{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T02:58:51Z","timestamp":1763348331222},"reference-count":30,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2021,3,18]],"date-time":"2021-03-18T00:00:00Z","timestamp":1616025600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,3,18]],"date-time":"2021-03-18T00:00:00Z","timestamp":1616025600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Pers Ubiquit Comput"],"published-print":{"date-parts":[[2021,10]]},"DOI":"10.1007\/s00779-021-01549-w","type":"journal-article","created":{"date-parts":[[2021,3,18]],"date-time":"2021-03-18T19:38:11Z","timestamp":1616096291000},"page":"927-940","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture"],"prefix":"10.1007","volume":"25","author":[{"given":"S.G.","family":"Govender","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"E.","family":"Kritzinger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M.","family":"Loock","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,3,18]]},"reference":[{"key":"1549_CR1","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1016\/j.jisa.2017.11.001","volume":"40","author":"NS Saf","year":"2018","unstructured":"Saf NS, Maple C, Watson T, Von Solms R (2018) Motivation and opportunity based model to reduce information security insider threats in organisations. J Inf Secur Appl 40:247\u2013257. https:\/\/doi.org\/10.1016\/j.jisa.2017.11.001","journal-title":"J Inf Secur Appl"},{"key":"1549_CR2","doi-asserted-by":"publisher","unstructured":"Mukherjee S (2019) Overview of the importance of corporate security in business. SSRN Electron J. https:\/\/doi.org\/10.2139\/ssrn.3415960","DOI":"10.2139\/ssrn.3415960"},{"key":"1549_CR3","doi-asserted-by":"publisher","unstructured":"Dhillon, G., Torkzadeh, G., Chang, J.: Strategic planning for IS security: designing objectives. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics). pp. 285\u2013299. Springer Verlag (2018). https:\/\/doi.org\/10.1007\/978-3-319-91800-6_19.","DOI":"10.1007\/978-3-319-91800-6_19"},{"key":"1549_CR4","unstructured":"Lord, N.: The history of data breaches, https:\/\/digitalguardian.com\/blog\/history-data-breaches, ."},{"key":"1549_CR5","unstructured":"Winder, D.: Data breaches expose 4.1 billion records in first six months of 2019, https:\/\/www.forbes.com\/sites\/daveywinder\/2019\/08\/20\/data-breaches-expose-41-billion-records-in-first-six-months-of-2019\/#7fe19849bd54, ."},{"key":"1549_CR6","unstructured":"Targett, E.: Global data breaches 2018: 4.5 billion records compromised thus far, https:\/\/www.cbronline.com\/news\/global-data-breaches-2018, ."},{"key":"1549_CR7","volume-title":"Cost of data breach study","author":"Ponemon Institute","year":"2018","unstructured":"Ponemon Institute: Cost of data breach study. (2018)."},{"key":"1549_CR8","unstructured":"Verizon: 2017 Data breach investigation report, 10th Edition. (2017)."},{"key":"1549_CR9","unstructured":"Kaspersky Lab: damage control: the cost of security breaches, it security risks special report series. (2016)."},{"key":"1549_CR10","unstructured":"Chong, J.: How security technology improves business operations, https:\/\/www.securitymagazine.com\/articles\/89706-how-security-technology-improves-business-operations, ."},{"key":"1549_CR11","unstructured":"Debar, H.: Cybersecurity: high costs for companies, http:\/\/theconversation.com\/cybersecurity-high-costs-for-companies-110807, ."},{"key":"1549_CR12","unstructured":"Wilczek, M.: Cybercrime is increasing and more costly for organizations, https:\/\/www.cio.com\/article\/3386417\/cybercrime-is-increasing-and-more-costly-for-organizations.html, ."},{"key":"1549_CR13","unstructured":"Edwards, B., Jacobs, J., Forrest, S.: Risky business: assessing security with external measurements. arXiv Prepr. arXiv1904.11052. (2019)."},{"key":"1549_CR14","unstructured":"Schmittling, R.: Performing a security risk assessment, https:\/\/www.isaca.org\/Journal\/archives\/2010\/Volume-1\/Pages\/Performing-a-Security-Risk-Assessment1.aspx, ."},{"key":"1549_CR15","doi-asserted-by":"publisher","first-page":"2285","DOI":"10.1007\/s10270-018-0661-x","volume":"18","author":"N Mayer","year":"2019","unstructured":"Mayer N, Aubert J, Grandry E, Feltus C, Goettelmann E, Wieringa R (2019) An integrated conceptual model for information system security risk management supported by enterprise architecture management. Softw Syst Model 18:2285\u20132312. https:\/\/doi.org\/10.1007\/s10270-018-0661-x","journal-title":"Softw Syst Model"},{"key":"1549_CR16","unstructured":"Kosutic, D.: ISO 27001 checklist: 16 steps for the implementation, https:\/\/advisera.com\/27001academy\/knowledgebase\/iso-27001-implementation-checklist\/, ."},{"key":"1549_CR17","unstructured":"Beaver, K.: Best practices for an information security assessment, https:\/\/searchsecurity.techtarget.com\/tip\/Best-practices-for-an-information-security-assessment, ."},{"key":"1549_CR18","doi-asserted-by":"publisher","first-page":"698","DOI":"10.1016\/S0167-4048(00)08019-6","volume":"19","author":"MM Eloff","year":"2000","unstructured":"Eloff MM, Von Solms SH (2000) Information security management: an approach to combine process certification and product evaluation. Comput Secur 19:698\u2013709. https:\/\/doi.org\/10.1016\/S0167-4048(00)08019-6","journal-title":"Comput Secur"},{"key":"1549_CR19","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1016\/j.cose.2006.10.008","volume":"26","author":"AB Ruighaver","year":"2007","unstructured":"Ruighaver AB, Maynard SB, Chang S (2007) Organisational security culture: extending the end-user perspective. Comput. Secur 26:56\u201362. https:\/\/doi.org\/10.1016\/j.cose.2006.10.008","journal-title":"Comput. Secur"},{"key":"1549_CR20","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","volume":"32","author":"RE Crossler","year":"2013","unstructured":"Crossler RE, Johnston AC, Lowry PB, Hu Q, Warkentin M, Baskerville R (2013) Future directions for behavioral information security research. Comput. Secur 32:90\u2013101. https:\/\/doi.org\/10.1016\/j.cose.2012.09.010","journal-title":"Comput. Secur"},{"key":"1549_CR21","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1287\/isre.2015.0569","volume":"26","author":"JSC Hsu","year":"2015","unstructured":"Hsu JSC, Shih SP, Hung YW, Lowry PB (2015) The role of extra-role behaviors and social controls in information security policy effectiveness. Inf Syst Res 26:282\u2013300. https:\/\/doi.org\/10.1287\/isre.2015.0569","journal-title":"Inf Syst Res"},{"key":"1549_CR22","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1145\/1290958.1290971","volume":"50","author":"J D\u2019Arcy","year":"2007","unstructured":"D\u2019Arcy J, Hovav A (2007) Deterring internal information systems misuse. Commun ACM 50:113\u2013117. https:\/\/doi.org\/10.1145\/1290958.1290971","journal-title":"Commun ACM"},{"key":"1549_CR23","doi-asserted-by":"publisher","first-page":"345","DOI":"10.25300\/MISQ\/2015\/39.2.04","volume":"39","author":"A Vance","year":"2015","unstructured":"Vance A, Benjamin Lowry P (2015) A new approach to the problem of access policy violations: increasing perceptions of accountability through the user interface. MIS Q 39:345\u2013366","journal-title":"MIS Q"},{"key":"1549_CR24","doi-asserted-by":"publisher","unstructured":"Govender, S.G., Loock, M., Kritzinger, E.: Enhancing information security culture to reduce information security cost: a proposed framework. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics). pp. 281\u2013290. Springer Verlag (2018). https:\/\/doi.org\/10.1007\/978-3-030-01689-0_22.","DOI":"10.1007\/978-3-030-01689-0_22"},{"key":"1549_CR25","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/777313.777327","volume":"46","author":"RT Mercuri","year":"2003","unstructured":"Mercuri RT (2003) Analyzing security costs. Commun ACM 46:15\u201318. https:\/\/doi.org\/10.1145\/777313.777327","journal-title":"Commun ACM"},{"key":"1549_CR26","doi-asserted-by":"publisher","unstructured":"Brecht M, Nowey T (2013) A closer look at information security costs. In: The economics of information security and privacy. pp. 3\u201324. Springer. Berlin Heidelberg. https:\/\/doi.org\/10.1007\/978-3-642-39498-0_1","DOI":"10.1007\/978-3-642-39498-0_1"},{"key":"1549_CR27","volume-title":"Articulating the business value of information security","author":"T Scholtz","year":"2011","unstructured":"Scholtz T (2011) Articulating the business value of information security. Gart, Inc"},{"key":"1549_CR28","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1145\/1042091.1042094","volume":"48","author":"LD Bodin","year":"2005","unstructured":"Bodin LD, Gordon LA, Loeb MP (2005) Evaluating information security investments using the Analytic hierarchy process. Commun ACM 48:78\u201383. https:\/\/doi.org\/10.1145\/1042091.1042094","journal-title":"Commun ACM"},{"key":"1549_CR29","doi-asserted-by":"publisher","first-page":"1205","DOI":"10.1007\/s10796-016-9648-8","volume":"19","author":"D Schatz","year":"2017","unstructured":"Schatz D, Bashroush R (2017) Economic valuation for information security investment: a systematic literature review. Inf Syst Front 19:1205\u20131228. https:\/\/doi.org\/10.1007\/s10796-016-9648-8","journal-title":"Inf Syst Front"},{"key":"1549_CR30","unstructured":"Asen A., Bohmayr W., Deutsche, S., Gonzalez M M.D.: Are you spending enough on cybersecurity?, https:\/\/www.bcg.com\/publications\/2019\/are-you-spending-enough-cybersecurity.aspx, ."}],"container-title":["Personal and Ubiquitous Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00779-021-01549-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00779-021-01549-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00779-021-01549-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T05:03:21Z","timestamp":1633583001000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00779-021-01549-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,18]]},"references-count":30,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2021,10]]}},"alternative-id":["1549"],"URL":"https:\/\/doi.org\/10.1007\/s00779-021-01549-w","relation":{},"ISSN":["1617-4909","1617-4917"],"issn-type":[{"value":"1617-4909","type":"print"},{"value":"1617-4917","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,3,18]]},"assertion":[{"value":"5 November 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 March 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 March 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}]}}