Threats and countermeasures for information system security: A cross-industry study

Quey Jen Yeh, Arthur Jung Ting Chang

Research output: Contribution to journalArticlepeer-review

106 Citations (Scopus)


IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, but their implementation did not necessarily affect the threat perceptions of the managers. Analyses of responses suggested that the scope of the countermeasures adopted were not commensurate with the severity of the perceived threats. Among the threats, networks were rated as contributing the most severe threat and yet had the lowest level of protection, this was followed by threats due to personnel and administrative issues. We therefore addressed threat mitigation strategies, specifically in terms of the differences between industries.

Original languageEnglish
Pages (from-to)480-491
Number of pages12
JournalInformation and Management
Issue number5
Publication statusPublished - 2007 Jul

All Science Journal Classification (ASJC) codes

  • Management Information Systems
  • Information Systems
  • Information Systems and Management


Dive into the research topics of 'Threats and countermeasures for information system security: A cross-industry study'. Together they form a unique fingerprint.

Cite this