T. Davenport, Putting the Enterprise into the Enterprise System, Harvard Business Review, vol.76, issue.4, pp.121-131, 1998.

I. Sherr, Sony Faces Lawsuit Over PlayStation Network Breach, 2011.

S. Boss, L. Kirsch, I. Angermeier, R. Shingler, and R. Boss, If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security, European Journal of Information Systems, vol.46, issue.2, pp.151-164, 2009.
DOI : 10.1287/mnsc.46.2.186.11926

S. Keller, A. Powell, B. Horstmann, C. Predmore, and C. Crawford, Information Security Threats and Practices in Small Businesses, Information Systems Management, vol.38, issue.2, pp.7-19, 2005.
DOI : 10.1016/j.ijinfomgt.2003.12.003

M. Sumner, Information Security Threats: A Comparative Analysis of Impact, Probability, and Preparedness, Information Systems Management, vol.51, issue.1, pp.2-12, 2009.
DOI : 10.1145/859670.859675

K. Walsh, The ERP Security Challenge, 2008.

M. T. Siponen, An analysis of the traditional IS security approaches: implications for research and practice, European Journal of Information Systems, vol.6, issue.3, pp.303-315, 2005.
DOI : 10.1287/isre.6.4.376

T. Herath and H. R. Rao, Protection motivation and deterrence: a framework for security policy compliance in organisations, European Journal of Information Systems, vol.48, issue.8, pp.106-125, 2009.
DOI : 10.1145/1076211.1076238

E. Mcnulty, Boss, I Think Someone Stole Our Data, Harvard Business Review, pp.37-50, 2007.

C. Vroom and R. Von-solms, Towards information security behavioural compliance, Computers & Security, vol.23, issue.3, pp.191-198, 2004.
DOI : 10.1016/j.cose.2004.01.012

A. Kankanhalli, H. H. Teo, B. C. Tan, and K. K. Wei, An integrative study of information systems security effectiveness, International Journal of Information Management, vol.23, issue.2, pp.139-154, 2003.
DOI : 10.1016/S0268-4012(02)00105-6

N. Swartz, Protecting Information from Insiders, Information Management Journal, vol.41, issue.3, pp.20-24, 2007.

D. 'aubeterre, F. Singh, R. Iyer, and L. , Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes, European Journal of Information Systems, vol.19, issue.3, pp.528-542, 2008.
DOI : 10.1287/isre.3.1.36

K. Knapp, R. Morris, T. Marshall, and T. Byrd, Information security policy: An organizational-level process model, Computers & Security, vol.28, issue.7, pp.493-508, 2009.
DOI : 10.1016/j.cose.2009.07.001

A. W. Kadam, Information Security Policy Development and Implementation, Information Systems Security, vol.16, issue.5, pp.246-256, 2007.
DOI : 10.1080/10658980701744861

L. Myyry, M. Siponen, S. Pahnila, T. Vartiainen, and A. Vance, What levels of moral reasoning and values explain adherence to information security rules? An empirical study, European Journal of Information Systems, vol.16, issue.4, pp.126-139, 2009.
DOI : 10.1016/j.infoandorg.2006.08.001

A. Sengupta, C. Mazumdar, and A. Bagchi, A Formal Methodology for Detecting Managerial Vulnerabilities and Threats in an Enterprise Information System, Journal of Network and Systems Management, vol.24, issue.3, pp.319-342, 2011.
DOI : 10.1007/s10922-010-9180-y

R. Von-solms and S. H. Von-solms, Information Security Governance: A model based on the Direct???Control Cycle, Computers & Security, vol.25, issue.6, pp.408-412, 2006.
DOI : 10.1016/j.cose.2006.07.005

K. Doughty, Implementing enterprise security: a case study, Computers & Security, vol.22, issue.2, pp.99-114, 2003.
DOI : 10.1016/S0167-4048(03)00205-0

J. M. Hagen, E. Albrechtsen, and J. Hovden, Implementation and effectiveness of organizational information security measures, Information Management & Computer Security, vol.16, issue.4, pp.377-397, 2008.
DOI : 10.1108/09685220810908796

A. J. Chang and Q. J. Yeh, On security preparations against possible IS threats across industries, Information Management & Computer Security, vol.14, issue.4, pp.343-360, 2006.
DOI : 10.1108/09685220610690817

Q. Ma, M. Schmidt, and J. Pearson, An Integrated Framework for Information Security Management, Review of Business, vol.30, issue.1, pp.58-69, 2009.

D. Pollitt, Energis Trains Employees and Customers in IT Security, Human Resource Management International Digest, vol.13, issue.2, pp.25-28, 2005.

W. She and B. Thuraisingham, Security for Enterprise Resource Planning Systems, Information Systems Security, vol.29, issue.3, pp.152-163, 2007.
DOI : 10.1201/9780203486061

V. Allen, ERP Security Tools. The Internal Auditor, pp.25-27, 2008.

?. Rinderle, S. Ma, and M. Reichert, Comprehensive life cycle support for access rules in information systems: the CEOSIS project, Enterprise Information Systems, vol.3, issue.3, pp.219-251, 2009.
DOI : 10.1023/B:ITEM.0000031582.55219.2b

M. Maccoby, The Leaders We Need: And What Makes Us Follow, 2007.

R. Tracey, IT Security Management and Business Process Automation: Challenges, Approaches, and Rewards, Information Systems Security, vol.16, issue.2, pp.114-122, 2007.
DOI : 10.1080/10658980601051706

D. Veiga, A. Eloff, and J. , An Information Security Governance Framework, Information Systems Management, vol.34, issue.4, pp.361-372, 2007.
DOI : 10.1016/j.cose.2004.01.012
URL : http://uir.unisa.ac.za/bitstream/10500/14338/1/An%20Information%20Security%20Governance%20Framework.pdf

P. Weill and J. Ross, A Matrixed Approach to Designing IT Governance, Sloan Management Review, vol.46, issue.2, pp.26-34, 2005.

S. H. Von-solms, Information Security Governance ??? Compliance management vs operational management, Computers & Security, vol.24, issue.6, pp.443-447, 2005.
DOI : 10.1016/j.cose.2005.07.003

B. Khoo, P. Harris, and S. Hartman, Information Security Governance Of Enterprise Information Systems: An Approach To Legislative Compliant, International Journal of Management & Information Systems (IJMIS), vol.14, issue.3, pp.49-55, 2010.
DOI : 10.19030/ijmis.v14i3.840