Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

Choice and Chance: A Conceptual Model of Paths to Information Security Compromise

Published Online:1 Mar 2009https://doi.org/10.1287/isre.1080.0174

References

  • Akers R. L., Krohn M., Lanza-Kaduce L., Radosevich M. Social learning and deviant behavior: A specific test of a general theory. Amer. Sociol. Rev. (1979) 44(4):636–655CrossrefGoogle Scholar
  • Arora A., Telang R., Xu H. Timing disclosure of software vulnerability for optimal social welfare. Proc. Third Workshop Econom. Inform. Systems (2004) Minneapolis:1–47Google Scholar
  • Bailey K. D.Typologies and Taxonomies: An Introduction to Classification Techniques (1994) (Sage Publications, Thousand Oaks, CA) CrossrefGoogle Scholar
  • Banerjee D., Cronan T. P., Jones T. W. Modeling IT ethics: A study in situational ethics. MIS Quart. (1998) 22(1):31–60CrossrefGoogle Scholar
  • Baron R. M., Kenny D. A. The moderator-mediator variable distinction in social psychological research: Conceptual, strategic, and statistical considerations. J. Personality Soc. Psych. (1986) 51(6):1173–1182CrossrefGoogle Scholar
  • Baskerville R. Information systems security design methods: Implications for information systems development. ACM Comput. Surveys (1993) 25(4):375–414CrossrefGoogle Scholar
  • Bass F. A new product growth for model consumer durables. Management Sci. (1969) 15(5):215–227LinkGoogle Scholar
  • Becker G. Crime and punishment: An economic approach. J. Political Econom. (1968) 76(2):169–217CrossrefGoogle Scholar
  • Boockholdt J. L. Implementing security and integrity in micro-mainframe networks. MIS Quart. (1989) 13(2):134–144CrossrefGoogle Scholar
  • Bowen P., Hash J., Swanson M.Guide for Developing Security Plans for Federal Information Systems (2005) (National Institute of Standards and Technology Special Publication 800-18, Revision 1, Gaithersburg, MD) 1–45Google Scholar
  • Bowling B. Racial harrassment and the process of victimization. British J. Criminology (1993) 33(2):231–250CrossrefGoogle Scholar
  • Braithwaite J.Crime, Shame and Reintegration (1989) (Cambridge University Press, Cambridge, UK) CrossrefGoogle Scholar
  • Brancheau J., Janz B., Wetherbe J. Key issues in information systems management: 1994–1995 SIM Delphi results. MIS Quart. (1996) 20(2):225–242CrossrefGoogle Scholar
  • Cavusoglu H., Mishra B., Raghunathan S. The impact of Internet security breach announcements on market value of breached firms and Internet security developers. Internat. J. Electronic Commerce (2004) 9(1):69–104CrossrefGoogle Scholar
  • Cavusoglu H., Mishra B., Raghunathan S. The value of intrusion detection systems in information technology security architecture. Inform. Systems Res. (2005) 16(1):28–46LinkGoogle Scholar
  • Chakrabarti A., Manimaran G. Internet infrastructure security: A taxonomy. IEEE Network (2002) 16(6):13–21CrossrefGoogle Scholar
  • Cohen A. K.Delinquent Boys: The Culture of the Gang (1955) (Free Press, New York) Google Scholar
  • Cohen L. E., Felson M. Social change and crime rate change: A routine activity approach. Amer. Sociol. Rev. (1979) 44(4):588–608CrossrefGoogle Scholar
  • Coleman J. W. Toward an integrated theory of white-collar crime. Amer. J. Sociol. (1987) 93(2):406–439CrossrefGoogle Scholar
  • Corbin J., Strauss A. Grounded theory research: Procedures, canons and evaluative criteria. Qualitative Sociol. (1990) 13(1):3–21CrossrefGoogle Scholar
  • Cuppens F., Miege A. Alert correlation in a cooperative intrusion detection framework. Proc. 2002 IEEE Sympos. Security Privacy (2002) Oakland, CA:202–215CrossrefGoogle Scholar
  • DeLooze L. L. Classification of computer attacks using a self-organizing map. Proc. 2004 IEEE Workshop Inform. Assurance (2004) (U.S. Military Academy, West Point, NY) 365–369CrossrefGoogle Scholar
  • Dhillon G., Backhouse J. Current directions in IS security research: Towards socio-organizational perspectives. Inform. Systems J. (2001) 11(2):127–153CrossrefGoogle Scholar
  • Dickersen J. E., Juslin J., KouKousoula O., Dickersen J. A. Fuzzy intrusion detection. Proc. Joint 9th IFSA World Congress and 20th NAFIPS Internat. Conf., 2001 (2001) Vancouver, Canada:1506–1510CrossrefGoogle Scholar
  • DiPietro R., Mancini L. V. Security and privacy issues of handheld and wearable wireless devices. Comm. ACM (2003) 46(9):74–79CrossrefGoogle Scholar
  • Dutta A., McCrohan K. Management's role in information security in a cyber economy. California Management Rev. (2002) 45(1):67–87CrossrefGoogle Scholar
  • Ehrlich I. Participation in illegitimate activities: A theoretical and empirical investigation. J. Political Econom. (1973) 81(3):521–565CrossrefGoogle Scholar
  • Ehrlich I. Crime, punishment and the market for offences. J. Econom. Perspectives (1996) 10(1):43–67CrossrefGoogle Scholar
  • Embar-Seddon A. Cyberterrorism: Are we under siege? Amer. Behavioral Scientist (2002) 45(6):1033–1043CrossrefGoogle Scholar
  • Gattiker U. E., Kelley H. Morality and computers: Attitudes and differences in moral judgments. Inform. Systems Res. (1999) 10(3):233–254LinkGoogle Scholar
  • Glaser B. G., Strauss A. L.The Discovery of Grounded Theory: Strategies for Qualitative Research (1967) (Aldine De Gruyter, New York) Google Scholar
  • Gordon L. A., Loeb M. P. The economics of information security investment. ACM Trans. Inform. System Security (2002) 5(4):438–457CrossrefGoogle Scholar
  • Gottfredson M. R., Hirschi T.A General Theory of Crime (1990) (Stanford University Press, Stanford, CA) CrossrefGoogle Scholar
  • Halbert D. Discourses of danger and the computer hacker. Inform. Soc. (1997) 13(4):361–374CrossrefGoogle Scholar
  • Harrington S. J. The effect of codes of ethics and personal denial of responsibility on computer abuse judgements and intentions. MIS Quart. (1996) 20(3):257–278CrossrefGoogle Scholar
  • Howard J. D.An Analysis of Security Incidents on the Internet 1989–1995 (1998) (Carnegie Mellon University, Pittsburgh) Google Scholar
  • Julisch K. Clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inform. System Security (2003) 6(4):443–471CrossrefGoogle Scholar
  • Kannan K., Telang R. Market for software vulnerabilities? Think again. Management Sci. (2005) 51(5):726–740LinkGoogle Scholar
  • Kemmerer R. A., Vigna G. Intrusion detection: A brief history and overview. IEEE Comput. (2002) 35(4):27–30CrossrefGoogle Scholar
  • Loch K. D., Carr H. H., Warkentin M. E. Threats to information systems: Today's reality, yesterday's understanding. MIS Quart. (1992) 16(2):173–186CrossrefGoogle Scholar
  • Lohmeyer D. F., McCrory J., Pogreb S. Managing information security. McKinsey Quart. (2002) Special Edition(2):12–16Google Scholar
  • McShane M., Williams F. P.Victims of Crime and the Victimization Process (1997) 6(Garland Publications, New York) Google Scholar
  • Miethe T. D., Meier R. F.Crime and Its Social Context: Toward an Integrated Theory of Offenders, Victims, and Situations (1994) (State University of New York Press, New York) Google Scholar
  • Ning P., Cui Y., Reeves D. S., Xu D. Techniques and tools for analyzing intrusion alerts. ACM Trans. Inform. System Security (2004) 7(2):274–318CrossrefGoogle Scholar
  • Sandhu R., Samarati P. Authentication, access control, and audit. ACM Comput. Surveys (1996) 28(1):241–243CrossrefGoogle Scholar
  • Sarathy R., Muralidhar K. The security of confidential numerical data in databases. Inform. Systems Res. (2002) 13(4):389–403LinkGoogle Scholar
  • Schechter S. E., Smith M. D., Davida G., Frankel Y., Rees O. How much security is enough to stop a thief? The economics of outsider theft via computer systems and networks. Proc. Seventh Financial Cryptography Conf. (2003) 2742January 27–30, 2003(Springer-Verlag, New York) 7–10Lecture Notes in Computer Science, LCNS 2437CrossrefGoogle Scholar
  • Schultz E. Sarbanes-Oxley: A huge boon to information security in the US. Comput. Security (2004) 23(5):353–354CrossrefGoogle Scholar
  • Siponen M. Analysis of modern IS security development approaches: Towards the next generation of social and adaptable ISS methods. Inform. Organ. (2005) 15:339–375CrossrefGoogle Scholar
  • Sobel M. E. Asymptotic confidence intervals for indirect effects in structural equation models. Sociol. Methodology (1982) 13:290–312CrossrefGoogle Scholar
  • Speers T., Wilcox S., Brown B. The privacy rule, security rule, and transaction standards: Three sides of the same coin. J. Health Care Compliance (2004) 6(1):11–14Google Scholar
  • Straub D. W. Effective IS security: An empirical study. Inform. Systems Res. (1990) 1(3):255–276LinkGoogle Scholar
  • Straub D. W., Nance W. D. Discovering and disciplining computer abuse in organizations: A field study. MIS Quart. (1990) 14(1):45–60CrossrefGoogle Scholar
  • Straub D. W., Welke R. J. Coping with systems risk: Security planning models for management decision making. MIS Quart. (1998) 22(4):441–469CrossrefGoogle Scholar
  • Sutherland E.Principles of Criminology (1947) (Lippincot, Philadelphia) Google Scholar
  • Voiskounsky A. E., Smyslova O. V. Flow-based model of computer hacker's motivation. Cyber Psych. Behav. (2003) 6(2):171–180CrossrefGoogle Scholar
  • Weber R. Theoretically speaking. MIS Quart. (2002) 27(3):iii–xiiCrossrefGoogle Scholar
  • Whetten D. A. What constitutes a theoretical contribution? Acad. Management Rev. (1989) 14(4):490–495CrossrefGoogle Scholar
  • Willison R. A.Opportunities for Computer Abuse: Assessing a Crime Specific Approach in the Cast of Barings Bank (2002) (London School of Economics and Political Science, London) Google Scholar
  • Zmud R. Editor's comments. MIS Quart. (1998) 22(2):7–10Google Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree