References
- Ayyagari, R., & Blake, R. (2011). A semantic approach to finding the major topics and trends in information systems security research. Proceedings of 42nd DSI Annual Meeting, Boston, MA, 4291–4296.
- Baghel, R., & Dhir, R. (2010). A frequent concepts based document clustering algorithm. International Journal of Computer Applications, 4(5), 6–12.
- Breithaupt, J., & Merkow, M. (2005). Information security: Principles and practices. New Jersey, NJ: Prentice Hall.
- Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548.
- Campbell, K., Gordon, L. A., Loeb, M.P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11, 431–448.
- Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of Internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1) 69–104.
- Chan, M., Woon, I., & Kankanhalli, A. (2005) Perceptions of information security in the workplace: Linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1(3), 18–41.
- Chang, K., Jackson, J., & Grover, V. (2003). E-commerce and corporate strategy: an executive perspective, Information & Management, 40(7), 663–675.
- Crabtree, B. F., & Miller, W. F. (1992). Doing qualitative research. Newbury Park, CA: Sage Publications,.
- Creswell, J. W. (2007). Qualitative inquiry and research design: Choosing among five approaches. Thousand Oaks, CA: Sage Publications.
- Creswell, J. W. (2005). Educational research: Planning, conducting, and evaluating quantitative and qualitative research. Upper Saddle River, NJ: Pearson Education.
- Culnan, M. J., & Williams, C. C. (2009). How ethics can enhance organizational privacy: Lessons from the Choicepoint and TJX data breaches. MIS Quarterly, 33(4), 673–687.
- Doyle, K. (2009). Information security in health care – four critical errors. Retrieved from http://www.itworld.com/security/68838/information-security-health-care-four-critical-errors
- Experian (2012). Healthcare breaches and fraud are here to stay. Retrieved from http://www.experian.com/blogs/data-breach/2012/05/15/healthcare-breaches-fraud-are-here-to-stay/.
- Gatzlaff, K. M., & McCullough, K. A. (2010). The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13(1), 61–83.
- Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106–125.
- Hovav, A. & D'Arcy, J. (2003). The impact of denial-of-service attack announcements on the market value of firms, Risk Management and Insurance Review, 6(2), 97–121.
- Hsu, C. W. (2009). Frame misalignment: interpreting the implementation of information systems security certification in an organization, European Journal of Information Systems, 18(2), 140–150.
- ISACA. (2008). Top business/technology issues survey results. Retrieved from http://www.isaca.org/Knowledge-Center/Pages/Top-Business-Technologv-Issues-Survey-Results.aspx.
- ISMG. (2011). Healthcare information security today. Retrieved from http://www.healthcareinfosecurity.com/p-his-survey-2011
- Jarvenpaa, S., & Ives, B. (1990). Information technology and corporate strategy: A view from the top. Information Systems Research, 1(4), 351–376.
- Johnson, M. E. (2008). Information risk of inadvertent disclosure: An analysis of file-sharing risk in the financial supply chain. Journal of Management Information Systems, 25(2), 97–123.
- Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study, MIS Quarterly, 34(3), 549–566.
- Krippendorff, K. (1980). Content Analysis: An introduction to its Methodology. Beverly Hills, CA: Sage Publications.
- Mitnick, K. D. (2003). Are you the weak link? Harvard Business Review. 81, 18–20.
- Ponemon Institute (2011). Study on patient privacy and data security. Retrieved from http://www2.idexpertscorp.com/ponemon-study-2011/.
- Privacy Rights Clearinghouse (2011). Retrieved from http://www.privacyrights.org.
- Puhakainen, P., & Siponen, M. (2010). Improving employees' compliance through information systems security training: An action research study, MIS Quarterly, 34(4), 757–778.
- Ross, W. H., Meyer, C. J., Chen, J. V., & Keaton, P (2009). Information protection at telecommunications firms: Human resource management strategies and their impact on organizational justice. Journal of Information Privacy and Security, 5(1), 49–77.
- Sidorova, A., Evangelopoulos, N., Valacich, J. S., & Ramakrishnan, T. (2008). Uncovering the intellectual core of the information systems discipline. MIS Quarterly, 32(3), 467–482.
- Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee systems security policy violations. MIS Quarterly, 34(3), 487–502.
- Stasiukonis, S (2006). Social Engineering, the USB Way. Retrieved from http://www.darkreading.com/security/article/208803634/index.html.
- Symantec. (2011). 2010 annual study: U.S. cost of a data breach. Retrieved from http://www.symantec.com/content/en/us/about/media/pdfs/svmantec_ponemon_data_breach_costs_report.pdf.
- Washington Post. (2011). China's Cyberwar. Retrieved from http://www.washingtonpost.com/opinions/chinascyberwar/2011/12/15/gIOA2AwlwO_story.html.