{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T15:41:45Z","timestamp":1771256505560,"version":"3.50.1"},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"2-3","license":[{"start":{"date-parts":[[2005,4,1]],"date-time":"2005-04-01T00:00:00Z","timestamp":1112313600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Inf Technol Manage"],"published-print":{"date-parts":[[2005,4]]},"DOI":"10.1007\/s10799-005-5880-5","type":"journal-article","created":{"date-parts":[[2005,4,28]],"date-time":"2005-04-28T08:01:44Z","timestamp":1114675304000},"page":"203-225","source":"Crossref","is-referenced-by-count":57,"title":["A Management Perspective on Risk of Security Threats to Information Systems"],"prefix":"10.1007","volume":"6","author":[{"given":"Fariborz","family":"Farahmand","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shamkant B.","family":"Navathe","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gunter P.","family":"Sharp","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Philip H.","family":"Enslow","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"CR1","unstructured":"British Security Standard, BS 7799 (British Standards, 1999)."},{"issue":"3","key":"CR2","first-page":"61","volume":"2","author":"V. Ahuja","year":"2000","unstructured":"V. Ahuja, Building trust in electronic commerce, IT Professional 2(3) (2000) 61\u201363.","journal-title":"Building trust in electronic commerce, IT Professional"},{"key":"CR3","first-page":"139","volume":"6","author":"T. Bui","year":"1987","unstructured":"T. Bui and T.R. Sivasankaran, Cost-effectiveness modeling for a decision support system in computer security, Computers and Security 6 (1987) 139\u2013151.","journal-title":"Cost-effectiveness modeling for a decision support system in computer security, Computers and Security"},{"key":"CR4","unstructured":"R.P. Campbell and G.A. Sands, A Modular Approach to Computer Security Risk Management, in: AFIPS National Computer Conference (1979) 293\u2013303."},{"key":"CR5","unstructured":"Cohen (1997) http:\/\/citeseer.nj.nec.com\/lee00toward.html"},{"key":"CR6","unstructured":"R. Elmasri and S.B. Navathe, Fundamentals of Database Systems, ed. 4 (Addison Wesley, 2004)."},{"key":"CR7","first-page":"109","volume":"23","author":"G. Eschellbeck","year":"2000","unstructured":"G. Eschellbeck, Active Security A Proactive Approach for Computer Security Systems, Journal of Network and Computer Applications 23(2000) 109\u2013130.","journal-title":"Active Security A Proactive Approach for Computer Security Systems, Journal of Network and Computer Applications"},{"key":"CR8","unstructured":"F. Farahmand, S.B. Navathe and P.H. Enslow, Electronic commerce and security\u2013-A management perspective, in: ISS\/INFORMS Seventh Annual Conference on Information Systems and Technology (San Jose, 2002)."},{"key":"CR9","doi-asserted-by":"crossref","unstructured":"F. Farahmand, S.B. Navathe, Gunter P. Sharp and P.H. Enslow, Managing Vulnerabilities of Information Systems to Security Incidents, in: ACM International Conference on Electronic Commerce, ICEC 2003 (Pittsburgh, Sept. 2003) 348\u2013354.","DOI":"10.1145\/948005.948050"},{"key":"CR10","unstructured":"F. Farahmand, W.J. Malik, S.B. Navathe and P.H. Enslow, Security Tailored to the Needs of Business, in: ACM Workshop on Business Driven Security Engineering (BIZSEC) (2003)."},{"issue":"3","key":"CR11","doi-asserted-by":"crossref","first-page":"224","DOI":"10.1145\/501978.501980","volume":"4","author":"D.F. Ferraiolo","year":"2001","unstructured":"D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn and R. Chandramouli, Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and System Security (TISSEC) 4(3) (2001) 224\u2013274.","journal-title":"Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and System Security (TISSEC)"},{"issue":"3","key":"CR12","first-page":"28","volume":"1","author":"R.L. Field","year":"1997","unstructured":"R.L. Field, Issues in the Law of Electronic Commerce, Networker (ACM Press) 1(3) (1997) 28\u201337.","journal-title":"Issues in the Law of Electronic Commerce, Networker (ACM Press)"},{"issue":"2","key":"CR13","first-page":"51","volume":"44","author":"A.K. Ghosh","year":"2001","unstructured":"A.K. Ghosh and T.M. Swaminatha, Software security and privacy risks in mobile e-commerce, Communications of the ACM 44(2) (2001) 51\u201357.","journal-title":"Software security and privacy risks in mobile e-commerce, Communications of the ACM"},{"key":"CR14","doi-asserted-by":"crossref","unstructured":"R. Henning, Security Service Level Agreements: Quantifiable Security for the Enterprise? in: ACM Proceedings of the 1999 Workshop on New Security Paradigm (Sept. 1999) 54\u201360.","DOI":"10.1145\/335169.335194"},{"key":"CR15","unstructured":"ISO, Information Processing Systems\u2013-Open Systems Interconnection-Basic Reference Model, Part 2: Security Architecture, ISO 7498-2 (1989)."},{"issue":"2","key":"CR16","first-page":"38","volume":"44","author":"J. Joshi","year":"2001","unstructured":"J. Joshi et al., Security Models for Web-Based Applications, Communications of the ACM 44(2) (2001) 38\u201344.","journal-title":"Security Models for Web-Based Applications, Communications of the ACM"},{"key":"CR17","doi-asserted-by":"crossref","unstructured":"C.E. Landwehr et al., A Taxonomy of Computer Program Security Flaws, with Examples, Naval Research Laboratory (Nov. 1993).","DOI":"10.21236\/ADA465587"},{"issue":"12","key":"CR18","doi-asserted-by":"crossref","first-page":"2034","DOI":"10.1109\/5.650183","volume":"85","author":"C.E. Landwehr","year":"1997","unstructured":"C.E. Landwehr and D.M. Goldschlag, Security Issues in Networks with Internet Access, in: Proceedings of the IEEE 85(12) (1997) 2034 \u20132051.","journal-title":"Proceedings of the IEEE"},{"key":"CR19","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1016\/S0167-4048(97)81984-0","volume":"17","author":"S. Lichtenstein","year":"1998","unstructured":"S. Lichtenstein, Internet Risks for Computers, Computers & Security 17 (1998) 143\u2013150.","journal-title":"Computers & Security"},{"key":"CR20","doi-asserted-by":"crossref","unstructured":"U. Lindqvist and E. Jonsson, How to systematically classify computer security intrusions, IEEE Symposium on Security and Privacy (1997) 154\u2013163.","DOI":"10.1109\/SECPRI.1997.601330"},{"key":"CR21","doi-asserted-by":"crossref","unstructured":"N. Linketscher and M. Child, Trust issues and user reactions to e-services and e-marketplaces: a customer survey, IEEE 12th International Workshop on Database and Expert Systems Applications (2001) 752\u2013756.","DOI":"10.1109\/DEXA.2001.953148"},{"key":"CR22","doi-asserted-by":"crossref","first-page":"579","DOI":"10.1016\/S1389-1286(00)00139-0","volume":"34","author":"R. Lipmann","year":"2000","unstructured":"R. Lipmann, et al., The 1999 DARPA off-line Intrusion Detection Evaluation, Computer Networks 34 (2000) 579\u2013595.","journal-title":"Computer Networks"},{"issue":"2","key":"CR23","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1109\/4236.832944","volume":"4","author":"D.W. Manchala","year":"2000","unstructured":"D.W. Manchala, E-commerce trust metrics and models, IEEE Internet Computing 4(2) (2000) 36\u201344.","journal-title":"IEEE Internet Computing"},{"issue":"3","key":"CR24","doi-asserted-by":"crossref","first-page":"334","DOI":"10.1287\/isre.13.3.334.81","volume":"13","author":"D.H. McKnight","year":"2002","unstructured":"D.H. McKnight, C. Choudhury and C. Kacmar, Developing and Validating Trust Measures for e-Commerce: An Integrative Typology, Information Systems Research 13(3) (2002) 334\u2013359.","journal-title":"Information Systems Research"},{"key":"CR25","unstructured":"P.G. Neumann and D.B. Parker, A Summary of Computer Misuse Techniques, in: Proceedings of the 12th National Computer Security Conference (Oct. 1989) 396\u2013407. National Institute of Standards and Technology\/National Computer Security Center."},{"key":"CR26","unstructured":"National Bureau of Standards (NBS), Data Encryption Standards (FIPS Publ. 46, Jan 1977)."},{"key":"CR27","doi-asserted-by":"crossref","unstructured":"E. Orlandi, The Cost of Security, in: IEEE International Carnahan Conference on Security Technology (1991) 192\u2013196.","DOI":"10.1109\/CCST.1991.202214"},{"key":"CR28","doi-asserted-by":"crossref","unstructured":"E. Pate-Cornell and S. Guikema, Probabilistic Modeling of Terrorist Attacks: A System Analysis Approach to Setting Priorities Among Countermeasures, Military Operation Research (Oct. 2002).","DOI":"10.5711\/morj.7.4.5"},{"key":"CR29","unstructured":"C.P. Pfleeger, Security in Computing (Prentice Hall, 1997)."},{"key":"CR30","doi-asserted-by":"crossref","unstructured":"R. Power, Computer Security Issues & Trends, 2002 CSI\/FBI Computer Crime and Security Survey VIII(1) (2002).","DOI":"10.1016\/S1361-3723(02)01001-1"},{"issue":"2","key":"CR31","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"R.L. Rivest","year":"1978","unstructured":"R.L. Rivest, A. Shamir and L.M. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, CACM 21(2) (1978) 120\u2013126.","journal-title":"CACM"},{"key":"CR32","doi-asserted-by":"crossref","unstructured":"H.J. Schummacher and S. Ghosh, A fundamental framework for network security, Journal of Network and Computer Applications (1997) 305\u2013322.","DOI":"10.1006\/jnca.1997.0058"},{"key":"CR33","doi-asserted-by":"crossref","unstructured":"G. Stonebumer, A. Goguen and A. Feringa, Risk Management Guide for Information Technology Systems (NIST Special Publications 800\u201330, 2001).","DOI":"10.6028\/NIST.SP.800-30"},{"key":"CR34","doi-asserted-by":"crossref","unstructured":"M. Swanson, et al., Security Metrics Guide for Information Technology Systems (NIST Special Publications 800-55, 2002).","DOI":"10.6028\/NIST.SP.800-55"},{"key":"CR35","doi-asserted-by":"crossref","unstructured":"C.J. Tarr, Cost effective perimeter security, security and detection, European Convention on Security and Detection (1995) 183\u2013187.","DOI":"10.1049\/cp:19950494"},{"key":"CR36","unstructured":"C.C. Wood, et al., Computer Security: A comprehensive Control Checklist (John Wiley & Sons, 1987).S"}],"container-title":["Information Technology and Management"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10799-005-5880-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10799-005-5880-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10799-005-5880-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,7]],"date-time":"2020-04-07T03:42:25Z","timestamp":1586230945000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10799-005-5880-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,4]]},"references-count":36,"journal-issue":{"issue":"2-3","published-print":{"date-parts":[[2005,4]]}},"alternative-id":["5880"],"URL":"https:\/\/doi.org\/10.1007\/s10799-005-5880-5","relation":{},"ISSN":["1385-951X","1573-7667"],"issn-type":[{"value":"1385-951X","type":"print"},{"value":"1573-7667","type":"electronic"}],"subject":[],"published":{"date-parts":[[2005,4]]}}}