Coping with Systems Risk: Security Planning Models for Management Decision Making

Abstract: The likelihood that the firm's information systems are insufficiently protected against certain kinds of damage or loss is known as "systems risk." Risk can be managed or reduced when managers are aware of the full range of controls available and implement the most effective controls. Unfortunately, they often lack this knowledge and their subsequent actions to cope with systems risk are less effective than they might otherwise be. This is one viable explanation for why losses from computer abuse and computer … Show more

“…Yet a focus on the offender has the potential to open up original areas for future research. Traditionally, IS security countermeasures have been categorized into four types, which include deterrence, prevention, detection, and recovery (Forcht, 1994;Parker, 1998;Straub & Welke, 1998). Compliance research, therefore, involves attempts to improve 'prevention' methods.…”

“…Existing bodies of divergent theory enable an understanding of offender behavior, not only during perpetration, but also importantly, prior to the commission process. If these 'appropriate' theories can be drawn from, there exists the potential to fully develop an understanding of this second form of behavior and expand the range of safeguards beyond the traditional deterrence, prevention, detection and, recovery classification (Straub & Welke, 1998).…”

Behavioral and policy issues in information systems security: the insider threat

“…Yet a focus on the offender has the potential to open up original areas for future research. Traditionally, IS security countermeasures have been categorized into four types, which include deterrence, prevention, detection, and recovery (Forcht, 1994;Parker, 1998;Straub & Welke, 1998). Compliance research, therefore, involves attempts to improve 'prevention' methods.…”

“…Existing bodies of divergent theory enable an understanding of offender behavior, not only during perpetration, but also importantly, prior to the commission process. If these 'appropriate' theories can be drawn from, there exists the potential to fully develop an understanding of this second form of behavior and expand the range of safeguards beyond the traditional deterrence, prevention, detection and, recovery classification (Straub & Welke, 1998).…”

Behavioral and policy issues in information systems security: the insider threat

“…Saleh & Alfantookh (Saleh and Alfantookh, 2011) concur in opinion. However, the main goal of all the ISRA is to reduce, mitigate, transfer or accept risks to an acceptable level by prioritizing and estimating the risk value (Saleh and Alfantookh, 2011;Straub and Welke, 1998). Hence, it can be concluded that any organization, regardless of their size, they have to ensure that the details for the activity listed below are gathered accurately: a.…”

A conceptual framework of info structure for information security risk assessment (ISRA)

“…A number of researchers have focused specifically on the deterrent effect of safeguards (Campbell, 1988;Hoffer and Straub, 1989;Straub, 1990;Straub and Nance, 1990;Cardinali, 1995;Sherizen, 1995;Harrington, 1996;Straub and Welke, 1998). Of this group, several have applied General Deterrence Theory to the IS security domain (Hoffer and Straub, 1989;Straub, 1990;Straub et al, 1992;Harrington, 1996;Straub and Welke, 1998).…”

“…Of this group, several have applied General Deterrence Theory to the IS security domain (Hoffer and Straub, 1989;Straub, 1990;Straub et al, 1992;Harrington, 1996;Straub and Welke, 1998). This criminological theory posits that:…”

Understanding the perpetration of employee computer crime in the organisational context