{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T16:04:09Z","timestamp":1725465849384},"publisher-location":"Boston","reference-count":39,"publisher":"Kluwer Academic Publishers","isbn-type":[{"type":"print","value":"0387298266"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/0-387-31167-x_1","type":"book-chapter","created":{"date-parts":[[2006,6,2]],"date-time":"2006-06-02T19:23:54Z","timestamp":1149276234000},"page":"1-20","source":"Crossref","is-referenced-by-count":1,"title":["Information Security Standards: Adoption Drivers (Invited Paper)"],"prefix":"10.1007","author":[{"given":"Jean-Noel","family":"Ezingeard","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Birchall","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"1","key":"1_CR1","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1111\/j.1937-5956.1999.tb00059.x","volume":"8","author":"S. W. Anderson","year":"1999","unstructured":"Anderson, S. W., Daly, J. D. & Johnson, M. F. (1999) Why firms seek ISO 9000 certification: Regulatory compliance or competitive advantage. Production and Operations Management, 8(1), 28\u201343.","journal-title":"Production and Operations Management"},{"issue":"3","key":"1_CR2","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1057\/jit.1990.35","volume":"5","author":"I. O. Angell","year":"1990","unstructured":"Angell, I. O. (1990) Systems Thinking about Information Systems and Strategies. Journal of Information Technology, 5(3), 168\u201374.","journal-title":"Journal of Information Technology"},{"key":"1_CR3","volume-title":"Corporate Governance & Information Assurance-What Every Director Must Know","author":"J. Armstrong","year":"2002","unstructured":"Armstrong, J., Rhys-Jones, M. & Rathmell, A. (2002) Corporate Governance & Information Assurance-What Every Director Must Know. Information Assurance Advisory Council, Cambridge-UK."},{"issue":"2","key":"1_CR4","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1108\/09685229810209397","volume":"6","author":"L. Barnard","year":"1998","unstructured":"Barnard, L. & von Solms, R. (1998) The evaluation and certification of information security against BS 7799. Information Management & Computer Security, 6(2), 72\u201377.","journal-title":"Information Management & Computer Security"},{"issue":"5\/6","key":"1_CR5","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1108\/09576050210447019","volume":"15","author":"R. Baskerville","year":"2002","unstructured":"Baskerville, R. & Siponen, M. (2002) An information security meta-policy for emergent organizations. Logistics Information Management, 15(5\/6), 337\u201346.","journal-title":"Logistics Information Management"},{"issue":"5\/6","key":"1_CR6","doi-asserted-by":"publisher","first-page":"377","DOI":"10.1108\/09576050210447064","volume":"15","author":"W. J. Brooks","year":"2002","unstructured":"Brooks, W. J., Warren, M. J. & Hutchinson, W. (2002) A security evaluation criteria. Logistics Information Management, 15(5\/6), 377\u201384.","journal-title":"Logistics Information Management"},{"key":"1_CR7","unstructured":"BSI (2002) BS 7799-2:2002 Information security management systems-Specification with guidance for use. British Standards Institution."},{"key":"1_CR8","unstructured":"BSI (2005) Frequently Asked Questions for BS 7799-2:2005, British Standards Institution. http:\/\/www.bsi-global.com\/ICT\/Security\/27001faq.xalter visited on 31\/08\/2005"},{"key":"1_CR9","unstructured":"Ciborra, C. (2004) Digital Technologies and the Duality of Risk. Discussion Paper-Centre for Analysis of Risk and Regulation, London School of Economics, (27)."},{"issue":"3","key":"1_CR10","doi-asserted-by":"publisher","first-page":"275","DOI":"10.2307\/249639","volume":"15","author":"E. K. Clemons","year":"1991","unstructured":"Clemons, E. K. & Row, M. C. (1991) Sustaining IT advantage: The role of Structural Differences. MIS Quarterly, 15(3), 275\u201392.","journal-title":"MIS Quarterly"},{"issue":"1","key":"1_CR11","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1016\/S0963-8687(02)00035-5","volume":"12","author":"B. Dehning","year":"2003","unstructured":"Dehning, B. & Stratopoulos, T. (2003) Determinants of a sustainable competitive advantage due to an IT-enabled strategy. The Journal of Strategic Information Systems, 12(1), 7\u201328.","journal-title":"The Journal of Strategic Information Systems"},{"key":"1_CR12","volume-title":"Information Security Breaches Survey","author":"DTI","year":"2004","unstructured":"DTI (2004) Information Security Breaches Survey. Department of Trade and Industry \/ PriceWaterhouseCoopers, London."},{"issue":"1","key":"1_CR13","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1080\/07421222.1990.11517879","volume":"7","author":"D. F. Feeny","year":"1990","unstructured":"Feeny, D. F. & Ives, B. (1990) In Search of Sustainability: Reaping Long-term advantage from Investments in Information Technology. Journal of Management Information Systems, 7(1), 27\u201346.","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"1_CR14","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1108\/09685220310480381","volume":"11","author":"H. Fulford","year":"2003","unstructured":"Fulford, H. & Doherty, N. F. (2003) The application of information security policies in large UK-based organizations: an exploratory investigation. Information Management and Computer Security, 11(3), 106\u201314.","journal-title":"Information Management and Computer Security"},{"issue":"9","key":"1_CR15","first-page":"46","volume":"19","author":"J. Gossels","year":"2003","unstructured":"Gossels, J. (2003) Making Sensible Investments in Security. Financial Executive, 19(9), 46.","journal-title":"Financial Executive"},{"key":"1_CR16","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1016\/j.jsis.2004.03.002","volume":"13","author":"G. H. Griffiths","year":"2004","unstructured":"Griffiths, G. H. & Finlay, P. N. (2004) IS-enabled sustainable competitive advantage in financial services, retailing and manufacturing. Journal of Strategic Information Systems., 13,29\u201359.","journal-title":"Journal of Strategic Information Systems"},{"issue":"3","key":"1_CR17","first-page":"34","volume":"37","author":"S. Groves","year":"2003","unstructured":"Groves, S. (2003) The unlikely heroes of cyber security. Information Management Journal, 37(3), 34\u201340.","journal-title":"Information Management Journal"},{"key":"1_CR18","doi-asserted-by":"publisher","first-page":"207","DOI":"10.2307\/3094804","volume":"47","author":"I. Guler","year":"2002","unstructured":"Guler, I., Guill\u00e9n, M. F. & Macpherson, J. M. (2002) Global Competition, Institutions, and the Diffusion of Organizational Practices: The International Spread of ISO 9000 Quality Certificates. Administrative Science Quarterly, 47, 207\u201332.","journal-title":"Administrative Science Quarterly"},{"key":"1_CR19","volume-title":"ISO\/IEC 17799:2000 Code of practice for information security management","author":"ISO","year":"2000","unstructured":"ISO (2000) ISO\/IEC 17799:2000 Code of practice for information security management. ISO, Geneva."},{"key":"1_CR20","unstructured":"ISO (2003) The ISO Survey of ISO 9001:2000 and ISO 14001 Certificates. International Standards Organisation."},{"issue":"12","key":"1_CR21","doi-asserted-by":"publisher","first-page":"1193","DOI":"10.1145\/2135.2137","volume":"27","author":"B. Ives","year":"1984","unstructured":"Ives, B. & Learmonth, G. P. (1984) The Information System as a competitive weapon. Communications of the ACM, 27(12), 1193\u2013201.","journal-title":"Communications of the ACM"},{"issue":"3","key":"1_CR22","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1108\/09685229610126931","volume":"4","author":"B. Kearvell-White","year":"1996","unstructured":"Kearvell-White, B. (1996) National (UK) Computer Security Survey 1996. Information Management & Computer Security, 4(3), 3\u201317.","journal-title":"Information Management & Computer Security"},{"issue":"3","key":"1_CR23","doi-asserted-by":"publisher","first-page":"132","DOI":"10.1023\/A:1011954702780","volume":"19","author":"M. J. Kenning","year":"2001","unstructured":"Kenning, M. J. (2001) Security Management Standard-ISO 17799\/BS 7799. BT Technology Journal; London, 19(3), 132.","journal-title":"BT Technology Journal; London"},{"issue":"5","key":"1_CR24","doi-asserted-by":"publisher","first-page":"597","DOI":"10.1016\/j.im.2003.08.001","volume":"41","author":"A. G. Kotulic","year":"2004","unstructured":"Kotulic, A. G. & Clark, J. G. (2004) Why there aren\u2019t more information security research studies. Information & Management, 41(5), 597\u2013607.","journal-title":"Information & Management"},{"key":"1_CR25","volume-title":"Rethinking management information systems: an interdisciplinary perspective","author":"A. S. Lee","year":"1999","unstructured":"Lee, A. S. (1999) Researching MIS. IN CURRIE, W. & GALLIERS, R. (Eds.) Rethinking management information systems: an interdisciplinary perspective. Oxford, Oxford University Press."},{"key":"1_CR26","unstructured":"Li, H., King, G., Ross, M. & Staples, G. (2000) BS7799: A Suitable Model for Information Security Management. Americas Conference on Information Systems."},{"issue":"4","key":"1_CR27","doi-asserted-by":"publisher","first-page":"487","DOI":"10.2307\/249630","volume":"19","author":"F. J. Mata","year":"1995","unstructured":"Mata, F. J., Fuerst, W. L. & Barney, J. B. (1995) Information technology and sustained competitive advantage: A resource-based analysis. MIS Quarterly, 19(4), 487\u2013505.","journal-title":"MIS Quarterly"},{"issue":"4","key":"1_CR28","first-page":"36","volume":"38","author":"A. C. McAdams","year":"2004","unstructured":"McAdams, A. C. (2004) Security And Risk Management: A Fundamental Business Issue. Information Management Journal, 38(4), 36\u201344.","journal-title":"Information Management Journal"},{"key":"1_CR29","volume-title":"Qualitative data analysis: an expanded sourcebook","author":"M. B. Miles","year":"1994","unstructured":"Miles, M. B. & Huberman, A. M. (1994) Qualitative data analysis: an expanded sourcebook, Thousand Oaks, Calif; London, Sage."},{"key":"1_CR30","unstructured":"Pattinson, M. R. (2003) Compliance with an Information Security Management Standard: A New Approach. Ninth Americas Conference on Information Systems, Tampa."},{"issue":"1","key":"1_CR31","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1080\/136698798377321","volume":"1","author":"O. Renn","year":"1998","unstructured":"Renn, O. (1998) Three decades of risk research: accomplishments and new challenges. Journal of Risk Research, 1(1), 49\u201371.","journal-title":"Journal of Risk Research"},{"key":"1_CR32","volume-title":"Internal Control: Guidance for Directors on the Combined Code","author":"N. Turnbull","year":"1999","unstructured":"Turnbull, N. (1999) Internal Control: Guidance for Directors on the Combined Code: The Turnbull Report. The Institute of Chartered Accountants in England & Wales, London."},{"key":"1_CR33","unstructured":"Velayudham, C, Shoemaker, D. & Drommi, A. (2004) A Standard Methodology for Embedding Security Functionality Within Formal Specifications of Requirements. Americas Conference on Information Systems, New York, August 2004."},{"issue":"3","key":"1_CR34","doi-asserted-by":"crossref","first-page":"425","DOI":"10.2307\/30036540","volume":"27","author":"V. Venkatesh","year":"2003","unstructured":"Venkatesh, V., Morris, M. G., Davis, G. B. & Davis, F. D. (2003) User acceptance of information technology: Toward a unified view. MIS Quarterly, 27(3), 425\u201378.","journal-title":"MIS Quarterly"},{"key":"1_CR35","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1016\/j.cose.2005.02.002","volume":"24","author":"B. Solms von","year":"2005","unstructured":"von Solms, B. (2005) Information Security governance: COBIT or ISO 17799 or both? Computers & Security, 24, 99\u2013104.","journal-title":"Computers & Security"},{"issue":"4","key":"1_CR36","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1016\/S0167-4048(01)00405-9","volume":"20","author":"B. Solms von","year":"2001","unstructured":"von Solms, B. & von Solms, R. (2001) Incremental Information Security Certification. Computers & Security, 20(4), 308\u201310.","journal-title":"Computers & Security"},{"issue":"5","key":"1_CR37","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1108\/09685229810240158","volume":"6","author":"R. Solms von","year":"1998","unstructured":"von Solms, R. (1998) Information security management (3): the Code of Practice for Information Security Management (BS 7799). Information Management & Computer Security, 6(5), 224.","journal-title":"Information Management & Computer Security"},{"key":"1_CR38","unstructured":"Waloff, I. (2002) Speech by at \u201c7799 Goes Global\u201d conference. (text available at http:\/\/www.bsi-global.com\/News\/Releases\/2002\/September\/n3f029de8c689a.xalter), September 5"},{"key":"1_CR39","volume-title":"Interpreting information systems in organizations","author":"G. Walsham","year":"1993","unstructured":"Walsham, G. (1993) Interpreting information systems in organizations, Chichester, Wiley."}],"container-title":["IFIP International Federation for Information Processing","Security Management, Integrity, and Internal Control in Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/0-387-31167-X_1.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T05:08:38Z","timestamp":1619500118000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/0-387-31167-X_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["0387298266"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/0-387-31167-x_1","relation":{},"subject":[]}}