Advanced search
Publication Cover
Journal of Computer Information Systems Volume 56, 2016 - Issue 2
Submit an article Journal homepage
7,972
Views
16
CrossRef citations to date
0
Altmetric
Original Articles

Organizational Characteristics Influencing SME Information Security Maturity

Frederik MijnhardtUtrecht University, Utrecht, The Netherlands
,
Thijs BaarsUtrecht University, Utrecht, The Netherlands
&
Marco SpruitUtrecht University, Utrecht, The Netherlands
Pages 106-115 | Published online: 15 Jan 2016

References

  • Alner M. 2001. The effects of outsourcing on information security. Inf Syst Sec. 10: 1–9.
  • Arnason, ST, Willett K. D. 2008. How to achieve 27001 certification: an example of applied compliance management. New York, NY: Auerbach.
  • Ayyagari M, Beck T, Demirgüç-Kunt A. 2003. Small and medium enterprises across the globe: a new database. The World Bank, New York, NY, World Bank Policy Research Working Paper 3127, 2003.
  • Bekkers W, van de Weerd I, Brinkkemper S, Mahieu A. 2008. The influence of situational factors in software product management: an empirical study. 2008 Second International Workshop on Software Product Management, Barcalona, Spain, 41–48.
  • Caracelli V.J, Greene JC. 1997. Crafting mixed-method evaluation designs. New Directions for Eval. 1997:19–32.
  • Chang SE, Ho CB. 2006. Organizational factors to the effectiveness of implementing information security management. Ind Manage Data Syst. 106:345–361.
  • Corbetta P. 2003. Social research: theory, methods and techniques. London: Sage.
  • Davis C, Schiller M, Wheeler K. 2010. IT auditing using controls to protect information assets. 2nd ed. McGraw-Hill.
  • Dimopoulos V, Furnell S, Jennex M, Kritharas I. 2004. Approaches to IT security in small and medium enterprises. Proceedings of the 2nd Australian Information Security Management Conference(AISM), Perth, ( 2:Hamilton 2002), 73–82.
  • Dunkerley KD, Tejay G. 2011. A confirmatory analysis of information systems security success factors. 2011 44th Hawaii International Conference on System Sciences, Honolulu, Hawaii, 1–10.
  • Ein-Dor P, Segev E. 1978. Organizational context and the success of management information systems. Manage Sci. 24:1064–1077.
  • Flores WR, Farnian A. 2011. Expert opinions on information security governance factors: an exploratory study. Proceedings of the 19th European Conference on Information Systems, ECIS 2011, Helsinki, Finland.
  • Fulford H, Doherty NF. 2003. The application of information security policies in large UK-based organizations: an exploratory investigation. Inf Manage Comp Sec. 11, 106–114.
  • Guttman B, Roback EA. 1995. Special Publication 800–12. An introduction to computer security: the NIST handbook. Gaithersburg, MD.
  • Hanseth O, Ciborra C. 2007. Risk, complexity and ICT. Cheltenham, UK: Edward Elgar Publishing.
  • Hevner AR, March ST, Park J, Ram S. 2004. Design science in information systems research. MIS Quart. 28:75–105.
  • Huang D, Patrick Rau P-L, Salvendy G, Gao F, Zhou J. 2011. Factors affecting perception of information security and their impacts on IT adoption and security practices. Int J Human-Comput Stud. 69:870–883.
  • Joint Technical Committee ISO/IEC JTC 1. 2008. ISO/IEC 27002. Geneva, Switzerland.
  • Kajornboon AB. 2005. Using interviews as research instruments. E-J Res Teach. 2.
  • Kankanhalli A, Teo H-H, Tan BCY, Wei K-K. 2003. An integrative study of information systems security effectiveness. Int J Inf Manage. 23:139–154.
  • Keizer G. 2011. DigiNotar dies from certificate hack caper. Computerworld. [Online]. [cited: 2014 Feb 01]. Available from: http://www.computerworld.com/s/article/9220175/DigiNotar_dies_from_certificate_hack_caper.
  • Ko E, Kim SH, Kim M, Woo JY. 2008. Organizational characteristics and the CRM adoption process. J Bus Res. 61:65–74.
  • Kotulic AG, Clark JG. Why there aren’t more information security research studies. Inf Manage. 41:597–607.
  • Kraemer S, Carayon P, Clem J. 2009. Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput Sec. 28:509–520.
  • Kruger HA, Drevin L, Flowerday S, Steyn T. 2011. An assessment of the role of cultural factors in information security awareness. 2011 Information Security for South Africa, Johannesburg, SA, (August), 1–7.
  • March ST, Smith GF. 1995. Design and natural science research on information technology. Decis Support Syst. 15:251–266.
  • Milicevic D, Goeken M. 2013. Social factors in policy compliance—evidence found in literature to assist the development of policies in information security management. 2013 46th Hawaii International Conference on System Sciences, 4476–4484.
  • Oh W. 2005. Why do some firms outsource IT more aggressively than others? The effects of organizational characteristics on IT outsourcing decisions. Proceedings of the 38th Annual Hawaii International Conference on System Sciences. 00(C):259c–259c.
  • Rehage K, Hunt S, Nikitin F. 2008. Global technology audit guide: developing the IT audit plan. Altamonto Springs, FL, USA.
  • Ruiter JT. 2012. Cost of cyber crime largely met by businesses. TNO. [Online]. [cited Jan 2014 02]. Available from: https://www.tno.nl/content.cfm?context=overtno&content=nieuwsbericht&laag1=37&laag2=2&item_id=2012-04-1011:37:10.0&Taal=2.
  • Silveira V. 2012. Updating your password on LinkedIn and other account security best practices. LinkedIn Official Blog. [Online]. [cited: Feb 2014 01]. Available from: http://blog.linkedin.com/2012/06/06/updating-your-password-on-linkedin-and-other-account-security-best-practices/.
  • Smith S, Jamieson R. Determining key factors in e-government information system security. Inf Syst Manage. 23:23–32.
  • Spruit M, Roeling M. 2014. ISFAM: The Information Security Focus Area Maturity Model. Proceedings of the Twenty Second European Conference on Information Systems, ECIS 2014, Tel Aviv, Israel.
  • Steenbergen M, Bos R, Brinkkemper S, Weerd I, Bekkers W. 2010. The design of focus area maturity models. 6105th ed. St. Gallen, CH: Global Perspectives on Design Science Research, LNCS6105 319–332.
  • The Commission of the European Communities. 2003. COMMISSION RECOMMENDATION of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises. Official J Eur Union. 124:36–41.
  • Thong JYL, Yap CS. 1995. CEO characteristics, organizational characteristics and information technology adoption in small businesses. Omega, Int J Manage Sci. 23:429–442.
  • Whitman M, Mattford H. 2013. Management of information security. 3rd ed. UK: Cengage Learning.
  • Whitman M, Mattford H. 2011. Principles of information security. UK: Cengage Learning.
  • Willem A, Buelens M. 2006. Knowledge sharing in public sector organizations: the effect of organizational characteristics on interdepartmental knowledge sharing. J Public Admin Res Theory. 17:581–606.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.