You are here: Home Contents V8 N1 V8N1_Whitman.html
Personal tools

Threats to Information Security Revisited



Full text

Journal of Information Systems Security
Volume 8, Number 1 (2012)
Pages 2141
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Michael E. Whitman — Kennesaw State University, USA
Herbert J. Mattord — Kennesaw State University, USA
Information Institute Publishing, Washington DC, USA




The battle for the protection of information assets continues to rage at all organizations, big and small.  In the ever-changing world of information security, new threats emerge, and old threats remain potent risks to poorly prepared organizations.  It is critical to the ongoing protection of valuable information assets to understand these threats, new and old.  This study seeks to inform organizations and researchers about the characteristics of specific threat categories and the relative dangers they pose. In addition, the study provides updated findings of a study conducted in 2002. New findings reveal the more things change, the more they stay the same.





Information Security Administration, Information Security, Risk Management, Information Security Governance, Information Security Planning




Ayoub, R. (2010), ‘The 2011 (ISC) 2 Global Information Security Workforce Study,’, 8 February 2011.

Barrett, L. (2010), ‘Malicious Spam Traffic Hits Record High in 3Q,’, 15 November 2011.

CIO Magazine Online (2007), ‘The Fifth Annual Global State of Information Security,’, 28 August, 2007.

Arbogast, B. (2002), ‘Microsoft Exec: Industry Should Follow Our Lead,’ Computerworld, 36 (9): 26.

Daniel, D. (2008), ‘Human error tops the list of security threats,’, 5 February 2008.

Frost & Sullivan (2008), ‘The 2008 (ISC) 2 Global Information Security Workforce Study,’, 14 February 2008.

Gillies, A. (2011), “Improving the Quality of Information Security Management Systems with ISO 27000,” The TQM Journal, 23 (4): 367-376.

IC3 (2010), Table compiled from The Internet Crime Complaint Center’s Annual Computer Crime Reports from 2006 to 2010,, 24 February 2011.

Long, S. A. (2006), “US copyright law: The Challenge of Protection in the Digital Age,” New Library World, 107 (9-10): 450-452.

McMillian, R. (2008), ‘Up to Three Percent of Internet Traffic is Malicious,’, 1 April 2008.

Miniwatts Marketing Group (2011), ‘Internet usage statistics: The Internet big picture,’, 20 August 2011.

PriceWaterhouseCoopers Online (2011), ‘The PriceWaterhouseCoopers 2011 Global State of Information Security Survey,’, 14 September 2010.

Raz, T. and Michael, E. (2001), “Use and Benefits of Tools for Project Risk Management,” International Journal of Project Management, 19 (1): 9-17.

Rees, J. and Allen, J. (2008), “The state of risk assessment practices in information security: An exploratory investigation,” Journal of Organizational Computing and Electronic Commerce, 18 (4): 255-277.

Richardson, R. (2009), Table compiled from CSI and CSI/FBI studies from 2000 to 2009., 25 February, 2010.

Richtell, M. and Kopytoff, V. (2011), ‘E-mail fraud hides behind friendly face,’ The New York Times, June 2, 2011.

RSA (2011), ‘RSA Online Fraud Report – Phishing Reports,’, 15 July 2011.

RSA (2010), ‘RSA’s Online Fraud Report for November 2010,’, 15 December 2010.

Spafford, E. (2009). “Answering the wrong questions is no answer,” Communications of the ACM, 52 (6): 22.

Whitman, M. E. (2003), “Enemy At the Gates: Threats to information security,” Communications of the ACM, 46 (8): 91-95.

Whitman, M. and Mattord, H. (2010), Management of Information Security, 3rd ed. Delmar/Cengage/Course Technology, Boston, MA.

Wu, S. and Griffith, S. (1971), The Art of War, Oxford University Press, Oxford, England.