{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T07:40:06Z","timestamp":1740469206436,"version":"3.37.3"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642151514"},{"type":"electronic","value":"9783642151521"}],"license":[{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-15152-1_17","type":"book-chapter","created":{"date-parts":[[2010,8,30]],"date-time":"2010-08-30T14:02:06Z","timestamp":1283176926000},"page":"190-201","source":"Crossref","is-referenced-by-count":4,"title":["Building ISMS through the Reuse of Knowledge"],"prefix":"10.1007","author":[{"given":"Luis Enrique","family":"S\u00e1nchez","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Antonio","family":"Santos-Olmo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eduardo","family":"Fern\u00e1ndez-Medina","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mario","family":"Piattini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"5","key":"17_CR1","doi-asserted-by":"publisher","first-page":"809","DOI":"10.1016\/j.infsof.2008.05.010","volume":"51","author":"E. Fern\u00e1ndez-Medina","year":"2009","unstructured":"Fern\u00e1ndez-Medina, E., et al.: Model-Driven Development for secure information systems. Information and Software Technology Journal\u00a051(5), 809\u2013814 (2009)","journal-title":"Information and Software Technology Journal"},{"key":"17_CR2","unstructured":"Kluge, D.: Formal Information Security Standards in German Medium Enterprises. In: CONISAR: The Conference on Information Systems Applied Research (2008)"},{"issue":"7","key":"17_CR3","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1145\/341852.341877","volume":"43","author":"G. Dhillon","year":"2000","unstructured":"Dhillon, G., Backhouse, J.: Information System Security Management in the New Millennium. Communications of the ACM\u00a043(7), 125\u2013128 (2000)","journal-title":"Communications of the ACM"},{"key":"17_CR4","volume-title":"WPES\u201908","author":"S. Capitani De","year":"2008","unstructured":"De Capitani, S., Foresti, S., Jajodia, S.: Preserving Confidentiality of Security Policies in Data Outsourcing. In: WPES\u201908. ACM, Alexandria (2008)"},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"Barlette, Y., Vladislav, V.: Exploring the Suitability of IS Security Management Standards for SMEs. In: Hawaii International Conference on System Sciences, Proceedings of the 41st Annual, Waikoloa, HI, USA (2008)","DOI":"10.1109\/HICSS.2008.167"},{"key":"17_CR6","unstructured":"Vries, H., et al.: SME access to European standardization. Enabling small and medium-sized enterprises to achieve greater benefit from standards and from involvement in standardization. In: E.U. Rotterdam School of Management (ed.) Rotterdam, the Netherlands, pp. 1\u201395 (2009)"},{"key":"17_CR7","unstructured":"Wiander, T., Holappa, J.: Theoretical Framework of ISO 17799 Compliant. Information Security Management System Using Novel ASD Method in Technical Report, V.T.R.C.o. Finland, Editor (2006)"},{"key":"17_CR8","unstructured":"Wiander, T.: Implementing the ISO\/IEC 17799 standard in practice \u2013 experiences on audit phases. In: AISC \u201908: Proceedings of the Sixth Australasian Conference on Information Security, Wollongong, Australia (2008)"},{"key":"17_CR9","unstructured":"S\u00e1nchez, L.E., et al.: Security Management in corporative IT systems using maturity models, taking as base ISO\/IEC 17799. In: International Symposium on Frontiers in Availability, Reliability and Security (FARES\u201906) in Conjunction with ARES, Viena, Austria (2006)"},{"key":"17_CR10","unstructured":"S\u00e1nchez, L.E., et al.: MMISS-SME Practical Development: Maturity Model for Information Systems Security Management in SMEs. In: 9th International Conference on Enterprise Information Systems (WOSIS\u201907), Funchal, Madeira (Portugal) (June 2007b)"},{"key":"17_CR11","volume-title":"International Conference on Security and Cryptography (SECRYPT\u201907)","author":"L.E. S\u00e1nchez","year":"2007","unstructured":"S\u00e1nchez, L.E., et al.: Developing a model and a tool to manage the information security in Small and Medium Enterprises. In: International Conference on Security and Cryptography (SECRYPT\u201907), Barcelona, Junio, Spain (2007a)"},{"key":"17_CR12","unstructured":"S\u00e1nchez, L.E., et al.: Developing a maturity model for information system security management within small and medium size enterprises. In: 8th International Conference on Enterprise Information Systems (WOSIS\u201906), Paphos, Chipre (March 2006)"},{"key":"17_CR13","unstructured":"S\u00e1nchez, L.E., et al.: SCMM-TOOL: Tool for computer automation of the Information Security Management Systems. In: 2nd International Conference on Software and Data Technologies (ICSOFT\u201907), Barcelona-Espa\u00f1a Septiembre (2007c)"},{"key":"17_CR14","unstructured":"S\u00e1nchez, L.E., et al.: Practical Application of a Security Management Maturity Model for SMEs Based on Predefined Schemas. In: International Conference on Security and Cryptography (SECRYPT\u201908), Porto\u2013Portugal (2008)"},{"issue":"15","key":"17_CR15","first-page":"3038","volume":"15","author":"L.E. S\u00e1nchez","year":"2009","unstructured":"S\u00e1nchez, L.E., et al.: Managing Security and its Maturity in Small and Medium-Sized Enterprises. Journal of Universal Computer Science (J.UCS)\u00a015(15), 3038\u20133058 (2009)","journal-title":"Journal of Universal Computer Science (J.UCS)"},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"S\u00e1nchez, L.E., et al.: MMSM-SME: Methodology for the management of security and its maturity in Small and Medium-sized Enterprises. In: 11th International Conference on Enterprise Information Systems (WOSIS09), Milan, Italy, pp. 67\u201378 (2009)","DOI":"10.5220\/0002221200670078"},{"key":"17_CR17","doi-asserted-by":"crossref","unstructured":"Kostina, A., Miloslavskaya, N., Tolstoy, A.: Information Security Incident Management Process. In: SIN\u201909, North Cyprus, Turkey (2009) ACM 978-1-60558-412-6\/09\/10","DOI":"10.1145\/1626195.1626219"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Ohki, E., et al.: Information Security Governance Framework. In: WISG\u201909, Chicago, Illinois, USA (2009) ACM 978-1-60558-787-5\/09\/11","DOI":"10.1145\/1655168.1655170"},{"key":"17_CR19","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1016\/j.im.2008.12.007","volume":"46","author":"M. Siponen","year":"2009","unstructured":"Siponen, M., Willison, R.: Information security management standards: Problems and solutions. Information & Management\u00a046, 267\u2013270 (2009)","journal-title":"Information & Management"},{"issue":"4","key":"17_CR20","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1108\/09685220510614425","volume":"13","author":"A. Gupta","year":"2005","unstructured":"Gupta, A., Hammond, R.: Information systems security issues and decisions for small businesses. Information Management & Computer Security\u00a013(4), 297\u2013310 (2005)","journal-title":"Information Management & Computer Security"},{"issue":"4","key":"17_CR21","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1002\/1099-1670(200012)5:4<243::AID-SPIP126>3.0.CO;2-0","volume":"5","author":"J. Batista","year":"2000","unstructured":"Batista, J., Figueiredo, A.: SPI in very small team: a case with CMM. Software Process Improvement and Practice\u00a05(4), 243\u2013250 (2000)","journal-title":"Software Process Improvement and Practice"},{"key":"17_CR22","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1002\/spip.137","volume":"6","author":"L. Hareton","year":"2001","unstructured":"Hareton, L., Terence, Y.: A Process Framework for Small Projects. Software Process Improvement and Practice\u00a06, 67\u201383 (2001)","journal-title":"Software Process Improvement and Practice"},{"key":"17_CR23","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1002\/spip.191","volume":"9","author":"A. Tuffley","year":"2004","unstructured":"Tuffley, A., Grove, B.,, M.: SPICE For Small Organisations. Software Process Improvement and Practice\u00a09, 23\u201331 (2004)","journal-title":"Software Process Improvement and Practice"},{"issue":"3","key":"17_CR24","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1023\/A:1021638523413","volume":"10","author":"J.A. Calvo-Manzano","year":"2004","unstructured":"Calvo-Manzano, J.A., et al.: Experiences in the Application of Software Process Improvement in SMES. Software Quality Journal\u00a010(3), 261\u2013273 (2004)","journal-title":"Software Quality Journal"},{"issue":"3","key":"17_CR25","first-page":"4","volume":"7","author":"D. Mekelburg","year":"2005","unstructured":"Mekelburg, D.: Sustaining Best Practices: How Real-World Software Organizations Improve Quality Processes. Software Quality Professional\u00a07(3), 4\u201313 (2005)","journal-title":"Software Quality Professional"},{"key":"17_CR26","unstructured":"Dick, B.: Applications. Sessions of Areol. Action research and evaluation (2000)"},{"key":"17_CR27","doi-asserted-by":"crossref","unstructured":"Kock, N.: The threee threats of action research: a discussion of methodological antidotes in the context of an information systems study. Decision Support Systems, 265\u2013286 (2004)","DOI":"10.1016\/S0167-9236(03)00022-8"},{"key":"17_CR28","unstructured":"Eloff, J., Eloff, M.: Information Security Management - A New Paradigm. In: Annual research conference of the South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology SAICSIT\u201903, pp. 130\u2013136 (2003)"},{"key":"17_CR29","unstructured":"ISO\/IEC27002, ISO\/IEC 27002, Information Technology - Security Techniques - The international standard Code of Practice for Information Security Management (2007)"},{"key":"17_CR30","unstructured":"MageritV2, Methodology for Information Systems Risk Analysis and Management (MAGERIT version 2), Ministerio de Administraciones P\u00fablicas, Spain (2006)"},{"key":"17_CR31","unstructured":"ISO\/IEC27005, ISO\/IEC 27005, Information Technology - Security Techniques - Information Security Risk Management Standard (under development) (2008)"}],"container-title":["Lecture Notes in Computer Science","Trust, Privacy and Security in Digital Business"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-15152-1_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T07:19:21Z","timestamp":1740467961000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-15152-1_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642151514","9783642151521"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-15152-1_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}