{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T06:37:19Z","timestamp":1763707039713,"version":"3.41.2"},"reference-count":95,"publisher":"Informa UK Limited","issue":"1","license":[{"start":{"date-parts":[[2025,1,2]],"date-time":"2025-01-02T00:00:00Z","timestamp":1735776000000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["www.tandfonline.com"],"crossmark-restriction":true},"short-container-title":["Journal of Decision Systems"],"published-print":{"date-parts":[[2025,1,2]]},"DOI":"10.1080\/12460125.2025.2479546","type":"journal-article","created":{"date-parts":[[2025,3,29]],"date-time":"2025-03-29T13:38:31Z","timestamp":1743255511000},"update-policy":"https:\/\/doi.org\/10.1080\/tandf_crossmark_01","source":"Crossref","is-referenced-by-count":1,"title":["Towards a framework for improving cyber security resilience of critical infrastructure against cyber threats: a dynamic capabilities approach"],"prefix":"10.1080","volume":"34","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2032-489X","authenticated-orcid":false,"given":"Jonna","family":"J\u00e4rvel\u00e4inen","sequence":"first","affiliation":[{"name":"University of Jyv\u00e4skyl\u00e4","place":["Jyv\u00e4skyl\u00e4, Finland"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9325-5496","authenticated-orcid":false,"given":"Duong","family":"Dang","sequence":"additional","affiliation":[{"name":"University of Vaasa","place":["Vaasa, Finland"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7300-0819","authenticated-orcid":false,"given":"Mike","family":"Mekkanen","sequence":"additional","affiliation":[{"name":"University of Vaasa","place":["Vaasa, Finland"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3843-8561","authenticated-orcid":false,"given":"Tero","family":"Vartiainen","sequence":"additional","affiliation":[{"name":"University of Vaasa","place":["Vaasa, Finland"]}]}],"member":"301","published-online":{"date-parts":[[2025,3,28]]},"reference":[{"key":"e_1_3_3_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.INFOANDORG.2016.02.001"},{"key":"e_1_3_3_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/IOTM.001.2300181"},{"key":"e_1_3_3_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2023.100646"},{"key":"e_1_3_3_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scs.2020.102370"},{"key":"e_1_3_3_6_1","doi-asserted-by":"publisher","DOI":"10.1177\/1350508419888897"},{"key":"e_1_3_3_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDC-LA.2018.8511788"},{"key":"e_1_3_3_8_1","doi-asserted-by":"publisher","DOI":"10.1515\/auto-2021-0104"},{"key":"e_1_3_3_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC54236.2022.00284"},{"key":"e_1_3_3_10_1","doi-asserted-by":"publisher","DOI":"10.2307\/25148728"},{"key":"e_1_3_3_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2023.109691"},{"key":"e_1_3_3_12_1","doi-asserted-by":"publisher","DOI":"10.11648\/j.ajist.20200401.11"},{"key":"e_1_3_3_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10669-020-09795-8"},{"key":"e_1_3_3_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.SSCI.2017.12.025"},{"key":"e_1_3_3_15_1","doi-asserted-by":"publisher","DOI":"10.1108\/SCM-05-2013-0162\/FULL\/PDF"},{"key":"e_1_3_3_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.08.004"},{"key":"e_1_3_3_17_1","unstructured":"Cyber Security Schedule | Maersk Terms. (n.d.). Retrieved April 28 2023 from https:\/\/vendorterms.maersk.com\/cybersecurity"},{"key":"e_1_3_3_18_1","first-page":"288","volume-title":"Adoption of emerging information and communication technology for sustainability","author":"Dang D.","year":"2024","unstructured":"Dang, D., & Vartiainen, T. (2024). Exploring socio-technical gaps in the cybersecurity of energy informatics for sustainability. In E. Ziemba & J. W\u0105tr\u00f3bski (Eds.), Adoption of emerging information and communication technology for sustainability (pp. 288\u2013304). CRC Press."},{"key":"e_1_3_3_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-99-4792-8_10"},{"key":"e_1_3_3_20_1","doi-asserted-by":"publisher","DOI":"10.1002\/1097-0266(200010\/11)21:10\/11<1105::AID-SMJ133>3.0.CO;2-E"},{"key":"e_1_3_3_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jsis.2008.02.002"},{"key":"e_1_3_3_22_1","doi-asserted-by":"publisher","DOI":"10.69554\/PRJY4917"},{"key":"e_1_3_3_23_1","doi-asserted-by":"publisher","DOI":"10.1108\/00251741111109142\/FULL\/PDF"},{"key":"e_1_3_3_24_1","doi-asserted-by":"publisher","DOI":"10.1108\/JEIM-07-2022-0228"},{"key":"e_1_3_3_25_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42162-018-0019-1"},{"key":"e_1_3_3_26_1","unstructured":"Greenberg A. (2018 August 22). The untold story of NotPetya the most devastating cyberattack in history | WIRED. Wired. https:\/\/www.wired.com\/story\/notpetya-cyberattack-ukraine-russia-code-crashed-the-world\/"},{"key":"e_1_3_3_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijpe.2020.107956"},{"key":"e_1_3_3_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.futures.2017.04.003"},{"key":"e_1_3_3_29_1","doi-asserted-by":"publisher","DOI":"10.69554\/NWXJ2946"},{"key":"e_1_3_3_30_1","doi-asserted-by":"publisher","DOI":"10.1177\/26317877221074701"},{"key":"e_1_3_3_31_1","unstructured":"Hern A. (2017 December 30). WannaCry Petya NotPetya: How ransomware hit the big time in 2017. The Guardian. http:\/\/www.theguardian.com\/technology\/2017\/dec\/30\/wannacry-petya-notpetya-ransomware"},{"key":"e_1_3_3_32_1","unstructured":"ISO. (2016). ISO\/IEC 27000: 2016-information technology-security techniques-information security management systems-overview and vocabulary. http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=66435"},{"key":"e_1_3_3_33_1","first-page":"1","volume-title":"Thirty Seventh International Conference on Information Systems","author":"J\u00e4rvel\u00e4inen J.","year":"2016","unstructured":"J\u00e4rvel\u00e4inen, J. (2016). Integrated business continuity planning and information security policy development approach. Thirty Seventh International Conference on Information Systems (pp. 1\u201313). https:\/\/aisel.aisnet.org\/icis2016\/ISSecurity\/Presentations\/4\/"},{"key":"e_1_3_3_34_1","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00771"},{"key":"e_1_3_3_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tourman.2021.104374"},{"key":"e_1_3_3_36_1","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1109\/SEGE52446.2021.9534914","volume-title":"2021 IEEE 9th International Conference on Smart Energy Grid Engineering (SEGE)","author":"Khosrojerdi F.","year":"2021","unstructured":"Khosrojerdi, F., Gagnon, S., & Valverde, R. (2021). Applications of artificial intelligence in smart grids: Present and future research domains. 2021 IEEE 9th International Conference on Smart Energy Grid Engineering (SEGE) (pp. 7\u201312). https:\/\/doi.org\/10.1109\/SEGE52446.2021.9534914"},{"key":"e_1_3_3_37_1","doi-asserted-by":"publisher","DOI":"10.1177\/0022002717737138"},{"key":"e_1_3_3_38_1","doi-asserted-by":"publisher","DOI":"10.1108\/JBS-06-2020-0116"},{"key":"e_1_3_3_39_1","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-4666-6324-4.CH001"},{"key":"e_1_3_3_40_1","doi-asserted-by":"publisher","DOI":"10.1111\/isj.12102"},{"key":"e_1_3_3_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.egyr.2023.01.068"},{"key":"e_1_3_3_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.TECHFORE.2015.11.005"},{"key":"e_1_3_3_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2021.3055892"},{"key":"e_1_3_3_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2019.2951982"},{"key":"e_1_3_3_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/GIOTS.2018.8534523"},{"key":"e_1_3_3_46_1","doi-asserted-by":"publisher","DOI":"10.1108\/IJQRM-07-2020-0229"},{"key":"e_1_3_3_47_1","unstructured":"Maersk Code of Conduct. (n.d.). Retrieved April 26 2023 from https:\/\/www.maersk.com\/about\/code-of-conduct"},{"key":"e_1_3_3_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.BUSHOR.2021.02.020"},{"key":"e_1_3_3_49_1","unstructured":"Measures for a High Common Level of Cybersecurity across the Union NIS 2 Directive Pub. L. No. 2022\/2555 02022L2555-20221227. (2022). https:\/\/eur-lex.europa.eu\/eli\/dir\/2022\/2555\/2022-12-27\/eng"},{"key":"e_1_3_3_50_1","first-page":"34","article-title":"Understanding supply chain resilience","volume":"18","author":"Melnyk S. A.","year":"2014","unstructured":"Melnyk, S. A., Closs, D. J., Griffis, S. E., Zobel, W. C., & Macdonald, J. R. (2014, January 1). Understanding supply chain resilience. Supply Chain Management Review, 18(January\u2013February), 34\u201341.","journal-title":"Supply Chain Management Review"},{"key":"e_1_3_3_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijdrr.2023.103893"},{"key":"e_1_3_3_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/EPDC62178.2024.10571761"},{"key":"e_1_3_3_53_1","volume-title":"ICIS, 2018 : Bridging the Internet of People, Data and Things : Proceedings of the 39th International Conference on Information Systems. 39th International Conference on Information Systems","author":"Naseer H.","year":"2018","unstructured":"Naseer, H., Maynard, S. B., Ahmad, A., & Shanks, G. (2018, December 13). Cybersecurity risk management using analytics: A dynamic capabilities approach. ICIS, 2018 : Bridging the Internet of People, Data and Things : Proceedings of the 39th International Conference on Information Systems. 39th International Conference on Information Systems, San Francisco, California, USA. https:\/\/dro.deakin.edu.au\/articles\/conference_contribution\/Cybersecurity_risk_management_using_analytics_A_dynamic_capabilities_approach\/27132546\/1"},{"issue":"1","key":"e_1_3_3_54_1","article-title":"Interdisciplinary review of business continuity from an information systems perspective: Toward an integrative framework","volume":"37","author":"Niemimaa M.","year":"2015","unstructured":"Niemimaa, M. (2015). Interdisciplinary review of business continuity from an information systems perspective: Toward an integrative framework. Communications of the Association for Information Systems, 37(1). http:\/\/aisel.aisnet.org\/cais\/vol37\/iss1\/4","journal-title":"Communications of the Association for Information Systems"},{"key":"e_1_3_3_55_1","volume-title":"Proceedings of the 37th International Conference on Information Systems","author":"Niemimaa M.","year":"2016","unstructured":"Niemimaa, M. (2016). Entanglement of infrastructures and action: Exploring the material foundations of technicians\u2019 work in smart infrastructure context. Proceedings of the 37th International Conference on Information Systems, Dublin, Ireland."},{"key":"e_1_3_3_56_1","doi-asserted-by":"publisher","DOI":"10.1108\/ITP-03-2022-0156"},{"key":"e_1_3_3_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2013.45"},{"key":"e_1_3_3_58_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2019.04.010"},{"key":"e_1_3_3_59_1","unstructured":"NIST. (2020). Technical guide to information security testing and assessment. https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-115.pdf"},{"key":"e_1_3_3_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbusres.2022.03.008"},{"key":"e_1_3_3_61_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.IJDRR.2021.102316"},{"key":"e_1_3_3_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3355547"},{"key":"e_1_3_3_63_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.IJDRR.2017.08.006"},{"key":"e_1_3_3_64_1","doi-asserted-by":"publisher","DOI":"10.5367\/000000007780808039"},{"key":"e_1_3_3_65_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijdrr.2022.103123"},{"key":"e_1_3_3_66_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2017.07.001"},{"key":"e_1_3_3_67_1","doi-asserted-by":"publisher","DOI":"10.1093\/ICC\/DTQ031"},{"key":"e_1_3_3_68_1","doi-asserted-by":"publisher","DOI":"10.17705\/1CAIS.04219"},{"key":"e_1_3_3_69_1","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2019\/14577"},{"key":"e_1_3_3_70_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102507"},{"key":"e_1_3_3_71_1","doi-asserted-by":"publisher","DOI":"10.2307\/30036530"},{"key":"e_1_3_3_72_1","volume-title":"Proceedings of AMCIS 2016. The 22nd Americas Conference on Information Systems","author":"Sarkar A.","year":"2016","unstructured":"Sarkar, A., Wingreen, S., & Ascroft, J. (2016). Top management team decision priorities to drive is resilience: Lessons from jade software corporation indicate. Proceedings of AMCIS 2016. The 22nd Americas Conference on Information Systems, San Diego, USA."},{"key":"e_1_3_3_73_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2024.101110"},{"key":"e_1_3_3_74_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.ESR.2014.05.002"},{"key":"e_1_3_3_75_1","doi-asserted-by":"publisher","DOI":"10.1108\/CRR-03-2021-0009"},{"key":"e_1_3_3_76_1","doi-asserted-by":"publisher","DOI":"10.17705\/1CAIS.04332"},{"key":"e_1_3_3_77_1","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00736"},{"key":"e_1_3_3_78_1","doi-asserted-by":"publisher","DOI":"10.1002\/smj.3058"},{"key":"e_1_3_3_79_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.bpa.2011.03.001"},{"key":"e_1_3_3_80_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.trc.2022.103679"},{"issue":"1","key":"e_1_3_3_81_1","first-page":"97","article-title":"Next-generation competition: New concepts for understanding how innovation shapes competition and policy in the digital economy","volume":"9","author":"Teece D. J.","year":"2012","unstructured":"Teece, D. J. (2012). Next-generation competition: New concepts for understanding how innovation shapes competition and policy in the digital economy. Journal of Law, Economics and Policy, 9(1), 97\u2013118.","journal-title":"Journal of Law, Economics and Policy"},{"key":"e_1_3_3_82_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24748-7_10"},{"key":"e_1_3_3_83_1","doi-asserted-by":"publisher","DOI":"10.1002\/(SICI)1097-0266(199708)18:7<509:AID-SMJ882>3.0.CO;2-Z"},{"key":"e_1_3_3_84_1","doi-asserted-by":"publisher","DOI":"10.1016\/0040-1625(70)90161-7"},{"key":"e_1_3_3_85_1","unstructured":"University of Vaasa. (2023 November 20). FREESI-Lab. VBIC Laboratories. https:\/\/www.uwasa.fi\/en\/research\/research-platforms\/vebic\/vebic-laboratories"},{"key":"e_1_3_3_86_1","doi-asserted-by":"publisher","DOI":"10.1108\/CRR-04-2020-0002"},{"key":"e_1_3_3_87_1","doi-asserted-by":"publisher","DOI":"10.5751\/ES-09623-230212"},{"key":"e_1_3_3_88_1","doi-asserted-by":"publisher","DOI":"10.1080\/23742917.2018.1518057"},{"key":"e_1_3_3_89_1","doi-asserted-by":"publisher","DOI":"10.5465\/amd.2017.0047"},{"key":"e_1_3_3_90_1","first-page":"81","volume-title":"Research in organisational behavior","author":"Weick K.E.","year":"1999","unstructured":"Weick, K.E., Sutcliffe, K.M., & Obstfeld, D. (1999). Organising for high reliability: Processes of collective mindfulness. In R. S. Sutton & B. M. Staw (Eds.), Research in organisational behavior (Vol. 3, Issue 1, pp. 81\u2013123). JAI Press."},{"key":"e_1_3_3_91_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.pdisas.2022.100244"},{"key":"e_1_3_3_92_1","unstructured":"Wesley D. T. A. Dau L. A. & Roth A. (2019). Cyberattack: The Maersk global supply-chain meltdown. Harvard Business Publishing Education Case. https:\/\/hbsp.harvard.edu\/product\/W19132-PDF-ENG?activeTab=include-materials&itemFindingMethod="},{"key":"e_1_3_3_93_1","doi-asserted-by":"publisher","DOI":"10.17705\/1JAIS.00655"},{"key":"e_1_3_3_94_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijpe.2019.07.013"},{"key":"e_1_3_3_95_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.RESS.2016.02.009"},{"key":"e_1_3_3_96_1","doi-asserted-by":"publisher","DOI":"10.1080\/00207540500095613"}],"container-title":["Journal of Decision Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.1080\/12460125.2025.2479546","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,29]],"date-time":"2025-03-29T13:38:38Z","timestamp":1743255518000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/12460125.2025.2479546"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,2]]},"references-count":95,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,2]]}},"alternative-id":["10.1080\/12460125.2025.2479546"],"URL":"https:\/\/doi.org\/10.1080\/12460125.2025.2479546","relation":{},"ISSN":["1246-0125","2116-7052"],"issn-type":[{"type":"print","value":"1246-0125"},{"type":"electronic","value":"2116-7052"}],"subject":[],"published":{"date-parts":[[2025,1,2]]},"assertion":[{"value":"The publishing and review policy for this title is described in its Aims & Scope.","order":1,"name":"peerreview_statement","label":"Peer Review Statement"},{"value":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=tjds20","URL":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=tjds20","order":2,"name":"aims_and_scope_url","label":"Aim & Scope"},{"value":"2024-08-29","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-04","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"2479546"}}