To read this content please select one of the options below:

An integrated system theory of information security management

Kwo‐Shing Hong (Department of Management Information Systems, National Cheng‐Chi University, and Overall Planning Department, Control Yuan of Republic of China, Taiwan)
Yen‐Ping Chi (Department of Management Information Systems, National Cheng‐Chi University, Taiwan)
Louis R. Chao (Institute of Management Science, Tamkang University, and Control Yuan of Republic of China, Taiwan)
Jih‐Hsing Tang (Tak Ming College, Taipei, Taiwan)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 1 December 2003

18046

Abstract

With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.

Keywords

Citation

Hong, K., Chi, Y., Chao, L.R. and Tang, J. (2003), "An integrated system theory of information security management", Information Management & Computer Security, Vol. 11 No. 5, pp. 243-248. https://doi.org/10.1108/09685220310500153

Publisher

:

MCB UP Ltd

Copyright © 2003, MCB UP Limited

Related articles