← Search

Effective IS Security: An Empirical Study

Detmar W. Straub

Curtis L Carlson School of Management, University of Minnesota, 271 19th Avenue South, Minneapolis, MN 55455

Information Systems Research 1990

Information security has not been a high priority for most managers. Many permit their installations to be either lightly protected or wholly unprotected, apparently willing to risk major losses from computer abuse. This study, based on the criminological theory of general deterrence, investigates whether a management decision to invest in IS security results in more effective control of computer abuse. Data gathered through a survey of 1,211 randomly selected organizations indicates that security countermeasures that include deterrent administrative procedures and preventive security software will result in significantly lower computer abuse. Knowledge about these relationships is useful for making key decisions about the security function.

DOI
10.1287/isre.1.3.255
Volume
1 (3)
Pages
255-276
Language
en
Export
BibTeX
Sources
crossref