{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T12:32:02Z","timestamp":1743078722606,"version":"3.40.3"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030519735"},{"type":"electronic","value":"9783030519742"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-51974-2_7","type":"book-chapter","created":{"date-parts":[[2020,8,7]],"date-time":"2020-08-07T15:05:44Z","timestamp":1596812744000},"page":"69-84","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Framework for the Assessment of Information Security Risk, the Reduction of Information Security Cost and the Sustainability of Information Security Culture"],"prefix":"10.1007","author":[{"given":"S. G.","family":"Govender","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"E.","family":"Kritzinger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M.","family":"Loock","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,8,8]]},"reference":[{"key":"7_CR1","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1016\/j.jisa.2017.11.001","volume":"40","author":"NS Safa","year":"2018","unstructured":"Safa, N.S., Maple, C., Watson, T., Von Solms, R.: Motivation and opportunity based model to reduce information security insider threats in organisations. J. Inf. Secur. Appl. 40, 247\u2013257 (2018). https:\/\/doi.org\/10.1016\/j.jisa.2017.11.001","journal-title":"J. Inf. Secur. Appl."},{"key":"7_CR2","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3415960","author":"S Mukherjee","year":"2019","unstructured":"Mukherjee, S.: Overview of the importance of corporate security in business. SSRN Electron. J. (2019). https:\/\/doi.org\/10.2139\/ssrn.3415960","journal-title":"SSRN Electron. J."},{"key":"7_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/978-3-319-91800-6_19","volume-title":"Designing for a Digital and Globalized World","author":"G Dhillon","year":"2018","unstructured":"Dhillon, G., Torkzadeh, G., Chang, J.: Strategic planning for IS security: designing objectives. In: Chatterjee, S., Dutta, K., Sundarraj, R.P. (eds.) DESRIST 2018. LNCS, vol. 10844, pp. 285\u2013299. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-91800-6_19"},{"key":"7_CR4","unstructured":"Lord, N.: The history of data breaches. https:\/\/digitalguardian.com\/blog\/history-data-breaches. Last Accessed 07 Oct 2019"},{"key":"7_CR5","unstructured":"Winder, D.: Data breaches expose 4.1 billion records in first six months of 2019. https:\/\/www.forbes.com\/sites\/daveywinder\/2019\/08\/20\/data-breaches-expose-41-billion-records-in-first-six-months-of-2019\/#7fe19849bd54. Last Accessed 07 Oct 2019"},{"key":"7_CR6","unstructured":"Targett, E.: Global data breaches 2018: 4.5 billion records compromised thus far. https:\/\/www.cbronline.com\/news\/global-data-breaches-2018. Last Accessed 07 Oct 2019"},{"key":"7_CR7","unstructured":"Ponemon Institute: cost of data breach study (2018)"},{"key":"7_CR8","unstructured":"Verizon: 2017 data breach investigation report, 10th edition (2017)"},{"key":"7_CR9","unstructured":"Kaspersky Lab: damage control: the cost of security breaches, IT Security Risks Special Report Series (2016)"},{"key":"7_CR10","unstructured":"Chong, J.: How security technology improves business operations. https:\/\/www.securitymagazine.com\/articles\/89706-how-security-technology-improves-business-operations. Last Accessed 07 Oct 2019"},{"key":"7_CR11","unstructured":"Debar, H.: Cybersecurity: high costs for companies. http:\/\/theconversation.com\/cybersecurity-high-costs-for-companies-110807. Last Accessed 07 Oct 2019"},{"key":"7_CR12","unstructured":"Wilczek, M.: Cybercrime is increasing and more costly for organizations. https:\/\/www.cio.com\/article\/3386417\/cybercrime-is-increasing-and-more-costly-for-organizations.html. Last Accessed 07 Oct 2019"},{"key":"7_CR13","unstructured":"Edwards, B., Jacobs, J., Forrest, S.: Risky business: assessing security with external measurements. arXiv Prepr. arXiv1904.11052 (2019)"},{"key":"7_CR14","unstructured":"Schmittling, R.: Performing a security risk assessment. https:\/\/www.isaca.org\/Journal\/archives\/2010\/Volume-1\/Pages\/Performing-a-Security-Risk-Assessment1.aspx. Last Accessed 10 Oct 2019"},{"issue":"3","key":"7_CR15","doi-asserted-by":"publisher","first-page":"2285","DOI":"10.1007\/s10270-018-0661-x","volume":"18","author":"N Mayer","year":"2018","unstructured":"Mayer, N., Aubert, J., Grandry, E., Feltus, C., Goettelmann, E., Wieringa, R.: An integrated conceptual model for information system security risk management supported by enterprise architecture management. Softw. Syst. Model. 18(3), 2285\u20132312 (2018). https:\/\/doi.org\/10.1007\/s10270-018-0661-x","journal-title":"Softw. Syst. Model."},{"key":"7_CR16","unstructured":"Kosutic, D.: ISO 27001 checklist: 16 steps for the implementation. https:\/\/advisera.com\/27001academy\/knowledgebase\/iso-27001-implementation-checklist\/. Last Accessed 11 Sep 2019"},{"key":"7_CR17","unstructured":"Beaver, K.: Best practices for an information security assessment. https:\/\/searchsecurity.techtarget.com\/tip\/Best-practices-for-an-information-security-assessment. Last Accessed 10 Oct 2019"},{"key":"7_CR18","doi-asserted-by":"publisher","first-page":"698","DOI":"10.1016\/S0167-4048(00)08019-6","volume":"19","author":"MM Eloff","year":"2000","unstructured":"Eloff, M.M., Von Solms, S.H.: Information security management: an approach to combine process certification and product evaluation. Comput. Secur. 19, 698\u2013709 (2000). https:\/\/doi.org\/10.1016\/S0167-4048(00)08019-6","journal-title":"Comput. Secur."},{"key":"7_CR19","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1016\/j.cose.2006.10.008","volume":"26","author":"AB Ruighaver","year":"2007","unstructured":"Ruighaver, A.B., Maynard, S.B., Chang, S.: Organisational security culture: extending the end-user perspective. Comput. Secur. 26, 56\u201362 (2007). https:\/\/doi.org\/10.1016\/j.cose.2006.10.008","journal-title":"Comput. Secur."},{"key":"7_CR20","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","volume":"32","author":"RE Crossler","year":"2013","unstructured":"Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32, 90\u2013101 (2013). https:\/\/doi.org\/10.1016\/j.cose.2012.09.010","journal-title":"Comput. Secur."},{"key":"7_CR21","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1287\/isre.2015.0569","volume":"26","author":"JSC Hsu","year":"2015","unstructured":"Hsu, J.S.C., Shih, S.P., Hung, Y.W., Lowry, P.B.: The role of extra-role behaviors and social controls in information security policy effectiveness. Inf. Syst. Res. 26, 282\u2013300 (2015). https:\/\/doi.org\/10.1287\/isre.2015.0569","journal-title":"Inf. Syst. Res."},{"key":"7_CR22","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1145\/1290958.1290971","volume":"50","author":"J D\u2019Arcy","year":"2007","unstructured":"D\u2019Arcy, J., Hovav, A.: Deterring internal information systems misuse. Commun. ACM 50, 113\u2013117 (2007). https:\/\/doi.org\/10.1145\/1290958.1290971","journal-title":"Commun. ACM"},{"key":"7_CR23","doi-asserted-by":"publisher","first-page":"345","DOI":"10.25300\/MISQ\/2015\/39.2.04","volume":"39","author":"A Vance","year":"2015","unstructured":"Vance, A., Benjamin Lowry, P.: A new approach to the problem of access policy violations: increasing perceptions of accountability through the user interface. MIS Q. 39, 345 (2015)","journal-title":"MIS Q."},{"key":"7_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/978-3-030-01689-0_22","volume-title":"Cyberspace Safety and Security","author":"SG Govender","year":"2018","unstructured":"Govender, S.G., Loock, M., Kritzinger, E.: Enhancing information security culture to reduce information security cost: a proposed framework. In: Castiglione, A., Pop, F., Ficco, M., Palmieri, F. (eds.) CSS 2018. LNCS, vol. 11161, pp. 281\u2013290. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-01689-0_22"},{"key":"7_CR25","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/777313.777327","volume":"46","author":"RT Mercuri","year":"2003","unstructured":"Mercuri, R.T.: Analyzing security costs. Commun. ACM 46, 15\u201318 (2003). https:\/\/doi.org\/10.1145\/777313.777327","journal-title":"Commun. ACM"},{"key":"7_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-642-39498-0_1","volume-title":"The Economics of Information Security and Privacy","author":"M Brecht","year":"2013","unstructured":"Brecht, M., Nowey, T.: A closer look at information security costs. In: B\u00f6hme, R. (ed.) The Economics of Information Security and Privacy. LNCS, pp. 3\u201324. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39498-0_1"},{"key":"7_CR27","volume-title":"Articulating the Business Value of Information Security","author":"T Scholtz","year":"2011","unstructured":"Scholtz, T.: Articulating the Business Value of Information Security. Gart. Inc., Stamford (2011)"},{"key":"7_CR28","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1145\/1042091.1042094","volume":"48","author":"LD Bodin","year":"2005","unstructured":"Bodin, L.D., Gordon, L.A., Loeb, M.P.: Evaluating information security investments using the analytic hierarchy process. Commun. ACM 48, 78\u201383 (2005). https:\/\/doi.org\/10.1145\/1042091.1042094","journal-title":"Commun. ACM"},{"issue":"5","key":"7_CR29","doi-asserted-by":"publisher","first-page":"1205","DOI":"10.1007\/s10796-016-9648-8","volume":"19","author":"D Schatz","year":"2016","unstructured":"Schatz, D., Bashroush, R.: Economic valuation for information security investment: a systematic literature review. Inf. Syst. Front. 19(5), 1205\u20131228 (2016). https:\/\/doi.org\/10.1007\/s10796-016-9648-8","journal-title":"Inf. Syst. Front."},{"key":"7_CR30","unstructured":"Asen, A., Bohmayr, W., Deutsche, S., Gonzalez, M., Mkrtchian, D.: Are you spending enough on cybersecurity? https:\/\/www.bcg.com\/publications\/2019\/are-you-spending-enough-cybersecurity.aspx. Last Accessed 26 Mar 2019"}],"container-title":["Advances in Intelligent Systems and Computing","Applied Informatics and Cybernetics in Intelligent Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-51974-2_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,13]],"date-time":"2022-07-13T06:12:56Z","timestamp":1657692776000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-51974-2_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030519735","9783030519742"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-51974-2_7","relation":{},"ISSN":["2194-5357","2194-5365"],"issn-type":[{"type":"print","value":"2194-5357"},{"type":"electronic","value":"2194-5365"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"8 August 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CSOC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Computer Science On-line Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zlin","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Czech Republic","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 July 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 July 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"csolc2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/csoc.openpublish.eu","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}