{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T23:27:14Z","timestamp":1780615634324,"version":"3.54.1"},"reference-count":74,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2016,4,18]],"date-time":"2016-04-18T00:00:00Z","timestamp":1460937600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2017,10]]},"DOI":"10.1007\/s10796-016-9648-8","type":"journal-article","created":{"date-parts":[[2016,4,18]],"date-time":"2016-04-18T01:29:09Z","timestamp":1460942949000},"page":"1205-1228","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":51,"title":["Economic valuation for information security investment: a systematic literature review"],"prefix":"10.1007","volume":"19","author":[{"given":"Daniel","family":"Schatz","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rabih","family":"Bashroush","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2016,4,18]]},"reference":[{"issue":"11","key":"9648_CR1","doi-asserted-by":"crossref","first-page":"1309","DOI":"10.1287\/mnsc.27.11.1309","volume":"27","author":"M Alavi","year":"1981","unstructured":"Alavi, M., & Henderson, J. C. (1981). An evolutionary strategy for implementing a decision support system. Management Science, 27(11), 1309\u20131323.","journal-title":"Management Science"},{"key":"9648_CR2","doi-asserted-by":"crossref","unstructured":"Anderson, R. Why information security is hard - An economic perspective. 17th Annual Computer Security Applications Conference, Proceedings, Los Alamitos: IEEE Computer Society, 358\u2013365.","DOI":"10.1109\/ACSAC.2001.991552"},{"issue":"6","key":"9648_CR3","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1109\/MITP.2004.89","volume":"6","author":"A Arora","year":"2004","unstructured":"Arora, A., Hall, D., Piato, C. A., Ramsey, D., & Telang, R. (2004). Measuring the risk-based value of IT security solutions. IT Professional, 6(6), 35\u201342.","journal-title":"IT Professional"},{"issue":"4","key":"9648_CR4","doi-asserted-by":"crossref","first-page":"339","DOI":"10.1016\/0167-4048(90)90104-2","volume":"9","author":"KP Badenhorst","year":"1990","unstructured":"Badenhorst, K. P., & Eloff, J. H. P. (1990). Computer security methodology: risk analysis and project definition. Computers & Security, 9(4), 339\u2013346.","journal-title":"Computers & Security"},{"key":"9648_CR5","unstructured":"Beecham, S., Baddoo, N., Hall, T., Robinson, H. and Sharp, H. (2006). Protocol for a systematic literature review of motivation in software engineering. University of Hertfordshire."},{"key":"9648_CR6","unstructured":"Biolchini, J., Mian, P., Ana and Travassos, G. (2005). Systematic Review in Software Engineering."},{"key":"9648_CR7","doi-asserted-by":"crossref","unstructured":"Bistarelli, S., Dall'Aglio, M., & Peretti, P. (2007). Strategic games on defense trees. In Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., & Schneider, S. (eds.) Formal Aspects in security and trust lecture notes in computer science, pp. 1\u201315.","DOI":"10.1007\/978-3-540-75227-1_1"},{"key":"9648_CR8","doi-asserted-by":"crossref","unstructured":"Blakley, B., McDermott, E. and Geer, D. Information security is information risk management. Proceedings of the 2001 workshop on New security paradigms, Cloudcroft, New Mexico. 508187: ACM, 97\u2013104.","DOI":"10.1145\/508171.508187"},{"issue":"2","key":"9648_CR9","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1145\/1042091.1042094","volume":"48","author":"LD Bodin","year":"2005","unstructured":"Bodin, L. D., Gordon, L. A., & Loeb, M. P. (2005). Evaluating information security investments using the ANALYTIC HIERARCHY PROCESS. Communications of the ACM, 48(2), 79\u201383.","journal-title":"Communications of the ACM"},{"issue":"5","key":"9648_CR10","doi-asserted-by":"crossref","first-page":"413","DOI":"10.1016\/j.ijinfomgt.2008.02.002","volume":"28","author":"R Bojanc","year":"2008","unstructured":"Bojanc, R., & Jerman-Bla\u017ei\u010d, B. (2008). An economic modelling approach to information security risk management. International Journal of Information Management, 28(5), 413\u2013422.","journal-title":"International Journal of Information Management"},{"issue":"6","key":"9648_CR11","doi-asserted-by":"crossref","first-page":"276","DOI":"10.2478\/v10051-012-0027-z","volume":"45","author":"R Bojanc","year":"2012","unstructured":"Bojanc, R., & Jerman-Blazic, B. (2012). Quantitative model for economic analyses of information security investment in an enterprise information system. Organizacija, 45(6), 276\u2013288.","journal-title":"Organizacija"},{"issue":"4","key":"9648_CR12","doi-asserted-by":"crossref","first-page":"571","DOI":"10.1016\/j.jss.2006.07.009","volume":"80","author":"P Brereton","year":"2007","unstructured":"Brereton, P., Kitchenham, B. A., Budgen, D., Turner, M., & Khalil, M. (2007). Lessons from applying the systematic literature review process within the software engineering domain. Journal of Systems and Software, 80(4), 571\u2013583.","journal-title":"Journal of Systems and Software"},{"key":"9648_CR13","doi-asserted-by":"crossref","unstructured":"Capko, Z., Aksentijevic, S. and Tijan, E. (2014). Economic and financial analysis of investments in information security. 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1550\u20136.","DOI":"10.1109\/MIPRO.2014.6859812"},{"issue":"7","key":"9648_CR14","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1145\/1005817.1005828","volume":"47","author":"H Cavusoglu","year":"2004","unstructured":"Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM, 47(7), 87\u201392.","journal-title":"Communications of the ACM"},{"issue":"2","key":"9648_CR15","doi-asserted-by":"crossref","first-page":"281","DOI":"10.2753\/MIS0742-1222250211","volume":"25","author":"H Cavusoglu","year":"2008","unstructured":"Cavusoglu, H., Raghunathan, S., & Yue, W. T. (2008). Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems, 25(2), 281\u2013304.","journal-title":"Journal of Management Information Systems"},{"key":"9648_CR16","unstructured":"Cremonini, M. (2005). Evaluating information security investments from attackers perspective: the return-on-attack (ROA)."},{"issue":"1","key":"9648_CR17","doi-asserted-by":"crossref","first-page":"38","DOI":"10.12968\/bjon.2008.17.1.28059","volume":"17","author":"P Cronin","year":"2008","unstructured":"Cronin, P., Ryan, F., & Coughlan, M. (2008). Undertaking a literature review: a step-by-step approach. British Journal of Nursing (Mark Allen Publishing), 17(1), 38\u201343.","journal-title":"British Journal of Nursing (Mark Allen Publishing)"},{"key":"9648_CR18","unstructured":"Cybersecurity Information Sharing Act of 2015. 2015."},{"issue":"11","key":"9648_CR19","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1016\/S1353-4858(05)70301-9","volume":"2005","author":"A Davis","year":"2005","unstructured":"Davis, A. (2005). Return on security investment \u2013 proving it's worth it. Network Security, 2005(11), 8\u201310.","journal-title":"Network Security"},{"key":"9648_CR20","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1007\/978-3-642-39498-0_2","volume-title":"The economics of information security and privacy","author":"L Demetz","year":"2013","unstructured":"Demetz, L., & Bachlechner, D. (2013). To invest or not to invest? Assessing the economic viability of a policy and security configuration management tool. In R. B\u00f6hme (Ed.), The economics of information security and privacy (pp. 25\u201347). Heidelberg: Springer Berlin."},{"issue":"1","key":"9648_CR21","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.dss.2011.05.007","volume":"52","author":"L Dengpan","year":"2011","unstructured":"Dengpan, L., Yonghua, J., & Mookerjee, V. (2011). Knowledge sharing and investment decisions in information security. Decision Support Systems, 52(1), 95\u2013107.","journal-title":"Decision Support Systems"},{"key":"9648_CR22","unstructured":"Department of Justice 2014. Justice Department, Federal Trade Commission Issue Antitrust Policy Statement on Sharing Cybersecurity Information. Office of Public Affairs."},{"issue":"3","key":"9648_CR23","doi-asserted-by":"crossref","first-page":"75","DOI":"10.4018\/jisp.2012070104","volume":"6","author":"A Eisenga","year":"2012","unstructured":"Eisenga, A., Jones, T. L., & Rodriguez, W. (2012). Investing in IT security: how to determine the maximum threshold. International Journal of Information Security and Privacy, 6(3), 75\u201387.","journal-title":"International Journal of Information Security and Privacy"},{"issue":"8","key":"9648_CR24","doi-asserted-by":"crossref","first-page":"707","DOI":"10.1016\/0167-4048(95)00021-6","volume":"14","author":"L Ekenberg","year":"1995","unstructured":"Ekenberg, L., Oberoi, S., & Orci, I. (1995). A cost model for managing information security hazards. Computers & Security, 14(8), 707\u2013717.","journal-title":"Computers & Security"},{"issue":"5","key":"9648_CR25","doi-asserted-by":"crossref","first-page":"511","DOI":"10.1007\/s11573-007-0039-y","volume":"77","author":"U Faisst","year":"2007","unstructured":"Faisst, U., Prokein, O., & Wegmann, N. (2007). Ein Modell zur dynamischen Investitionsrechnung von IT-Sicherheitsma\u00dfnahmen. Zeitschrift f\u00fcr Betriebswirtschaft, 77(5), 511\u2013538.","journal-title":"Zeitschrift f\u00fcr Betriebswirtschaft"},{"issue":"4","key":"9648_CR26","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"LA Gordon","year":"2002","unstructured":"Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438\u2013457.","journal-title":"ACM Transactions on Information and System Security"},{"issue":"1","key":"9648_CR27","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1145\/1107458.1107465","volume":"49","author":"LA Gordon","year":"2006","unstructured":"Gordon, L. A., & Loeb, M. P. (2006). Budgeting process for INFORMATION SECURITY EXPENDITURES. Communications of the ACM, 49(1), 121\u2013125.","journal-title":"Communications of the ACM"},{"issue":"6","key":"9648_CR28","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1016\/j.jaccpubpol.2003.09.001","volume":"22","author":"LA Gordon","year":"2003","unstructured":"Gordon, L. A., Loeb, M. P., & Lucyshyn, W. (2003). Sharing information on computer systems security: an economic analysis. Journal of Accounting and Public Policy, 22(6), 461\u2013485.","journal-title":"Journal of Accounting and Public Policy"},{"issue":"2","key":"9648_CR29","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1080\/09638180701819972","volume":"17","author":"LA Gordon","year":"2008","unstructured":"Gordon, L. A., Loeb, M. P., Sohail, T., Tseng, C.-Y., & Zhou, L. (2008). Cybersecurity, capital allocations and management control systems. European Accounting Review, 17(2), 215\u2013241.","journal-title":"European Accounting Review"},{"issue":"5","key":"9648_CR30","doi-asserted-by":"crossref","first-page":"509","DOI":"10.1016\/j.jaccpubpol.2015.05.001","volume":"34","author":"LA Gordon","year":"2015","unstructured":"Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). The impact of information sharing on cybersecurity underinvestment: a real options perspective. Journal of Accounting and Public Policy, 34(5), 509\u2013519.","journal-title":"Journal of Accounting and Public Policy"},{"key":"9648_CR31","unstructured":"Harzing, A. W. (2007). Publish or Perish. Available at: \nhttp:\/\/www.harzing.com\/pop.htm\n\n."},{"issue":"6","key":"9648_CR32","doi-asserted-by":"crossref","first-page":"629","DOI":"10.1016\/j.jaccpubpol.2006.09.001","volume":"25","author":"K Hausken","year":"2006","unstructured":"Hausken, K. (2006a). Income, interdependence, and substitution effects affecting incentives for security investment. Journal of Accounting and Public Policy, 25(6), 629\u2013665.","journal-title":"Journal of Accounting and Public Policy"},{"issue":"5","key":"9648_CR33","doi-asserted-by":"crossref","first-page":"338","DOI":"10.1007\/s10796-006-9011-6","volume":"8","author":"K Hausken","year":"2006","unstructured":"Hausken, K. (2006b). Returns to information security investment: the effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Information Systems Frontiers, 8(5), 338\u2013349.","journal-title":"Information Systems Frontiers"},{"issue":"6","key":"9648_CR34","doi-asserted-by":"crossref","first-page":"639","DOI":"10.1016\/j.jaccpubpol.2007.10.001","volume":"26","author":"K Hausken","year":"2007","unstructured":"Hausken, K. (2007). Information sharing among firms and cyber attacks. Journal of Accounting and Public Policy, 26(6), 639\u2013688.","journal-title":"Journal of Accounting and Public Policy"},{"issue":"3","key":"9648_CR35","doi-asserted-by":"crossref","first-page":"337","DOI":"10.2753\/MIS0742-1222250310","volume":"25","author":"HSB Herath","year":"2008","unstructured":"Herath, H. S. B., & Herath, T. C. (2008). Investments in information security: a real options perspective with Bayesian Postaudit. Journal of Management Information Systems, 25(3), 337\u2013375.","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"9648_CR36","first-page":"7","volume":"2","author":"H Herath","year":"2011","unstructured":"Herath, H., & Herath, T. (2011). Copula-based actuarial model for pricing cyber-insurance policies. Insurance Markets and Companies: Analyses and Actuarial Computations, 2(1), 7\u201320.","journal-title":"Insurance Markets and Companies: Analyses and Actuarial Computations"},{"key":"9648_CR37","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1016\/j.dss.2013.07.010","volume":"57","author":"HSB Herath","year":"2014","unstructured":"Herath, H. S. B., & Herath, T. C. (2014). IT security auditing: a performance evaluation decision model. Decision Support Systems, 57, 54\u201363.","journal-title":"Decision Support Systems"},{"issue":"5","key":"9648_CR38","first-page":"169","volume":"57","author":"DB Hertz","year":"1979","unstructured":"Hertz, D. B. (1979). Risk analysis in capital investment. Harvard Business Review, 57(5), 169\u2013181.","journal-title":"Harvard Business Review"},{"key":"9648_CR39","unstructured":"Hoo, K. J. S. (2000). How much is enough? A risk-management approach to computer security."},{"issue":"1","key":"9648_CR40","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1016\/j.ijpe.2012.06.022","volume":"141","author":"CD Huang","year":"2013","unstructured":"Huang, C. D., & Behara, R. S. (2013). Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints. International Journal of Production Economics, 141(1), 255\u2013268.","journal-title":"International Journal of Production Economics"},{"issue":"10","key":"9648_CR41","doi-asserted-by":"crossref","first-page":"651","DOI":"10.1016\/j.infsof.2003.11.004","volume":"46","author":"C Iheagwara","year":"2004","unstructured":"Iheagwara, C., Blyth, A., Kevin, T., & Kinn, D. (2004). Cost effective management frameworks: the impact of IDS deployment technique on threat mitigation. Information and Software Technology, 46(10), 651\u2013664.","journal-title":"Information and Software Technology"},{"key":"9648_CR42","unstructured":"European Network and Information Security Agency (2012). Introduction to return on security investment, pp. 18. Available at: \nhttps:\/\/www.enisa.europa.eu\/activities\/cert\/other-work\/introduction-to-return-on-security-investment\n\n."},{"key":"9648_CR43","unstructured":"Jingyue, L. and Xiaomeng, S. (2007). Making cost effective security decision with real option thinking. 2007 International Conference on Software Engineering Advances, pp. 1\u20139."},{"issue":"4\u20135","key":"9648_CR44","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1145\/1017672.1017659","volume":"1","author":"PGW Keen","year":"1980","unstructured":"Keen, P. G. W. (1980). Adaptive design for decision support systems. ACM SIGOA Newsletter, 1(4\u20135), 15\u201325.","journal-title":"ACM SIGOA Newsletter"},{"key":"9648_CR45","unstructured":"Kesswani, N., & Kumar, S. Maintaining cyber security: Implications, cost and returns. Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research, Newport Beach, California, USA. 2751976: ACM, 161\u2013164."},{"issue":"1","key":"9648_CR46","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1016\/j.ejor.2007.08.039","volume":"192","author":"L Khansa","year":"2009","unstructured":"Khansa, L., & Liginlal, D. (2009). Valuing the flexibility of investing in security process innovations. European Journal of Operational Research, 192(1), 216\u2013235.","journal-title":"European Journal of Operational Research"},{"key":"9648_CR47","unstructured":"Kitchenham, B. and Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering. Available at: \nhttp:\/\/www.dur.ac.uk\/ebse\/resources\/Systematic-reviews-5-8.pdf\n\n."},{"issue":"2","key":"9648_CR48","doi-asserted-by":"crossref","first-page":"173","DOI":"10.2307\/249574","volume":"16","author":"KD Loch","year":"1992","unstructured":"Loch, K. D., Carr, H. H., & Warkentin, M. E. (1992). Threats to information-systems - todays reality, yesterdays understanding. MIS Quarterly, 16(2), 173\u2013186.","journal-title":"MIS Quarterly"},{"key":"9648_CR49","doi-asserted-by":"crossref","unstructured":"Matsuura, K. (2009). Productivity space of information security in an extension of the Gordon-Loeb\u2019s InvestmentModel. Managing Information Risk and the Economics of Security: Springer US, pp. 99\u2013119.","DOI":"10.1007\/978-0-387-09762-6_5"},{"key":"9648_CR50","unstructured":"Meho, L. I., & Yang, K. (2006). A new era in citation and bibliometric analyses: Web of science, scopus, and google scholar. arXiv preprint cs\/0612132."},{"key":"9648_CR51","unstructured":"Miaoui, Y., Boudriga, N., & Abaoub, E. Insurance versus investigation driven approach for the computation of optimal security investment. Pacific Asia Conference on Information Systems Singapore."},{"issue":"2","key":"9648_CR52","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1080\/00137910208965029","volume":"47","author":"LT Miller","year":"2002","unstructured":"Miller, L. T., & Park, C. S. (2002). Decision making under uncertainty\u2014real options to the rescue? The Engineering Economist, 47(2), 105\u2013150.","journal-title":"The Engineering Economist"},{"key":"9648_CR53","unstructured":"Moore, T., Dynes, S., & Chang, F. R. (2015). Identifying how firms manage cybersecurity investment. pp. 32, Available: Southern Methodist University. Available at: \nhttp:\/\/blog.smu.edu\/research\/files\/2015\/10\/SMU-IBM.pdf\n\n (Accessed 2015-12-14)."},{"key":"9648_CR54","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1016\/j.dss.2013.04.004","volume":"56","author":"A Mukhopadhyay","year":"2013","unstructured":"Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A., & Sadhukhan, S. K. (2013). Cyber-risk decision models: to insure IT or not? Decision Support Systems, 56, 11\u201326.","journal-title":"Decision Support Systems"},{"key":"9648_CR55","doi-asserted-by":"crossref","unstructured":"Neubauer, T., & Hartl, C (2009) On the singularity of valuating IT security investments. Computer and Information Science, 2009. ICIS 2009. Eighth IEEE\/ACIS International Conference on, 1\u20133 June, 549\u2013556.","DOI":"10.1109\/ICIS.2009.90"},{"key":"9648_CR56","unstructured":"Neumann, J. v., & Morgenstern, O. (1964). Theory of games and economic behaviour. Theory of games and economic behaviour., (3rd edition), pp. 641\u00a0pp."},{"key":"9648_CR57","doi-asserted-by":"crossref","unstructured":"Phillips, P. P., & Phillips, J. J. (2010). Return on investment. Handbook of Improving Performance in the Workplace: Volumes 1\u20133: Wiley, pp. 823\u2013846.","DOI":"10.1002\/9780470592663.ch53"},{"issue":"7","key":"9648_CR58","doi-asserted-by":"crossref","first-page":"542","DOI":"10.1016\/j.cose.2004.09.004","volume":"23","author":"SA Purser","year":"2004","unstructured":"Purser, S. A. (2004). Improving the ROI of the security management process. Computers & Security, 23(7), 542\u2013546.","journal-title":"Computers & Security"},{"issue":"3","key":"9648_CR59","doi-asserted-by":"crossref","first-page":"96","DOI":"10.2307\/3665561","volume":"24","author":"SA Ross","year":"1995","unstructured":"Ross, S. A. (1995). Uses, abuses, and alternatives to the net-present-value rule. Financial Management, 24(3), 96\u2013102.","journal-title":"Financial Management"},{"key":"9648_CR60","unstructured":"Rowe, B. R., & Gallaher, M. P. Private sector cyber security investment strategies: An empirical analysis. The fifth workshop on the economics of information security (WEIS06)."},{"issue":"6","key":"9648_CR61","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1287\/inte.24.6.19","volume":"24","author":"TL Saaty","year":"1994","unstructured":"Saaty, T. L. (1994). How to make a decision: the analytic hierarchy process. Interfaces, 24(6), 19\u201343.","journal-title":"Interfaces"},{"key":"9648_CR62","unstructured":"Sheen, J. N. (2010). Fuzzy Economic decision-models for information security investment. Proceedings of the 9th WSEAS International Conference on Instrumentation Measurement Circuits and Systems (IMCAS 2010). Instrumentation, Measurement, Circuits and Systems, pp. 141\u20137."},{"issue":"2","key":"9648_CR63","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1108\/09685221111143042","volume":"19","author":"D Shirtz","year":"2011","unstructured":"Shirtz, D., & Elovici, Y. (2011). Optimizing investment decisions in selecting information security remedies. Information Management & Computer Security, 19(2), 95\u2013112.","journal-title":"Information Management & Computer Security"},{"issue":"1","key":"9648_CR64","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1145\/1216218.1216224","volume":"38","author":"MT Siponen","year":"2007","unstructured":"Siponen, M. T., & Oinas-Kukkonen, H. (2007). A review of information security issues and respective research contributions. SIGMIS Database, 38(1), 60\u201380.","journal-title":"SIGMIS Database"},{"key":"9648_CR65","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1016\/j.dss.2015.04.011","volume":"75","author":"B Srinidhi","year":"2015","unstructured":"Srinidhi, B., Yan, J., & Tayi, G. K. (2015). Allocation of resources to cyber-security: the effect of misalignment of interest between managers and investors. Decision Support Systems, 75, 49\u201362.","journal-title":"Decision Support Systems"},{"issue":"3","key":"9648_CR66","doi-asserted-by":"crossref","first-page":"165","DOI":"10.2307\/2295722","volume":"23","author":"RH Strotz","year":"1955","unstructured":"Strotz, R. H. (1955). Myopia and inconsistency in dynamic utility maximization. The Review of Economic Studies, 23(3), 165\u2013180.","journal-title":"The Review of Economic Studies"},{"key":"9648_CR67","doi-asserted-by":"crossref","unstructured":"Tatsumi, K.-i., & Goto, M. (2010). Optimal timing of information security investment: A real options approach. Economics of Information Security and Privacy.","DOI":"10.1007\/978-1-4419-6967-5_11"},{"issue":"2","key":"9648_CR68","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1257\/000282803321947001","volume":"93","author":"RH Thaler","year":"2003","unstructured":"Thaler, R. H., & Sunstein, C. R. (2003). Libertarian paternalism. The American Economic Review, 93(2), 175\u2013179.","journal-title":"The American Economic Review"},{"key":"9648_CR69","unstructured":"The White House 2015. Executive Order -- Promoting private sector cybersecurity information sharing. Office of the Press Secretary."},{"issue":"9","key":"9648_CR70","first-page":"3204","volume":"48","author":"L Wei","year":"2007","unstructured":"Wei, L., Tanaka, H., & Matsuura, K. (2007). Empirical-analysis methodology for information-security investment and its application to reliable survey of Japanese firms. Transactions of the Information Processing Society of Japan, 48(9), 3204\u20133218.","journal-title":"Transactions of the Information Processing Society of Japan"},{"key":"9648_CR71","doi-asserted-by":"crossref","unstructured":"Willemson, J. (2010). Extending the Gordon&Loeb model for information security investment. Proceedings of the Fifth International Conference on Availability, Reliability, and Security (ARES 2010), pp. 258\u201361.","DOI":"10.1109\/ARES.2010.37"},{"issue":"5","key":"9648_CR72","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1016\/S1361-3723(04)00064-8","volume":"2004","author":"CC Wood","year":"2004","unstructured":"Wood, C. C., & Parker, D. B. (2004). Why ROI and similar financial tools are not advisable for evaluating the merits of security projects. Computer Fraud & Security, 2004(5), 8\u201310.","journal-title":"Computer Fraud & Security"},{"issue":"4","key":"9648_CR73","doi-asserted-by":"crossref","first-page":"904","DOI":"10.1016\/j.dss.2011.02.009","volume":"51","author":"L Yong Jick","year":"2011","unstructured":"Yong Jick, L., Kauffman, R. J., & Sougstad, R. (2011). Profit-maximizing firm investments in customer information security. Decision Support Systems, 51(4), 904\u2013920.","journal-title":"Decision Support Systems"},{"key":"9648_CR74","unstructured":"Zikai, W., & Haitao, S. (2008). Towards an optimal information security investment strategy. 2008 I.E. International Conference on Networking, Sensing and Control (ICNSC '08), pp. 756\u201361."}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10796-016-9648-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-016-9648-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-016-9648-8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-016-9648-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,30]],"date-time":"2019-05-30T20:36:30Z","timestamp":1559248590000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10796-016-9648-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,4,18]]},"references-count":74,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2017,10]]}},"alternative-id":["9648"],"URL":"https:\/\/doi.org\/10.1007\/s10796-016-9648-8","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,4,18]]}}}