{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T00:26:15Z","timestamp":1725495975171},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540768357"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-76843-2_49","type":"book-chapter","created":{"date-parts":[[2007,11,21]],"date-time":"2007-11-21T01:07:44Z","timestamp":1195607264000},"page":"1835-1852","source":"Crossref","is-referenced-by-count":4,"title":["Business Oriented Information Security Management \u2013 A Layered Approach"],"prefix":"10.1007","author":[{"given":"Philipp","family":"Klempt","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hannes","family":"Schmidpeter","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sebastian","family":"Sowa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lampros","family":"Tsinas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"49_CR1","unstructured":"Heinrich, L.J.: Informationsmanagement. Planung, \u00dcberwachung und Steuerung der Informationsinfrastruktur. V\u00f6llig \u00fcberarbeitete und erg\u00e4nzte Auflage. M\u00fcnchen\/Wien 7 (2002)"},{"issue":"5","key":"49_CR2","first-page":"42","volume":"22","author":"W.M. Sinnett","year":"2006","unstructured":"Sinnett, W.M., Boltin, G.: IT Security, Investment Top CFO Concerns. Financial Executive\u00a022(5), 42\u201344 (2006)","journal-title":"Financial Executive"},{"key":"49_CR3","unstructured":"Kevin J.S.H.: How Much Is Enough? A Risk-Management Approach to Computer Security, Consortium for Research on Information Security and Policy (CRISP), Stanford University (June 2000)"},{"key":"49_CR4","unstructured":"Blakely, B.: Return on Security Investment: An Imprecise but Necessary Calculation, Secure Business Quarterly (SBQ) 1(2) (2001)"},{"key":"49_CR5","unstructured":"Wei, H., Frinke, D., Carter, O., Ritter, C.: Cost-Benefit Analysis for Network Intrusion Detection Systems, Center for Secure and Dependable Software, University of Idaho (October 2001)"},{"key":"49_CR6","doi-asserted-by":"crossref","unstructured":"Butler, S.A.: Security Attribute Evaluation Method: A Cost-Benefit Approach, Computer Science Department, Carnegie Mellon University (2002)","DOI":"10.1145\/581339.581370"},{"key":"49_CR7","doi-asserted-by":"crossref","unstructured":"Gordon, L.A., Loeb, M.P.: The Economics of Information Security Investment. ACM Transactions on Information and System Security\u00a05(4) (November 2002)","DOI":"10.1145\/581271.581274"},{"key":"49_CR8","volume-title":"Quantitatively Differentiating System Security","author":"S. Schechter","year":"2002","unstructured":"Schechter, S.: Quantitatively Differentiating System Security. Harvard University, Cambridge (2002)"},{"key":"49_CR9","unstructured":"Vossbein, R.: Nutzen der IT-Sicherheit unter Ber\u00fccksichtigung der Kostenaspekte (IT-Sicherheitscontrolling), Presentation at the Secure convention 2003 (2003)"},{"key":"49_CR10","unstructured":"Loomans, D.C.: Information Risk Scorecard macht Sicherheitskosten transparent. In: M\u00f6rike, M. (ed.) HMD 236 Praxis der Wirschaftsinformatik - IT-Sicherheit (2004)"},{"key":"49_CR11","unstructured":"OICT, Return on Investment for Information Security: A Guide for Government Agencies Calculating Return on Security Investment, NSW Department of Commerce Office of Information and Communications Technology (OICT), Version 7.1.15, http:\/\/www.oit.nsw.gov.au\/content\/7.1.15.ROSI.asp (2004)"},{"key":"49_CR12","doi-asserted-by":"crossref","unstructured":"Cavusoglu, H., Mishra, B., Raghunathan, S.: A Model for Evaluating IT Security Investments. Communications of the ACM\u00a047(7) (2004)","DOI":"10.1145\/1005817.1005828"},{"key":"49_CR13","unstructured":"Pohlman, N., Blumberg, H.: Wirtschaftlichkeitsbetrachtungen von IT-Schutzma\u00dfnahmen. In: Der IT-Sicherheitsleitfaden: Das Pflichtenheft zur Implementierung von IT-Sicherheitsstandards im Unternehmen (mitp publishing house), Norbert Pohlmann, Hartmut Blumberg (2004)"},{"key":"49_CR14","doi-asserted-by":"crossref","unstructured":"Hash, J., Bartol, N., Rollins, H., Robinson, W., Abeles, J., Batdorff, S.: Integrating IT Security into the Capital Planning and Investment Control Process, National Institute of Standards and Technology (NIST), NIST Special Publication 800-65, Draft Version 0.17 (June 2004)","DOI":"10.6028\/NIST.SP.800-65"},{"key":"49_CR15","doi-asserted-by":"crossref","unstructured":"Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: Security Metrics Guide for Information Technology Systems, National Institute of Standards and Technology (NIST), NIST Special Publication 800-55 (July 2004)","DOI":"10.6028\/NIST.SP.800-55"},{"key":"49_CR16","unstructured":"Schmidpeter, H.: Modell-basiertes Return on Security Investment (RoSI) im IS Management der M\u00fcnchener R\u00fcckversicherung, Doctoral Dissertation, Lehrstuhl f\u00fcr Software & Systems Engineering (Prof. Dr. Dr. h.c. Manfred Broy), TU Munich (2005)"},{"issue":"5799","key":"49_CR17","doi-asserted-by":"publisher","first-page":"610","DOI":"10.1126\/science.1130992","volume":"314","author":"R. Anderson","year":"2006","unstructured":"Anderson, R., Moore, T.: The Economics of Information Security. Science\u00a0314(5799), 610\u2013613 (2006)","journal-title":"Science"},{"key":"49_CR18","volume-title":"Managing Cybersecurity Resources \u2013 A Cost-Benefit Analysis","author":"L.A. Gordon","year":"2006","unstructured":"Gordon, L.A., Loeb, M.P.: Managing Cybersecurity Resources \u2013 A Cost-Benefit Analysis. McGraw-Hill, New York (2006)"},{"key":"49_CR19","doi-asserted-by":"crossref","unstructured":"Bazavon, I.V., Lim, I.: Information Security Cost Management, Auerbach Publications (2007)","DOI":"10.1201\/9781420013832"},{"key":"49_CR20","unstructured":"International Organization for Standardization, ISO\/IEC 17799:2005 Information technology - Code of practice for information security management"},{"key":"49_CR21","unstructured":"Organization for Standardization, ISO\/IEC 27001:2005, Information technology - Security techniques - Information security management systems \u2013 Requirements"},{"key":"49_CR22","unstructured":"Ulrich, H.: Die Unternehmung als produktives soziales System. Grundlagen der allgemeinen Unternehmungslehre. 2., \u00fcberarbeite Auflage. Bern u.a. (1970)"},{"issue":"1","key":"49_CR23","first-page":"75","volume":"74","author":"R.S. Kaplan","year":"1996","unstructured":"Kaplan, R.S., Norton, D.P.: Using the Balanced Scorecard as a Strategic Management System. Harvard Business Review\u00a074(1), 75\u201385 (1996)","journal-title":"Harvard Business Review"},{"issue":"7\/8","key":"49_CR24","first-page":"172","volume":"83","author":"R.S. Kaplan","year":"2005","unstructured":"Kaplan, R.S., Norton, D.P.: The Balanced Scorecard: Measures That Drive Performance. Harvard Business Review\u00a083(7\/8), 172\u2013180 (2005)","journal-title":"Harvard Business Review"},{"key":"49_CR25","unstructured":"Baschin, A.: Die Balanced Scorecard f\u00fcr Ihren Informationstechnologie-Bereich. Ein Leitfaden f\u00fcr Aufbau und Einf\u00fchrung. Frankfurt\/Main (2001)"},{"key":"49_CR26","unstructured":"Deming Cycle, More information (2007), available at http:\/\/www.deming.org\/"},{"key":"49_CR27","doi-asserted-by":"crossref","unstructured":"Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture, A Business Driven Approach, CMP Books (2005)","DOI":"10.1201\/b17776"},{"key":"49_CR28","unstructured":"FIRM (Fundamental Information Risk Management). Information Security Forum. Member Access Only, http:\/\/www.securityforum.org\/html\/frameset.htm"},{"key":"49_CR29","unstructured":"Xerox Corporation: Leadership through quality: Implementing competitive benchmarking (1987)"},{"key":"49_CR30","unstructured":"Klempt, P.: Effiziente Reduktion von IT-Risiken im Rahmen des Risikomanagementprozesses. Doctoral Thesis. Ruhr University in Bochum (2007)"},{"key":"49_CR31","unstructured":"BSI: IT-Grundschutzkataloge, Stand (November 2005)"},{"key":"49_CR32","unstructured":"BSI: BSI-Standard 100-2: IT-Grundschutz Methodology, Version 1.0 (2005)"},{"key":"49_CR33","doi-asserted-by":"crossref","unstructured":"Werners, B., Klempt, P.: Risikoanalyse und Auswahl von Ma\u00dfnahmen zur Gew\u00e4hrleistung der IT-Sicherheit. In: Haasis, H., Kopfer, H., Sch\u00f6nberger, J. (Hrsg.): Operations Research Proceedings, pp. 545\u2013550 (2005)","DOI":"10.1007\/3-540-32539-5_86"},{"key":"49_CR34","unstructured":"Schneier, B.: Secrets & Lies, 1. Auflage, Heidelberg u.a (2001)"},{"key":"49_CR35","doi-asserted-by":"crossref","unstructured":"Zimmermann, H.-J.: Fuzzy set theorie \u2013 and its applications, 4., \u00fcberarb. Auflage, Boston u.a. (2001)","DOI":"10.1007\/978-94-010-0646-0"}],"container-title":["Lecture Notes in Computer Science","On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-76843-2_49.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T10:41:44Z","timestamp":1619520104000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-76843-2_49"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540768357"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-76843-2_49","relation":{},"subject":[]}}