Knowledge for Managing Information Systems Security: Review and Future Research Directions

A Brief Background Of Information Systems Security

In the IS literature, there are many seemingly similar terms used for the concept of security, e.g. computer security, information security, and information systems security, to name a few. The term of computer security is often technical-oriented and encompasses technologies such as encryption algorithm. It may also refer to the security of a single computer. Information security, according to International Standards Organization, is “the protection of information from a wide range of threats”(ISO/IEC, 2005). Information systems security differs from information security in that the former concept encompass not only data or information itself but also those systems that process and store such data and information (Theoharidou, Kokolakis, Karyda, & Kiountouzis, 2005). Despite the subtle differences, researchers and practitioners by and large use these terms interchangeably (this approach is adopted in this chapter). For example, the term of information security is also defined as the protection of both information and the systems and hardware that use, store, and transmit that information (Whitman & Mattord, 2003, p. 9).