{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T07:54:31Z","timestamp":1743148471086,"version":"3.40.3"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031121715"},{"type":"electronic","value":"9783031121722"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-12172-2_21","type":"book-chapter","created":{"date-parts":[[2022,7,21]],"date-time":"2022-07-21T14:14:51Z","timestamp":1658412891000},"page":"265-274","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Policy Components - A Conceptual Model for Tailoring Information Security Policies"],"prefix":"10.1007","author":[{"given":"Elham","family":"Rostami","sequence":"first","affiliation":[]},{"given":"Fredrik","family":"Karlsson","sequence":"additional","affiliation":[]},{"given":"Shang","family":"Gao","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,7,22]]},"reference":[{"unstructured":"Dhillon, G.: Information Security - Text & Cases Prospect Press, Burlington (2017)","key":"21_CR1"},{"unstructured":"Whitman, M.E.: Security policy - from design to maintenance. In: Straub, D.W., Goodman, S., Baskerville, R. (eds.) Information Security - Policy, Processes, and Practices, pp. 123\u2013151. M E Sharpe, New York (2008)","key":"21_CR2"},{"unstructured":"PwC: The information security breaches survey - Technical report. Department for Business, Innovation and Skills (BIS) (2014)","key":"21_CR3"},{"unstructured":"PwC: The Global State of Information Security Survey 2018. PriceWaterhouseCoopers (2018)","key":"21_CR4"},{"unstructured":"ENISA: ENISA Threat Landscape 2014. Overview of current and emerging cyber-threats. European Union Agency for Network and Information Security (2014)","key":"21_CR5"},{"doi-asserted-by":"crossref","unstructured":"Karlsson, F., Hedstr\u00f6m, K., Goldkuhl, G.: Practice-based discourse analysis of information security policies. Comput. Secur. 67(June 2017), 267\u2013279 (2017)","key":"21_CR6","DOI":"10.1016\/j.cose.2016.12.012"},{"key":"21_CR7","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1111\/j.1365-2575.2011.00378.x","volume":"22","author":"BC Stahl","year":"2012","unstructured":"Stahl, B.C., Doherty, N.F., Shaw, M.: Information security policies in the UK healthcare sector: a critical evaluation. Inf. Syst. J. 22, 77\u201394 (2012)","journal-title":"Inf. Syst. J."},{"unstructured":"Rostami, E.: Tailoring policies and involving users in constructing security policies: a mapping study. In: Furnell, S., Clarke, N.L. (eds.) Proceedings of Thirteenth International Symposium on Human Aspects of Information Security & Assurance, HAISA 2019, Nicosia, Cyprus, 15\u201316 July 2019, pp. 1\u201311. University of Plymouth, Plymouth (2019)","key":"21_CR8"},{"doi-asserted-by":"crossref","unstructured":"Cosic, Z., Boban, M.: Information security management\u2014defining approaches to Information Security policies in ISMS. In: IEEE 8th International Symposium on Intelligent Systems and Informatics, pp. 83\u201385. IEEE (2010)","key":"21_CR9","DOI":"10.1109\/SISY.2010.5647216"},{"unstructured":"Kinnunen, H., Siponen, M.T.: Developing organization-specific information security policies. In: PACIS 2018, pp. 1\u201313 (2018)","key":"21_CR10"},{"doi-asserted-by":"crossref","unstructured":"Coertze, J., von Solms, R.: A software gateway to affordable and effective information security governance in SMMEs. In: 2013 Information Security for South Africa, pp. 1\u20138. IEEE (2013)","key":"21_CR11","DOI":"10.1109\/ISSA.2013.6641035"},{"issue":"10","key":"21_CR12","doi-asserted-by":"publisher","first-page":"1162","DOI":"10.4304\/jsw.5.10.1162-1169","volume":"5","author":"I Syamsuddin","year":"2010","unstructured":"Syamsuddin, I., Hwang, J.: The use of AHP in security policy decision making: an Open Office Calc application. J. Softw. 5(10), 1162\u20131169 (2010)","journal-title":"J. Softw."},{"doi-asserted-by":"crossref","unstructured":"Rostami, E., Karlsson, F., Shang, G.: Requirements for computerized tools to design information security policies. Comput. Secur. 99(December 2020), Article number 102063 (2020)","key":"21_CR13","DOI":"10.1016\/j.cose.2020.102063"},{"issue":"2","key":"21_CR14","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1108\/ICS-07-2019-0079","volume":"28","author":"E Rostami","year":"2020","unstructured":"Rostami, E., Karlsson, F., Kolkowska, E.: The hunt for computerized support in information security policy management: a literature review. Inf. Comput. Secur. 28(2), 215\u2013259 (2020)","journal-title":"Inf. Comput. Secur."},{"issue":"3","key":"21_CR15","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1108\/09685220210431872","volume":"10","author":"C Vermeulen","year":"2002","unstructured":"Vermeulen, C., von Solms, R.: The information security management toolbox - taking the pain out of security management. Inf. Manag. Comput. Secur. 10(3), 119\u2013125 (2002)","journal-title":"Inf. Manag. Comput. Secur."},{"doi-asserted-by":"crossref","unstructured":"Coertze, J., van Niekerk, J., von Solms, R.: A web-based information security management toolbox for small-to-medium enterprises in Southern Africa. In: Venter, H.S., Coetzee, M., Loock, M. (eds.) 2011 Information Security for South Africa (ISSA 2011), Johannesburg, South Africa, pp. 1\u20138. IEEE (2011)","key":"21_CR16","DOI":"10.1109\/ISSA.2011.6027515"},{"key":"21_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-0-387-35586-3_1","volume-title":"Security in the Information Society - Visions and Perspective","author":"OA Hoppe","year":"2002","unstructured":"Hoppe, O.A., van Niekerk, J., von Solms, R.: The effective implementation of information security in organizations. In: Ghonaimy, M.A., El-Hadidi, M.T., Aslan, H.K. (eds.) Security in the Information Society - Visions and Perspective, pp. 1\u201318. Springer, Boston (2002). https:\/\/doi.org\/10.1007\/978-0-387-35586-3_1"},{"key":"21_CR18","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1007\/978-3-642-41178-6_29","volume-title":"e-Infrastructure and e-Services for Developing Countries","author":"J Coertze","year":"2013","unstructured":"Coertze, J., von Solms, R.: A model for information security governance in developing countries. In: Jonas, K., Rai, I.A., Tchuente, M. (eds.) AFRICOMM 2012. LNICSSITE, vol. 119, pp. 279\u2013288. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-41178-6_29"},{"unstructured":"Ismail, W.B.W., Widyarto, S.A.: Formulation and development process of information security policy in higher education. In: 1st International Conference on Engineering Technology and Applied Sciences, Afyonkarahisar, Turkey (2016)","key":"21_CR19"},{"key":"21_CR20","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1016\/j.cose.2016.06.002","volume":"61","author":"SV Flowerday","year":"2016","unstructured":"Flowerday, S.V., Tuyikeze, T.: Information security policy development and implementation: the what, how and who. Comput. Secur. 61, 169\u2013183 (2016)","journal-title":"Comput. Secur."},{"issue":"3","key":"21_CR21","doi-asserted-by":"publisher","first-page":"45","DOI":"10.2753\/MIS0742-1222240302","volume":"24","author":"K Peffers","year":"2007","unstructured":"Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45\u201377 (2007)","journal-title":"J. Manag. Inf. Syst."},{"key":"21_CR22","volume-title":"The Discovery of Grounded Theory: Strategies for Qualitative Research","author":"BG Glaser","year":"1967","unstructured":"Glaser, B.G., Strauss, A.L.: The Discovery of Grounded Theory: Strategies for Qualitative Research. Aldine, New York (1967)"},{"doi-asserted-by":"crossref","unstructured":"Nunamaker, J.F., Briggs, R.O.: Toward a broader vision for information systems. ACM Trans. Manag. Inf. Syst. 2(4), Article 20 (2011)","key":"21_CR23","DOI":"10.1145\/2070710.2070711"},{"issue":"4","key":"21_CR24","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1016\/j.jsis.2011.06.001","volume":"20","author":"K Hedstr\u00f6m","year":"2011","unstructured":"Hedstr\u00f6m, K., Kolkowska, E., Karlsson, F., Allen, J.P.: Value conflicts for information security management. J. Strat. Inf. Syst. 20(4), 373\u2013384 (2011)","journal-title":"J. Strat. Inf. Syst."},{"unstructured":"Davis, G.B., Olson, M.H.: Management Information Systems: Conceptual Foundations, Structure, and Development. McGraw-Hill, Inc., New York (1985)","key":"21_CR25"},{"issue":"6","key":"21_CR26","doi-asserted-by":"publisher","first-page":"1091","DOI":"10.1111\/j.1540-5915.2012.00383.x","volume":"43","author":"JD D\u2019Arcy","year":"2012","unstructured":"D\u2019Arcy, J.D., Devaraj, S.: Employee misuse of information technology resources: testing a contemporary deterrence model. Decis. Sci. J. 43(6), 1091\u20131124 (2012)","journal-title":"Decis. Sci. J."},{"doi-asserted-by":"crossref","unstructured":"Buthelezi, M.P., Van der Poll, J.A., Ochala, E.O.: Ambiguity as a barrier to information security policy compliance: a content analysis. In: International Conference on Computational Science and Computational Intelligence 2016, Las Vegas, NV, USA, pp. 1361\u20131367. IEEE (2016)","key":"21_CR27","DOI":"10.1109\/CSCI.2016.0254"},{"unstructured":"ISO: ISO\/IEC 27000:2014, Information technology\u2014Security techniques\u2014Information security management systems\u2014Overview and vocabulary. International Organization for Standardization (ISO) (2014)","key":"21_CR28"},{"unstructured":"Tuyikeze, T., Flowerday, S.: Information security policy development and implementation: a content analysis approach. In: HAISA 2014, pp. 11\u201320 (2014)","key":"21_CR29"},{"issue":"5","key":"21_CR30","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1016\/S0167-4048(02)00504-7","volume":"21","author":"K H\u00f6ne","year":"2002","unstructured":"H\u00f6ne, K., Eloff, J.H.P.: Information security policy \u2013 what do international information security standards say? Comput. Secur. 21(5), 402\u2013409 (2002)","journal-title":"Comput. Secur."}],"container-title":["IFIP Advances in Information and Communication Technology","Human Aspects of Information Security and Assurance"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-12172-2_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,1]],"date-time":"2022-08-01T01:20:08Z","timestamp":1659316808000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-12172-2_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031121715","9783031121722"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-12172-2_21","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"22 July 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HAISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Human Aspects of Information Security and Assurance","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Mytilene, Lesbos","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 July 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 July 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"haisa2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/haisa.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"25","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"83% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.66","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}