{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T12:08:31Z","timestamp":1775563711086,"version":"3.50.1"},"reference-count":22,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"vor","delay-in-days":59,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Procedia Computer Science"],"published-print":{"date-parts":[[2026]]},"DOI":"10.1016\/j.procs.2026.02.452","type":"journal-article","created":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T12:39:40Z","timestamp":1774355980000},"page":"175-183","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["ISO\/IEC 27001:2022 in a Biotech SME: Open-Source Innovation Case Study in Taiwan"],"prefix":"10.1016","volume":"278","author":[{"given":"Jung-Hsiung","family":"Huang","sequence":"first","affiliation":[]},{"given":"Kuen-Tsann","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Tseng-Chang","family":"Yen","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"5","key":"10.1016\/j.procs.2026.02.452_bib1","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1007\/s43546-023-00477-6","article-title":"\"Evaluating the adoption of cybersecurity and its influence on organizational performance.\"","volume":"3","author":"Tahereh","year":"2023","journal-title":"SN Business & Economics"},{"key":"10.1016\/j.procs.2026.02.452_bib2","unstructured":"IBM, and Ponemon, Institue. Cost of a Data Breach Report 2024. IBM Security; 2024."},{"key":"10.1016\/j.procs.2026.02.452_bib3","unstructured":"Ministry of Justice, T. Personal Data Protection Act (PDPA). Taipei: Ministry of Justice, Taiwan; 2023."},{"key":"10.1016\/j.procs.2026.02.452_bib4","unstructured":"Ministry of Justice, T. Enforcement Rules of the Personal Data Protection Act. Taipei: Ministry of Justice, Taiwan; 2012."},{"key":"10.1016\/j.procs.2026.02.452_bib5","unstructured":"Taiwan Stock, E. Guidelines for Information and Communication Security Control for Listed and OTC Companies. Taipei: Taiwan Stock Exchange; 2024."},{"key":"10.1016\/j.procs.2026.02.452_bib6","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1016\/j.procs.2023.01.272","article-title":"\"A methodology for mapping cybersecurity standards into governance guidelines for SME in Portugal.\"","volume":"219","author":"Azinheira","year":"2023","journal-title":"Procedia Computer Science"},{"key":"10.1016\/j.procs.2026.02.452_bib7","unstructured":"Cybersecurity Magazine Editorial, T. (2024) \"Open Source Security Tools for SMEs: Wazuh and Graylog Use Cases.\""},{"issue":"3","key":"10.1016\/j.procs.2026.02.452_bib8","doi-asserted-by":"crossref","first-page":"e0301183","DOI":"10.1371\/journal.pone.0301183","article-title":"\"Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs.\"","volume":"19","author":"Manzoor","year":"2024","journal-title":"PLOS ONE"},{"issue":"7","key":"10.1016\/j.procs.2026.02.452_bib9","doi-asserted-by":"crossref","first-page":"103507","DOI":"10.1016\/j.im.2021.103507","article-title":"\"Informing cybersecurity strategic commitment through top management perceptions: The role of institutional pressures.\"","volume":"58","author":"Ogbanufe","year":"2021","journal-title":"Information & Management"},{"issue":"2","key":"10.1016\/j.procs.2026.02.452_bib10","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1145\/3462766.3462770","article-title":"\"Protection Motivation Theory in Information Systems Security Research: A Review of the Past and a Road Map for the Future.\"","volume":"52","author":"Haag","year":"2021","journal-title":"SIGMIS Database"},{"issue":"4","key":"10.1016\/j.procs.2026.02.452_bib11","doi-asserted-by":"crossref","first-page":"987","DOI":"10.1007\/s10796-020-10007-6","article-title":"\"Consumer Acceptance and Use of Information Technology: A Meta-Analytic Evaluation of UTAUT2.\"","volume":"23","author":"Tamilmani","year":"2021","journal-title":"Information Systems Frontiers"},{"key":"10.1016\/j.procs.2026.02.452_bib12","unstructured":"British Standards, I. (2024) \"ISO\/IEC 27001 for small and medium-sized businesses (SMEs).\""},{"key":"10.1016\/j.procs.2026.02.452_bib13","unstructured":"ISO\/IEC. ISO\/IEC 27001:2022\u2013Information security management systems\u2013Requirements. 2022."},{"issue":"20","key":"10.1016\/j.procs.2026.02.452_bib14","doi-asserted-by":"crossref","first-page":"6901","DOI":"10.3390\/s21206901","article-title":"\"The Impact of Cybersecurity Practices on Cyberattack Damage: The Perspective of Small Enterprises in Saudi Arabia.\"","volume":"21","author":"Alharbi","year":"2021","journal-title":"Sensors"},{"key":"10.1016\/j.procs.2026.02.452_bib15","doi-asserted-by":"crossref","first-page":"85701","DOI":"10.1109\/ACCESS.2022.3197899","article-title":"\"A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations.\"","volume":"10","author":"Chidukwani","year":"2022","journal-title":"IEEE Access"},{"issue":"01","key":"10.1016\/j.procs.2026.02.452_bib16","doi-asserted-by":"crossref","first-page":"24","DOI":"10.4236\/jis.2024.151003","article-title":"\"A Review of Cybersecurity Challenges in Small Business: The Imperative for a Future Governance Framework.\"","volume":"15","author":"Saha","year":"2024","journal-title":"Journal of Information Security"},{"issue":"3","key":"10.1016\/j.procs.2026.02.452_bib17","doi-asserted-by":"crossref","first-page":"200","DOI":"10.3390\/digital3030014","article-title":"\"Enhancing cyber security governance and policy for SMEs in Industry 5.0: A comparative study between Saudi Arabia and the United Kingdom.\"","volume":"3","author":"Rawindaran","year":"2023","journal-title":"Digital"},{"issue":"10","key":"10.1016\/j.procs.2026.02.452_bib18","doi-asserted-by":"crossref","first-page":"2082","DOI":"10.1111\/risa.14092","article-title":"\"Cyber risk assessment in small and medium-sized enterprises: A multilevel decision-making approach for small e-tailors.\"","volume":"43","author":"Sukumar","year":"2023","journal-title":"Risk Analysis"},{"key":"10.1016\/j.procs.2026.02.452_bib19","unstructured":"Isabirye, E. (2024) \"Cybersecurity Strategies for Resource Constrained SMEs and Health Providers.\" IRE Transactions on Instrumentation, 8 (5)"},{"issue":"7","key":"10.1016\/j.procs.2026.02.452_bib20","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1108\/TQM-09-2020-0202","article-title":"\"The ISO\/IEC 27001 information security management standard: literature review and theory-based research agenda.\"","volume":"33","author":"Culot","year":"2021","journal-title":"The TQM Journal"},{"key":"10.1016\/j.procs.2026.02.452_bib21","doi-asserted-by":"crossref","first-page":"103744","DOI":"10.1016\/j.compind.2022.103744","article-title":"\"Information security and value creation: The performance implications of ISO\/IEC 27001.\"","volume":"142","author":"Podrecca","year":"2022","journal-title":"Computers in Industry"},{"key":"10.1016\/j.procs.2026.02.452_bib22","doi-asserted-by":"crossref","first-page":"338","DOI":"10.17705\/1CAIS.04716","article-title":"\"An Extended TOE Framework for Cybersecurity Adoption Decisions.\"","volume":"47","author":"Wallace","year":"2020","journal-title":"Communications of the Association for Information Systems"}],"container-title":["Procedia Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1877050926005739?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1877050926005739?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T11:27:49Z","timestamp":1775561269000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1877050926005739"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":22,"alternative-id":["S1877050926005739"],"URL":"https:\/\/doi.org\/10.1016\/j.procs.2026.02.452","relation":{},"ISSN":["1877-0509"],"issn-type":[{"value":"1877-0509","type":"print"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"ISO\/IEC 27001:2022 in a Biotech SME: Open-Source Innovation Case Study in Taiwan","name":"articletitle","label":"Article Title"},{"value":"Procedia Computer Science","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.procs.2026.02.452","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Published by Elsevier B.V.","name":"copyright","label":"Copyright"}]}}