TY - JOUR
T1 - Threats and countermeasures for information system security
T2 - A cross-industry study
AU - Yeh, Quey Jen
AU - Chang, Arthur Jung Ting
N1 - Funding Information:
The authors express their gratitude to the editor, screening reviewer and three anonymous reviewers whose comments have helped improve this paper considerably. We also acknowledge support from the National Science Council of Taiwan (NSC93-2416-H-006-036).
PY - 2007/7
Y1 - 2007/7
N2 - IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, but their implementation did not necessarily affect the threat perceptions of the managers. Analyses of responses suggested that the scope of the countermeasures adopted were not commensurate with the severity of the perceived threats. Among the threats, networks were rated as contributing the most severe threat and yet had the lowest level of protection, this was followed by threats due to personnel and administrative issues. We therefore addressed threat mitigation strategies, specifically in terms of the differences between industries.
AB - IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, but their implementation did not necessarily affect the threat perceptions of the managers. Analyses of responses suggested that the scope of the countermeasures adopted were not commensurate with the severity of the perceived threats. Among the threats, networks were rated as contributing the most severe threat and yet had the lowest level of protection, this was followed by threats due to personnel and administrative issues. We therefore addressed threat mitigation strategies, specifically in terms of the differences between industries.
UR - http://www.scopus.com/inward/record.url?scp=34447298085&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34447298085&partnerID=8YFLogxK
U2 - 10.1016/j.im.2007.05.003
DO - 10.1016/j.im.2007.05.003
M3 - Article
AN - SCOPUS:34447298085
SN - 0378-7206
VL - 44
SP - 480
EP - 491
JO - Information and Management
JF - Information and Management
IS - 5
ER -