. MIS Q 22(4):441–469CrossRef
8.
Dhillon G (1999) Managing and controlling computer misuse. Inf Manag Comput Secur 7(4):171–175
9.
D’arcy J et al (2009) User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf Syst Res 20(1):79–98MathSciNetCrossRef
10.
Hu Q et al (2011) Does deterrence work in reducing information security policy abuse by employees? Commun ACM 54(6):54–60CrossRef
11.
Kankanhalli A et al (2003) An integrative study of information systems security effectiveness. Int J Inf Manag 23:139–154CrossRef
12.
Siponen M, Vance A (2010) Neutralization: new insights into the problem of employee information systems security policy vilations. MIS Q 34(3):487–502
13.
Vroom C, Solms RV (2004) Towards information security behavioural compliance. Comput Secur 23(3):191–198CrossRef
14.
Wood C (1982) Policies for deterring computer abuse. Comput Secur 1(2):139–145CrossRef
15.
Huth PK (1999) Deterrence and international conflict: empirical findings and theoretical debate. Ann Rev Political Sci 2:25–48CrossRef
16.
Alberts DS (1996) Defensive information warfare. NDU Press Book, Washington
17.
Agrell W (1987) Offensive versus defensive: military strategy and alternative defence. J Peace Res 24(1):75–85CrossRef
18.
Tirenin W, Faatz D (1999) A concept for strategic cyber defense. MILCOM ‘99, pp 458–463
19.
Waterman S (2009) U.S takes aim at cyberwarfare. The Washington Times, Washington
20.
Wiant TL (2003) Policy and its impact on medical record security. University of Kentucky, Lexington
21.
Foltz CB (2000) The impact of deterrent countermeasures upon individual intent to commit misuse: a behavioral approach. University of Arkansas, Fayetteville
22.
Blumstein A et al (eds) (1978) Introduction, deterrence and incapacitation: estimating the effects of criminal sanctions on crime rates. National Academy of Science, Washington
23.
Williams KR, Hawkins R (1986) Perceptual research on general deterrence: a critical review. Law Soc Rev 20(4):545–572CrossRef
24.
Hess JM (1968) Group interviewing. In: King RL (ed) New science of planning. American Marketing Association, Chicago
25.
Morgan DL, Spanish MT (1984) Focus groups: a new tool for qualitative research. Qual Sociol 7(3):253–270CrossRef
26.
Thomas L et al (1995) Comparison of focus group and individual interview methodology in examining patient satisfaction with mursing care. Soc Sci Health 1:206–219
27.
28.
Kraemer S, Carayon P (2006) Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. Appl Ergon 38:143–154CrossRef
29.
Kreuger RA, Casey MA (2009) Focus groups: a practical guide for applied research, 4th edn. Sage Publications Inc., Thounsand Oaks
30.
Kitzinger J (1995) Qualitative research: introducing focus groups. Br Med J 311(7000):299–302CrossRef
31.
Stewart DW, Shamdasani PN (1990) Focus groups: theory and practice. Sage, London
32.
Lewis M (1995) Focus group interviews in qualitative research: a review of the literature. Action Research Eletronic Reader
33.
Neuman WL (2003) Social research methods: qualitative and quantitative approaches, 5th edn. Allyn and Bacon, New York
34.
Fern EF (1982) The use of focus groups for idea generation: the effects of group size, acquaintanceship, and moderator on response quantity and quality. J Mark Res 19:1–13CrossRef
35.
Rabiee F (2004) Focus-group interview and data analysis. Nutr Soc 63:655–660CrossRef
36.
Dudley T, Phillips N (2006) Focus group analysis: a guide for hiv community planning group members. University of Texas Southwestern Medical Center Web site
37.
Catterall M, Maclaran P (1997) Focus group data and qualitative analysis programs: coding the moving picture as well as the snapshots. Sociological Research Online 2(1)
38.
Tunnell K (1990) Choosing crime: close your eyes and take your choices. Justice Q 7(4):673–690CrossRef
39.
Chambliss R (1967) Types of deviance and the effectiveness of legal sanctions. Wisconsin Law Review p 708
40.
Lee J, Lee Y (2002) A holistic model of computer abuse within organizations. Inf Manag Comput Secur 10(2):57–63
41.
Bearavolu R et al (2003) A visualization tool for situational awareness of tactical and strategic security events on large and complex computer networks. Military communications conference (MILCOM) 2003, pp 850–855
42.
Doyle J et al (2001) Agile monitoring for cyber defense. 2001 DARPA information survivability conference and exposition II (DISCEX ‘01), pp 318–328
43.
Dourish P, Redmiles D (2002) An approach to usable security based on event monitoring and visualization. 2002 Workshop on new security paradigms, Virginia Beach, Virginia, USA, pp 75–81
44.
Bauer DS et al (1989) Intrusion detection: an application of expert systems to computer security. IEEE international carnahan conference on security technology (ICCST), Zurich, Switzerland, pp 97–100
45.
Debar H et al (2005) An infrastructure for distributed event acquisition. European institute for computer antivirus research (EICAR) 2005 conference best paper, Saint Julians, Malta, pp 86–98
46.
Kang HW et al (2003) A new intruder traceback mechanism based on system process structure. ISCA 16th international conference on computer applications in industry and engineering (CAINE), pp 117–121
47.
Kim K et al (2009) Lessons learned from the construction of a korean software reference data set for digital forensics. Digit Investig 6:S108–S113CrossRef
48.
Henauer M (2003) Early warning and information sharing. Workshop on cyber security and contingency planning: threats and infrastructure protection, Zurich, Switzerland, pp 55–62
49.
Stolfo SJ (2004) Worm and attack early warning: piercing stealthy reconnaissance. IEEE Secur Priv 2(3):73–75CrossRef
50.
Cohen F (1998) A note on the role of deception in information protection. Comput Secur 17(6):483–506CrossRef
51.
Michael JB (2002) On the response policy of software decoys: conducting software-based deception in the cyber battlespace. 26th annual international computer software and applications conference (COMPSAC’02), pp 957–962
Metadata
Title
Towards Understanding Deterrence: Information Security Managers’ Perspective
Authors
Sangseo Park
Anthonie B. Ruighaver
Sean B. Maynard
Atif Ahmad
Copyright Year
2012
Publisher
Springer Netherlands
Book
Proceedings of the International Conference on IT Convergence and Security 2011

Print ISBN: 978-94-007-2910-0

Electronic ISBN: 978-94-007-2911-7

Copyright Year: 2012

DOI
https://doi.org/10.1007/978-94-007-2911-7_3