This research sought to shed light on information systems security (ISS) by conceptualizing an organization's use of countermeasures using general deterrence theory, positing a non-recursive relationship between threats and countermeasures, and by extending the ISS construct developed in prior research. Industry affiliation and organizational size are considered in terms of differences in threats that firms face, the different countermeasures in use by various firms, and ultimately, how a firm's ISS effectiveness is affected. Six information systems professionals were interviewed in order to develop the appropriate instruments necessary to assess the research model put forth; the final instrument was further refined by pilot testing with the intent of further clarifying the wording and layout of the instrument. Finally, the Association of Information Technology Professionals was surveyed using an online survey. The model was assessed using SmartPLS and a two-stage least squares analysis. Results indicate that a non-recursive relationship does indeed exist between threats and countermeasures and that countermeasures can be used to effectively frame an organization's use of countermeasures. Implications for practitioners include the ability to target the use of certain countermeasures to have desired effects on both ISS effectiveness and future threats. Additionally, the model put forth in this research …

The discipline of information security management is still in its infancy as evidenced by the lack of empirical scholarly work in this area. Most research within the information security domain focuses on specific technologies and algorithms and how it impacts the principles of confidentiality, integrity, and availability. But, an important area receiving little attention is the antecedents of effective information security management at the organizational level (Stanton, Guzman, Stam & Caldera, 2003). The little empirical research that has been conducted in this area has shown that information security management in many organizations is poor (Baskerville, 1993; Shimeall & McDermott, 1999). Several researchers have identified the need for methods to measure the organization-wide information security posture of organizations (Eloff & Von Solms, 2000; James, 1996). This dissertation attempts to measure the organization-wide information security posture by examining benchmark variables that assess role, planning orientation, and performance structure within the organization. Through this conceptualization of an organization's information security posture, a means is presented to measure overall information security and how it impacts the effective utilization of information security strategies. The presence of the dependent variable, effectiveness, gives academics and practitioners a success measure which can guide more effective decision making in …

Companies have invested large amounts of money on information systems development. Unfortunately, not all information systems developments are successful. Software project failure is frequent and lamentable. Surveys and statistical analysis results underscore the severity and scope of software project failure. Limited research relates software structure to information systems failures. Systematic study of failure provides insights into the causes of IS failure. More importantly, it contributes to better monitoring and control of projects and enhancing the likelihood of the success of management information systems. The underlining theories and literature that contribute to the construction of theoretical framework come from general systems theory, complexity theory, and failure studies. One hundred COBOL programs from a single company are used in the analysis. The program log clearly documents the date, time, and the reasons for changes to the programs. In this study the relationships among the variables of business requirements change, software complexity, program size and the error rate in each phase of software development life cycle are tested. Interpretations of the hypotheses testing are provided as well. The data shows that analysis error and design error occur more often than programming error. Measurement criteria need to be developed at each stage of the …