{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T05:51:42Z","timestamp":1771307502773,"version":"3.50.1"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2015,11,4]],"date-time":"2015-11-04T00:00:00Z","timestamp":1446595200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2017,6]]},"DOI":"10.1007\/s10796-015-9608-8","type":"journal-article","created":{"date-parts":[[2015,11,4]],"date-time":"2015-11-04T07:37:20Z","timestamp":1446622640000},"page":"509-524","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":35,"title":["Organizational information security as a complex adaptive system: insights from three agent-based models"],"prefix":"10.1007","volume":"19","author":[{"given":"A. J.","family":"Burns","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Clay","family":"Posey","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"James F.","family":"Courtney","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tom L.","family":"Roberts","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Prabhashi","family":"Nanayakkara","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,11,4]]},"reference":[{"issue":"3","key":"9608_CR1","doi-asserted-by":"crossref","first-page":"613","DOI":"10.2307\/25750694","volume":"34","author":"CL Anderson","year":"2010","unstructured":"Anderson, C. L., & Agarwal, R. (2010). Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34(3), 613\u2013643.","journal-title":"MIS Quarterly"},{"key":"9608_CR2","volume-title":"Deterrence and incapacitation: estimating the effects of criminal sanctions on crime rates","author":"A Blumstein","year":"1978","unstructured":"Blumstein, A., Cohen, J., & Nagin, D. (1978). Deterrence and incapacitation: estimating the effects of criminal sanctions on crime rates. Washington: National Academy of Sciences."},{"key":"9608_CR3","unstructured":"Bursztein, E. (2014). Behind enemy lines in our war against account hijackers http:\/\/googleonlinesecurity.blogspot.com\/2014\/11\/behind-enemy-lines-in-our-war-against.html . Accessed 21 Jan 2015."},{"issue":"3","key":"9608_CR4","doi-asserted-by":"crossref","first-page":"351","DOI":"10.1016\/S0272-6963(00)00068-1","volume":"19","author":"TY Choi","year":"2001","unstructured":"Choi, T. Y., Dooley, K. J., & Rungtusanatham, M. (2001). Supply networks and complex adaptive systems: control versus emergence. Journal of Operations Management, 19(3), 351\u2013366.","journal-title":"Journal of Operations Management"},{"key":"9608_CR5","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","volume":"32","author":"RE Crossler","year":"2013","unstructured":"Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90\u2013101.","journal-title":"Computers & Security"},{"issue":"1","key":"9608_CR6","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1287\/isre.1070.0160","volume":"20","author":"J D\u2019Arcy","year":"2009","unstructured":"D\u2019Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20(1), 79\u201398.","journal-title":"Information Systems Research"},{"key":"9608_CR7","doi-asserted-by":"crossref","unstructured":"Dhamija, R., Tygar, J. D., & Hearst, M. (2006). Why phishing works. In Proceedings of the 2006 Conference on Human Factors in Computing Systems (CHI), (pp. 581\u2013590). ACM: Montreal.","DOI":"10.1145\/1124772.1124861"},{"issue":"1","key":"9608_CR8","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1023\/A:1022375910940","volume":"1","author":"KJ Dooley","year":"1997","unstructured":"Dooley, K. J. (1997). A complex adaptive systems model of organization change. Nonlinear Dynamics, Psychology, and Life Sciences, 1(1), 69\u201397.","journal-title":"Nonlinear Dynamics, Psychology, and Life Sciences"},{"key":"9608_CR9","doi-asserted-by":"crossref","first-page":"19","DOI":"10.4018\/978-1-59904-591-7.ch002","volume-title":"Artificial crime analysis systems: using computer simulations and geographic information systems","author":"H Elffers","year":"2008","unstructured":"Elffers, H., & Van Baal, P. (2008). Realistic spatial backcloth is not that important in agent based simulation research. An illustration from simulating perceptual deterrence. In J. E. Eck & L. Liu (Eds.), Artificial crime analysis systems: using computer simulations and geographic information systems (pp. 19\u201334). Hershey: IGI Global."},{"issue":"2","key":"9608_CR10","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1111\/j.1559-1816.2000.tb02323.x","volume":"30","author":"DL Floyd","year":"2000","unstructured":"Floyd, D. L., Prentice\u2010Dunn, S., & Rogers, R. W. (2000). A meta\u2010analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407\u2013429.","journal-title":"Journal of Applied Social Psychology"},{"key":"9608_CR11","volume-title":"Agent-based models (Quantitative applications in the social sciences, Vol 153)","author":"N Gilbert","year":"2008","unstructured":"Gilbert, N. (2008). Agent-based models (Quantitative applications in the social sciences, Vol 153). Thousand Oaks: Sage."},{"issue":"1","key":"9608_CR12","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/MSP.2008.8","volume":"6","author":"FL Greitzer","year":"2008","unstructured":"Greitzer, F. L., Moore, A. P., Cappelli, D. M., Andrews, D. H., Carroll, L. A., & Hull, T. D. (2008). Combating the insider cyber threat. Security & Privacy, IEEE, 6(1), 61\u201364.","journal-title":"Security & Privacy, IEEE"},{"issue":"2","key":"9608_CR13","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","volume":"18","author":"T Herath","year":"2009","unstructured":"Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106\u2013125.","journal-title":"European Journal of Information Systems"},{"key":"9608_CR14","doi-asserted-by":"crossref","unstructured":"Jakobsson, M. (2005). Modeling and preventing phishing attacks. In A. S. Patrick, M. Yung (Eds.), Financial Cryptography and Data Security (Vol. 3570, pp. 89): Lecture Notes in Computer Science.","DOI":"10.1007\/11507840_9"},{"key":"9608_CR15","unstructured":"Kotenko, I. (2005). Agent-based modeling and simulation of cyber-warfare between malefactors and security agents in Internet. In."},{"issue":"2","key":"9608_CR16","first-page":"113","volume":"4","author":"I Kotenko","year":"2005","unstructured":"Kotenko, I., & Ulanov, A. (2005). Agent-based simulation of DDOS attacks and defense mechanisms. International Journal of Computing, 4(2), 113\u2013123.","journal-title":"International Journal of Computing"},{"key":"9608_CR17","doi-asserted-by":"crossref","unstructured":"Kothari, V., Blythe, J., Smith, S., & Koppel, R. (2014). Agent-based modeling of user circumvention of security. Paper presented at the Proceedings of the 1st International Workshop on Agents and CyberSecurity, Paris.","DOI":"10.1145\/2602945.2602948"},{"issue":"2","key":"9608_CR18","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1016\/j.im.2008.01.002","volume":"45","author":"Y Lee","year":"2008","unstructured":"Lee, Y., & Kozar, K. A. (2008). An empirical investigation of anti-spyware software adoption: a multitheoretical perspective. Information & Management, 45(2), 109\u2013119.","journal-title":"Information & Management"},{"key":"9608_CR19","unstructured":"Litan, A. (2004). Phishing attack victims likely targets for identity theft. Gartner Research."},{"issue":"5","key":"9608_CR20","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1016\/0022-1031(83)90023-9","volume":"19","author":"JE Maddux","year":"1983","unstructured":"Maddux, J. E., & Rogers, R. W. (1983). Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology, 19(5), 469\u2013479.","journal-title":"Journal of Experimental Social Psychology"},{"key":"9608_CR21","doi-asserted-by":"crossref","DOI":"10.4324\/9780203885659","volume-title":"Complexity, management and the dynamics of change: challenges for practice","author":"E McMillan","year":"2008","unstructured":"McMillan, E. (2008). Complexity, management and the dynamics of change: challenges for practice. New York: Routledge."},{"key":"9608_CR22","volume-title":"Complex adaptive systems: an introduction to computational models of social life","author":"JH Miller","year":"2007","unstructured":"Miller, J. H., & Page, S. E. (2007). Complex adaptive systems: an introduction to computational models of social life. Princeton: Princeton University Press."},{"issue":"1","key":"9608_CR23","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1111\/j.1559-1816.2000.tb02308.x","volume":"30","author":"S Milne","year":"2000","unstructured":"Milne, S., Sheeran, P., & Orbell, S. (2000). Prediction and intervention in health-related behavior: a meta-analytic review of protection motivation theory. Journal of Applied Social Psychology, 30(1), 106\u2013143.","journal-title":"Journal of Applied Social Psychology"},{"issue":"18","key":"9608_CR24","doi-asserted-by":"crossref","first-page":"1194","DOI":"10.1016\/j.artint.2006.10.002","volume":"170","author":"M Mitchell","year":"2006","unstructured":"Mitchell, M. (2006). Complex systems: network thinking. Artificial Intelligence, 170(18), 1194\u20131212.","journal-title":"Artificial Intelligence"},{"issue":"4","key":"9608_CR25","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.25300\/MISQ\/2013\/37.4.09","volume":"37","author":"C Posey","year":"2013","unstructured":"Posey, C., Roberts, T. L., Lowry, P. B., Bennett, R. J., & Courtney, J. F. (2013). Insiders\u2019 protection of organizational information assets: development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189\u20131210.","journal-title":"MIS Quarterly"},{"key":"9608_CR26","volume-title":"Agent-based and individual-based modeling: a practical introduction","author":"SF Railsback","year":"2011","unstructured":"Railsback, S. F., & Grimm, V. (2011). Agent-based and individual-based modeling: a practical introduction. Princeton: Princeton University Press."},{"issue":"1","key":"9608_CR27","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","volume":"91","author":"RW Rogers","year":"1975","unstructured":"Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. The Journal of Psychology, 91(1), 93\u2013114.","journal-title":"The Journal of Psychology"},{"issue":"1","key":"9608_CR28","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1016\/j.compedu.2008.06.011","volume":"52","author":"RS Shaw","year":"2009","unstructured":"Shaw, R. S., Chen, C. C., Harris, A. L., & Huang, H.-J. (2009). The impact of information richness on information security awareness training effectiveness. Computers & Education, 52(1), 92\u2013100.","journal-title":"Computers & Education"},{"key":"9608_CR29","volume-title":"The sciences of the artificial","author":"HA Simon","year":"1996","unstructured":"Simon, H. A. (1996). The sciences of the artificial. Cambridge: MIT Press."},{"issue":"3","key":"9608_CR30","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1287\/isre.1.3.255","volume":"1","author":"DW Straub","year":"1990","unstructured":"Straub, D. W. (1990). Effective IS security. Information Systems Research, 1(3), 255\u2013276.","journal-title":"Information Systems Research"},{"issue":"1","key":"9608_CR31","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2307\/249307","volume":"14","author":"DW Straub","year":"1990","unstructured":"Straub, D. W., & Nance, W. (1990). Discovering and disciplining computer abuse in organizations: a field study. MIS Quarterly, 14(1), 45\u201360.","journal-title":"MIS Quarterly"},{"key":"9608_CR32","unstructured":"Tanner, M. C., Elsaesser, C., & Whittaker, G. M. (2001). Security awareness training simulation. The MITRE Corporation."},{"issue":"10","key":"9608_CR33","doi-asserted-by":"crossref","first-page":"1014","DOI":"10.1080\/0144929X.2013.763860","volume":"32","author":"P Tetri","year":"2013","unstructured":"Tetri, P., & Vuorinen, J. (2013). Dissecting social engineering. Behaviour & Information Technology, 32(10), 1014\u20131023.","journal-title":"Behaviour & Information Technology"},{"key":"9608_CR34","volume-title":"Complexity: the emerging science and the edge of order and chaos","author":"MM Waldrop","year":"1992","unstructured":"Waldrop, M. M. (1992). Complexity: the emerging science and the edge of order and chaos. New York: Simon & Schuster."},{"issue":"2","key":"9608_CR35","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1057\/ejis.2009.12","volume":"18","author":"M Warkentin","year":"2009","unstructured":"Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information systems security: the insider threat. European Journal of Information Systems, 18(2), 101\u2013105.","journal-title":"European Journal of Information Systems"},{"key":"9608_CR36","unstructured":"Wilensky, U. (1999). NetLogo (and NetLogo user manual). Center for Connected Learning and Computer-Based Modeling, Northwestern University. http:\/\/ccl.northwestern.edu\/netlogo ."},{"key":"9608_CR37","unstructured":"Wilensky, U., & Rand, W. (2015). An introduction to agent-based modeling: modeling natural, social, and engineered complex systems with NetLogo: MIT Press."},{"issue":"1","key":"9608_CR38","doi-asserted-by":"crossref","first-page":"1","DOI":"10.25300\/MISQ\/2013\/37.1.01","volume":"37","author":"R Willison","year":"2013","unstructured":"Willison, R., & Warkentin, M. (2013). Beyond deterrence: an expanded view of employee computer abuse. MIS Quarterly, 37(1), 1\u201320.","journal-title":"MIS Quarterly"},{"issue":"6","key":"9608_CR39","doi-asserted-by":"crossref","first-page":"2799","DOI":"10.1016\/j.chb.2008.04.005","volume":"24","author":"M Workman","year":"2008","unstructured":"Workman, M., Bommer, W. H., & Straub, D. W. (2008). Security lapses and the omission of information security measures: a threat control model and empirical test. Computers in Human Behavior, 24(6), 2799\u20132816.","journal-title":"Computers in Human Behavior"},{"issue":"4","key":"9608_CR40","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1016\/0047-2352(94)90082-5","volume":"22","author":"J Yu","year":"1994","unstructured":"Yu, J. (1994). Punishment celerity and severity: testing a specific deterrence model on drunk driving recidivism. Journal of Criminal Justice, 22(4), 355\u2013366.","journal-title":"Journal of Criminal Justice"},{"key":"9608_CR41","doi-asserted-by":"publisher","unstructured":"Zhang, X., Tsang, A., Yue, W., & Chau, M. (2015). The classification of hackers by knowledge exchange behaviors. Information Systems Frontiers, 1\u201313, doi: 10.1007\/s10796-015-9567-0 .","DOI":"10.1007\/s10796-015-9567-0"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-015-9608-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10796-015-9608-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-015-9608-8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-015-9608-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T07:19:12Z","timestamp":1567322352000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10796-015-9608-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,11,4]]},"references-count":41,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2017,6]]}},"alternative-id":["9608"],"URL":"https:\/\/doi.org\/10.1007\/s10796-015-9608-8","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,11,4]]}}}