Detmar W. Straub. Effective IS Security: An Empirical Study. Information Systems Research, 1(3):255–276, 1990.
@article{straub_effective_1990,
abstract = {Information security has not been a high priority for most managers. Many permit their installations to be either lightly protected or wholly unprotected, apparently willing to risk major losses from computer abuse. This study, based on the criminological theory of general deterrence, investigates whether a management decision to invest in IS security results in more effective control of computer abuse. Data gathered through a survey of 1,211 randomly selected organizations indicates that security countermeasures that include deterrent administrative procedures and preventive security software will result in significantly lower computer abuse. Knowledge about these relationships is useful for making key decisions about the security function.},
author = {Straub, Detmar W.},
issn = {1047-7047},
journal = {Information Systems Research},
number = {3},
pages = {255-276},
shorttitle = {Effective {{IS Security}}},
title = {Effective {{IS Security}}: {{An Empirical Study}}},
volume = {1},
year = {1990}
}