{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T17:29:21Z","timestamp":1725470961178},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540383413"},{"type":"electronic","value":"9783540383437"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11836810_38","type":"book-chapter","created":{"date-parts":[[2006,10,3]],"date-time":"2006-10-03T10:36:57Z","timestamp":1159871817000},"page":"530-545","source":"Crossref","is-referenced-by-count":24,"title":["Managing Information Systems Security: Critical Success Factors and Indicators to Measure Effectiveness"],"prefix":"10.1007","author":[{"given":"Jose M","family":"Torres","sequence":"first","affiliation":[]},{"given":"Jose M","family":"Sarriegi","sequence":"additional","affiliation":[]},{"given":"Javier","family":"Santos","sequence":"additional","affiliation":[]},{"given":"Nicol\u00e1s","family":"Serrano","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"38_CR1","unstructured":"Ernst&Young.: Global Information Security Survey (2002), www.ey.com"},{"key":"38_CR2","doi-asserted-by":"crossref","unstructured":"Bjorck, F.: Institutional Theory: A New Perspective for Research into IS\/IT Security in Organizations. In: Proceedings of the 37th Hawaii International Conference on System Sciences (2004)","DOI":"10.1109\/HICSS.2004.1265444"},{"key":"38_CR3","unstructured":"Institute of Electrical and Electronics Engineers: IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries. New York, NY (1990)"},{"key":"38_CR4","doi-asserted-by":"crossref","unstructured":"Firesmith, D.G.: Common Concepts Underlying Safety, Security and Survivability Engineering (December 2003), CMU\/SEI-2003-TN-033","DOI":"10.21236\/ADA421683"},{"key":"38_CR5","unstructured":"Burling, M.: The key to compliance, www.net-security.org"},{"key":"38_CR6","doi-asserted-by":"crossref","unstructured":"Kajava, J., Savola, R.: Towards Better Information Security Management by Understanding Security Metrics and Measuring Processes (2005)","DOI":"10.1007\/11596981_75"},{"key":"38_CR7","doi-asserted-by":"crossref","unstructured":"Dhillon, G., Backhouse, J.: Information System Security Management in the New Millennium. Communication of the ACM\u00a043(7) (July 2000)","DOI":"10.1145\/341852.341877"},{"key":"38_CR8","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1016\/j.cose.2005.04.004","volume":"24","author":"S.H. Sloms Von","year":"2005","unstructured":"Von Sloms, S.H., Von Sloms, R.: From Information Security to.... Business Security? Computer & Security\u00a024, 271\u2013273 (2005)","journal-title":"Computer & Security"},{"key":"38_CR9","unstructured":"Caralli, R.A., Wilson, W.R.: The challenges of Security Management. Networked Systems Survivability Program, SEI"},{"key":"38_CR10","unstructured":"Anderson James, M.: Why We Need a New Definition of Information Security"},{"key":"38_CR11","unstructured":"Schneier, B.: Monthly Newsletter, www.schneier.com"},{"key":"38_CR12","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1108\/09685229910292664","volume":"4","author":"G. Dhillon","year":"1999","unstructured":"Dhillon, G.: Managing and Controlling Computer Misuse. Information Management & Computer Security\u00a07\/4, 171\u2013175 (1999)","journal-title":"Information Management & Computer Security"},{"issue":"2","key":"38_CR13","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1016\/S0167-4048(01)00209-7","volume":"20","author":"G. Dhillon","year":"2001","unstructured":"Dhillon, G.: Violating of Safeguards by Trusted Personal and Understanding Related Information Security Concerns. Computer & Security\u00a020(2), 165\u2013172 (2001)","journal-title":"Computer & Security"},{"issue":"8","key":"38_CR14","doi-asserted-by":"publisher","first-page":"715","DOI":"10.1016\/S0167-4048(01)00813-6","volume":"20","author":"G. Dhillon","year":"2001","unstructured":"Dhillon, G., Moores, S.: Computer crimes: Theorizing About the Enemy Within. Computer & Security\u00a020(8), 715\u2013723 (2001)","journal-title":"Computer & Security"},{"key":"38_CR15","unstructured":"Torres, J.M., Sarriegui, J.M.: Dynamics Aspects of Security Management of Information Systems. In: Proceedings of Systems Dynamic Society Conference, Oxford, UK (July 2003)"},{"key":"38_CR16","unstructured":"Anderson, R.: Why Information Security is Hard: An Economic Perspective (2001)"},{"key":"38_CR17","volume-title":"Managing the Risk of Organizational Accidents","author":"J. Reason","year":"1997","unstructured":"Reason, J.: Managing the Risk of Organizational Accidents. Ashgate Publishing Ltd., Hants (1997)"},{"key":"38_CR18","unstructured":"Andersen, D., Cappelli, D., Gonzalez, J., Mojtahedzadeh, M., Moore, A., Rich, E., Sarriegui, J.M., Shimeall, T., Stanton, J., Weaver, E., Zagonel, A.: Preliminary System Dynamics Maps of the Insider Cyber-Threat Problem. In: Proceedings of System Dynamics Society Conference, Oxford, UK (2004)"},{"key":"38_CR19","volume-title":"From Modeling to Managing Security: A System Dynamics Approach","author":"C. Melara","year":"2003","unstructured":"Melara, C., Sarriegui, J.M., Gonzalez, J., Sawicka, A., Cooke, D.L.: A System Dynamics Model of an Insider Attack on an Information System. In: From Modeling to Managing Security: A System Dynamics Approach, Norwegian Academic Press Kristians, Norway (2003)"},{"key":"38_CR20","unstructured":"Wilson, S.: The Future of Vulnerability Management: Information Security Bulletin \u00a08, 69 (2003)"},{"key":"38_CR21","unstructured":"Schneier, B.: Information Security Management. In: Conference in Bilbao, Spain (2005)"},{"key":"38_CR22","unstructured":"Berinato, S., Cosgrove, L.: Six Secrets of Highly Secure Organizations. CIO magazine (September 15, 2004)"},{"key":"38_CR23","first-page":"472","volume":"24","author":"M. Theoharidou","year":"2005","unstructured":"Theoharidou, M., Karida, M., Kokolakis, S.: The Insider Threat to Information Systems and the Effectiveness of ISO 17799. Computer&Security\u00a024, 472\u2013848 (2005)","journal-title":"Computer&Security"},{"key":"38_CR24","volume-title":"Fighting Computer Crime","author":"D. Parker","year":"1998","unstructured":"Parker, D.: Fighting Computer Crime. John Wiley & Sons, New York (1998)"},{"key":"38_CR25","unstructured":"Torres, J.M., Sarriegui, J.M., Santos, J.: Searching for Preventive-Corrective Security Balance. In: Proceedings of Systems Dynamic Society Conference, Boston U.S.A (July 2005)"},{"key":"38_CR26","unstructured":"Gonzalez, J., Rich, E.: Helping Prevent Information Security Risks in the Transition to Integrated Operations. Teletronikk 1 (2005)"},{"key":"38_CR27","unstructured":"Sarriegui, J.M., Eceiza, E., Torres, J.M., Santos, J.: Security Management of Information Systems Report (2005)"},{"key":"38_CR28","unstructured":"Bjorck, F.: Implementing Information Security Management System: Empirical Study of Critical Success Factors"},{"key":"38_CR29","volume-title":"Applied Cryptography: Protocols, Algorithms and Source Code in C","author":"B. Schneier","year":"1994","unstructured":"Schneier, B.: Applied Cryptography: Protocols, Algorithms and Source Code in C. John Wiley& Sons Inc., New York (1994)"},{"key":"38_CR30","first-page":"433","volume":"24","author":"S.H. Sloms Von","year":"2005","unstructured":"Von Sloms, S.H.: Information Security Governance: compliance management vs. operational management. Computer&Security\u00a024, 433\u2013447 (2005)","journal-title":"Computer&Security"},{"key":"38_CR31","volume-title":"Managing Cyber Security Resources. A cost-benefit analysis","author":"L. Gordon","year":"2006","unstructured":"Gordon, L., Loeb, M.: Managing Cyber Security Resources. A cost-benefit analysis. McGraw-Hill, New York (2006)"},{"key":"38_CR32","volume-title":"Beyond Fears","author":"B. Schneier","year":"2003","unstructured":"Schneier, B.: Beyond Fears, 1st edn. Copernicus Book, New York (2003)","edition":"1"},{"key":"38_CR33","unstructured":"IBM Global Business Security index survey. Potential threats to information security during 2006 (2005)"},{"key":"38_CR34","volume-title":"The Art of Deception","author":"K. Mitnick","year":"2002","unstructured":"Mitnick, K.: The Art of Deception. John Wiley Inc., Indianapolis, Indiana (2002)"},{"key":"38_CR35","first-page":"425","volume":"24","author":"E. Schultz","year":"2005","unstructured":"Schultz, E.: The human Factor in Security. Computer&Security\u00a024, 425\u2013426 (2005)","journal-title":"Computer&Security"},{"key":"38_CR36","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1016\/S0167-4048(01)00607-1","volume":"20","author":"B. Schneier","year":"2001","unstructured":"Schneier, B.: Managed Security Monitoring: Network Security for the 21st Century. Computer and Security\u00a020, 491\u2013503 (2001)","journal-title":"Computer and Security"},{"key":"38_CR37","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1016\/j.cose.2004.10.003","volume":"24","author":"G.B. Magklaras","year":"2005","unstructured":"Magklaras, G.B., Furnell, S.M.: A Preliminary Model of End User Sophistication for Insider Threat Prediction in IT Systems. Computer & Security\u00a024, 371\u2013380 (2005)","journal-title":"Computer & Security"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11836810_38.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,9]],"date-time":"2023-05-09T01:41:41Z","timestamp":1683596501000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11836810_38"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540383413","9783540383437"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/11836810_38","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}