The relationship between internal audit and information security: An exploratory investigation

Paul John Steinbart1, Robyn L. Raschke2, Graham Gal3, William N. Dilla4
1Department of Information Systems, W. P. Carey School of Business, Arizona State University, Box 874606, Tempe, AZ 85287-4606, United States
2University of Nevada Las Vegas, 4505 S. Maryland Parkway Box 456003, Las Vegas, NV 89154-6003, United States
3Isenberg School of Management, University of Massachusetts, Amherst, MA 01003, United States
4Department of Accounting, College of Business, Iowa State University, 2330 Gerdin Business Building, Ames, IA 50011-1685, United States

Tài liệu tham khảo

AICPA, 2008, Trust services principles and criteria Bodin, 2005, Evaluating information security investments using the analytical hierarchy process, Commun ACM, 48, 79, 10.1145/1042091.1042094 Bodin, 2008, Information security and risk management, Commun ACM, 51, 64, 10.1145/1330311.1330325 Bulgurcu, 2010, Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness, MIS Q, 34, 523, 10.2307/25750690 Bussey, 2011, Has time come for more CIOs to start reporting to the top?, Wall St J Campbell, 2003, The economic cost of publicly announced information security breaches: empirical evidence from the stock market, J Comput Secur, 11, 431, 10.3233/JCS-2003-11308 Cavusoglu, 2004, A model for evaluating IT security investments, Commun ACM, 47, 87, 10.1145/1005817.1005828 Cavusoglu, 2004, The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers, Int J Electron Commer, 9, 69, 10.1080/10864415.2004.11044320 Chapin, 2005, How can security be measured?, Inf Syst Control J, 2 COSO, 2004 D'Arcy, 2009, User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach, Inf Syst Res, 20, 79, 10.1287/isre.1070.0160 Dhillon, 2007, Identifying governance dimensions to evaluate information systems security in organizations Dittenhofer, 2010 Europe Research Services, 2008, Are CFOs from Mars and CIOs from Venus? Gordon, 2002, The economics of security investment, ACM Trans Inf Syst Secur, 5, 438, 10.1145/581271.581274 Gordon, 2003, Information security expenditures and real options: a wait and see approach, Comput Secur J, XIX, 1 Gordon, 2010, Market value of voluntary disclosures concerning information security, MIS Q, 34, 567, 10.2307/25750692 Hawkey, 2008, Searching for the right fit: balancing IT security management model trade-offs, IEEE Internet Comput, 22, 10.1109/MIC.2008.61 Iheagwara, 2004, The effect of intrusion detection management methods on the return on investment, Comput Secur, 23, 213, 10.1016/j.cose.2003.09.006 IIA, 2005 IIA, 2009, Practice advisory 1110-1 IIA, 2011, International Standards for the Professional Practice of Internal Auditing ITGI, 2007 Ito, 2010 Johnston, 2010, Fear appeals and information security behaviors: an empirical study, MIS Q, 34, 549, 10.2307/25750691 Kumar, 2008, Understanding the value of countermeasure portfolios in information security, J Manag Inf Syst, 25, 241, 10.2753/MIS0742-1222250210 Miles, 1994 Mishra, 2006, Information systems security governance research: a behavioral perspective in 1st Annual symposium on information assurance, 18 Phelps, 2008 Ransbotham, 2009, Choice and chance: a conceptual model of paths to information security compromise, Inf Syst Res, 20, 121, 10.1287/isre.1080.0174 Ratliff, 1996 Schaffhauser Siponen, 2010, Neutralization: new insights into the problem of employee information systems security policy violations, MIS Q, 34, 487, 10.2307/25750688 Smith, 2010, Circuits of power: a study of mandated compliance to an information systems security de jure standard in a government organization, MIS Q, 34, 463, 10.2307/25750687 Spears, 2010, User participation in information systems security risk management, MIS Q, 34, 503, 10.2307/25750689 Strauss, 1990 Tucci Wallace, 2011, Information security and Sarbanes–Oxley compliance: an exploratory study, J Inf Syst, 25, 185 Yin, 2003