{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T01:08:36Z","timestamp":1773277716369,"version":"3.50.1"},"reference-count":134,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2015,7,13]],"date-time":"2015-07-13T00:00:00Z","timestamp":1436745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,7,13]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 Results are based on a literature review of information security culture research published between 2000 and 2013 (December). <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical \u2013 lacking a structured use of empirical data \u2013 which means that it is quite immature. <\/jats:p>\n <\/jats:sec>\n \n Research limitations\/implications<\/jats:title>\n \u2013 Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research. <\/jats:p>\n <\/jats:sec>\n \n Practical implications<\/jats:title>\n \u2013 Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/ics-05-2014-0033","type":"journal-article","created":{"date-parts":[[2015,6,10]],"date-time":"2015-06-10T13:45:13Z","timestamp":1433943913000},"page":"246-285","source":"Crossref","is-referenced-by-count":58,"title":["Information security culture \u2013 state-of-the-art review between 2000 and 2013"],"prefix":"10.1108","volume":"23","author":[{"given":"Fredrik","family":"Karlsson","sequence":"first","affiliation":[]},{"given":"Joachim","family":"\u00c5str\u00f6m","sequence":"additional","affiliation":[]},{"given":"Martin","family":"Karlsson","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020122300333042400_b1","unstructured":"Abraham, S.\n (2011), \u201cInformation security behaviour: factors and research directions\u201d, Americas Conference on Information Systems, AIS Electronic Library (AISeL), Detroit, MI."},{"key":"key2020122300333042400_b2","unstructured":"Acs, Z.J.\n and \n Gerlowski, D.A.\n (1996), \n Managerial Economics and Organization\n , Prentice Hall, Upper Saddle River, NJ."},{"key":"key2020122300333042400_b3","doi-asserted-by":"crossref","unstructured":"\u00c5gerfalk, P.J.\n (2013), \u201cEmbracing diversity through mixed methods research\u201d, \n European Journal of Information Systems\n , Vol. 22, pp. 251-256.","DOI":"10.1057\/ejis.2013.6"},{"key":"key2020122300333042400_b4","doi-asserted-by":"crossref","unstructured":"Ajzen, I.\n (1991), \u201cThe theory of planned behavior\u201d, \n Organizational Behavior and Human Decision Processes\n , Vol. 50 No. 2, pp. 179-211.","DOI":"10.1016\/0749-5978(91)90020-T"},{"key":"key2020122300333042400_b5","doi-asserted-by":"crossref","unstructured":"Alarifi, A.\n , \n Tootell, H.\n and \n Hyland, P.\n (2012), \u201cA study of information security awareness and practices in Saudi Arabia\u201d, 2012 International Conference on Communications and Information Technology (ICCIT), IEEE Explore, Hammamet, pp. 6-12.","DOI":"10.1109\/ICCITechnol.2012.6285845"},{"key":"key2020122300333042400_b6","unstructured":"Alfawaz, S.\n , \n Nelson, K.\n and \n Mohannak, K.\n (2010), \u201cInformation security culture: a behaviour compliance conceptual framework\u201d, The Australasian Information Security Conference (AISC) 2010, Brisbane, pp. 47-55."},{"key":"key2020122300333042400_b7","unstructured":"Allan, K.D.\n (2010), \n Explorations in Classical Sociological Theory: Seeing the Social World\n , Pine Forge Press, Thousand Oaks, CA."},{"key":"key2020122300333042400_b8","unstructured":"Alnatheer, M.\n and \n Nelson, K.\n (2009), \u201cProposed framework for understanding information security culture and practices in the Saudi context\u201d, 7th Australian Information Security Management Conference, Edith Cowan University, Perth, 1-3 December, pp. 5-17."},{"key":"key2020122300333042400_b9","unstructured":"Alshare, K.A.\n and \n Lane, P.L.\n (2008), \u201cA conceptual model for explaining violations of the information security policy (ISP): a cross cultural perspective\u201d, Americas Conference on Information Systems 2008, AIS Electronic Library."},{"key":"key2020122300333042400_b10","doi-asserted-by":"crossref","unstructured":"Ashenden, D.\n (2008), \u201cInformation security management: a human challenge?\u201d, \n Information Security Technical Report\n , Vol. 13 No. 4, pp. 195-201.","DOI":"10.1016\/j.istr.2008.10.006"},{"key":"key2020122300333042400_b11","doi-asserted-by":"crossref","unstructured":"Ashenden, D.\n and \n Sasse, A.\n (2013), \u201cCISOs and organisational culture: their own worst enemy?\u201d, \n Computers & Security\n , Vol. 39, pp. 396-405.","DOI":"10.1016\/j.cose.2013.09.004"},{"key":"key2020122300333042400_b12","unstructured":"Bess, D.\n (2009), \u201cUnderstanding information security culture for strategic use: a case study\u201c, e15th Americas Conference on Information Systems (AMCIS 2009), AIS Electronic Library (AISeL)."},{"key":"key2020122300333042400_b13","unstructured":"Bo\u017ei\u0107, G.\n (2012), \u201cThe role of a stress model in the development of information security culture\u201d, \n 35th International Convention of Information Communication Technology, Electronics and Microelectronics MIPRO 2012\n , IEEE Xplore Digital Library, Opatija, pp. 1555-1559."},{"key":"key2020122300333042400_b14","unstructured":"Bridges, W.\n (2003), \n Managing Transitions: Making the Most of Change\n , Perseus Books Group, Cambridge, MA."},{"key":"key2020122300333042400_b15","doi-asserted-by":"crossref","unstructured":"Bulgurcu, B.\n , \n Cavusoglu, H.\n and \n Benbasat, I.\n (2010), \u201cInformation security policy compliance: an empirical study of rationality-based beliefs and information security awareness\u201d, \n MIS Quarterly\n , Vol. 34 No. 3, pp. 523-548.","DOI":"10.2307\/25750690"},{"key":"key2020122300333042400_b16","unstructured":"Burrell, G.\n and \n Morgan, G.\n (1979), \n Sociological Paradigms and Organisational Analysis: Elements of the Sociology of Corporate Life\n , Heinemann, London."},{"key":"key2020122300333042400_b17","doi-asserted-by":"crossref","unstructured":"Chang, S.E.\n and \n Lin, C.-S.\n (2007), \u201cExploring organizational culture for information security management\u201d, \n Industrial Management & Data Systems\n , Vol. 107 No. 3, pp. 438-458.","DOI":"10.1108\/02635570710734316"},{"key":"key2020122300333042400_b18","doi-asserted-by":"crossref","unstructured":"Chen, C.C.\n , \n Medlin, B.D.\n and \n Shaw, R.S.\n (2008), \u201cA cross-cultural investigation of situational information security awareness programs\u201d, \n Information Management & Computer Security\n , Vol. 16 No. 4, pp. 360-376.","DOI":"10.1108\/09685220810908787"},{"key":"key2020122300333042400_b19","doi-asserted-by":"crossref","unstructured":"Cheon, M.J.\n and \n Grover, V.\n (1993), \u201cThe evolution of empirical research in IS. A study in IS maturity\u201d, \n Information & Management\n , Vol. 24 No. 3, pp. 107-119.","DOI":"10.1016\/0378-7206(93)90060-7"},{"key":"key2020122300333042400_b20","unstructured":"Connolly, L.\n and \n Lang, M.\n (2012), \u201cInvestigation of cultural aspects within information systems security research\u201d, The 7th International Conference for Internet Technology and Secured Transactions (ICITST 2012), IEEE Digital Library, London, pp. 105-111."},{"key":"key2020122300333042400_b21","unstructured":"Connolly, L.\n and \n Lang, M.\n (2013), \u201cInformation systems security: the role of cultural aspects in organisational settings\u201d, \n Workshop on Information Security and Privacy 2013 (WISP\u201913\n ), Milan."},{"key":"key2020122300333042400_b22","unstructured":"Connolly, P.J.\n (2000), \u201cSecurity starts from within\u201d, \n InfoWorld\n , Vol. 22, pp. 39-40."},{"key":"key2020122300333042400_b23","doi-asserted-by":"crossref","unstructured":"Corriss, L.\n (2010), \u201cInformation security governance: integrating security into the organizational culture\u201d, \n The 2010 Workshop on Governance of Technology, Information and Policies\n , ACM Digital Library, Austin, TX, pp. 35-41.","DOI":"10.1145\/1920320.1920326"},{"key":"key2020122300333042400_b24","doi-asserted-by":"crossref","unstructured":"Da Viega, A.\n and \n Eloff, J.H.P.\n (2010), \u201cA framework and assessment instrument for information security culture\u201d, \n Computer & Security\n , Vol. 29 No. 2, pp. 196-207.","DOI":"10.1016\/j.cose.2009.09.002"},{"key":"key2020122300333042400_b25","doi-asserted-by":"crossref","unstructured":"Detert, J.R.\n , \n Schroeder, R.G.\n and \n Mauriel, J.J.\n (2000), \u201cA framework for linking culture and improvement initiatives in organisations\u201d, \n Academy of Management Review\n , Vol. 25 No. 4, pp. 850-863.","DOI":"10.5465\/amr.2000.3707740"},{"key":"key2020122300333042400_b26","doi-asserted-by":"crossref","unstructured":"Dhillon, G.\n (1997), \n Managing Information System Security\n , Macmillan, Basingstoke.","DOI":"10.1007\/978-1-349-14454-9"},{"key":"key2020122300333042400_b27","doi-asserted-by":"crossref","unstructured":"Dhillon, G.\n and \n Backhouse, J.\n (2001), \u201cCurrent directions in IS security research: towards socio-organisational perspectives\u201d, \n Information Systems Journal\n , Vol. 11 No. 2, pp. 127-153.","DOI":"10.1046\/j.1365-2575.2001.00099.x"},{"key":"key2020122300333042400_b28","doi-asserted-by":"crossref","unstructured":"Dhillon, G.\n and \n Torkzadeh, G.\n (2006), \u201cValue-focused assessment of information security in organizations\u201d, \n Information Systems Journal\n , Vol. 16 No. 3, pp. 293-314.","DOI":"10.1111\/j.1365-2575.2006.00219.x"},{"key":"key2020122300333042400_b29","unstructured":"Dojkovski, S.\n , \n Lichtenstein, S.\n and \n Warren, M.\n (2006), \u201cChallenges in fostering an information security culture in Australian small and medium sized enterprises\u201d, in \n Remenyi, D.\n (Ed.), The 5th European Conference on Information Warfare and Security (ECIW 2006), Academic Conferences Limited, Reading, pp. 31-40."},{"key":"key2020122300333042400_b30","unstructured":"Dojkovski, S.\n , \n Lichtenstein, S.\n and \n Warren, M.\n (2007a), \u201cDeveloping information security culture in small and medium size enterprises: Australian case studies\u201d, 6th European Conference on Information Warfare and Security (ECIW 2007), Academic Conferences Limited, Shrivenham, 2-3 July, pp. 55-65."},{"key":"key2020122300333042400_b32","unstructured":"Dojkovski, S.\n , \n Lichtenstein, S.\n and \n Warren, M.\n (2010), \u201cEnabling information security culture: influences and challenges for Australian SMEs\u201d, The 21st Australasian Conference on Information Systems (ACIS 2010), AIS Electronic Library (AISeL), Brisbane."},{"key":"key2020122300333042400_b31","unstructured":"Dojkovski, S.\n , \n Lichtenstein, S.\n and \n Warren, M.J.\n (2007b), \u201cFostering information security culture in small and medium size enterprises: an interpretive study in Australia\u201d, 15th European Conference on Information Systems (ECIS 2007), AIS Electronic Library (AISeL), St. Gallen."},{"key":"key2020122300333042400_b33","unstructured":"Douglas, M.\n (1992), \n Risk and Blame: Essays in Cultural Theory\n , Routledge, London."},{"key":"key2020122300333042400_b34","doi-asserted-by":"crossref","unstructured":"Douglas, M.\n and \n Wildavsky, A.\n (1982), \n Risk and Culture: An Essay on the Selection of Technological and Environmental Dangers\n , University of California Press, Berkeley, CA.","DOI":"10.1525\/9780520907393"},{"key":"key2020122300333042400_b35","doi-asserted-by":"crossref","unstructured":"Edmondson, A.C.\n and \n Mcmanus, S.E.\n (2007), \u201cMethodological fit in management field research\u201d, \n Academy of Management Review\n , Vol. 32 No. 4, pp. 1155-1179.","DOI":"10.5465\/amr.2007.26586086"},{"key":"key2020122300333042400_b36","unstructured":"Fernando, S.\n and \n Asai, T.\n (2011), \u201cHuman-related information security problems faced by British companies in economically rising countries\u201d, Australian Information Security Management Conference 2011, Edith Cowan University, Perth, 5-7 December, pp. 76-86."},{"key":"key2020122300333042400_b37","unstructured":"Flower, J.\n (1999), \u201cIn the mush\u201d, \n Physician Executive Journal\n , Vol. 25 No. 1, pp. 64-66."},{"key":"key2020122300333042400_b38","unstructured":"Furnell, S.\n (2007), \u201cIFIP workshop \u2013 information security culture\u201d, \n Computer & Security\n , Vol. 26 No. 1, p. 35."},{"key":"key2020122300333042400_b39","doi-asserted-by":"crossref","unstructured":"Furnell, S.\n and \n Thomson, K.-L.\n (2009), \u201cFrom culture to disobedience: recognising the varying user acceptance of IT security\u201d, \n Computer Fraud & Security\n , No. 2, pp. 5-10.","DOI":"10.1016\/S1361-3723(09)70019-3"},{"key":"key2020122300333042400_b40","doi-asserted-by":"crossref","unstructured":"Gattiker, U.E.\n (2008), \u201cEarly warning system for home users and small- and medium-sized enterprises: eight lessons learned\u201d, \n International Journal of System of Systems Engineering\n , Vol. 1 Nos 1\/2, pp. 149-170.","DOI":"10.1504\/IJSSE.2008.018136"},{"key":"key2020122300333042400_b41","doi-asserted-by":"crossref","unstructured":"Gaunt, N.\n (1998), \u201cInstalling an appropriate information security policy\u201d, \n International Journal of Medical Informatics\n , Vol. 49 No. 1, pp. 131-134.","DOI":"10.1016\/S1386-5056(98)00022-7"},{"key":"key2020122300333042400_b42","doi-asserted-by":"crossref","unstructured":"Gaunt, N.\n (2000), \u201cPractical approaches to creating a security culture\u201d, \n International Journal of Medical Informatics\n , Vol. 60 No. 2, pp. 151-157.","DOI":"10.1016\/S1386-5056(00)00115-5"},{"key":"key2020122300333042400_b43","doi-asserted-by":"crossref","unstructured":"Ghernaouti-H\u00e9lie, S.\n (2009), \u201cAn inclusive information society needs a global approach of information security\u201d, 2009 International Conference on Availability, Reliability and Security, IEEE Computer Society, pp. 658-662.","DOI":"10.1109\/ARES.2009.127"},{"key":"key2020122300333042400_b44","doi-asserted-by":"crossref","unstructured":"Ghernaouti-H\u00e9lie, S.\n , \n Tashi, I.\n and \n Simms, D.\n (2010), \u201cA multi-stage methodology for ensuring appropriate security culture and governance\u201d, 2010 International Conference on Availability, Reliability and Security, IEEE Computer Society, Krakow, pp. 353-359.","DOI":"10.1109\/ARES.2010.118"},{"key":"key2020122300333042400_b45","doi-asserted-by":"crossref","unstructured":"Goo, J.\n , \n Yim, M.-S.\n and \n Kim, D.J.\n (2013), \u201cA path way to successful management of individual intention to security compliance: a role of organizational security climate\u201d, 46th Hawaii International Conference on System Sciences (HICSS 2013), IEEE Computer Society, Wailea, HI, 7-10 January, pp. 2959-2968.","DOI":"10.1109\/HICSS.2013.51"},{"key":"key2020122300333042400_b46","doi-asserted-by":"crossref","unstructured":"Gregor, S.\n and \n Jones, D.\n (2007), \u201cThe anatomy of a design theory\u201d, \n Journal of the Association of Information Systems\n , Vol. 8 No. 5, pp. 312-335.","DOI":"10.17705\/1jais.00129"},{"key":"key2020122300333042400_b47","unstructured":"Gr\u00f6nlund, \u00c5.\n (2001), \u201cState of the art in e-Gov research \u2013 a survey\u201d, in \n Traunm\u00fcller, R.\n (Ed.), Electronic Government \u2013 Third International Conference, EGOV 2004, Springer, Berlin Heidelberg, pp. 178-185."},{"key":"key2020122300333042400_b48","doi-asserted-by":"crossref","unstructured":"Gr\u00f6nlund, \u00c5.\n and \n Andersson, A.\n (2006), \u201cE-gov research quality improvements since 2003: more rigor, but research (perhaps) redefined\u201d, in \n Electronic Government \u2013 5th International Conference, EGOV 2006\n , Springer, Berlin, pp. 1-12.","DOI":"10.1007\/11823100_1"},{"key":"key2020122300333042400_b49","unstructured":"Hall, E.T.\n (1959), \n The Silent Language\n , Anchor Books, Garden City, NY."},{"key":"key2020122300333042400_b50","doi-asserted-by":"crossref","unstructured":"Hardy, C.\n (2001), \u201cResearching organizational discourse\u201d, \n International Studies of Management and Organization\n , Vol. 31 No. 3, pp. 25-47.","DOI":"10.1080\/00208825.2001.11656819"},{"key":"key2020122300333042400_b51","doi-asserted-by":"crossref","unstructured":"Harnesk, D.\n and \n Lindstr\u00f6m, J.\n (2011), \u201cShaping security behaviour through discipline and agility \u2013 implications for information security management\u201d, \n Information Management & Computer Security\n , Vol. 19 No. 4, pp. 262-276.","DOI":"10.1108\/09685221111173076"},{"key":"key2020122300333042400_b52","doi-asserted-by":"crossref","unstructured":"Harrald, J.R.\n (2006), \u201cAgility and discipline: critical success factors for disaster response\u201d, \n The ANNALS of the American Academy of Political and Social Science\n , Vol. 604 No. 1, pp. 256-272.","DOI":"10.1177\/0002716205285404"},{"key":"key2020122300333042400_b53","unstructured":"Harris, A.L.\n , \n Yates, D.\n , \n Harris, J.M.\n and \n Quaresma, R.\n (2010), \u201cInformation system ethical attitudes: a cultural comparison of the United States, Spain, and Portugal\u201d, 16th Americas Conference on Information Systems (AMCIS 2010), AIS Electronic Library (AISeL), Lima, Peru, 12-15 August, p. 234."},{"key":"key2020122300333042400_b54","unstructured":"Hedstr\u00f6m, K.\n , \n Kolkowlska, E.\n , \n Karlsson, F.\n and \n Allen, J.P.\n (2011), \u201cA values-based compliance model: integrating information systems security into health care\u201d, \n Journal of Association of Information Systems\n , Vol. 20, pp. 373-384."},{"key":"key2020122300333042400_b55","doi-asserted-by":"crossref","unstructured":"Helokunnas, T.\n and \n Kuusisto, R.\n (2003), \u201cInformation security culture in a value net\u201d, International Engineering Management Conference 2003 (IEMC \u201803), IEEE Xplore Digital Library, Albany, NY, 2-4 November, pp. 190-194.","DOI":"10.1109\/IEMC.2003.1252258"},{"key":"key2020122300333042400_b56","doi-asserted-by":"crossref","unstructured":"Hevner, A.R.\n , \n March, S.T.\n , \n Park, J.\n and \n Ram, S.\n (2004), \u201cDesign science in information systems research\u201d, \n MIS Quarterly\n , Vol. 28 No. 1, pp. 75-105.","DOI":"10.2307\/25148625"},{"key":"key2020122300333042400_b57","unstructured":"Hoffer, J.A.\n and \n Straub, D.W.\n (1989), \u201cThe 9 to 5 underground: are you policing computer crimes?\u201d, \n Sloan Management Review\n , Vol. 30 No. 4, pp. 35-44."},{"key":"key2020122300333042400_b58","unstructured":"Hofstede, G.\n (1997), \n Culture and Organizations: Software of the Mind\n , McGraw-Hill, New York, NY."},{"key":"key2020122300333042400_b59","doi-asserted-by":"crossref","unstructured":"Homans, G.C.\n (1958), \u201cSocial behavior as exchange\u201d, \n American Journal of Sociology\n , Vol. 63 No. 6, pp. 597-606.","DOI":"10.1086\/222355"},{"key":"key2020122300333042400_b60","unstructured":"House, R.J.\n , \n Hanges, P.J.\n , \n Javidan, M.\n , \n Dorfman, P.W.\n and \n Vipin, G.\n (2004), \n Culture, Leadership, and Organizations: The GLOBE Study of 62 Societies\n , Sage, Thousand Oaks, CA."},{"key":"key2020122300333042400_b61","doi-asserted-by":"crossref","unstructured":"Hovav, A.\n and \n D\u2019arcy, J.\n (2012), \u201cApplying an extended model of deterrence across cultures: an investigation of information systems misuse in the US and South Korea\u201d, \n Information & Management\n , Vol. 49 No. 2, pp. 99-110.","DOI":"10.1016\/j.im.2011.12.005"},{"key":"key2020122300333042400_b62","unstructured":"Howell, W.C.\n and \n Fleishman, E.A.\n (1982), \n Human Performance and Productivity, Vol. 2: Information Processing and Decision Making\n , Erlbaum, Hillsdale, NJ."},{"key":"key2020122300333042400_b63","unstructured":"Hu, Q.\n , \n Dinev, T.\n , \n Hart, P.\n and \n Cooke, D.\n (2008), \u201cTop management championship and individual behaviour towards information security: an integrative model\u201d, 16th European Conference on Information Systems (ECIS 2008), AIS Electronic Library (AISeL), Galway, p. 54."},{"key":"key2020122300333042400_b64","doi-asserted-by":"crossref","unstructured":"Hu, Q.\n , \n Dinev, T.\n , \n Hart, P.\n and \n Cooke, D.\n (2012), \u201cManaging employee compliance with information security policies: the critical role of top management and organizational culture\u201d, \n Decision Sciences Journal\n , Vol. 43 No. 4, pp. 615-659.","DOI":"10.1111\/j.1540-5915.2012.00361.x"},{"key":"key2020122300333042400_b65","unstructured":"Ilvonen, I.\n (2011), \u201cInformation security culture or information safety culture: what do words convey?\u201d, in \n Ottis, R.\n (Ed.), The European Conference on Informations Warfare 2011, Academic Publishing, Reading, pp. 148-154."},{"key":"key2020122300333042400_b66","unstructured":"Inglehart, R.\n and \n Welzer, C.\n (2005), \n Modernization, Cultural Change, and Democracy: The Human Development Sequence\n , Cambridge University Press, Cambridge."},{"key":"key2020122300333042400_b67","doi-asserted-by":"crossref","unstructured":"Johnsen, S.O.\n , \n Hansen, C.W.\n , \n Nordby, Y.\n and \n Dahl, M.B.\n (2006), \u201cMeasurement and improvement of information security culture\u201d, \n Measurement and Control\n , Vol. 39 No. 2, pp. 52-56.","DOI":"10.1177\/002029400603900203"},{"key":"key2020122300333042400_b68","doi-asserted-by":"crossref","unstructured":"Johnson, E.M.\n and \n Goetz, E.\n (2007), \u201cEmbedding information security into the organization\u201d, \n Journal of Security and Privacy\n , Vol. 5 No. 3, pp. 16-24.","DOI":"10.1109\/MSP.2007.59"},{"key":"key2020122300333042400_b69","unstructured":"Keeney, R.L.\n (1992), \n Value-Focused Thinking\n , Harvard University Press, Cambridge, MA."},{"key":"key2020122300333042400_b70","doi-asserted-by":"crossref","unstructured":"Knapp, K.J.\n , \n Marshall, T.E.\n , \n Rainer, R.K.\n and \n Ford, F.N.\n (2007), \u201cInformation security: management\u2019s effect on culture and policy\u201d, \n Information Management & Computer Security\n , Vol. 14 No 1, pp. 24-36.","DOI":"10.1108\/09685220610648355"},{"key":"key2020122300333042400_b71","unstructured":"Kolkowska, E.\n (2005), \u201cValue sensitive approach to information system security\u201d, Americas Conference on Information Systems 2005, Omaha, NE, 11-14 August."},{"key":"key2020122300333042400_b72","unstructured":"Kolkowska, E.\n (2011), \u201cSecurity subcultures in an organization-exploring value conflicts\u201d, 19th European Conference on Information Systems (ECIS 2011), AIS Electronic Library, Helsinki, p. 237."},{"key":"key2020122300333042400_b73","doi-asserted-by":"crossref","unstructured":"Koskosas, I.V.\n (2012), \u201cCultural and organisational commitment in the context of e-banking\u201d, \n International Journal of Internet Technology and Secured Transactions\n , Vol. 4 No. 1, pp. 26-41.","DOI":"10.1504\/IJITST.2012.045147"},{"key":"key2020122300333042400_b74","doi-asserted-by":"crossref","unstructured":"Koskosas, I.V.\n and \n Massalas, C.\n (2008), \u201cInternet banking security in the contexts of goal setting, culture and risk communication\u201d, \n International Journal of Risk Assessment and Management\n , Vol. 10, pp. 186-205.","DOI":"10.1504\/IJRAM.2008.021373"},{"key":"key2020122300333042400_b75","doi-asserted-by":"crossref","unstructured":"Kraemer, S.\n and \n Carayon, P.\n (2005), \u201cComputer and information security culture: findings from two studies\u201d, \n The Human Factors and Ergonomics Society 49th Annual Meeting\n , Orlando, FL, 26-30 September, pp. 1483-1487.","DOI":"10.1177\/154193120504901605"},{"key":"key2020122300333042400_b76","doi-asserted-by":"crossref","unstructured":"Kraemer, S.\n and \n Carayon, P.\n (2007), \u201cHuman errors and violations in computer and information security: the viewpoint of network administrators and security specialists\u201d, \n Applied Ergonomics\n , Vol. 38 No. 2, pp. 143-154.","DOI":"10.1016\/j.apergo.2006.03.010"},{"key":"key2020122300333042400_b77","doi-asserted-by":"crossref","unstructured":"Lacey, D.\n (2010), \u201cUnderstanding and transforming organizational security culture\u201d, \n Information Management & Computer Security\n , Vol. 18 No. 1, pp. 4-13.","DOI":"10.1108\/09685221011035223"},{"key":"key2020122300333042400_b78","doi-asserted-by":"crossref","unstructured":"Lazarus, R.S.\n (1993), \u201cFrom psychological stress to the motions: a history of changing outlooks\u201d, \n Annual Review of Psychology\n , Vol. 44, pp. 1-22.","DOI":"10.1146\/annurev.ps.44.020193.000245"},{"key":"key2020122300333042400_b80","unstructured":"Lim, J.S.\n , \n Ahmad, A.\n , \n Chang, S.\n and \n Maynard, S.\n (2010), \u201cEmbedding information security culture emerging concerns and challenges\u201d, Pacific Asia Conference on Information Systems 2010, AIS Electronic Library (AISeL), Taipei, p. 43."},{"key":"key2020122300333042400_b79","unstructured":"Lim, J.S.\n , \n Chang, S.\n , \n Maynard, S.\n and \n Ahmad, A.\n (2009), \u201cExploring the relationship between organizational culture and information security culture\u201d, The 7th Australian Information Security Management Conference, Edith Cowan University, Perth, pp. 88-97."},{"key":"key2020122300333042400_b81","doi-asserted-by":"crossref","unstructured":"Locke, E.A.\n and \n Latham, G.P.\n (2002), \u201cBuilding a practically useful theory of goal setting and task motivation: a 35-year odyssey\u201d, \n American Psychologist\n , Vol. 57 No. 9, pp. 705-717.","DOI":"10.1037\/0003-066X.57.9.705"},{"key":"key2020122300333042400_b82","doi-asserted-by":"crossref","unstructured":"Lowry, P.B.\n , \n Posey, C.\n , \n Roberts, T.L.\n and \n Bennett, R.J.\n (2013), \u201cIs your banker leaking your personal information? The roles of ethics and individual-level cultural characteristics in predicting organizational computer abuse\u201d, \n Journal of Business Ethics\n , Vol. 121 No. 3, pp. 385-401.","DOI":"10.1007\/s10551-013-1705-3"},{"key":"key2020122300333042400_b83","unstructured":"Luo, X.\n , \n Warkentin, M.\n and \n Johnston, A.C.\n (2009), \u201cThe impact of national culture on workplace privacy expectations in the context of information security assurance\u201d, 15th American Conference on Information Systems (AMCIS 2009), AIS Electronic Library (AISeL), San Francisco, CA."},{"key":"key2020122300333042400_b84","doi-asserted-by":"crossref","unstructured":"Malcolmson, J.\n (2009), \u201cWhat is security culture? Does it differ in content from general organisational culture?\u201d, in \n Sanson, L.D.\n and \n Steiner-Koller, S.M.\n (Eds), 43rd Annual International Carnahan Conference on Security Technology, IEEE Xplore Digital Library, Zurich, 5-8 October, pp. 361-366.","DOI":"10.1109\/CCST.2009.5335511"},{"key":"key2020122300333042400_b85","unstructured":"Martins, J.\n and \n Dos Santos, H.\n (2010), \u201cMethods of organizational information security (a literature review)\u201d, in \n Tenreiro De Magalhaes, S.\n , \n Jahankhani, H.\n and \n Hessami, A.G.\n (Eds), Global Security, Safety, and Sustainability \u2013 6th International Conference, ICGS3 2010, Braga, Portugal, 1-3 September, Springer, Heidelberg, pp. 120-130."},{"key":"key2020122300333042400_b86","unstructured":"Mccoy, B.\n , \n Stephens, G.\n and \n Stevens, K.J.\n (2009), \u201cAn investigation of the impact of corporate culture on employee information systems security behaviour\u201d, 20th Australasian Conference on Information Systems (ACIS 2009), AIS Electronic Library, Melbourne."},{"key":"key2020122300333042400_b87","doi-asserted-by":"crossref","unstructured":"Mingers, J.\n (2003), \u201cThe paucity of multimethod research: a review of the information systems literature\u201d, \n Information Systems Journal\n , Vol. 13 No. 3, pp. 233-249.","DOI":"10.1046\/j.1365-2575.2003.00143.x"},{"key":"key2020122300333042400_b88","unstructured":"Nemati, H.R.\n and \n Church, M.\n (2009), \u201cA human centered framework for information security management: a healthcare perspective\u201d, Americas Conference on Information Systems 2009 (AMCIS 2009), AIS Electronic Library."},{"key":"key2020122300333042400_b89","unstructured":"Ngo, L.\n , \n Zhou, W.\n and \n Warren, M.\n (2005), \u201cUnderstanding transition towards information security culture change\u201d, in \n Valli, C.\n and \n Woodward, A.\n (Eds), 3rd Australian Information Security Management Conference, Edith Cowan University, Perth, pp. 67-73."},{"key":"key2020122300333042400_b90","doi-asserted-by":"crossref","unstructured":"Nonaka, I.\n (1994), \u201cA dynamic theory of organizational knowledge creation\u201d, \n Organization Science\n , Vol. 5 No. 1, pp. 14-37.","DOI":"10.1287\/orsc.5.1.14"},{"key":"key2020122300333042400_b91","doi-asserted-by":"crossref","unstructured":"Okere, I.\n , \n Van Niekerk, J.\n and \n Carroll, M.\n (2012), \u201cAssessing information security culture: a critical analysis of current approaches\u201d, \n ISSA 2012\n , IEEE Xplore Digital Library, pp. 1-8.","DOI":"10.1109\/ISSA.2012.6320442"},{"key":"key2020122300333042400_b92","doi-asserted-by":"crossref","unstructured":"Quinn, R.E.\n and \n Cameron, K.\n (1983), \u201cOrganizational life cycles and shifting criteria of effectiveness: some preliminary evidence\u201d, \n Management Science\n , Vol. 29 No. 1, pp. 33-51.","DOI":"10.1287\/mnsc.29.1.33"},{"key":"key2020122300333042400_b94","doi-asserted-by":"crossref","unstructured":"Ramachandran, S.\n , \n Rao, C.\n , \n Goles, T.\n and \n Dhillon, G.\n (2013), \u201cVariations in information security cultures across professions: a qualitative study\u201d, \n Communications of the Association for Information Systems\n , Vol. 33, pp. 163-204.","DOI":"10.17705\/1CAIS.03311"},{"key":"key2020122300333042400_b93","doi-asserted-by":"crossref","unstructured":"Ramachandran, S.\n , \n Rao, S.V.\n and \n Goles, T.\n (2008), \u201cInformation security cultures of four professions: a comparative study\u201d, \n The 41st Annual Hawaii International Conference on System Sciences\n , Big Island, HI, 7-10 January, pp. 454-464.","DOI":"10.1109\/HICSS.2008.201"},{"key":"key2020122300333042400_b95","unstructured":"Rastogi, R.\n and \n von Solms, R.\n (2012), \u201cInformation security service culture \u2013 information security for end-users\u201d, \n Journal of Universal Computer Science\n , Vol. 18 No. 12, pp. 1628-1642."},{"key":"key2020122300333042400_b96","unstructured":"Rest, J.R.\n (1986), \n Moral Development: Advances in Research and Theory\n , Praeger, New York, NY."},{"key":"key2020122300333042400_b97","unstructured":"Robbins, S.\n (2001), \n Organisational Behaviour\n , Prentice Hall, NJ."},{"key":"key2020122300333042400_b98","unstructured":"Rousseau, D.\n (1988), \u201cThe construction of climate in organizational research\u201d, in \n Cooper, C.L.\n and \n Robertson, I.\n (Eds), \n International Review of Industrial and Organizational Psychology\n , Wiley, Chichester, pp. 139-158."},{"key":"key2020122300333042400_b99","doi-asserted-by":"crossref","unstructured":"Ruighaver, A.B.\n , \n Maynard, S.B.\n and \n Chang, S.\n (2007), \u201cOrganisational security culture: extending the end-user perspective\u201d, \n Computers & Security\n , Vol. 26 No. 1, pp. 56-62.","DOI":"10.1016\/j.cose.2006.10.008"},{"key":"key2020122300333042400_b100","doi-asserted-by":"crossref","unstructured":"Ruighaver, A.B.\n , \n Maynard, S.B.\n and \n Warren, M.\n (2010), \u201cEthical decision making: improving the quality of acceptable use policies\u201d, \n Computer & Security\n , Vol. 29 No. 7, pp. 731-736.","DOI":"10.1016\/j.cose.2010.05.004"},{"key":"key2020122300333042400_b101","unstructured":"Sabbagh, B.A.\n and \n Kowalski, S.\n (2012), \u201cDeveloping social metrics for security modeling the security culture of it workers individuals (case study)\u201d, in \n Mosharka, J.M.\n (Ed.), 5th International Conference on Communications, Computers and Applications, MIC-CCA 2012, IEEE Xplore Digital Library, pp. 112-118."},{"key":"key2020122300333042400_b102","doi-asserted-by":"crossref","unstructured":"S\u00e1nchez, L.E.\n , \n Santos-Olmo, A.\n , \n Fern\u00e1ndez-Medina, E.\n and \n Piatinni, M.\n (2010), \u201cSecurity culture in small and medium-size enterprise\u201d. ENTERprise Information Systems \u2013 International Conference, CENTERIS 2010, Viana do Castelo, Portugal, Springer, Berlin, 20-22 October.","DOI":"10.1007\/978-3-642-16419-4_32"},{"key":"key2020122300333042400_b103","unstructured":"Schein, E.H.\n (1985), \n Organizational Culture and Leadership\n , Jossey-Bass, San Francisco, CA, pp. 315-324."},{"key":"key2020122300333042400_b104","unstructured":"Schlienger, T.\n and \n Teufel, S.\n (2002), \u201cInformation security culture \u2013 the socio- cultural dimension in information security management\u201d, in \n Adeeb Ghonaimy, M.\n , \n El-Hadidi, M.T.\n and \n Aslan, H.K.\n (Eds), \n Security in the Information Society: Visions and Perspectives\n , Kluwer Academic Publishers, Dordrecht, pp. 191-201."},{"key":"key2020122300333042400_b105","unstructured":"Schlienger, T.\n and \n Teufel, S.\n (2005), \u201cTool supported management of information security culture application in a private bank\u201d, in \n Sasaki, R.\n , \n Qing, S.\n , \n Okamoto, E.\n and \n Yoshiura, H.\n (Eds), Security and Privacy in the Age of Ubiquitous Computing \u2013 IFIP TC11 20th International Information Security Conference, 30 May-1 June, Chiba, Springer, NY, pp. 65-77."},{"key":"key2020122300333042400_b106","unstructured":"Schutt, R.K.\n (2001), \n Investigating the Social World: The Process and Practice of Research\n , Pine Forge Press, Thousand Oaks, CA."},{"key":"key2020122300333042400_b107","doi-asserted-by":"crossref","unstructured":"Shaaban, H.\n and \n Conrad, M.\n (2012), \u201cDemocracy, culture and information security: a case study in Zanzibar\u201d, \n Information Management & Computer Security\n , Vol. 21 No. 3, pp. 191-201.","DOI":"10.1108\/IMCS-09-2012-0057"},{"key":"key2020122300333042400_b108","unstructured":"Shahibi, M.S.\n , \n Rashid, R.M.\n , \n Fakeh, S.K.W.\n , \n Dollah, W.A.K.W.\n and \n Ali, J.\n (2012), \u201cDetermining factors influencing information security culture among ICT librarians\u201d, \n Journal of Theoretical and Applied Information Technology\n , Vol. 37 No. 1, pp. 132-140."},{"key":"key2020122300333042400_b109","unstructured":"Shahri, A.B.\n , \n Ismail, Z.\n and \n Rahim, N.Z.A.\n (2012), \u201cSecurity effectiveness in health information system: through improving the human factors by education and training\u201d, \n Australian Journal of Basic and Applied Sciences\n , Vol. 6 No. 2, pp. 226-233."},{"key":"key2020122300333042400_b112","doi-asserted-by":"crossref","unstructured":"Siponen, M.\n , \n Pahnila, S.\n and \n Mahmood, A.\n (2007), \u201cEmployees\u2019 adherence to information security policies: an empirical study\u201d, in \n Venter, H.\n , \n Eloff, M.\n , \n Labuschagne, L.\n , \n Eloff, J.\n and \n Von Solms, R.\n (Eds), \n IFIP International Federation for Information Processing, New Approaches for Security, Privacy and Trust in Complex Environments\n , Springer, Boston, MA, pp. 133-144.","DOI":"10.1007\/978-0-387-72367-9_12"},{"key":"key2020122300333042400_b110","doi-asserted-by":"crossref","unstructured":"Siponen, M.T.\n and \n Oinas-Kukkonen, H.\n (2007), \u201cA review of information security issues and respective research contributions\u201d, \n Database for Advances in Information Systems\n , Vol. 38 No. 1, pp. 60-80.","DOI":"10.1145\/1216218.1216224"},{"key":"key2020122300333042400_b111","unstructured":"Siponen, M.\n and \n Willison, R.\n (2007), \u201cA critical assessment of IS security research between 1990-2004\u201d, The 15th European Conference on Information Systems (ECIS 2007), AIS Electronic Library (AISeL), St. Gallen, pp. 1551-1559."},{"key":"key2020122300333042400_b113","unstructured":"Siponen, M.\n , \n Wilson, R.\n and \n Baskerville, R.\n (2008), \u201cPower and practice in information systems security research\u201d \n International Conference on Information Systems (ICIS\n ), Paris."},{"key":"key2020122300333042400_b114","doi-asserted-by":"crossref","unstructured":"Stanton, J.M.\n , \n Stam, K.R.\n , \n Mastrangelo, P.\n and \n Jolton, J.\n (2005), \u201cAnalysis of end user security behaviors\u201d, \n Computers & Security\n , Vol. 24 No. 2, pp. 124-133.","DOI":"10.1016\/j.cose.2004.07.001"},{"key":"key2020122300333042400_b115","doi-asserted-by":"crossref","unstructured":"Thomson, K.\n and \n Van Niekerk, J.\n (2012), \u201cCombating information security apathy by encouraging prosocial organisational behaviour\u201d, \n Information Management & Computer Security\n , Vol. 20, pp. 39-46.","DOI":"10.1108\/09685221211219191"},{"key":"key2020122300333042400_b116","doi-asserted-by":"crossref","unstructured":"Thomson, K.-L.\n and \n Von Solms, R.\n (2005), \u201cInformation security obedience: a definition\u201d, \n Computer & Security\n , Vol. 24, pp. 69-75.","DOI":"10.1016\/j.cose.2004.10.005"},{"key":"key2020122300333042400_b117","doi-asserted-by":"crossref","unstructured":"Thomson, K.-L.\n and \n Von Solms, R.\n (2006), \u201cTowards an information security competence maturity model\u201d, \n Computer Fraud & Security\n , No. 5, pp. 11-15.","DOI":"10.1016\/S1361-3723(06)70356-6"},{"key":"key2020122300333042400_b118","doi-asserted-by":"crossref","unstructured":"Thomson, K.-L.\n , \n Von Solms, R.\n and \n Louw, L.\n (2006), \u201cCultivating an organizational information security culture\u201d, \n Computer Fraud & Security\n , No. 10, pp. 7-11.","DOI":"10.1016\/S1361-3723(06)70430-4"},{"key":"key2020122300333042400_b119","doi-asserted-by":"crossref","unstructured":"Thong, J.Y.L.\n and \n Yap, C.-S.\n (1998), \u201cTesting an ethical decision-making theory: the case of softlifting\u201d, \n Journal of Management Information Systems\n , Vol. 15 No. 1, pp. 213-237.","DOI":"10.1080\/07421222.1998.11518203"},{"key":"key2020122300333042400_b120","doi-asserted-by":"crossref","unstructured":"Tsohou, A.\n , \n Karyda, M.\n , \n Kokolakis, S.\n and \n Kiountouzis, E.\n (2006), \u201cFormulating information systems risk management strategies through cultural theory\u201d, \n Information Management & Computer Security\n , Vol. 14 No. 3, pp. 198-217.","DOI":"10.1108\/09685220610670378"},{"key":"key2020122300333042400_b121","doi-asserted-by":"crossref","unstructured":"Tsohou, A.\n , \n Theoharidou, M.\n , \n Kokolakis, S.\n and \n Gritzalis, D.\n (2007), \u201cAddressing cultural dissimilarity in the information security management outsourcing relationship\u201d, in \n Lambrinoudakis, C.\n , \n Pernul, G.\n and \n Tjoa, A.M.\n (Eds), \n Trust, Privacy and Security in Digital Business\n , Springer, pp. 24-33.","DOI":"10.1007\/978-3-540-74409-2_5"},{"key":"key2020122300333042400_b122","doi-asserted-by":"crossref","unstructured":"Van Niekerk, J.F.\n and \n Von Solms, R.\n (2010), \u201cInformation security culture: a management perspective\u201d, \n Computer & Security\n , Vol. 29, pp. 476-486.","DOI":"10.1016\/j.cose.2009.10.005"},{"key":"key2020122300333042400_b123","unstructured":"Van Niekerk, J.\n and \n Von Solms, R.\n (2013), \u201cA theory based approach to information security culture change\u201d, \n Information (Japan\n ), Vol. 16, pp. 3907-3930."},{"key":"key2020122300333042400_b124","doi-asserted-by":"crossref","unstructured":"Von Solms, B.\n (2000), \u201cInformation security \u2013 the third wave?\u201d, \n Computers and Security\n , Vol. 19, pp. 615-620.","DOI":"10.1016\/S0167-4048(00)07021-8"},{"key":"key2020122300333042400_b125","doi-asserted-by":"crossref","unstructured":"Vroom, C.\n and \n von Solms, R.\n (2004), \u201cTowards information security behavioural compliance\u201d, \n Computers and Security\n , Vol. 23 No. 3, pp. 191-198.","DOI":"10.1016\/j.cose.2004.01.012"},{"key":"key2020122300333042400_b126","unstructured":"Warner, J.\n (2006), \u201cTowards understanding user behavioral intentions to use IT security: examining the impact of IT security psychological climate and individual beliefs\u201d, 12th Americas Conference on Information Systems (AMCIS), AIS Electronic Library (AISeL), Acapulco, 4-6 August."},{"key":"key2020122300333042400_b127","doi-asserted-by":"crossref","unstructured":"Westrum, R.J.\n (1993), \u201cCultures with requisite imagination\u201d, in \n Wise, J.A.\n , \n Hopkin, V.D.\n and \n Stager, P.\n (Eds), \n Verification and Validation of Complex Systems: Human Factors Issues\n , Springer, Heidelberg, pp. 401-416.","DOI":"10.1007\/978-3-662-02933-6_25"},{"key":"key2020122300333042400_b128","unstructured":"Williams, P.A.\n (2009), \u201cWhat does security culture look like for small organizations?\u201d, 7th Australian Information Security Management Conference, Edith Cowan University, Perth, 1-3 December, pp. 48-54."},{"key":"key2020122300333042400_b129","doi-asserted-by":"crossref","unstructured":"Williams, P.A.H.\n (2008), \u201cIn a \u2018trusting\u2019 environment, everyone is responsible for information security\u201d, \n Information Security Technical Report\n , Vol. 13 No. 4, pp. 207-215.","DOI":"10.1016\/j.istr.2008.10.009"},{"key":"key2020122300333042400_b130","doi-asserted-by":"crossref","unstructured":"Woodhouse, S.\n (2007), \u201cInformation security: end user behavior and corporate culture\u201d, Seventh International Conference on Computer and Information Technology, IEEE Xplore Digital Library, Aizu-Wakamatsu, Fukushima, 16-19 October, pp. 767-774.","DOI":"10.1109\/CIT.2007.186"},{"key":"key2020122300333042400_b131","unstructured":"Zakaria, O.\n (2005a), \u201cEmployee security perception in cultivating information security culture\u201d, in \n Dowland, P.\n , \n Furnell, S.\n , \n Thuraisingham, B.\n and \n Wang, S.X.\n (Eds), \n IFIP TC-11 WG 11.1 and WG 11.5 Joint Working Conference on Security Management, Integrity, and Internal Control in Information Systems\n . Springer-Verlag, New York, NY, pp. 83-92."},{"key":"key2020122300333042400_b132","unstructured":"Zakaria, O.\n (2005b), \u201cInformation security culture and leadership\u201d, 4th European Conference on Information Warfare and Security 2005, ECIW 2005, Academic Conferences Limited, Glamorgan, pp. 415-420."},{"key":"key2020122300333042400_b133","doi-asserted-by":"crossref","unstructured":"Zakaria, O.\n (2006), \u201cInternalisation of information security culture amongst employees through basic security knowledge\u201d, in \n Fischer-H\u00fcbner, S.\n , \n Lindskog, S.\n , \n Lassous, G.\n and \n Yngstr\u00f6m, L.\n (Eds), Proceedings of the IFIP TC-11 21st International Information Security Conference (SEC 2006) on Security and Privacy in Dynamic Environments, Springer, New York, NY, pp. 437-441.","DOI":"10.1007\/0-387-33406-8_38"},{"key":"key2020122300333042400_b134","unstructured":"Zakaria, O.\n , \n Jarupunphol, P.\n and \n Gani, A.\n (2003), \u201cParadigm mapping for information security culture approach\u201d, in \n Slay, J. \n (Ed.), 4th Australian Conference on Information Warfare and IT Security, Adelaide, 20-21 November, pp. 417-426."}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-05-2014-0033","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-05-2014-0033\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-05-2014-0033\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:54Z","timestamp":1753406574000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/3\/246-285\/109589"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,7,13]]},"references-count":134,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2015,7,13]]}},"alternative-id":["10.1108\/ICS-05-2014-0033"],"URL":"https:\/\/doi.org\/10.1108\/ics-05-2014-0033","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2015,7,13]]}}}