A Laboratory Study Designed for Reducing the Gap between Information Security Knowledge and Implementation

Revital Elitzur；Ying Sai

Information Security ； Business Enabler ； Laboratory Experiment

International Journal of Electronic Commerce Studies

1卷1期（2010 / 06 / 01）

37 - 49

英文

Companies often have the knowledge on procedures to prevent or mitigate against information technology security risks. Yet these companies may not take adequate measures to implement these procedures, and instead, leave themselves vulnerable to security breaches. Potential reasons for this gap between information security knowledge and implementation are provided based on interviews with information technology managers at a global automobile sales and marketing company. Four mechanisms to reduce this gap are proposed, along with a new approach to conduct a laboratory experiment to evaluate the effectiveness of these mechanisms, applied independently and in combinations.

1. (2005).CISA Review Manual.Information Systems Audit and Control Association.
2. Allen, J.(2005).,Carnegie Mellon Software Engineering Institute.
3. Chronology of Data Breaches, Privacy Rights Clearinghouse. http://www.privacyrights.org/ar/ChronDataBreaches.htm, Accessed December 1, 2008.
4. Elitzur, R.(2008).R. Elitzur, Automotive company information technology manager interviews, Unpublished notes. Loyola Marymount University, California: Los Angeles, 2008..
5. Freedman, J. B.(2005).Information security: Is silence golden?.Americas Conference on Information Systems,Nebraska:
6. Gaulke, M.(2002).Risk management in IT projects.Information Systems Control Journal,5
7. Levine, D. M.,Stephan, D. F.,Krehbiel, T. C.,Berenson, M. L.(2008).Statistics for managers.Pearson Prentice Hall.
8. Mercuri, R. T.(2003).Analyzing security cost.Communication of ACM,46(6)
9. Purser, S. A.(2004).Improving the ROI of the security management process.Journal of Computers & Security,23(7),542-546.
10. Swartz, N.(2008).Record data breaches in 2007.Information Management Journal,42(2)
11. Torres, M.(2008).M. Torres, Florida attorney general warns about identity theft after Bank of New York Mellon loses data. McClatchy - Tribune Business News, September 10, 2008..
12. B. White, Where the holes are: New tools help companies identify the real security risks in their computer systems – before the hackers. Wall Street Journal, June 9, R12, 2008.

1. Sylvester Manlangit,Sami Azam,Bharanidharan Shanmugam,Asif Karim(2019).NOVEL MACHINE LEARNING APPROACH FOR ANALYZING ANONYMOUS CREDIT CARD FRAUD PATTERNS.International Journal of Electronic Commerce Studies,10(2),175-201.