{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T15:12:32Z","timestamp":1774537952052,"version":"3.50.1"},"reference-count":95,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2017,11,13]],"date-time":"2017-11-13T00:00:00Z","timestamp":1510531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2017,11,13]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The aim of this study is to encourage management boards to recognize that employees play a major role in the management of information security. Thus, these issues need to be addressed efficiently, especially in organizations in which data are a valuable asset.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>Before developing the instrument for the survey, first, effective measurement built upon existing literature review was identified and developed and the survey questionnaires were set according to past studies and the findings based on qualitative analyses. Data were collected by using cross-sectional questionnaire and a Likert scale, whereby each question was related to an item as in the work of Witherspoon et al. (2013). Data analysis was done using the SPSS.3B.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>Based on the results from three surveys and findings, a principle of information security compliance practices was proposed based on the authors\u2019 proposed nine-five-circle (NFC) principle that enhances information security management by identifying human conduct and IT security-related issues regarding the aspect of information security management. Furthermore, the authors\u2019 principle has enabled closing the gap between technology and humans in this study by proving that the factors in the present study\u2019s finding are interrelated and work together, rather than on their own.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Research limitations\/implications<\/jats:title>\n<jats:p>The main objective of this study was to address the lack of research evidence on what mobilizes and influences information security management development and implementation. This objective has been fulfilled by surveying, collecting and analyzing data and by giving an account of the attributes that hinder information security management. Accordingly, a major practical contribution of the present research is the empirical data it provides that enable obtaining a bigger picture and precise information about the real issues that cause information security management shortcomings.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title>\n<jats:p>In this sense, despite the fact that this study has limitations concerning the development of a diagnostic tool, it is obviously the main procedure for the measurements of a framework to assess information security compliance policies in the organizations surveyed.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Social implications<\/jats:title>\n<jats:p>The present study\u2019s discoveries recommend in actuality that using flexible tools that can be scoped to meet individual organizational needs have positive effects on the implementation of information security management policies within an organization. Accordingly, the research proposes that organizations should forsake the oversimplified generalized guidelines that neglect the verification of the difference in information security requirements in various organizations. Instead, they should focus on the issue of how to sustain and enhance their organization\u2019s compliance through a dynamic compliance process that involves awareness of the compliance regulation, controlling integration and closing gaps.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The rapid growth of information technology (IT) has created numerous business opportunities. At the same time, this growth has increased information security risk. IT security risk is an important issue in industrial sectors, and in organizations that are innovating owing to globalization or changes in organizational culture. Previously, technology-associated risk assessments focused on various technology factors, but as of the early twenty-first century, the most important issue identified in technology risk studies is the human factor.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-07-2016-0054","type":"journal-article","created":{"date-parts":[[2017,11,6]],"date-time":"2017-11-06T09:34:28Z","timestamp":1509960868000},"page":"494-534","source":"Crossref","is-referenced-by-count":52,"title":["Information security management and the human aspect in organizations"],"prefix":"10.1108","volume":"25","author":[{"given":"Harrison","family":"Stewart","sequence":"first","affiliation":[]},{"given":"Jan","family":"J\u00fcrjens","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"issue":"3","key":"key2020120501164117800_ref001","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1080\/0144929X.2012.708787","article-title":"User preference of cyber security awareness delivery methods","volume":"33","year":"2014","journal-title":"Behaviour & Information Technology"},{"issue":"5","key":"key2020120501164117800_ref002","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1016\/j.cose.2012.04.001","article-title":"Incident response teams \u2013 challenges in supporting the organisational security function","volume":"31","year":"2012","journal-title":"Computers & Security"},{"issue":"2","key":"key2020120501164117800_ref003","first-page":"357","article-title":"Information security strategies: towards an organizational multi-strategy perspective","volume":"25","year":"2012","journal-title":"Intelligent Manufacturing"},{"issue":"4","key":"key2020120501164117800_ref004","doi-asserted-by":"crossref","first-page":"432","DOI":"10.1016\/j.cose.2009.12.005","article-title":"Improving information security awareness and behaviour through dialogue, participation and collective reflection: an intervention study","volume":"29","year":"2010","journal-title":"Computers & Security"},{"key":"key2020120501164117800_ref005","doi-asserted-by":"publisher","first-page":"304","DOI":"10.1016\/j.chb.2014.05.046","article-title":"Security awareness of computer users: a phishing threat avoidance perspective","volume":"38","year":"2014","journal-title":"Computers in Human Behavior"},{"issue":"2","key":"key2020120501164117800_ref006","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1109\/MSECP.2003.1193216","article-title":"The weakest link revisited","volume":"1","year":"2003","journal-title":"IEEE Security & Privacy Magazine"},{"issue":"4","key":"key2020120501164117800_B6a","doi-asserted-by":"crossref","first-page":"375","DOI":"10.1145\/162124.162127","article-title":"Information systems security design methods: implications for information systems development","volume":"25","year":"1993","journal-title":"Computing Surveys"},{"key":"key2020120501164117800_ref007","volume-title":"On Crime and Punishments","year":"1963"},{"issue":"2","key":"key2020120501164117800_ref008","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1057\/ejis.2009.8","article-title":"If someone is watching, I\u2019ll do what I\u2019m asked: mandatoriness, control, and information security","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"key":"key2020120501164117800_B8a","volume-title":"Security Updates: The Upcoming Revision of ISO\/IEC 27001","year":"2014"},{"key":"key2020120501164117800_ref009","unstructured":"Cavusoglu, H., Cavusoglu, H., Son, J.-Y. and Benbasat, I. (2009), \u201cInformation security control resources in organizations: a multidimensional view and their key drivers\u201d, working paper, Sauder School of Business, University of British Columbia."},{"issue":"7","key":"key2020120501164117800_ref010","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1145\/1005817.1005828","article-title":"A model for evaluating IT security investments","volume":"47","year":"2004","journal-title":"Communications of the ACM"},{"issue":"1","key":"key2020120501164117800_ref011","first-page":"69","article-title":"The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers","volume":"9","year":"2004","journal-title":"International Journal of Electronic Commerce"},{"issue":"3","key":"key2020120501164117800_ref012","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1108\/02635570610653498","article-title":"Organizational factors to the effectiveness of implementing information security management","volume":"106","year":"2006","journal-title":"Industrial Management & Data Systems"},{"issue":"9","key":"key2020120501164117800_ref013","doi-asserted-by":"crossref","first-page":"1137","DOI":"10.1016\/j.jpdc.2006.04.007","article-title":"Collaborative detection and filtering of shrew DDoS attacks using spectral analysis","volume":"66","year":"2006","journal-title":"Journal of Parallel and Distributed Computing"},{"key":"key2020120501164117800_ref014","first-page":"3681","article-title":"Research in information security: a literature review using a multidimensional framework","year":"2010"},{"key":"key2020120501164117800_ref015","volume-title":"Policy Networks and Policy Change: Putting Policy Network Theory to the Test","year":"2009"},{"issue":"6","key":"key2020120501164117800_ref016","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1145\/1132469.1132472","article-title":"Piracy, computer crime, and information security misuse at the university","volume":"49","year":"2006","journal-title":"Communications of the ACM"},{"key":"key2020120501164117800_ref017","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","article-title":"Future directions for behavioral information security research","volume":"32","year":"2013","journal-title":"Computers & Security"},{"key":"key2020120501164117800_ref018","first-page":"162","article-title":"Improving the information security culture through monitoring and implementation actions illustrated through a case study","volume":"49","year":"2016","journal-title":"Computers & Security"},{"issue":"2","key":"key2020120501164117800_ref019","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1046\/j.1365-2575.2001.00099.x","article-title":"Current directions in information security research: toward socio-organizational perspectives","volume":"11","year":"2001","journal-title":"Information Systems Journal"},{"issue":"4","key":"key2020120501164117800_ref020","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1016\/j.istr.2013.03.004","article-title":"Toward web-based information security knowledge sharing","volume":"17","year":"2013","journal-title":"Information Security Technical Report"},{"key":"key2020120501164117800_ref021","volume-title":"Statistical Methods for Practice and Research","year":"2009"},{"issue":"1","key":"key2020120501164117800_ref022","first-page":"242","article-title":"Security-related behavior in using information systems in the workplace: a review and synthesis","volume":"32","year":"2013","journal-title":"Computers & Security"},{"issue":"6","key":"key2020120501164117800_ref023","doi-asserted-by":"crossref","first-page":"320","DOI":"10.1016\/j.im.2012.08.001","article-title":"The effects of multilevel sanctions on information security violations: a mediating model","volume":"49","year":"2012","journal-title":"Information and Management"},{"issue":"4","key":"key2020120501164117800_ref024","doi-asserted-by":"crossref","first-page":"377","DOI":"10.1108\/09685220810908796","article-title":"Implementation and effectiveness of organizational information security measures","volume":"16","year":"2008","journal-title":"Information Management & Computer Security"},{"key":"key2020120501164117800_ref025","volume-title":"Multivariate Data Analysis","year":"2010"},{"key":"key2020120501164117800_ref026","doi-asserted-by":"crossref","first-page":"257","DOI":"10.2307\/249656","article-title":"The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions","volume":"20","year":"1996","journal-title":"MIS Quarterly"},{"key":"key2020120501164117800_ref027","first-page":"1","article-title":"An empirical study on the effectiveness of common security measures","year":"2010"},{"issue":"2","key":"key2020120501164117800_ref028","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.dss.2009.02.005","article-title":"Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness","volume":"47","year":"2009","journal-title":"Decision Support Systems"},{"issue":"2","key":"key2020120501164117800_ref029","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: a framework for security policy compliance in organisations","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"key":"key2020120501164117800_B27a","volume-title":"More Changes Ahead","year":"2014"},{"issue":"2","key":"key2020120501164117800_ref030","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1016\/j.im.2011.12.005","article-title":"Applying an extended model of deterrence across cultures: an investigation of information systems misuse in the U.S. and South Korea","volume":"49","year":"2012","journal-title":"Information Management"},{"issue":"2","key":"key2020120501164117800_ref031","doi-asserted-by":"crossref","first-page":"140","DOI":"10.1057\/ejis.2009.7","article-title":"Frame misalignment: interpreting the implementation of information systems security certification in an organization","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"key2020120501164117800_ref032","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1016\/j.jsis.2007.05.004","article-title":"The role of external and internal influences on information systems security: a neo- institutional perspective","volume":"16","year":"2007","journal-title":"Journal of Strategic Information Systems"},{"issue":"1","key":"key2020120501164117800_ref033","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.cose.2011.10.007","article-title":"Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory","volume":"31","year":"2012","journal-title":"Computers & Security"},{"issue":"8","key":"key2020120501164117800_ref034","doi-asserted-by":"publisher","DOI":"10.1080\/00207543.2014.991047","article-title":"An empirical research on the impacts of organisational decisions\u2019 locus, tasks structure rules, knowledge, and IT function\u2019s value on ERP system success","volume":"53","year":"2014","journal-title":"International Journal of Production Research"},{"issue":"110","key":"key2020120501164117800_ref035","first-page":"56","article-title":"Human error, not hackers, cause most data breaches","volume":"10","year":"2013","journal-title":"Compliance Week"},{"issue":"6","key":"key2020120501164117800_ref036","doi-asserted-by":"crossref","first-page":"584","DOI":"10.1080\/0144929X.2011.632650","article-title":"Phishing for phishing awareness","volume":"32","year":"2013","journal-title":"Behaviour & Information Technology"},{"issue":"1","key":"key2020120501164117800_ref037","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1080\/15228053.2005.10856057","article-title":"Understanding user resistance and acceptance during the implementation of an order management system: a case study using the equity implementation model","volume":"7","year":"2005","journal-title":"Journal of Information Technology Case and Application Research"},{"issue":"2","key":"key2020120501164117800_B37a","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/S0268-4012(02)00105-6","article-title":"An integrative study of information systems security effectiveness","volume":"23","year":"2003","journal-title":"International Journal of Information Management"},{"issue":"1","key":"key2020120501164117800_ref082","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1145\/1120501.1120506","article-title":"Towards a process model of information systems implementation: the case of customer relationship management (CRM)","volume":"37","year":"2006","journal-title":"ACM Sigmis Database"},{"issue":"1","key":"key2020120501164117800_B37b","first-page":"597","article-title":"Why there aren\u2019t more information security research studies","volume":"41","year":"2004","journal-title":"Information and Management"},{"issue":"8","key":"key2020120501164117800_ref038","doi-asserted-by":"publisher","first-page":"840","DOI":"10.1016\/j.cose.2010.08.001","article-title":"Cyber security for home users: a new way of protection through awareness enforcement","volume":"29","year":"2010","journal-title":"Computers & Security"},{"issue":"6","key":"key2020120501164117800_B38a","first-page":"295","article-title":"Knowledge sharing in interest online communities: a comparison of posters and lurkers","volume":"35","year":"2014","journal-title":"Computers in Human Behavior"},{"issue":"2\/3","key":"key2020120501164117800_ref039","first-page":"57","article-title":"A holistic model of computer abuse within organizations","volume":"10","year":"2002","journal-title":"Information Management & Computer Security"},{"issue":"2","key":"key2020120501164117800_ref040","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1016\/j.im.2008.01.002","article-title":"An empirical investigation of anti-spyware software adoption: a multitheoretical perspective","volume":"45","year":"2008","journal-title":"Information Management"},{"issue":"4","key":"key2020120501164117800_ref041","doi-asserted-by":"publisher","first-page":"635","DOI":"10.1016\/j.dss.2009.12.005","article-title":"Understanding compliance with internet use policy from the perspective of rational choice theory","volume":"48","year":"2010","journal-title":"Decision Support Systems"},{"issue":"2","key":"key2020120501164117800_ref042","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1007\/s10207-008-0068-8","article-title":"Denial of service li attacks and defences in decentralised trust management","volume":"8","year":"2009","journal-title":"International Journal of Information Security"},{"issue":"8","key":"key2020120501164117800_ref043","doi-asserted-by":"crossref","first-page":"1081","DOI":"10.1016\/j.im.2004.12.002","article-title":"Prevalence, perceived seriousness, justification and regulation of cyberloafing in Singapore: an exploratory study","volume":"42","year":"2005","journal-title":"Information & Management"},{"issue":"5","key":"key2020120501164117800_ref044","first-page":"43","article-title":"Managing e-business risk to mitigate loss","volume":"21","year":"2005","journal-title":"Financial Executive"},{"issue":"3","key":"key2020120501164117800_ref045","first-page":"3","article-title":"Anchoring information security governance research: sociological groundings and future directions","volume":"2","year":"2006","journal-title":"International Journal of Information Security"},{"issue":"1","key":"key2020120501164117800_ref046","first-page":"58","article-title":"An integrated framework for information security management","volume":"30","year":"2009","journal-title":"Review of Business"},{"key":"key2020120501164117800_ref047","volume-title":"ISO 27001:2013 \u2013 Understanding the New Standard","year":"2013"},{"issue":"3","key":"key2020120501164117800_ref048","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1109\/TDSC.2005.35","article-title":"D-WARD: a source-end defense against flooding denial-of-service attacks","volume":"2","year":"2005","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"key2020120501164117800_ref049","first-page":"156","article-title":"Employees\u2019 behavior towards is security policy compliance","year":"2007"},{"key":"key2020120501164117800_ref050","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1016\/j.cose.2013.12.003","article-title":"Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q)","volume":"42","year":"2014","journal-title":"Computers & Security"},{"key":"key2020120501164117800_ref051","unstructured":"PricewaterhouseCoopers (2008), \u201cEmployee behaviour key to improving information security, new survey finds\u201d, 23 June, available at: www.ukmediacentre.pwc.com\/content\/detail.aspx?releaseid=2672&newsareaid=2"},{"issue":"4","key":"key2020120501164117800_ref052","doi-asserted-by":"crossref","first-page":"757","DOI":"10.2307\/25750704","article-title":"Improving employees\u2019 compliance through information systems security training: an action research study","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"key":"key2020120501164117800_ref053","volume-title":"Internal Auditing: Assurance & Advisory Services","year":"2013"},{"key":"key2020120501164117800_B53a","volume-title":"15th Annual 2010\/2011 Computer Crime and Security Survey","year":"2011"},{"issue":"100","key":"key2020120501164117800_ref054","first-page":"D1","article-title":"Are your medical records at risk?","volume":"251","year":"2008","journal-title":"Wall Street Journal"},{"key":"key2020120501164117800_B54a","doi-asserted-by":"publisher","first-page":"559","DOI":"10.1016\/j.econmod.2013.08.011.d","article-title":"A customer loyalty formation model in electronic commerce","volume":"35","year":"2013","journal-title":"Economic Modelling"},{"key":"key2020120501164117800_ref055","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1016\/j.cose.2015.05.012","article-title":"Information security conscious care behaviour formation in organizations","volume":"53","year":"2015","journal-title":"Computers & Security"},{"issue":"7","key":"key2020120501164117800_ref056","doi-asserted-by":"crossref","first-page":"620","DOI":"10.1016\/S0167-4048(01)00712-X","article-title":"Usability and security an appraisal of usability issues in information security methods","volume":"20","year":"2001","journal-title":"Computers & Security"},{"key":"key2020120501164117800_ref057","volume-title":"A Beginner\u2019s Guide to Structural Equation Modeling","year":"2010","edition":"3rd ed."},{"key":"key2020120501164117800_ref058","doi-asserted-by":"crossref","first-page":"366","DOI":"10.1016\/j.cose.2013.09.002","article-title":"APFS: adaptive probabilistic filter scheduling against distributed denial-of-service attacks","volume":"39","year":"2013","journal-title":"Computers & Security"},{"key":"key2020120501164117800_B58a","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1016\/j.chb.2014.10.059","article-title":"Information disclosure on social networking sites: an intrinsic-extrinsic motivation perspective","volume":"44","year":"2015","journal-title":"Computers in Human Behavior"},{"key":"key2020120501164117800_B58b","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1016\/j.cose.2015.01.002","article-title":"Personality, attitudes, and intentions: predicting initial adoption of information security behavior","volume":"49","year":"2015","journal-title":"Computer & Security"},{"key":"key2020120501164117800_ref059","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1145\/502269.502302","article-title":"Acceptable internet use policy","volume":"45","year":"2002","journal-title":"CACM"},{"key":"key2020120501164117800_ref060","first-page":"317","article-title":"An ontology for network security attacks","volume-title":"Applied Computing","year":"2004"},{"issue":"4","key":"key2020120501164117800_ref061","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1007\/s40171-013-0047-4","article-title":"Information security management (ISM) practices: lessons from select cases from India and Germany","volume":"14","year":"2013","journal-title":"Global Journal of Flexible Systems Management"},{"issue":"3","key":"key2020120501164117800_ref063","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1057\/palgrave.ejis.3000537","article-title":"An analysis of the traditional information security approaches: implications for research and practice","volume":"14","year":"2005","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"key2020120501164117800_ref084","doi-asserted-by":"crossref","first-page":"387","DOI":"10.1111\/j.1365-2575.2004.00179.x","article-title":"Unauthorized copying of software and levels of moral development: a literature analysis and its implications for research and practice","volume":"14","year":"2004","journal-title":"Information Systems Journal"},{"issue":"2","key":"key2020120501164117800_ref062","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1016\/j.im.2013.08.006","article-title":"Employees\u2019 adherence to information security policies: an exploratory field study","volume":"51","year":"2014","journal-title":"Information & Management"},{"issue":"3","key":"key2020120501164117800_B63a","doi-asserted-by":"crossref","first-page":"463","DOI":"10.2307\/25750687","article-title":"Circuits of power: a study of mandated compliance to an information systems security de jure standard in a government organization","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"issue":"7","key":"key2020120501164117800_ref064","doi-asserted-by":"crossref","first-page":"296","DOI":"10.1016\/j.im.2011.07.002","article-title":"Out of fear or desire? toward a better understanding of employees\u2019 motivation to follow information security policies","volume":"48","year":"2011","journal-title":"Information Management"},{"key":"key2020120501164117800_ref065","unstructured":"Soo Hoo, K.J. (2000), \u201cHow much is enough: a risk management approach to computer security\u201d, working paper, Center for International Security and Cooperation, Stanford University, available at: http:\/\/cisac.stanford.edu\/publications\/how_much_is_enough__a_riskmanagement_approach_to_computer_security\/."},{"issue":"1","key":"key2020120501164117800_ref066","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2307\/249307","article-title":"Discovering and disciplining computer abuse in organizations: a field study","volume":"14","year":"1990","journal-title":"MIS Quarterly"},{"key":"key2020120501164117800_B66a","first-page":"19","article-title":"Security analysis of the German electronic health card\u2019s peripheral parts","year":"2009"},{"issue":"2","key":"key2020120501164117800_ref067","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1080\/01449290500330299","article-title":"Information systems security and human behaviour","volume":"26","year":"2007","journal-title":"Behaviour & Information Technology"},{"issue":"4","key":"key2020120501164117800_ref068","doi-asserted-by":"crossref","first-page":"263","DOI":"10.2753\/MIS0742-1222290410","article-title":"Using accountability to reduce access policy violations in information systems","volume":"29","year":"2013","journal-title":"Journal of Management Information Systems"},{"key":"key2020120501164117800_ref069","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1145\/506133.506136","article-title":"Internet security attacks at the basic levels","volume":"32","year":"1998","journal-title":"ACM SIGOPS - Operating Systems Review"},{"issue":"1","key":"key2020120501164117800_ref070","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/TNET.2006.890133","article-title":"Defense against spoofed IP traffic using hop-count filtering","volume":"15","year":"2007","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"key2020120501164117800_ref071","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2014.04.005","article-title":"A situation awareness model for information security risk management","volume":"44","year":"2014","journal-title":"Computers & Security"},{"issue":"1","key":"key2020120501164117800_ref072","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1108\/09685220910944722","article-title":"An integrated view of human, organizational, and technological challenges of IT security management","volume":"17","year":"2009","journal-title":"Information Management & Computer Security"},{"issue":"7","key":"key2020120501164117800_ref073","doi-asserted-by":"publisher","first-page":"584","DOI":"10.1016\/j.ijhcs.2009.03.002","article-title":"Security practitioners in context: their activities and interactions with other stakeholders within organizations","volume":"67","year":"2009","journal-title":"International Journal of Human-Computer Studies"},{"issue":"4","key":"key2020120501164117800_ref074","doi-asserted-by":"crossref","first-page":"304","DOI":"10.1016\/j.infoandorg.2006.08.001","article-title":"Understanding the perpetration of employee computer crime in the organisational context","volume":"16","year":"2006","journal-title":"Information and Organization"},{"issue":"2","key":"key2020120501164117800_ref075","doi-asserted-by":"publisher","first-page":"250","DOI":"10.1108\/13673271311315204","article-title":"Antecedents of organizational knowledge sharing: a meta-analysis and critique","volume":"17","year":"2013","journal-title":"Journal of Knowledge Management"},{"issue":"2","key":"key2020120501164117800_B75a","doi-asserted-by":"crossref","first-page":"180","DOI":"10.1177\/0022427803260263","article-title":"Does the perceived risk of punishment deter criminally prone individuals? Rational choice, self-control, and crime","volume":"41","year":"2004","journal-title":"Journal of Research in Crime and Delinquency"},{"issue":"4","key":"key2020120501164117800_ref076","doi-asserted-by":"crossref","first-page":"360","DOI":"10.1016\/j.ijinfomgt.2010.10.006","article-title":"Factors influencing information security management in small-and medium-sized enterprises: a case study from turkey","volume":"31","year":"2011","journal-title":"International Journal of Information Management"},{"issue":"4","key":"key2020120501164117800_ref077","doi-asserted-by":"crossref","first-page":"330","DOI":"10.1108\/09685220910993980","article-title":"Impact of perceived technical protection on security behaviors","volume":"17","year":"2009","journal-title":"Information Management & Computer Security"},{"key":"key2020120501164117800_ref078","volume-title":"Security Updates: The Upcoming Revision of ISO\/IEC 27001","year":"2014"},{"issue":"3","key":"key2020120501164117800_ref080","first-page":"918","article-title":"Institutional influences on information systems security innovations","volume":"23","year":"2012","journal-title":"Information Systems Research"},{"issue":"2","key":"key2020120501164117800_ref083","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1080\/10580530.2011.562127","article-title":"Information assurance and corporate strategy: a Delphi study of choices, challenges, and developments for the future","volume":"28","year":"2011","journal-title":"Information Systems Management"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2016-0054\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2016-0054\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:01Z","timestamp":1753406581000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/25\/5\/494-534\/189120"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,11,13]]},"references-count":95,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2017,11,13]]}},"alternative-id":["10.1108\/ICS-07-2016-0054"],"URL":"https:\/\/doi.org\/10.1108\/ics-07-2016-0054","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2017,11,13]]}}}