{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T19:18:54Z","timestamp":1773947934279,"version":"3.50.1"},"reference-count":55,"publisher":"Elsevier BV","issue":"2","license":[{"start":{"date-parts":[[2003,4,1]],"date-time":"2003-04-01T00:00:00Z","timestamp":1049155200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["International Journal of Information Management"],"published-print":{"date-parts":[[2003,4]]},"DOI":"10.1016\/s0268-4012(02)00105-6","type":"journal-article","created":{"date-parts":[[2003,2,28]],"date-time":"2003-02-28T14:44:40Z","timestamp":1046443480000},"page":"139-154","source":"Crossref","is-referenced-by-count":307,"title":["An integrative study of information systems security effectiveness"],"prefix":"10.1016","volume":"23","author":[{"given":"Atreyi","family":"Kankanhalli","sequence":"first","affiliation":[]},{"given":"Hock-Hai","family":"Teo","sequence":"additional","affiliation":[]},{"given":"Bernard C.Y.","family":"Tan","sequence":"additional","affiliation":[]},{"given":"Kwok-Kee","family":"Wei","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"38","key":"10.1016\/S0268-4012(02)00105-6_BIB1","first-page":"70","article-title":"Lotsa talk, little walk","volume":"32","author":"Anthes","year":"1998","journal-title":"Computerworld"},{"issue":"1","key":"10.1016\/S0268-4012(02)00105-6_BIB2","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1057\/ejis.1996.7","article-title":"Structures of responsibility and security of information systems","volume":"5","author":"Backhouse","year":"1996","journal-title":"European Journal of Information Systems"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB3","series-title":"Advanced methods of marketing research","author":"Bagozzi","year":"1994"},{"issue":"7","key":"10.1016\/S0268-4012(02)00105-6_BIB4","first-page":"65","article-title":"Modern network complexity needs comprehensive security","volume":"36","author":"Barsanti","year":"1999","journal-title":"Security"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB5","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1057\/ejis.1991.20","article-title":"Risk analysis","volume":"1","author":"Baskerville","year":"1991","journal-title":"European Journal of Information Systems"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB6","series-title":"Deterrence and incapacitation: Estimating the effects of criminal sanctions on crime rates","article-title":"Introduction","author":"Blumstein","year":"1978"},{"issue":"2","key":"10.1016\/S0268-4012(02)00105-6_BIB7","doi-asserted-by":"crossref","first-page":"225","DOI":"10.2307\/249479","article-title":"Key issues in information systems management","volume":"20","author":"Brancheau","year":"1996","journal-title":"MIS Quarterly"},{"issue":"10","key":"10.1016\/S0268-4012(02)00105-6_BIB8","first-page":"48","article-title":"The new age of anxiety","volume":"18","author":"Burger","year":"1993","journal-title":"Insurance and Technology"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB9","series-title":"Auditing information systems: A comprehensive reference guide","author":"Champlain","year":"1998"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB10","series-title":"PLS-Graph: Version 2.7","author":"Chin","year":"1994"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB11","series-title":"A first course in factor analysis","author":"Comrey","year":"1973"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB12","unstructured":"Computer Security Institute, (2002). CSI\/FBI computer crime and security survey, http:\/\/www.gocsi.com\/press\/20020407.html."},{"key":"10.1016\/S0268-4012(02)00105-6_BIB13","unstructured":"Cook, P. J. (1982). Research in criminal deterrence: Laying the groundwork for the second decade. In N. Morris & M. Tonry (Eds.), Crime and justice: An annual review of research (pp. 211\u2013268). Chicago, IL: University of Chicago Press."},{"key":"10.1016\/S0268-4012(02)00105-6_BIB14","series-title":"Quasi-experimentation: Design and analysis issues for field setting","author":"Cook","year":"1979"},{"issue":"3","key":"10.1016\/S0268-4012(02)00105-6_BIB15","doi-asserted-by":"crossref","first-page":"555","DOI":"10.2307\/256406","article-title":"Organizational innovation","volume":"34","author":"Damanpour","year":"1991","journal-title":"Academy of Management Journal"},{"issue":"1","key":"10.1016\/S0268-4012(02)00105-6_BIB16","doi-asserted-by":"crossref","first-page":"51","DOI":"10.2307\/248803","article-title":"Determinants of success for computer usage in small business","volume":"12","author":"Delone","year":"1988","journal-title":"MIS Quarterly"},{"issue":"7","key":"10.1016\/S0268-4012(02)00105-6_BIB17","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1145\/341852.341877","article-title":"Information system security management in the new millennium","volume":"43","author":"Dhillon","year":"2000","journal-title":"Communications of the ACM"},{"issue":"10","key":"10.1016\/S0268-4012(02)00105-6_BIB18","doi-asserted-by":"crossref","first-page":"1064","DOI":"10.1287\/mnsc.24.10.1064","article-title":"Organizational context and the success of management information systems","volume":"24","author":"Ein-Dor","year":"1978","journal-title":"Management Science"},{"issue":"6","key":"10.1016\/S0268-4012(02)00105-6_BIB19","doi-asserted-by":"crossref","first-page":"559","DOI":"10.1016\/0167-4048(88)90007-7","article-title":"Computer security policy","volume":"7","author":"Eloff","year":"1988","journal-title":"Computers and Security"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB20","series-title":"A primer for soft modeling","author":"Falk","year":"1992"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB21","series-title":"Computer security management","author":"Forcht","year":"1994"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB22","unstructured":"Fornell, C. (1982). A second generation of multivariate analysis: Methods, Vol. 1. New York, NY: Praeger."},{"issue":"1","key":"10.1016\/S0268-4012(02)00105-6_BIB23","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/0378-7206(91)90024-V","article-title":"Security concerns of system users","volume":"20","author":"Goodhue","year":"1991","journal-title":"Information and Management"},{"issue":"4","key":"10.1016\/S0268-4012(02)00105-6_BIB24","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1080\/07421222.1997.11518141","article-title":"Preventive and deterrent controls for software piracy","volume":"13","author":"Gopal","year":"1997","journal-title":"Journal of Management Information Systems"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB25","series-title":"Multivariate data analysis with readings","author":"Hair","year":"1998"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB26","unstructured":"Hoffer, J. A., & Straub, D. W. (1994). The 9 to 5 underground: Are you policing computer crimes? In P. Gray, W. R. King, E. R. Mclean, & H. Watson (Eds.), Management of information systems (pp. 388\u2013401). Fort Worth, TX: Harcourt Brace."},{"issue":"4","key":"10.1016\/S0268-4012(02)00105-6_BIB27","doi-asserted-by":"crossref","first-page":"351","DOI":"10.1287\/isre.1.4.351","article-title":"Information technology and corporate strategy","volume":"1","author":"Jarvenpaa","year":"1990","journal-title":"Information Systems Research"},{"issue":"2","key":"10.1016\/S0268-4012(02)00105-6_BIB28","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1287\/isre.5.2.75","article-title":"Organizational characteristics and information systems planning","volume":"5","author":"King","year":"1994","journal-title":"Information Systems Research"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB29","series-title":"Deterrence and incapacitation: Estimating the effects of criminal sanctions on crime rates","article-title":"Some minimum requirements for legal sanctioning systems special emphasis on detection","author":"Klete","year":"1978"},{"issue":"2","key":"10.1016\/S0268-4012(02)00105-6_BIB30","doi-asserted-by":"crossref","first-page":"173","DOI":"10.2307\/249574","article-title":"Threats to information systems","volume":"17","author":"Loch","year":"1992","journal-title":"MIS Quarterly"},{"issue":"1","key":"10.1016\/S0268-4012(02)00105-6_BIB31","first-page":"61","article-title":"Management policies and procedures needed for effective computer security","volume":"20","author":"Madnick","year":"1978","journal-title":"Sloan Management Review"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB32","unstructured":"Nance, W. D., & Straub, D. W. (1988). An investigation into the use and usefulness of security software in detecting computer abuse. Proceedings of the ninth annual international conference on information systems (pp. 283\u2013294). Minneapolis, MN."},{"key":"10.1016\/S0268-4012(02)00105-6_BIB33","series-title":"Psychometric theory","author":"Nunnally","year":"1978"},{"issue":"8","key":"10.1016\/S0268-4012(02)00105-6_BIB34","doi-asserted-by":"crossref","first-page":"628","DOI":"10.1016\/0167-4048(94)90042-6","article-title":"Development of security policies","volume":"13","author":"Olnes","year":"1994","journal-title":"Computers and Security"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB35","first-page":"32","article-title":"Informationweek\/Ernst and Young security survey","volume":"555","author":"Panettieri","year":"1995","journal-title":"Informationweek"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB36","series-title":"Computer security management","author":"Parker","year":"1981"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB37","series-title":"Fighting computer crime","author":"Parker","year":"1983"},{"issue":"1","key":"10.1016\/S0268-4012(02)00105-6_BIB38","doi-asserted-by":"crossref","first-page":"116","DOI":"10.2307\/1143355","article-title":"Toward an integration of criminological theories","volume":"76","author":"Pearson","year":"1985","journal-title":"Journal of Crime and Criminology"},{"issue":"4","key":"10.1016\/S0268-4012(02)00105-6_BIB39","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1080\/07421222.1990.11517869","article-title":"Organizational context and information systems success","volume":"6","author":"Raymond","year":"1990","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"10.1016\/S0268-4012(02)00105-6_BIB40","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1287\/isre.1.3.325","article-title":"An empirical investigation of factors influencing the success of customer oriented strategic systems","volume":"1","author":"Reich","year":"1990","journal-title":"Information Systems Research"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB41","doi-asserted-by":"crossref","first-page":"442","DOI":"10.2307\/2094253","article-title":"Toward a theory of criminal deterrence","volume":"41","author":"Silberman","year":"1976","journal-title":"American Sociological Review"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB42","series-title":"Research methods in organizational behavior","author":"Stone","year":"1978"},{"issue":"2","key":"10.1016\/S0268-4012(02)00105-6_BIB43","first-page":"21","article-title":"Computer abuse and computer security","volume":"4","author":"Straub","year":"1986","journal-title":"Security, Audit, and Control Review"},{"issue":"3","key":"10.1016\/S0268-4012(02)00105-6_BIB44","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1287\/isre.1.3.255","article-title":"Effective IS security","volume":"1","author":"Straub","year":"1990","journal-title":"Information Systems Research"},{"issue":"1","key":"10.1016\/S0268-4012(02)00105-6_BIB45","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2307\/249307","article-title":"Discovering and disciplining computer abuse in organizations","volume":"14","author":"Straub","year":"1990","journal-title":"MIS Quarterly"},{"issue":"4","key":"10.1016\/S0268-4012(02)00105-6_BIB46","doi-asserted-by":"crossref","first-page":"441","DOI":"10.2307\/249551","article-title":"Coping with systems risk","volume":"22","author":"Straub","year":"1998","journal-title":"MIS Quarterly"},{"issue":"2","key":"10.1016\/S0268-4012(02)00105-6_BIB47","doi-asserted-by":"crossref","first-page":"248","DOI":"10.1287\/isre.7.2.248","article-title":"Top management support, external expertise and information systems implementation in small businesses","volume":"7","author":"Thong","year":"1996","journal-title":"Information Systems Research"},{"issue":"14","key":"10.1016\/S0268-4012(02)00105-6_BIB48","first-page":"10","article-title":"Disaster recovery planning still lags","volume":"36","author":"Verton","year":"2002","journal-title":"Computerworld"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB49","series-title":"Strategic planning for information systems","author":"Ward","year":"1996"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB50","series-title":"EDP auditing","author":"Weber","year":"1988"},{"key":"10.1016\/S0268-4012(02)00105-6_BIB51","series-title":"Computer system and network security","author":"White","year":"1996"},{"issue":"4","key":"10.1016\/S0268-4012(02)00105-6_BIB52","doi-asserted-by":"crossref","first-page":"545","DOI":"10.2307\/3053466","article-title":"Perceptual research on general deterrence","volume":"20","author":"Williams","year":"1986","journal-title":"Law and Society"},{"issue":"6","key":"10.1016\/S0268-4012(02)00105-6_BIB53","doi-asserted-by":"crossref","first-page":"314","DOI":"10.1016\/0167-4048(87)90066-6","article-title":"Information systems security","volume":"4","author":"Wood","year":"1987","journal-title":"Computers and Security"},{"issue":"5","key":"10.1016\/S0268-4012(02)00105-6_BIB54","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1016\/0305-0483(92)90005-R","article-title":"Information system success factors in small business","volume":"20","author":"Yap","year":"1992","journal-title":"Omega"},{"issue":"4","key":"10.1016\/S0268-4012(02)00105-6_BIB55","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1080\/07421222.1999.11518226","article-title":"Password security","volume":"15","author":"Zviran","year":"1999","journal-title":"Journal of Management Information Systems"}],"container-title":["International Journal of Information Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0268401202001056?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0268401202001056?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2019,3,27]],"date-time":"2019-03-27T08:26:52Z","timestamp":1553675212000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0268401202001056"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003,4]]},"references-count":55,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2003,4]]}},"alternative-id":["S0268401202001056"],"URL":"https:\/\/doi.org\/10.1016\/s0268-4012(02)00105-6","relation":{},"ISSN":["0268-4012"],"issn-type":[{"value":"0268-4012","type":"print"}],"subject":[],"published":{"date-parts":[[2003,4]]}}}