{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T03:43:41Z","timestamp":1743133421196,"version":"3.40.3"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319203751"},{"type":"electronic","value":"9783319203768"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-20376-8_23","type":"book-chapter","created":{"date-parts":[[2015,7,20]],"date-time":"2015-07-20T06:00:17Z","timestamp":1437372017000},"page":"252-259","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Identifying Blind Spots in IS Security Risk Management Processes Using Qualitative Model Analysis"],"prefix":"10.1007","author":[{"given":"Christian","family":"Sillaber","sequence":"first","affiliation":[]},{"given":"Ruth","family":"Breu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,7,21]]},"reference":[{"key":"23_CR1","unstructured":"Ernst and Young\u2019s, Into the cloud, out of the fog; Global Information Security Survey, Young, Ernst. Technical report,  November 2011"},{"issue":"1","key":"23_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.jnca.2010.07.006","volume":"34","author":"S Subashini","year":"2011","unstructured":"Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1\u201311 (2011)","journal-title":"J. Netw. Comput. Appl."},{"issue":"7","key":"23_CR3","first-page":"32","volume":"51","author":"J Wade","year":"2004","unstructured":"Wade, J.: The weak link in IT security. Risk Manag. 51(7), 32\u201337 (2004)","journal-title":"Risk Manag."},{"issue":"5","key":"23_CR4","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1108\/09685220010353178","volume":"8","author":"MT Siponen","year":"2000","unstructured":"Siponen, M.T.: Critical analysis of different approaches to minimizing user-related faults in information systems security: implications for research and practice. Inf. Manag. Comput. Secur. 8(5), 197\u2013209 (2000)","journal-title":"Inf. Manag. Comput. Secur."},{"key":"23_CR5","unstructured":"Stanton, J., Stam, K., Mastrangelo, P., Jolton, J.: Behavioral information security. In: Human-Computer Interaction and Management Information Systems: Foundations, p. 262. M.E. Sharpe, New York (2006)"},{"issue":"3","key":"23_CR6","doi-asserted-by":"crossref","first-page":"503","DOI":"10.2307\/25750689","volume":"34","author":"J Spears","year":"2010","unstructured":"Spears, J., Barki, H.: User participation in information systems security risk management. MIS Q. 34(3), 503\u2013522 (2010)","journal-title":"MIS Q."},{"issue":"3","key":"23_CR7","doi-asserted-by":"crossref","first-page":"487","DOI":"10.2307\/25750688","volume":"34","author":"A Vance","year":"2010","unstructured":"Vance, A.: Neutralizaiton: new insights into the problem of employee information systems security. MIS Q. 34(3), 487\u2013502 (2010)","journal-title":"MIS Q."},{"issue":"3","key":"23_CR8","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"I Benbasat","year":"2010","unstructured":"Benbasat, I.: An empirical study of rationality-based beliefs in information systems security. MIS Q. 34(3), 523\u2013548 (2010)","journal-title":"MIS Q."},{"issue":"4","key":"23_CR9","doi-asserted-by":"crossref","first-page":"757","DOI":"10.2307\/25750704","volume":"34","author":"P Puhakainen","year":"2010","unstructured":"Puhakainen, P., Siponen, M.: Improving employees\u2019 compliance through information systems security training: an action research study. MIS Q. 34(4), 757\u2013778 (2010)","journal-title":"MIS Q."},{"issue":"1","key":"23_CR10","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1145\/1216218.1216224","volume":"38","author":"M Siponen","year":"2007","unstructured":"Siponen, M., Oinas-Kukkonen, H.: A review of information security issues and respective research contributions. ACM Sigmis Database 38(1), 60\u201380 (2007)","journal-title":"ACM Sigmis Database"},{"key":"23_CR11","first-page":"293","volume":"15","author":"EA Locke","year":"1997","unstructured":"Locke, E.A., Alavi, M., Wagner III, J.A.: Participation in decision making: an information exchange perspective. Res. Pers. Hum. Resour. Manag.: A Res. Ann. 15, 293\u2013332 (1997)","journal-title":"Res. Pers. Hum. Resour. Manag.: A Res. Ann."},{"issue":"11","key":"23_CR12","first-page":"14","volume":"5","author":"ML Markus","year":"2004","unstructured":"Markus, M.L., Mao, J.-Y.: Participation in development and implementation- updating an old, tired concept for today\u2019s IS contexts. J. Assoc. Inf. Syst. 5(11), 14 (2004)","journal-title":"J. Assoc. Inf. Syst."},{"key":"23_CR13","unstructured":"CSI, CSI Computer Crime & Security Survey, Computer Security Institute. Technical report (2008)"},{"key":"23_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"297","DOI":"10.1007\/978-3-319-07620-1_26","volume-title":"Human Aspects of Information Security, Privacy, and Trust","author":"R Alavi","year":"2014","unstructured":"Alavi, R., Islam, S., Mouratidis, H.: A conceptual framework to analyze human factors of information security management system (ISMS) in organizations. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 297\u2013305. Springer, Heidelberg (2014)"},{"issue":"3","key":"23_CR15","doi-asserted-by":"crossref","first-page":"503","DOI":"10.2307\/25750689","volume":"34","author":"JL Spears","year":"2010","unstructured":"Spears, J.L., Barki, H.: User participation in information systems security risk management. MIS Q. 34(3), 503\u2013522 (2010)","journal-title":"MIS Q."},{"key":"23_CR16","doi-asserted-by":"crossref","unstructured":"Mejias, R.: An integrative model of information security awareness for assessing information systems security risk. In: 2012 45th Hawaii International Conference on System Science (HICSS), pp. 3258\u20133267 (2012)","DOI":"10.1109\/HICSS.2012.104"},{"issue":"2","key":"23_CR17","doi-asserted-by":"publisher","first-page":"203","DOI":"10.2753\/MIS0742-1222280208","volume":"28","author":"KH Guo","year":"2011","unstructured":"Guo, K.H., Yuan, Y., Archer, N.P., Connelly, C.E.: Understanding nonmali- cious security violations in the workplace: a composite behavior model. J. Manag. Inf. Syst. 28(2), 203\u2013236 (2011)","journal-title":"J. Manag. Inf. Syst."},{"key":"23_CR18","doi-asserted-by":"crossref","DOI":"10.4324\/9780203891629","volume-title":"Handbook of Risk and Crisis Communication","author":"RL Heath","year":"2010","unstructured":"Heath, R.L., O\u2019Hair, H.D.: Handbook of Risk and Crisis Communication. Routledge, London (2010)"},{"issue":"3","key":"23_CR19","first-page":"228","volume":"13","author":"PJ Steinbart","year":"2011","unstructured":"Steinbart, P.J., Raschke, R.L., Gal, G., Dilla, W.N.: The relationship between internal audit and information security: an exploratory investigation. Int. J. Account. Inf. Syst., Research Symposium on Information Integrity and Information Systems Assurance \n13(3), 228\u2013243 (2011)","journal-title":"Int. J. Account. Inf. Syst., Research Symposium on Information Integrity and Information Systems Assurance"},{"key":"23_CR20","volume-title":"Information Security Policies, Procedures, and Standards: guidelines for effective information security management","author":"TR Peltier","year":"2013","unstructured":"Peltier, T.R.: Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press, Abingdon (2013)"},{"key":"23_CR21","unstructured":"Sillaber, C. Breu, R.: Using business process model awareness to improve stakeholder participation in information systems security risk management processes. In: Conference on Wirtschaftsinformatik (2015, in press)"},{"key":"23_CR22","first-page":"31","volume":"7","author":"F Kohlbacher","year":"2006","unstructured":"Kohlbacher, F.: \u201cThe Use of Qualitative Content Analysis in Case Study Research\u201d, Forum Qual. Soc. Res. 7, 31 (2006)","journal-title":"Soc. Res."},{"key":"23_CR23","doi-asserted-by":"crossref","unstructured":"Verendel, V.: Quantified security is a weak hypothesis. In: Proceedings of the 2009 workshop on New security paradigms workshop - NSPW 2009, p. 37 (2009)","DOI":"10.1145\/1719030.1719036"}],"container-title":["Lecture Notes in Computer Science","Human Aspects of Information Security, Privacy, and Trust"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-20376-8_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,3,6]],"date-time":"2020-03-06T15:17:48Z","timestamp":1583507868000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-20376-8_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319203751","9783319203768"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-20376-8_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"21 July 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}