{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T13:45:34Z","timestamp":1773409534119,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642169335","type":"print"},{"value":"9783642169342","type":"electronic"}],"license":[{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-16934-2_46","type":"book-chapter","created":{"date-parts":[[2010,11,5]],"date-time":"2010-11-05T10:15:39Z","timestamp":1288952139000},"page":"619-638","source":"Crossref","is-referenced-by-count":9,"title":["Using Real Option Thinking to Improve Decision Making in Security Investment"],"prefix":"10.1007","author":[{"given":"Virginia N. L.","family":"Franqueira","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Siv Hilde","family":"Houmb","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maya","family":"Daneva","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"46_CR1","unstructured":"AICPA: SAS No. 70, Service Organizations (2000), http:\/\/www.aicpa.org\/download\/members\/div\/auditstd\/AU-00324.PDF"},{"key":"46_CR2","volume-title":"Real Options: Managing Strategic Investment in an Uncertain World","author":"M. Amram","year":"1999","unstructured":"Amram, M., Kulatilaka, N.: Real Options: Managing Strategic Investment in an Uncertain World. Harvard Business School Press, Cambridge (1999)"},{"key":"46_CR3","first-page":"358","volume-title":"ACSAC 2001: Proc. 17th Annual Computer Security Applications Conference","author":"R. Anderson","year":"2001","unstructured":"Anderson, R.: Why Information Security is Hard - An Economic Perspective. In: ACSAC 2001: Proc. 17th Annual Computer Security Applications Conference, pp. 358\u2013365. IEEE Press, Los Alamitos (December 2001)"},{"key":"46_CR4","unstructured":"AS2 Processing for EDI, http:\/\/www.dcs-is-edi.com\/AS2.html (last visited on March 2010)"},{"issue":"1","key":"46_CR5","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1287\/isre.10.1.70","volume":"10","author":"M. Benaroch","year":"1999","unstructured":"Benaroch, M., Kauffman, R.J.: A Case for Using Real Options Pricing Analysis to Evaluate Information Technology Project Investment. Information Systems Research\u00a010(1), 70\u201386 (1999)","journal-title":"Information Systems Research"},{"key":"46_CR6","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/978-1-4419-6967-5_10","volume-title":"Economics of Information Security and Privacy","author":"S. Berthold","year":"2010","unstructured":"Berthold, S., Bhme, R.: Valuating Privacy with Option Pricing Theory. In: Economics of Information Security and Privacy, pp. 187\u2013209. Springer, Heidelberg (2010)"},{"issue":"1","key":"46_CR7","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s10550-007-0013-9","volume":"25","author":"F. Braber den","year":"2007","unstructured":"den Braber, F., Hogganvik, I., Lund, M.S., St\u00f8len, K., Vraalsen, F.: Model-based security analysis in seven steps - a guided tour to the CORAS method. BT Technology Journal\u00a025(1), 101\u2013117 (2007)","journal-title":"BT Technology Journal"},{"issue":"5","key":"46_CR8","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1201\/1086.1065898X\/45654.14.5.20051101\/91010.4","volume":"14","author":"W. Brown","year":"2005","unstructured":"Brown, W., Nasuti, F.: Sarbanes-Oxley and Enterprise Security: IT Governance and What It Takes to Get the Job Done. Information Systems Security\u00a014(5), 15\u201328 (2005)","journal-title":"Information Systems Security"},{"key":"46_CR9","unstructured":"Interview with Carol Borghesi, MD, BT Retail Customer Contact Center. Global Services Media (December 2005), http:\/\/www.globalservicesmedia.com\/BPO\/Customer-Care\/Interview-with-Carol-Borghesi-MD-BT-Retail-Customer-Contact-Center\/23\/9\/0\/general200705211 (last visited May 2010)"},{"key":"46_CR10","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1109\/ICSE.2002.1007971","volume-title":"ICSE 2002: Proc. of the 24rd International Conference on Software Engineering","author":"S.A. Butler","year":"2002","unstructured":"Butler, S.A.: Security attribute evaluation method: a cost-benefit approach. In: ICSE 2002: Proc. of the 24rd International Conference on Software Engineering, pp. 232\u2013240. ACM Press, New York (2002)"},{"key":"46_CR11","doi-asserted-by":"crossref","first-page":"65","DOI":"10.17705\/1CAIS.01403","volume":"14","author":"H. Cavusoglu","year":"2004","unstructured":"Cavusoglu, H., Cavusoglu, H., Raghunathan, S.: Economics of IT Security Management: Four Improvements to Current Security Practices. Communications of the Association for Information Systems\u00a014, 65\u201375 (2004)","journal-title":"Communications of the Association for Information Systems"},{"key":"46_CR12","unstructured":"Daneva, M.: Applying Real Options Thinking to Information Security in Networked Organizations. Tech. Rep. TR-CTIT-06-11, Centre for Telematics and Information Technology, University of Twente, Enschede (August 2006)"},{"key":"46_CR13","unstructured":"Dawson, K., Weston, R.: Call Centre Hang-ups. Global Services Media (December 2005), http:\/\/www.globalservicesmedia.com\/BPO\/Customer-Care\/Call-Center-Hang-ups\/23\/9\/0\/general20070521987 (last visited May 2010)"},{"key":"46_CR14","unstructured":"Dynes, S., Eric, H.B., Johnson, M.E.: Information Security in the Extended Enterprise: Some Initial Results From a Field Study of an Industrial Firm. In: Proc. of Int. Workshop on the Economics of Information Security (2005)"},{"key":"46_CR15","unstructured":"Cloud Computing Risk Assessment. ENISA: European Network and Information Security Agency (November 2009)"},{"issue":"3","key":"46_CR16","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1080\/00137910208965037","volume":"47","author":"H. Erdogmus","year":"2002","unstructured":"Erdogmus, H.: Valuation of Learning Options in Software Development under Private and Market Risk. The Engineering Economist\u00a047(3), 308\u2013353 (2002)","journal-title":"The Engineering Economist"},{"key":"46_CR17","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1109\/ARES.2010.40","volume-title":"Proc. of the Fifth Int. Conf. on Availability, Reliability and Security (ARES 2010)","author":"V.N.L. Franqueira","year":"2010","unstructured":"Franqueira, V.N.L., van Cleeff, A., van Eck, P.A.T., Wieringa, R.J.: External Insider Threat: a Real Security Challenge in Enterprise Value Webs. In: Proc. of the Fifth Int. Conf. on Availability, Reliability and Security (ARES 2010), pp. 446\u2013453. IEEE Computer Society Press, Los Alamitos (February 2010)"},{"issue":"1","key":"46_CR18","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1145\/1107458.1107465","volume":"49","author":"L.A. Gordon","year":"2006","unstructured":"Gordon, L.A., Loeb, M.P.: Budgeting Process for Information Security Expenditures. Communications of the ACM\u00a049(1), 121\u2013125 (2006)","journal-title":"Communications of the ACM"},{"issue":"2","key":"46_CR19","first-page":"1","volume":"19","author":"L.A. Gordon","year":"2003","unstructured":"Gordon, L.A., Loeb, M.P., Lucyshyn, W.: Information Security Expenditures and Real Options: A Wait-and-See Approach. Computer Security Journal\u00a019(2), 1\u20137 (2003)","journal-title":"Computer Security Journal"},{"key":"46_CR20","doi-asserted-by":"crossref","unstructured":"Gran, B.A.: The use of Bayesian Belief Networks for combining disparate sources of information in the safety assessment of software based systems. Ph.D. thesis, Norwegian University of Sciences and Technology, Norway (2002)","DOI":"10.1080\/00207720210133589"},{"key":"46_CR21","unstructured":"Holman, D., Batt, R., Holtgrewe, U.: The Global Call Centre Report: International Perspectives on Management and Employment (2007)"},{"key":"46_CR22","unstructured":"Houmb, S.H.: Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD) Framework. Ph.D. thesis, Norwegian University of Science and Technology, Trondheim (November 2007)"},{"key":"46_CR23","doi-asserted-by":"crossref","unstructured":"Houmb, S.H., Chakraborty, S., Ray, I., Ray, I.: Using Trust-Based Information Aggregation for Predicting Security Level of Systems. In: To appear in Proc. of the 24th Annual IFIP WG 11.3 Working Conf. on Data and Applications Security and Privacy XXIV. pp. 241\u2013256. Springer, Heidelberg (June 2010)","DOI":"10.1007\/978-3-642-13739-6_16"},{"key":"46_CR24","unstructured":"HUGIN: tool made by Hugin Expert AS (2009), http:\/\/www.hugin.com\/ (last visited on June 2010)"},{"key":"46_CR25","unstructured":"ISO\/IEC-27005: Information technology. Security techniques. Information security risk management (2008)"},{"key":"46_CR26","volume-title":"Introduction to Bayesian Networks","author":"F.V. Jensen","year":"1996","unstructured":"Jensen, F.V.: Introduction to Bayesian Networks. Springer, New York (1996)"},{"key":"46_CR27","first-page":"14","volume-title":"ICSEA 2007: Proc. 2nd Int. Conf. on Software Engineering Advances","author":"J. Li","year":"2007","unstructured":"Li, J., Su, X.: Making Cost Effective Security Decision with Real Option Thinking. In: ICSEA 2007: Proc. 2nd Int. Conf. on Software Engineering Advances, pp. 14\u201322. IEEE Press, Los Alamitos (2007)"},{"key":"46_CR28","unstructured":"Safety and Risk Evaluation using Bayesian Nets. ESPIRIT Framework IV nr. 22187 (1999), http:\/\/www.hugin.dk\/serene\/ (last visited on June 2010)"}],"container-title":["Lecture Notes in Computer Science","On the Move to Meaningful Internet Systems: OTM 2010"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-16934-2_46","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,5]],"date-time":"2019-06-05T22:58:39Z","timestamp":1559775519000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-16934-2_46"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642169335","9783642169342"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-16934-2_46","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}