TY - JOUR
T1 - Responsive regulation and the reporting of information security incidents-taiwan and china
AU - Chang, Lennon Yao Chung
PY - 2012/3
Y1 - 2012/3
N2 - As most software used by government agencies and companies is proprietary, malicious computer activity targeting breaches in that software can be likened to a pandemic of an infectious disease in the cyber world. When a breach occurs, the consequences can be widespread and damaging because the damage can spread rapidly. Therefore, cybercrime prevention needs to involve all users in a cooperative effort, with warnings and information on countermeasures distributed to users in order to prevent the "disease" from spreading when unprotected computers encounter an attack. This cooperative effort relies heavily on all institutions reporting information security incidents. Based on institutional theory, together with regulatory pluralism and responsive regulation theory, this paper examines the pluralized regulatory approach adopted to promote a system for sharing reports of information security incidents in Taiwan and China. An expanded model of regulatory enforcement and a strengths-basedpyramid are proposed and used as a frameworkfor discussing existing systems for encouraging the reporting of information security incidents.
AB - As most software used by government agencies and companies is proprietary, malicious computer activity targeting breaches in that software can be likened to a pandemic of an infectious disease in the cyber world. When a breach occurs, the consequences can be widespread and damaging because the damage can spread rapidly. Therefore, cybercrime prevention needs to involve all users in a cooperative effort, with warnings and information on countermeasures distributed to users in order to prevent the "disease" from spreading when unprotected computers encounter an attack. This cooperative effort relies heavily on all institutions reporting information security incidents. Based on institutional theory, together with regulatory pluralism and responsive regulation theory, this paper examines the pluralized regulatory approach adopted to promote a system for sharing reports of information security incidents in Taiwan and China. An expanded model of regulatory enforcement and a strengths-basedpyramid are proposed and used as a frameworkfor discussing existing systems for encouraging the reporting of information security incidents.
KW - Expanded regulatory pyramid
KW - Incident reporting
KW - Information security
KW - Institutional theory
KW - Responsive regulation
UR - http://www.scopus.com/inward/record.url?scp=84863652088&partnerID=8YFLogxK
M3 - Article
SN - 1013-2511
VL - 48
SP - 85
EP - 119
JO - Issues and Studies
JF - Issues and Studies
IS - 1
ER -