{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,7]],"date-time":"2025-04-07T05:05:54Z","timestamp":1744002354722,"version":"3.37.3"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2021,4,18]],"date-time":"2021-04-18T00:00:00Z","timestamp":1618704000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,4,18]],"date-time":"2021-04-18T00:00:00Z","timestamp":1618704000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Pers Ubiquit Comput"],"published-print":{"date-parts":[[2021,10]]},"DOI":"10.1007\/s00779-021-01561-0","type":"journal-article","created":{"date-parts":[[2021,4,18]],"date-time":"2021-04-18T05:02:21Z","timestamp":1618722141000},"page":"853-877","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Case-based learning in the management practice of information security: an innovative pedagogical instrument"],"prefix":"10.1007","volume":"25","author":[{"given":"Atif","family":"Ahmad","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2044-8163","authenticated-orcid":false,"given":"Sean B.","family":"Maynard","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sameen","family":"Motahhir","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ashley","family":"Anderson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,4,18]]},"reference":[{"key":"1561_CR1","first-page":"1","volume":"2020","author":"SC Yang","year":"2020","unstructured":"Yang SC (2020) A meta-model of cybersecurity curriculums: assessing cybersecurity curricular frameworks for business schools. J Educ Bus 2020:1\u201312","journal-title":"J Educ Bus"},{"issue":"1","key":"1561_CR2","first-page":"3","volume":"39","author":"WA Cram","year":"2016","unstructured":"Cram WA, D'Arcy J (2016) Teaching information security in business schools: current practices and a proposed direction for the future. Commun Assoc Inf Syst 39(1):3","journal-title":"Commun Assoc Inf Syst"},{"issue":"5","key":"1561_CR3","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1108\/IMCS-08-2013-0058","volume":"22","author":"A Ahmad","year":"2014","unstructured":"Ahmad A, Maynard S (2014) Teaching Information Security Management: reflections and experiences. Inf Manag Comput Secur 22(5):513\u2013536. https:\/\/doi.org\/10.1108\/IMCS-08-2013-0058","journal-title":"Inf Manag Comput Secur"},{"doi-asserted-by":"crossref","unstructured":"Burley D, Bishop M, Buck S, Ekstrom JJ, Futcher L, Gibson D, Hawthorne EK, Kaza S, Levy Y, Mattord HJ, Parrish A (2017) CYBERSECURITY CURRICULA 2017: Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity, 1st edn. ACM, IEEE, AIS, IFIP","key":"1561_CR4","DOI":"10.1007\/978-3-319-58553-6_1"},{"doi-asserted-by":"crossref","unstructured":"Lowry G, Turner R (2005) Information systems education for the 21st century: aligning curriculum content and delivery with the professional workplace. In: Technology literacy applications in learning environments. IGI Global, pp 171\u2013202","key":"1561_CR5","DOI":"10.4018\/978-1-59140-479-8.ch013"},{"issue":"3","key":"1561_CR6","first-page":"178","volume":"12","author":"S-h Lee","year":"2009","unstructured":"Lee S-h, Lee J, Liu X, Bonk CJ, Magjuka RJ (2009) A review of case-based learning practices in an online MBA program: a program-level case study. J Educ Technol Soc 12(3):178\u2013190","journal-title":"J Educ Technol Soc"},{"issue":"1","key":"1561_CR7","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1111\/dsji.12121","volume":"15","author":"JE Kendall","year":"2017","unstructured":"Kendall JE, Kendall KE (2017) Enhancing online executive education using storytelling: an approach to strengthening online social presence. Decis Sci J Innov Educ 15(1):62\u201381","journal-title":"Decis Sci J Innov Educ"},{"doi-asserted-by":"crossref","unstructured":"Reed MM, Brunson RR (2018) Exploration of the efficacy of the case method of teaching. In: The CASE Journal","key":"1561_CR8","DOI":"10.1108\/TCJ-01-2018-0009"},{"key":"1561_CR9","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1016\/j.cose.2018.01.015","volume":"75","author":"K Cabaj","year":"2018","unstructured":"Cabaj K, Domingos D, Kotulski Z, Resp\u00edcio A (2018) Cybersecurity education: evolution of the discipline and analysis of master programs. Comput Secur 75:24\u201335","journal-title":"Comput Secur"},{"key":"1561_CR10","doi-asserted-by":"publisher","first-page":"101875","DOI":"10.1016\/j.cose.2020.101875","volume":"2020","author":"H-J Kam","year":"2020","unstructured":"Kam H-J, Menard P, Ormond D, Crossler RE (2020) Cultivating cybersecurity learning: an integration of self-determination and flow. Comput Secur 2020:101875","journal-title":"Comput Secur"},{"key":"1561_CR11","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1016\/j.cose.2018.09.009","volume":"80","author":"L Gonz\u00e1lez-Manzano","year":"2019","unstructured":"Gonz\u00e1lez-Manzano L, de Fuentes JM (2019) Design recommendations for online cybersecurity courses. Comput Secur 80:238\u2013256","journal-title":"Comput Secur"},{"issue":"2","key":"1561_CR12","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1057\/s41266-018-0037-7","volume":"8","author":"E Diffee","year":"2018","unstructured":"Diffee E, Datta P (2018) Cybersecurity: the three-headed Janus. J Info Technol Teach Cases 8(2):161\u2013171","journal-title":"J Info Technol Teach Cases"},{"issue":"2","key":"1561_CR13","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1057\/jittc.2015.12","volume":"5","author":"M-DJ McLaughlin","year":"2015","unstructured":"McLaughlin M-DJ, Hansen S, Cram WA, Gogan JL (2015) Snowfall and a stolen laptop. J Info Technol Teach Cases 5(2):102\u2013112","journal-title":"J Info Technol Teach Cases"},{"key":"1561_CR14","series-title":"Course Technology, Cengage Learning","volume-title":"Principles of information security","author":"ME Whitman","year":"2017","unstructured":"Whitman ME, Mattord HJ (2017) Principles of information security, Course Technology, Cengage Learning, 6th edn","edition":"6"},{"doi-asserted-by":"publisher","unstructured":"Ahmad A, Maynard SB, Park S (2014) Information security strategies: towards an organizational multi-strategy perspective. J Intell Manuf:257\u2013370. https:\/\/doi.org\/10.1007\/s10845-012-0683-0","key":"1561_CR15","DOI":"10.1007\/s10845-012-0683-0"},{"key":"1561_CR16","first-page":"297","volume":"39","author":"P Shedden","year":"2016","unstructured":"Shedden P, Ahmad A, Smith W, Tscherning H, Scheepers R (2016) Asset identification in information security risk assessment: a business practice approach. Commun Assoc Inf Syst 39:297\u2013320","journal-title":"Commun Assoc Inf Syst"},{"key":"1561_CR17","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1016\/j.cose.2014.04.005","volume":"44","author":"J Webb","year":"2014","unstructured":"Webb J, Ahmad A, Maynard SB, Shanks G (2014) A situation awareness model for information security risk management. Comput Secur 44:391\u2013404. https:\/\/doi.org\/10.1016\/j.cose.2014.04.005","journal-title":"Comput Secur"},{"key":"1561_CR18","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1016\/j.cose.2019.07.001","volume":"86","author":"A Ahmad","year":"2019","unstructured":"Ahmad A, Webb J, Desouza KC, Boorman J (2019) Strategically-motivated advanced persistent threat: definition, process, tactics and a disinformation model of counterattack. Comput Secur 86:402\u2013418. https:\/\/doi.org\/10.1016\/j.cose.2019.07.001","journal-title":"Comput Secur"},{"issue":"2","key":"1561_CR19","doi-asserted-by":"publisher","first-page":"250","DOI":"10.1016\/j.giq.2016.01.012","volume":"33","author":"C Leuprecht","year":"2016","unstructured":"Leuprecht C, Skillicorn DB, Tait VE (2016) Beyond the Castle Model of cyber-risk and cyber-security. Gov Inf Q 33(2):250\u2013257","journal-title":"Gov Inf Q"},{"issue":"4","key":"1561_CR20","first-page":"65","volume":"10","author":"SB Maynard","year":"2018","unstructured":"Maynard SB, Tan T, Ahmad A, Ruighaver T (2018) Towards a Framework for Strategic Security Context in Information Security Governance. Pacific Asia J Assoc Info Syst 10(4):65\u201388","journal-title":"Pacific Asia J Assoc Info Syst"},{"issue":"3","key":"1561_CR21","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1016\/j.ijcip.2009.07.003","volume":"2","author":"FO Sveen","year":"2009","unstructured":"Sveen FO, Torres JM, Sarriegi JM (2009) Blind information security strategy. Int J Crit Infrastruct Prot 2(3):95\u2013109","journal-title":"Int J Crit Infrastruct Prot"},{"unstructured":"Maynard SB (2007) Ruighaver AB Security Policy Quality: a multiple constituency perspective. In: Dhillon G","key":"#cr-split#-1561_CR22.1"},{"unstructured":"(ed) Assuring Business processes, Proc. of the 6th Annual Security Conference, Washington DC, USA, 11-12 April 2007. Global Publishing, USA","key":"#cr-split#-1561_CR22.2"},{"issue":"6","key":"1561_CR23","doi-asserted-by":"publisher","first-page":"605","DOI":"10.1057\/s41303-017-0059-9","volume":"26","author":"WA Cram","year":"2017","unstructured":"Cram WA, Proudfoot JG, D\u2019Arcy J (2017) Organizational information security policies: a review and research framework. Eur J Inf Syst 26(6):605\u2013641","journal-title":"Eur J Inf Syst"},{"issue":"3","key":"1561_CR24","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1108\/ICS-07-2018-0080","volume":"27","author":"M Bada","year":"2019","unstructured":"Bada M, Nurse JR (2019) Developing cybersecurity education and awareness programmes for small-and medium-sized enterprises (SMEs). Info Comput Secur 27(3):393\u2013410","journal-title":"Info Comput Secur"},{"issue":"1","key":"1561_CR25","first-page":"23","volume":"1","author":"R Baskerville","year":"2005","unstructured":"Baskerville R (2005) Information warfare: a comparative framework for business information security. J Info Syst Secur 1(1):23\u201350","journal-title":"J Info Syst Secur"},{"unstructured":"ISO\/IEC (2005) ISO\/IEC 27001:2005. Information Technology - Security Techniques - Information Security Management Systems - Requirements.","key":"1561_CR26"},{"issue":"8","key":"1561_CR27","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1145\/1145287.1145316","volume":"49","author":"M Siponen","year":"2006","unstructured":"Siponen M (2006) Information security standards focus on the existence of process, not its content. Commun ACM 49(8):97\u2013100","journal-title":"Commun ACM"},{"doi-asserted-by":"crossref","unstructured":"Shedden P, Scheepers R, Smith W, Ahmad A (2011) Incorporating a knowledge perspective into security risk assessments. VINE J Knowledge Manag 61(2)","key":"1561_CR28","DOI":"10.1108\/03055721111134790"},{"issue":"5","key":"1561_CR29","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1016\/j.cose.2012.04.001","volume":"31","author":"A Ahmad","year":"2012","unstructured":"Ahmad A, Hadjkiss J, Ruighaver AB (2012) Incident response teams - challenges in supporting the organizational security function. Comput Secur 31(5):643\u2013652","journal-title":"Comput Secur"},{"key":"1561_CR30","volume-title":"Social research methods: qualitative and quantitative approaches","author":"WL Neuman","year":"2014","unstructured":"Neuman WL (2014) Social research methods: qualitative and quantitative approaches, Seventh edn. Pearson Education Ltd, London","edition":"Seventh edn"},{"unstructured":"National Bureau of Asian Research (2017) Update to the IP Commission Report: the Report of the Commission on the Theft of American Intellectual Property.","key":"1561_CR31"},{"unstructured":"US District Court for the Western District of Washington (2019) USA v. Huawei Device Co., LTD. : CR19-10-RSM. US District Court for the Western District of Washington,","key":"1561_CR32"},{"unstructured":"U.S. Department of Justice (2015) Kolon Industries Inc. Pleads guilty for conspiring to steal DuPont trade secrets involving Kevlar Technology. U.S. Department of Justice,. https:\/\/www.justice.gov\/opa\/pr\/kolon-industries-inc-pleads-guilty-conspiring-steal-dupont-trade-secrets-involving-kevlar.","key":"1561_CR33"},{"issue":"3","key":"1561_CR34","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/s11423-013-9294-5","volume":"61","author":"A Tawfik","year":"2013","unstructured":"Tawfik A, Jonassen D (2013) The effects of successful versus failure-based cases on argumentation while solving decision-making problems. Educ Technol Res Dev 61(3):385\u2013406","journal-title":"Educ Technol Res Dev"},{"issue":"5","key":"1561_CR35","doi-asserted-by":"publisher","first-page":"1101","DOI":"10.1007\/s11423-018-9579-9","volume":"66","author":"A Darabi","year":"2018","unstructured":"Darabi A, Arrington TL, Sayilir E (2018) Learning from failure: a meta-analysis of the empirical studies. Educ Technol Res Dev 66(5):1101\u20131118","journal-title":"Educ Technol Res Dev"},{"issue":"5","key":"1561_CR36","doi-asserted-by":"publisher","first-page":"1040","DOI":"10.1111\/isj.12234","volume":"29","author":"DM Hull","year":"2019","unstructured":"Hull DM, Lowry PB, Gaskin JE, Mirkovski K (2019) A storyteller\u2019s guide to problem-based learning for information systems management education. Inf Syst J 29(5):1040\u20131057","journal-title":"Inf Syst J"},{"doi-asserted-by":"publisher","unstructured":"Tan T, Ruighaver A, Ahmad A (2010) Information security governance: when compliance becomes more important than security. In: Rannenberg K, Varadharajan V, Weber C (eds) Security and Privacy \u2013 Silver Linings in the Cloud, IFIP advances in information and communication technology, vol 330. Springer, Berlin Heidelberg, pp 55\u201367. https:\/\/doi.org\/10.1007\/978-3-642-15257-3_6","key":"1561_CR37","DOI":"10.1007\/978-3-642-15257-3_6"},{"key":"1561_CR38","volume-title":"Situation-awareness in incident response: an in-depth case study and process model. Paper presented at the International Conference on Information Systems","author":"A Ahmad","year":"2020","unstructured":"Ahmad A, Desouza KC, Maynard SB, Whitty M, Kotsias J, Baskerville R (2020) Situation-awareness in incident response: an in-depth case study and process model. Paper presented at the International Conference on Information Systems. Hyderabad, India"},{"key":"1561_CR39","volume-title":"Toward sustainable behaviour change: An approach for cyber security education training and awareness","author":"M Alshaikh","year":"2019","unstructured":"Alshaikh M, Naseer H, Ahmad A, Maynard SB (2019) Toward sustainable behaviour change: An approach for cyber security education training and awareness. Paper presented at the European Conference on Information Systems, Sweden"},{"issue":"6","key":"1561_CR40","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1016\/j.ijinfomgt.2015.08.001","volume":"35","author":"A Ahmad","year":"2015","unstructured":"Ahmad A, Maynard SB, Shanks G (2015) A case analysis of information systems and security incident responses. Int J Inf Manag 35(6):717\u2013723. https:\/\/doi.org\/10.1016\/j.ijinfomgt.2015.08.001","journal-title":"Int J Inf Manag"},{"unstructured":"Shedden P, Ruighaver AB, Ahmad A (2010) Risk management standards \u2013 the perception of ease of use. J Info Syst Secur 6(3)","key":"1561_CR41"},{"unstructured":"Alshaikh M, Maynard SB, Ahmad A (2015) Information security policy: a management practice perspective. In: The 26th Australasian Conference on Information Systems,, Adelaide, Australia","key":"1561_CR42"},{"issue":"8","key":"1561_CR43","doi-asserted-by":"publisher","first-page":"939","DOI":"10.1002\/asi.24311","volume":"71","author":"A Ahmad","year":"2020","unstructured":"Ahmad A, Desouza KC, Maynard SB, Naseer H, Baskerville RL (2020) How integration of cyber security management and incident response enables organizational learning. J Assoc Inf Sci Technol 71(8):939\u2013953. https:\/\/doi.org\/10.1002\/asi.24311","journal-title":"J Assoc Inf Sci Technol"},{"issue":"3","key":"1561_CR44","first-page":"61","volume":"10","author":"SB Maynard","year":"2018","unstructured":"Maynard SB, Onibere M, Ahmad A (2018) Defining the strategic role of the chief information security officer. Pacific Asia J Assoc Info Syst 10(3):61\u201386","journal-title":"Pacific Asia J Assoc Info Syst"},{"key":"1561_CR45","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1016\/j.cose.2014.01.001","volume":"42","author":"A Ahmad","year":"2014","unstructured":"Ahmad A, Bosua R, Scheepers R (2014) Protecting organizational competitive advantage: a knowledge leakage perspective. Comp Secur 42:27\u201339. https:\/\/doi.org\/10.1016\/j.cose.2014.01.001","journal-title":"Comp Secur"},{"unstructured":"University of Melbourne (2020) Subject Experience Survey (SES). University of Melbourne. https:\/\/ses.unimelb.edu.au\/.","key":"1561_CR46"},{"issue":"9","key":"1561_CR47","doi-asserted-by":"publisher","first-page":"867","DOI":"10.1111\/j.1365-2929.2006.02544.x","volume":"40","author":"S Kim","year":"2006","unstructured":"Kim S, Phillips WR, Pinsky L, Brock D, Phillips K, Keary J (2006) A conceptual framework for developing teaching cases: a review and synthesis of the literature across disciplines. Med Educ 40(9):867\u2013876","journal-title":"Med Educ"}],"container-title":["Personal and Ubiquitous Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00779-021-01561-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00779-021-01561-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00779-021-01561-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T05:01:36Z","timestamp":1633582896000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00779-021-01561-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,18]]},"references-count":48,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2021,10]]}},"alternative-id":["1561"],"URL":"https:\/\/doi.org\/10.1007\/s00779-021-01561-0","relation":{},"ISSN":["1617-4909","1617-4917"],"issn-type":[{"type":"print","value":"1617-4909"},{"type":"electronic","value":"1617-4917"}],"subject":[],"published":{"date-parts":[[2021,4,18]]},"assertion":[{"value":"23 October 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 March 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 April 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}