{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T09:55:58Z","timestamp":1725530158228},"publisher-location":"Boston, MA","reference-count":41,"publisher":"Springer US","isbn-type":[{"type":"print","value":"9780387097619"},{"type":"electronic","value":"9780387097626"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-0-387-09762-6_4","type":"book-chapter","created":{"date-parts":[[2009,3,26]],"date-time":"2009-03-26T08:10:37Z","timestamp":1238055037000},"page":"81-97","source":"Crossref","is-referenced-by-count":11,"title":["BORIS \u2013Business ORiented management of Information Security"],"prefix":"10.1007","author":[{"given":"Sebastian","family":"Sowa","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lampros","family":"Tsinas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Roland","family":"Gabriel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2008,12,22]]},"reference":[{"issue":"5799","key":"4_CR1_4","doi-asserted-by":"publisher","first-page":"610","DOI":"10.1126\/science.1130992","volume":"314","author":"R. Anderson","year":"2006","unstructured":"Anderson, R., and Moore, T.\"The Economics of Information Security,\"Science (314:5799), 2006, pp. 610-613.","journal-title":"Science"},{"key":"4_CR2_4","unstructured":"Baschin, A. Die Balanced Scorecard f\u00fcr Ihren Informationstechnologie-Bereich. Ein Leitfaden f\u00fcr Aufbau und Einf\u00fchrung, Frankfurt\/Main, 2001"},{"key":"4_CR3_4","doi-asserted-by":"crossref","unstructured":"Biethahn, J., Mucksch, H., and Ruf, W. Ganzheitliches Informationsmanagement. Band I: Grundlagen, 5., unwes. ver\u00e4nd. Auflage, M. et al., 2000.","DOI":"10.1515\/9783486804546"},{"key":"4_CR4_4","unstructured":"BSI IT Basic Protection Catalogues, German Federal Office for Information Security (BSI), http:\/\/www.bsi.de\/english\/publications\/bsi_standards\/index.htm , 2005."},{"key":"4_CR5_4","doi-asserted-by":"crossref","unstructured":"Camp, J.L., and Wolfram, C. \u201cPricing Security\u201d, in Economics of Information Security, Camp, J.L., Lewis, S. (Eds.), Boston et al., 2004, pp. 17\u201334.","DOI":"10.1007\/b116816"},{"issue":"14","key":"4_CR6_4","first-page":"65","volume":"2004","author":"H. Cavusoglu","year":"2004","unstructured":"Cavusoglu, H., Cavusoglu, H., and Raghunathan, S.\u201cEconomics of IT Security Management: Four Improvements to Current Security Practices,\u201dCommunications of AIS (2004:14), 2004, pp. 65-75.","journal-title":"Communications of AIS"},{"key":"4_CR7_4","doi-asserted-by":"crossref","unstructured":"Cavusoglu, H. \u201cEconomics of IT-Security Management,\u201d in Economics of Information Security, Camp, J.L., Lewis, S. (Eds.), Boston et al., 2004, pp. 71-83.","DOI":"10.1007\/1-4020-8090-5_6"},{"key":"4_CR8_4","volume-title":"Out of the Crisis","author":"W.E. Deming","year":"2000","unstructured":"Deming, W.E. Out of the Crisis, Cambridge, MA, 2000."},{"issue":"2","key":"4_CR9_4","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1201\/1086\/45241.14.2.20050501\/88291.5","volume":"14","author":"T. Fitzgerald","year":"2005","unstructured":"Fitzgerald, T.\"Building Management Commitment through Security Councils,\"Information Systems Security (14:2), 2005, pp. 27-36.","journal-title":"Information Systems Security"},{"key":"4_CR10_4","unstructured":"Gabriel, R., Beier, D. Informationsmanagement in Organisationen, Stuttgart, 2003."},{"key":"4_CR11_4","unstructured":"Gabriel, R., and Beier, D. Informationsmanagement, Band 3: Spezialthemen des Informationsmanagements, Lehrmaterialien im Studienfach Wirtschaftsinformatik 36\/02, Lehrstuhl f\u00fcr Wirtschaftsinformatik, Ruhr-Universit\u00e4t Bochum, Bochum, 2002."},{"key":"4_CR12_4","unstructured":"Gabriel, R., Sowa, S., and Wiedemann, J. \u201cImproving information security compliance \u2013 A process-oriented approach for managing organizational change,\u201d in Multikonferenz Wirtschaftsinformatik 2008 (MKWI 2008), Bichler, M., Hess, T., Krcmar, H., Lechner, U., Matthes, F., Picot, A., Speitkamp, B., and Wolf, P. (Eds.), Berlin, 2008, pp. 247-248."},{"key":"4_CR13_4","doi-asserted-by":"crossref","unstructured":"Gordon, L.A., and Loeb, M.P. \u201cThe Economics of Information Security Investment,\u201d in Economics of Information Security, Camp, J.L., Lewis, S. (Eds.), Boston et al., 2004, pp. 105-127.","DOI":"10.1007\/1-4020-8090-5_9"},{"issue":"5","key":"4_CR14_4","first-page":"26","volume":"84","author":"L.A. Gordon","year":"2002","unstructured":"Gordon, L.A., and Loeb, M.P.\u201cReturn On Information Security Investments: Myths vs Realities,\u201dStrategic Finance (84:5), 2002, pp. 26-31.","journal-title":"Strategic Finance"},{"key":"4_CR15_4","unstructured":"Information Security Forum Fundamental Information Risk Management (FIRM), http:\/\/www. securityforum.org\/ (member access only), 2008."},{"key":"4_CR16_4","unstructured":"ISO (International Organization for Standardization) ISO\/IEC 17799:2005 \u201cInformation technology - Code of practice for information security management\u201d, Geneva, 2005."},{"key":"4_CR17_4","unstructured":"ISO (International Organization for Standardization) ISO\/IEC 27001:2005 \u201cInformation technology - Security techniques - Information security management systems \u2013 Requirements\u201d, Geneva, 2005."},{"key":"4_CR18_4","unstructured":"ITGI CObIT 4.1, Framework, Control Objectives, Management Guidelines, Maturity Model, IT Governance Institute, Rolling Meadows, 2007."},{"issue":"7\/8","key":"4_CR19_4","first-page":"172","volume":"83","author":"R.S. Kaplan","year":"2005","unstructured":"Kaplan, R.S., and Norton, D.P.\u201cThe Balanced Scorecard: Measures That Drive Performance,\u201dHarvard Business Review (83:7\/8), 2005, pp. 172-180.","journal-title":"Harvard Business Review"},{"issue":"1","key":"4_CR20_4","first-page":"75","volume":"74","author":"R.S. Kaplan","year":"1996","unstructured":"Kaplan, R.S., and Norton, D.P.\u201cUsing the Balanced Scorecard as a Strategic Management System,\u201dHarvard Business Review (74:1), 1996, pp. 75-85.","journal-title":"Harvard Business Review"},{"key":"4_CR21_4","unstructured":"Klempt, P. Effiziente Reduktion von IT-Risiken im Rahmen des Risikomanagementprozesses, Bochum, Univ., Diss., 2007."},{"key":"4_CR22_4","unstructured":"Klempt, P., Schmidpeter, H., Sowa, S., and Tsinas, L. \u201cBusiness Oriented Information Security Management \u2013 A Layered Approach,\u201d in On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS, OTM Confederated International Conferences, CoopIS, DOA, ODBASE, GADA, and IS 2007, Meersman, Robert; Tari, Zahir (Eds.), Berlin et al., 2007, pp. 1835-1852."},{"key":"4_CR23_4","doi-asserted-by":"crossref","unstructured":"Lange, J.A. Sicherheit und Datenschutz als notwendige Eigenschaften von computergest\u00fctzten Informationssystemen. Ein integrierender Gestaltungsansatz f\u00fcr vertrauensw\u00fcrdige computergest\u00fctzte Informationssysteme, 1. Auflage, Wiesbaden, 2005.","DOI":"10.1007\/978-3-322-82143-0"},{"issue":"4","key":"4_CR24_4","first-page":"4","volume":"25","author":"L. Lapide","year":"2007","unstructured":"Lapide, L.\u201cQuestions to Ask when Reviewing the Benchmarking Data,\u201dJournal of Business Forecasting (25:4), 2007, pp. 4-7.","journal-title":"Journal of Business Forecasting"},{"key":"4_CR25_4","doi-asserted-by":"crossref","unstructured":"Laprie, J.C. \u201cDependability of Computer Systems: from Concepts to Limits,\u201d in Proceedings of the Sixth International Symposium on Software Reliability Engineering, 1995, pp. 2-11.","DOI":"10.1109\/ISSRE.1995.497638"},{"issue":"7","key":"4_CR26_4","doi-asserted-by":"publisher","first-page":"492","DOI":"10.1007\/s11623-007-0172-3","volume":"31","author":"M. Lardschneider","year":"2007","unstructured":"Lardschneider, M.\u201cSecurity Awareness \u2013 Grundlage aller Sicherheitsinvestitionen,\u201dDuD, Datenschutz und Datensicherheit, (31:7) 2007, pp. 492-497.","journal-title":"DuD, Datenschutz und Datensicherheit,"},{"key":"4_CR27_4","unstructured":"Loomans, D.C. \u201cInformation Risk Scorecard macht Sicherheitskosten transparent,\u201d in HMD 236 \u201cPraxis der Wirschaftsinformatik - IT-Sicherheit,\u201d M\u00f6rike, M. (Ed.), 2004, pp. 43-51."},{"issue":"3","key":"4_CR28_4","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1201\/1086.1065898X\/45390.14.3.20050701\/89149.6","volume":"14","author":"M. Nyanchama","year":"2005","unstructured":"Nyanchama, M.\u201cEnterprise Vulnerability Management and Its Role in Information Security Management,\u201dInformation Systems Security (14:3), 2005, pp. 29-56.","journal-title":"Information Systems Security"},{"issue":"2","key":"4_CR29_4","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1201\/1086\/45241.14.2.20050501\/88292.6","volume":"14","author":"T.R. Peltier","year":"2005","unstructured":"Peltier, T.R.\u201cImplementing an Information Security Awareness Program,\u201dInformation Systems Security (14:2), 2005, pp. 37-48.","journal-title":"Information Systems Security"},{"issue":"7","key":"4_CR30_4","first-page":"5","volume":"20","author":"R. Powell","year":"2007","unstructured":"Powell, R.\u201cThe Boom in Benchmarking Studies,\u201dJournal of Financial Planning (20:7), 2007, pp. 5-23.","journal-title":"Journal of Financial Planning"},{"key":"4_CR31_4","unstructured":"Schneier, B. Beyond Fear, Thinking Sensibly About Security in an Uncertain World, New York, 2006."},{"key":"4_CR32_4","doi-asserted-by":"crossref","unstructured":"Sherwood, J., Clark, A., and Lynas, D. Enterprise Security Architecture, A Business Driven Approach, 2005.","DOI":"10.1201\/b17776"},{"key":"4_CR33_4","volume-title":"Workshop on Economics and Information Security","author":"H. Soo","year":"2002","unstructured":"Soo H., and Kevin J.\u201cHow Much Is Enough? A Risk Management Approach to Computer Security,\u201d Workshop on Economics and Information Security, University of California. Berkeley, CA, 2002."},{"key":"4_CR34_4","unstructured":"Supply Chain Consortium \u201cBenchmarking Do\u2019s and Don\u2019ts,\u201d Industry Week\/IW (256:12), 2007, p. 50."},{"issue":"5","key":"4_CR35_4","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1201\/1086\/43808.12.5.20031101\/78485.1","volume":"12","author":"J. Tiller","year":"2003","unstructured":"Tiller, J.\u201cThe Business of Security,\u201dInformation Systems Security (12:5), 2003, pp. 2\u20134.","journal-title":"Information Systems Security"},{"key":"4_CR36_4","unstructured":"Tsinas, L. \u201cPRONOE, Process and Risk Oriented Numerical Outgoings Estimation \u2013 Vorschlag f\u00fcr eine Methodik zur risikoorientierten Kosten-Nutzen-Balance im Informations- Sicherheits-Management,\u201d KES, Zeitschrift f\u00fcr Informations-Sicherheit (23:4), 2007, pp. 44-49."},{"key":"4_CR37_4","unstructured":"Wei, H., Frinke, D., Carter, O., and Ritter, C. \u201cCost-Benefit Analysis for Network Intrusion Detection Systems,\u201d CSI 28th Annual Computer Security Conference, October 29-31, 2001, Washington, DC, http:\/\/www.csds.uidaho.edu\/deb\/costbenefit.pdf , 2001."},{"key":"4_CR38_4","unstructured":"Werners, B., Klempt, P. Verfahren zur Evaluation der IT-Sicherheit eines Unternehmens, Arbeitsbericht Nr. 12, Institut f\u00fcr Sicherheit im E-Business (ISEB), Bochum, 2005."},{"key":"4_CR39_4","unstructured":"Xerox Corporation Leadership through quality: Implementing competitive benchmarking, 1987."},{"key":"4_CR40_4","doi-asserted-by":"crossref","unstructured":"Zimmermann, H.J. Fuzzy set theorie \u2013 and its applications, 4th ed., Boston et al., 2001.","DOI":"10.1007\/978-94-010-0646-0"},{"key":"4_CR41_4","doi-asserted-by":"crossref","unstructured":"Zimmermann, H.J Fuzzy Technologien: Prinzipien, Werkzeuge, Potentiale, D\u00fcsseldorf, 1993.","DOI":"10.1007\/978-3-642-95774-1"}],"container-title":["Managing Information Risk and the Economics of Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-0-387-09762-6_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,18]],"date-time":"2019-05-18T23:13:20Z","timestamp":1558221200000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-0-387-09762-6_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,12,22]]},"ISBN":["9780387097619","9780387097626"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-0-387-09762-6_4","relation":{},"subject":[],"published":{"date-parts":[[2008,12,22]]}}}