{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T21:46:40Z","timestamp":1743025600477,"version":"3.40.3"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030376314"},{"type":"electronic","value":"9783030376321"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-37632-1_13","type":"book-chapter","created":{"date-parts":[[2019,12,16]],"date-time":"2019-12-16T15:55:12Z","timestamp":1576511712000},"page":"141-152","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Semi-automated Information Security Risk Assessment Framework for Analyzing Enterprises Security Maturity Level"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8434-0648","authenticated-orcid":false,"given":"Blerton","family":"Abazi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0023-1143","authenticated-orcid":false,"given":"Andrea","family":"K\u0151","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,12,13]]},"reference":[{"key":"13_CR1","unstructured":"De Groot, J.: The History of Data Breaches. https:\/\/digitalguardian.com\/blog\/history-data-breaches"},{"key":"13_CR2","unstructured":"Ponemon Institute: 2018 Cost of Data Breach Study, Global Overview (2018)"},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Businge, J., Serebrenik, A., van den Brand, M.: An empirical study of the evolution of eclipse third-party plug-ins. In: Proceedings of the Joint ERCIM Workshop on Software Evolution (EVOL) and International Workshop on Principles of Software Evolution (IWPSE), pp. 63\u201372. ACM, New York (2010)","DOI":"10.1145\/1862372.1862389"},{"issue":"3","key":"13_CR4","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1016\/j.im.2017.09.003","volume":"55","author":"Anant Joshi","year":"2018","unstructured":"Joshi, A., Bollen, L., Hassink, H., De Haes, S., Van Grembergen, W.: Explaining IT governance disclosure through the constructs of IT governance maturity and IT strategic role. Inf. Manag., 0\u20131 (2017). https:\/\/doi.org\/10.1016\/j.im.2017.09.003","journal-title":"Information & Management"},{"key":"13_CR5","unstructured":"Burgeois, D.T.: Information Systems for Business and Beyond. Saylor Foundation (2014)"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"Talabis, M., Martin, J.: Information Security Risk Assessment Toolkit Practical Assessments Through Data Collection and Data Analysis. Syngress (2012). ISBN 9781597497350. ISBN 9781597499750","DOI":"10.1016\/B978-1-59-749735-0.00004-X"},{"key":"13_CR7","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1016\/j.proeng.2011.11.2652","volume":"24","author":"XY Ge","year":"2011","unstructured":"Ge, X.Y., Yuan, Y.Q., Lu, L.L.: An information security maturity evaluation mode. Procedia Eng. 24, 335\u2013339 (2011). https:\/\/doi.org\/10.1016\/j.proeng.2011.11.2652","journal-title":"Procedia Eng."},{"key":"13_CR8","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1108\/13287261211221128","volume":"14","author":"S Dzazali","year":"2012","unstructured":"Dzazali, S., Zolait, A.H.: Assessment of information security maturity: an exploration study of Malaysian public service organizations. J. Syst. Inf. Technol. 14, 23\u201357 (2012). https:\/\/doi.org\/10.1108\/13287261211221128","journal-title":"J. Syst. Inf. Technol."},{"key":"13_CR9","first-page":"506","volume":"29","author":"J Poeppelbuss","year":"2011","unstructured":"Poeppelbuss, J., Niehaves, B., Simons, A., Becker, J.: Maturity models in information systems research: literature search and analysis. Commun. Assoc. Inf. Syst. 29, 506\u2013532 (2011)","journal-title":"Commun. Assoc. Inf. Syst."},{"key":"13_CR10","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1016\/j.cose.2005.04.004","volume":"24","author":"B Von Solms","year":"2005","unstructured":"Von Solms, B., Von Solms, R.: From information security to\u2026business security? Comput. Secur. 24, 271\u2013273 (2005). https:\/\/doi.org\/10.1016\/j.cose.2005.04.004","journal-title":"Comput. Secur."},{"key":"13_CR11","unstructured":"Schneier, B.: Secrets and Lies: Digital Security in a Networked World. Willey (2004)"},{"key":"13_CR12","doi-asserted-by":"publisher","unstructured":"Ngwum, N.I.: Information Security Maturity Model (ISMM) Information Security Maturity Model. A dissertation submitted to The University of Manchester, pp. 1\u2013136 (2016). https:\/\/doi.org\/10.13140\/RG.2.1.2432.8729","DOI":"10.13140\/RG.2.1.2432.8729"},{"key":"13_CR13","unstructured":"Nazareth, D., Choi, J.: Information security management: a system dynamics approach. In: Americas Conference on Information Systems (2012)"},{"key":"13_CR14","unstructured":"Macedo, F.N.R.: Models for Assessing Information Security Risk, pp. 1\u201364 (2009)"},{"key":"13_CR15","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/j.jsis.2007.05.004","volume":"16","author":"Q Hu","year":"2007","unstructured":"Hu, Q., Hart, P., Cooke, D.: The role of external and internal influences on information systems security - a neo-institutional perspective. J. Strateg. Inf. Syst. 16, 153\u2013172 (2007). https:\/\/doi.org\/10.1016\/j.jsis.2007.05.004","journal-title":"J. Strateg. Inf. Syst."},{"key":"13_CR16","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1016\/j.im.2014.10.009","volume":"52","author":"DL Nazareth","year":"2015","unstructured":"Nazareth, D.L., Choi, J.: A system dynamics model for information security management. Inf. Manag. 52, 123\u2013134 (2015). https:\/\/doi.org\/10.1016\/j.im.2014.10.009","journal-title":"Inf. Manag."},{"key":"13_CR17","unstructured":"Lapke, M., Dhillon, G.: A semantic analysis of security policy formulation and implementation: a case study. In: Association for Information Systems - 12th Americas Conference on Information Systems, AMCIS 2006 (2006)"},{"key":"13_CR18","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1016\/s1386-5056(00)00115-5","volume":"60","author":"N Gaunt","year":"2000","unstructured":"Gaunt, N.: Practical approaches to creating a security culture. Int. J. Med. Inform. 60, 151\u2013157 (2000). https:\/\/doi.org\/10.1016\/s1386-5056(00)00115-5","journal-title":"Int. J. Med. Inform."},{"key":"13_CR19","doi-asserted-by":"publisher","DOI":"10.1007\/s40171-013-0047-4","author":"AN Singh","year":"2013","unstructured":"Singh, A.N., Picot, A., Kranz, J., Gupta, M.P., Ojha, A.: Information Security Management (ISM) practices: lessons from select cases from India and Germany. Glob. J. Flex. Syst. Manag. (2013). https:\/\/doi.org\/10.1007\/s40171-013-0047-4","journal-title":"Glob. J. Flex. Syst. Manag."},{"key":"13_CR20","doi-asserted-by":"crossref","unstructured":"Stine, K., Barker, W.C., Gulick, J.: Volume I\u202f: Guide for Mapping Types of Information and Information Systems to Security Categories, vol. I (2008)","DOI":"10.6028\/NIST.SP.800-60v1r1"},{"key":"13_CR21","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1016\/j.ijinfomgt.2015.11.009","volume":"36","author":"ZA Soomro","year":"2016","unstructured":"Soomro, Z.A., Shah, M.H., Ahmed, J.: Information security management needs more holistic approach: a literature review. Int. J. Inf. Manag. 36, 215\u2013225 (2016). https:\/\/doi.org\/10.1016\/j.ijinfomgt.2015.11.009","journal-title":"Int. J. Inf. Manag."},{"key":"13_CR22","unstructured":"Diver, S.: Information Security Policy - A Development Guide for Large and Small Companies. Information Security, SANS Institute (2007)"},{"key":"13_CR23","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1109\/MITP.2011.11","volume":"13","author":"S Radack","year":"2011","unstructured":"Radack, S., Kuhn, D.: Managing security: the security content automation protocol. IT Prof. 13, 9\u201311 (2011). https:\/\/doi.org\/10.1109\/MITP.2011.11","journal-title":"IT Prof."},{"key":"13_CR24","doi-asserted-by":"publisher","unstructured":"Montesino, R., Fenz, S.: Automation possibilities in information security management. In: Proceedings of 2011 European Intelligence and Security Informatics Conference, EISIC 2011, pp. 259\u2013262 (2011). https:\/\/doi.org\/10.1109\/EISIC.2011.39","DOI":"10.1109\/EISIC.2011.39"},{"key":"13_CR25","first-page":"44","volume":"1","author":"B Stevanovi","year":"2011","unstructured":"Stevanovi, B.: Maturity models in information security. Int. J. Inf. Commun. Technol. Res. 1, 44\u201347 (2011)","journal-title":"Int. J. Inf. Commun. Technol. Res."},{"key":"13_CR26","unstructured":"Becker, J., Niehaves, B., Poeppelbuss, J., Simons, A.: Association for Information Systems AIS Electronic Library (AISeL) Maturity Models in IS Research. Maturity Models in IS Research (2010)"},{"key":"13_CR27","doi-asserted-by":"publisher","DOI":"10.7763\/joebm.2013.v1.84","author":"S Zhang","year":"2013","unstructured":"Zhang, S., Le, F.H.: An examination of the practicability of COBIT framework and the proposal of a COBIT-BSC model. J. Econ. Bus. Manag. (2013). https:\/\/doi.org\/10.7763\/joebm.2013.v1.84","journal-title":"J. Econ. Bus. Manag."},{"key":"13_CR28","unstructured":"Sophia, W.: How Can Risk Maturity Model Benefit Your Risk Management. https:\/\/www.riskmethods.net\/en\/blog\/How-Can-Risk-Maturity-Model-Benefit-Your-Risk-Management\/112"},{"key":"13_CR29","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1080\/10580530902797524","volume":"26","author":"M Khaiata","year":"2009","unstructured":"Khaiata, M., Zualkernan, I.A.: A simple instrument to measure IT-Business alignment maturity. Inf. Syst. Manag. 26, 138\u2013152 (2009). https:\/\/doi.org\/10.1080\/10580530902797524","journal-title":"Inf. Syst. Manag."},{"key":"13_CR30","unstructured":"Abazi, B.: A novel approach for a risk assessment maturity framework based on ISO 27001 (2019)"}],"container-title":["Lecture Notes in Business Information Processing","Research and Practical Issues of Enterprise Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-37632-1_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T14:05:22Z","timestamp":1710338722000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-37632-1_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030376314","9783030376321"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-37632-1_13","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"13 December 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CONFENIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Research and Practical Issues of Enterprise Information Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Prague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Czech Republic","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"confenis2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/confenis.ifip.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}