This paper reviews the IS security literature for the period 1990-2004. More specifically three security
journals and the top twenty IS journals were examined. In total 1280 IS security papers were analysed in
terms of theories, research methods and research topics. Our research found that 1043 of the papers
contained no theory. In addition, almost 1000 of the papers were categorized as ‘subjectiveargumentative’ in terms of methodology, with field experiments, surveys, case studies and action research
accounting for less that 10% (8.10%) of all the papers. Fifty nine research topics were identified with
fourteen of these topics totaling 71.05% of the articles.
This papers offers implications for future research directions on IS security, scholars to publish IS
security research, tenure practice, and IS security classification schemas.
Siponen, Mikko and Willison, Robert, "A Critical Assessment of IS Security Research between 1990-2004" (2007). ECIS 2007 Proceedings. 190.