{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T19:04:40Z","timestamp":1754161480845,"version":"3.41.2"},"reference-count":9,"publisher":"Emerald","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005,2,1]]},"abstract":"<jats:sec>\n                  <jats:title>Purpose<\/jats:title>\n                  <jats:p>The paper provides a pragmatic evaluation of the value that security technologies deliver to businesses. It contains recommendations for how businesses can best view the role of security technologies within an information security program.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Design\/methodology\/approach<\/jats:title>\n                  <jats:p>The findings in the paper are derived from the observations of the author in his role as an information security consultant working for businesses in numerous vertical markets over the period of the last several years.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Findings<\/jats:title>\n                  <jats:p>The principle finding in the paper is that the market for information security technologies is becoming a commodity market. This change will create a shift in how businesses view security technologies, as they will begin to focus on achieving security capabilities at the lowest possible cost. The processes of commoditization will also force security vendors to find new ways of doing business.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Practical implications<\/jats:title>\n                  <jats:p>The paper makes several recommendations for how businesses should evaluate, acquire, and use security technologies within their information security program. It also highlights business needs that the security industry is currently not fulfilling.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Originality\/value<\/jats:title>\n                  <jats:p>The ideas in this paper are entirely original. As far as the author is aware, there are no existing papers with similar ideas.<\/jats:p>\n               <\/jats:sec>","DOI":"10.1108\/09685220510582629","type":"journal-article","created":{"date-parts":[[2005,3,21]],"date-time":"2005-03-21T18:44:32Z","timestamp":1111430672000},"page":"5-15","source":"Crossref","is-referenced-by-count":3,"title":["Information security technologies as a commodity input"],"prefix":"10.1108","volume":"13","author":[{"given":"Andrew","family":"Stewart","sequence":"first","affiliation":[{"name":"Consultant, Atlanta, Georgia, USA"}]}],"member":"140","reference":[{"key":"2025072819441839900_b1","doi-asserted-by":"crossref","unstructured":"Axelsson, S.\n           (1999), \u201cThe base-rate fallacy and its implications for the difficulty of intrusion detection\u201d, Proceedings of the 6th ACM Conference on Computer and Communications Security.","DOI":"10.1145\/319709.319710"},{"key":"2025072819441839900_b2","unstructured":"Biancuzzi, F.\n           (2004), \u201cOpenBSD PF developer interview\u201d, available at: http:\/\/onlamp.com\/."},{"key":"2025072819441839900_b3","unstructured":"Carr, N.G.\n           (2004), Does IT Matter?, Harvard Business School Press, Boston, MA."},{"key":"2025072819441839900_b4","unstructured":"Christensen, C.M.\n           (1997), The Innovator's Dilemma, Harvard Business School Press, Boston, MA."},{"key":"2025072819441839900_b5","unstructured":"CSO\n           (2003), \u201cThe state of information security 2003\u201d, CSO Magazine, October."},{"key":"2025072819441839900_b6","unstructured":"Netcraft\n           (2004), \u201cNetcraft web server archives\u201d, available at: http:\/\/news.netcraft.com\/."},{"key":"2025072819441839900_b7","unstructured":"Schiffman, M.\n          \u2008et al. (2004), \u201cLibnet\u201d, available at: http:\/\/packetfactory.net\/projects\/libnet\/."},{"key":"2025072819441839900_b8","unstructured":"Shostack, A.\n           (2004), Personal communication."},{"issue":"5","key":"2025072819441839900_b9","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2004.05.003","article-title":"On risk: perception and direction","volume":"23","author":"Stewart","year":"2004","journal-title":"Computers and Security"}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220510582629","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220510582629\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/13\/1\/5\/1201613\/09685220510582629.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/13\/1\/5\/1201613\/09685220510582629.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T23:44:23Z","timestamp":1753746263000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/ics\/article\/13\/1\/5\/176734\/Information-security-technologies-as-a-commodity"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,2,1]]},"references-count":9,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2005,2,1]]}},"URL":"https:\/\/doi.org\/10.1108\/09685220510582629","relation":{},"ISSN":["0968-5227","1758-5805"],"issn-type":[{"type":"print","value":"0968-5227"},{"type":"electronic","value":"1758-5805"}],"subject":[],"published":{"date-parts":[[2005,2,1]]}}}