28         92    2                       283




                    ISMS
                                                                    ISMS
                     1               Define the Policy         2        ISMS          Define the Scope of

                    ISMS         3                     Undertake a Risk Assessment             4
                         Manage the Risk             5                                              Select
                    Control Objective and Control to be Implemented                 6

                     Prepare a Statement of Applicability
                     Sherwood     1996                          2001    BS 7799-2    1999








                            =f
                            =f
                                =f

                                Contingency Theory, CT

                                        Contingency Theory
                     Prevention            Detection              Reaction

                     Threats            Vulnerabilities             Impacts                   Contingency
                    Management                                                                      Policy
                    Orientation                      Risk Management Orientation
                     Control and Auditing Orientation                              Management System

                    Orientation



                                         Contingency


                                             Fit               Congruence      Robbins, 1994     Drazin &
                    Van de Ven, 1985

                                                          Contingency Approach
                                                             Contingency Management



                     Luthans, 1976    Lee , 1982