{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,25]],"date-time":"2026-06-25T11:07:45Z","timestamp":1782385665478,"version":"3.54.5"},"reference-count":88,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2022,2,9]],"date-time":"2022-02-09T00:00:00Z","timestamp":1644364800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2022,10,20]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>Boards of Directors and other organisational leaders make decisions about the information security governance systems to implement in their companies. The increasing number of cyber-breaches targeting businesses makes this activity inescapable. Recently, researchers have published comprehensive lists of recommended cyber measures, specifically to inform organisational boards. However, the young cybersecurity industry has still to confirm and refine these guidelines. As a starting point, it would be helpful for organisational leaders to know what other organisations are doing in terms of using these guidelines. In an ideal world, bespoke surveys would be developed to gauge adherence to guidelines, but this is not always feasible. What we often do have is data from existing cybersecurity surveys. The authors argue that such data could be repurposed to quantify adherence to existing information security guidelines, and this paper aims to propose, and test, an original methodology to do so.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>The authors propose a quantification mechanism to measure the degree of adherence to a set of published information security governance recommendations and guidelines targeted at organisational leaders. The authors test their quantification mechanism using a data set collected in a survey of 156 Italian companies on information security and privacy.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>The evaluation of the proposed mechanism appears to align with findings in the literature, indicating the validity of the present approach. An analysis of how different industries rank in terms of their adherence to the selected set of recommendations and guidelines confirms the usability of our repurposed data set to measure adherence.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>To the best of the authors\u2019 knowledge, a quantification mechanism as the one proposed in this study has never been proposed, and tested, in the literature. It suggests a way to repurpose survey data to determine the extent to which companies are implementing measures recommended by published cybersecurity guidelines. This way, the proposed mechanism responds to increasing calls for the adoption of research practices that minimise waste of resources and enhance research sustainability.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-08-2021-0112","type":"journal-article","created":{"date-parts":[[2022,2,8]],"date-time":"2022-02-08T06:41:03Z","timestamp":1644302463000},"page":"517-548","source":"Crossref","is-referenced-by-count":15,"title":["A quantification mechanism for assessing adherence to information security governance guidelines"],"prefix":"10.1108","volume":"30","author":[{"given":"Ivano","family":"Bongiovanni","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Karen","family":"Renaud","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Humphrey","family":"Brydon","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Renette","family":"Blignaut","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Angelo","family":"Cavallo","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"140","published-online":{"date-parts":[[2022,2,9]]},"reference":[{"issue":"3","key":"key2022102015354466500_ref001","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1080\/0144929X.2012.708787","article-title":"User preference of cyber security awareness delivery methods","volume":"33","year":"2014","journal-title":"Behaviour and Information Technology"},{"issue":"6","key":"key2022102015354466500_ref002","article-title":"A novel SETA-based gamification framework to raise cybersecurity awareness","volume":"13","year":"2021","journal-title":"International Journal of Information Technology"},{"key":"key2022102015354466500_ref003","article-title":"Boards of directors, corporate governance and cyber-risks: sharpening the focus","volume-title":"Cyber Risks and the Boardroom Conference","year":"2014"},{"issue":"3","key":"key2022102015354466500_ref004","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1080\/23742917.2019.1698178","article-title":"Challenges and performance metrics for security operations center analysts: a systematic review","volume":"4","year":"2020","journal-title":"Journal of Cyber Security Technology"},{"key":"key2022102015354466500_ref005","doi-asserted-by":"crossref","unstructured":"Aliyu, A., He, Y., Yevseyeva, I. and Luo, C. (2020), \u201cCyber security decision making informed by cyber threat intelligence (CYDETI): IEEE CNS 20 poster\u201d, Paper presented at the 2020 IEEE Conference on Communications and Network Security (CNS).","DOI":"10.1109\/CNS48642.2020.9162162"},{"key":"key2022102015354466500_ref006","article-title":"Structuring the chief information security officer organization","year":"2015"},{"key":"key2022102015354466500_ref007","doi-asserted-by":"crossref","first-page":"102003","DOI":"10.1016\/j.cose.2020.102003","article-title":"Developing cybersecurity culture to influence employee behavior: a practice perspective","volume":"98","year":"2020","journal-title":"Computers and Security"},{"key":"key2022102015354466500_ref008","article-title":"Resolving the cybersecurity data sharing paradox to scale up cybersecurity via a co-production approach towards data sharing","year":"2020"},{"key":"key2022102015354466500_ref009","first-page":"327","article-title":"That was close: reward reporting of cybersecurity near misses","volume":"16","year":"2017","journal-title":"Colo. Tech. LJ"},{"issue":"3","key":"key2022102015354466500_ref010","doi-asserted-by":"crossref","first-page":"7","DOI":"10.3917\/sim.173.0007","article-title":"CEOs\u2019 information security behavior in SMEs: does ownership matter?","volume":"22","year":"2017","journal-title":"Syst\u00e8mes D'information and Management"},{"issue":"26","key":"key2022102015354466500_ref011","doi-asserted-by":"publisher","DOI":"10.5897\/AJBM11.067","article-title":"Effectiveness of information security awareness methods based on psychological theories","volume":"5","year":"2011","journal-title":"African Journal of Business Management"},{"issue":"3","key":"key2022102015354466500_ref012","doi-asserted-by":"crossref","first-page":"481","DOI":"10.1108\/JIC-08-2019-0197","article-title":"Securing intellectual capital: an exploratory study in Australian universities","volume":"21","year":"2020","journal-title":"Journal of Intellectual Capital"},{"key":"key2022102015354466500_ref013","first-page":"3","volume-title":"Human Aspects of Information Security, Privacy and Trust","year":"2017"},{"issue":"2","key":"key2022102015354466500_ref014","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1109\/MITP.2016.27","article-title":"A framework for information security governance and management","volume":"18","year":"2016","journal-title":"IT Professional"},{"key":"key2022102015354466500_ref015","volume-title":"Cybersecurity for Information Professionals","year":"2020"},{"key":"key2022102015354466500_ref016","volume-title":"Cyber Security Meets Machine Learning","year":"2021"},{"issue":"1","key":"key2022102015354466500_ref017","first-page":"7","article-title":"Are cybersecurity professionals satisfied with recent cybersecurity graduates?","volume":"7","year":"2020","journal-title":"Journal of the Colloquium for Information Systems Security Education"},{"issue":"9","key":"key2022102015354466500_ref018","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1109\/MC.2013.448","article-title":"Cybersecurity standards: managing risk and creating resilience","volume":"47","year":"2014","journal-title":"Computer"},{"key":"key2022102015354466500_ref019","first-page":"115","article-title":"Training methods","volume-title":"Building a Cybersecurity Culture in Organizations: How to Bridge the Gap between People and Digital Technology","year":"2020"},{"key":"key2022102015354466500_ref020","doi-asserted-by":"crossref","unstructured":"Cyriac, N.T. and Sadath, L. (2019), \u201cIs cyber security enough-a study on big data security breaches in financial institutions\u201d, Paper presented at the 4th International Conference on Information Systems and Computer Networks (ISCON), Mathura, 21-22 November.","DOI":"10.1109\/ISCON47742.2019.9036294"},{"issue":"3","key":"key2022102015354466500_ref021","doi-asserted-by":"crossref","first-page":"240","DOI":"10.1108\/ICS-07-2016-0053","article-title":"Analysing information security in a bank using soft systems methodology","volume":"25","year":"2017","journal-title":"Information and Computer Security"},{"issue":"1","key":"key2022102015354466500_ref022","doi-asserted-by":"crossref","first-page":"67","DOI":"10.2307\/41166154","article-title":"Management's role in information security in a cyber economy","volume":"45","year":"2002","journal-title":"California Management Review"},{"key":"key2022102015354466500_ref023","first-page":"88","volume-title":"Advances in Human Factors in Cybersecurity","year":"2020"},{"key":"key2022102015354466500_ref024","volume-title":"Information Security Governance Simplified from the Boardroom to the Keyboard","year":"2012","edition":"1st ed."},{"issue":"5","key":"key2022102015354466500_ref025","first-page":"26","article-title":"Return on information security investments: myths vs. realities","volume":"84","year":"2002","journal-title":"Strategic Finance"},{"issue":"6","key":"key2022102015354466500_ref026","doi-asserted-by":"crossref","first-page":"547","DOI":"10.1093\/jamia\/ocz005","article-title":"Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system","volume":"26","year":"2019","journal-title":"Journal of the American Medical Informatics Association"},{"issue":"2","key":"key2022102015354466500_ref027","first-page":"91","article-title":"Operationalizing cybersecurity \u2013 framing efforts to secure US information systems","volume":"2","year":"2017","journal-title":"The Cyber Defense Review"},{"key":"key2022102015354466500_ref028","unstructured":"Graves, J. (2019), \u201cReactive vs. proactive cybersecurity: 5 reasons why traditional security no longer works\u201d, available at: www.fortinet.com\/blog\/industry-trends\/reactive-vs\u2013proactive-cybersecurity\u20135-reasons-why-traditional"},{"key":"key2022102015354466500_ref029","volume-title":"The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War","year":"2016"},{"issue":"4","key":"key2022102015354466500_ref030","doi-asserted-by":"publisher","first-page":"27","DOI":"10.12821\/ijispm040402","article-title":"A process framework for information security management","volume":"4","year":"2016","journal-title":"International Journal of Information Systems and Project Management"},{"issue":"4","key":"key2022102015354466500_ref031","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1080\/10919392.2019.1611528","article-title":"Enterprise cybersecurity training and awareness programs: recommendations for success","volume":"29","year":"2019","journal-title":"Journal of Organizational Computing and Electronic Commerce"},{"issue":"2","key":"key2022102015354466500_ref032","doi-asserted-by":"crossref","first-page":"437","DOI":"10.5465\/amj.2016.1091","article-title":"Boards as a source of inertia: examining the internal challenges and dynamics of boards of directors in times of environmental discontinuities","volume":"62","year":"2019","journal-title":"Academy of Management Journal"},{"key":"key2022102015354466500_ref033","unstructured":"Ilvonen, I. (2013), \u201cKnowledge security-a conceptual analysis\u201d, Tampere University, Tampere, Finland, available at: https:\/\/trepo.tuni.fi\/handle\/10024\/114659"},{"key":"key2022102015354466500_ref034","unstructured":"Institute of Directors New Zealand (2018), \u201cReporting cybersecurity to boards\u201d, available at: https:\/\/f.hubspotusercontent40.net\/hubfs\/2631546\/IoD-Reporting-cybersecurity-to-boards.pdf"},{"key":"key2022102015354466500_ref035","volume-title":"Information Security Governance: Guidance for Boards of Directors and Executive Management","author":"IT Governance Institute","year":"2006","edition":"2nd ed"},{"key":"key2022102015354466500_ref036","doi-asserted-by":"crossref","DOI":"10.2307\/j.ctv17f12pc","volume-title":"EU General Data Protection Regulation (GDPR) \u2013 an Implementation and Compliance Guide","author":"IT Governance Privacy Team","year":"2020","edition":"4th ed."},{"issue":"5","key":"key2022102015354466500_ref037","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1007\/s10796-007-9053-4","article-title":"Security as a contributor to knowledge management success","volume":"9","year":"2007","journal-title":"Information Systems Frontiers"},{"issue":"1","key":"key2022102015354466500_ref038","doi-asserted-by":"crossref","first-page":"107","DOI":"10.22364\/bjmc.2017.5.1.07","article-title":"High-level self-sustaining information security management framework","volume":"5","year":"2017","journal-title":"Baltic Journal of Modern Computing"},{"issue":"1","key":"key2022102015354466500_ref039","doi-asserted-by":"crossref","first-page":"103392","DOI":"10.1016\/j.im.2020.103392","article-title":"Data breach management: an integrated risk model","volume":"58","year":"2021","journal-title":"Information and Management"},{"key":"key2022102015354466500_ref040","doi-asserted-by":"crossref","first-page":"663","DOI":"10.1016\/j.cose.2017.08.001","article-title":"Persona-centred information security awareness","volume":"70","year":"2017","journal-title":"Computers and Security"},{"key":"key2022102015354466500_ref041","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3640515","article-title":"Across the pond: how U.S. Firms\u2019 boards of directors adapted to the passage of the GDPR","year":"2020","journal-title":"SSRN"},{"issue":"7","key":"key2022102015354466500_ref042","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1016\/j.cose.2009.07.001","article-title":"Information security policy: an organizational-level process model","volume":"28","year":"2009","journal-title":"Computers and Security"},{"key":"key2022102015354466500_ref043","first-page":"223","volume-title":"Advances in Human Factors in Cybersecurity","year":"2016"},{"key":"key2022102015354466500_ref044","doi-asserted-by":"crossref","first-page":"262","DOI":"10.1016\/j.cose.2018.03.011","article-title":"A review of standards with cybersecurity requirements for smart grid","volume":"77","year":"2018","journal-title":"Computers and Security"},{"issue":"9","key":"key2022102015354466500_ref045","article-title":"Ten simple rules to make your research more sustainable","volume":"16","year":"2020","journal-title":"PLoS Computational Biology"},{"issue":"6","key":"key2022102015354466500_ref046","article-title":"CAFISGO: a capability assessment framework for information security governance in organizations","volume":"12","year":"2017","journal-title":"Journal of Information Assurance Security"},{"issue":"3","key":"key2022102015354466500_ref047","first-page":"38","article-title":"DATA PRIVACY GOVERNANCE IN the AGE OF GDPR: a surge of new data protection regulations is forcing Canadian and U.S. companies to reassess how they process and safeguard personal information","volume":"66","year":"2019","journal-title":"Risk Management"},{"issue":"2","key":"key2022102015354466500_ref048","doi-asserted-by":"crossref","first-page":"122","DOI":"10.1108\/ICS-02-2014-0016","article-title":"Organizational objectives for information security governance: a value focused assessment","volume":"23","year":"2015","journal-title":"Information and Computer Security"},{"key":"key2022102015354466500_ref049","unstructured":"Moore, T. Dynes, S. and Chang, F. (2015), \u201cIdentifying how firms manage cybersecurity investment\u201d, 32, available at: https:\/\/cpb-us-w2.wpmucdn.com\/blog.smu.edu\/dist\/e\/97\/files\/2015\/10\/SMU-IBM.pdf"},{"issue":"2","key":"key2022102015354466500_ref050","doi-asserted-by":"crossref","first-page":"1361","DOI":"10.1109\/COMST.2017.2781126","article-title":"Optimal countermeasures selection against cyber attacks: a comprehensive survey on reaction frameworks","volume":"20","year":"2018","journal-title":"IEEE Communications Surveys and Tutorials"},{"issue":"1","key":"key2022102015354466500_ref051","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1108\/ICS-07-2016-0061","article-title":"A process model for implementing information systems security governance","volume":"26","year":"2018","journal-title":"Information and Computer Security"},{"issue":"10","key":"key2022102015354466500_ref052","first-page":"96","article-title":"Information technology and the board of directors","volume":"83","year":"2005","journal-title":"Harvard Business Review"},{"key":"key2022102015354466500_ref053","doi-asserted-by":"crossref","unstructured":"Park, H., Kim, S. and Lee, H.J. (2006), \u201cGeneral drawing of the integrated framework for security governance\u201d, Paper presented at the Knowledge-Based Intelligent Information and Engineering Systems, Berlin, Heidelberg.","DOI":"10.1007\/11892960_148"},{"issue":"8","key":"key2022102015354466500_ref054","doi-asserted-by":"crossref","first-page":"638","DOI":"10.1016\/j.cose.2004.10.006","article-title":"A framework for the governance of information security","volume":"23","year":"2004","journal-title":"Computers and Security"},{"key":"key2022102015354466500_ref055","volume-title":"Bridging the IT Confidence Gap (Abridged Version)","author":"PwC","year":"2012"},{"issue":"10","key":"key2022102015354466500_ref056","doi-asserted-by":"publisher","first-page":"2233","DOI":"10.1093\/comjnl\/bxu141","article-title":"ISGcloud: a security governance framework for cloud computing","volume":"58","year":"2015","journal-title":"The Computer Journal"},{"key":"key2022102015354466500_ref057","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1016\/j.infsof.2014.10.003","article-title":"Empirical evaluation of a cloud computing information security governance framework","volume":"58","year":"2015","journal-title":"Information and Software Technology"},{"key":"key2022102015354466500_ref058","unstructured":"Redmiles, E.M., Warford, N., Jayanti, A., Koneru, A., Kross, S., Morales, M., Stevens, R. and Mazurek, M.L. (2020), \u201cA comprehensive quality evaluation of security and privacy advice on the web\u201d, Paper presented at the 29th USENIX Security Symposium (USENIX Security 20), Boston, MA, 12-14 August."},{"key":"key2022102015354466500_ref059","unstructured":"Redseal (2016), \u201cThe rise of cyber-overconfidence in C-Suite\u201d, available at: www.redseal.net\/wp-content\/uploads\/2016\/12\/RedSeal-CEO-Survey-Executive-Summary.pdf"},{"key":"key2022102015354466500_ref060","volume-title":"Cyber-Risk Management","year":"2015","edition":"1st ed., 2015."},{"issue":"5","key":"key2022102015354466500_ref061","doi-asserted-by":"crossref","first-page":"621","DOI":"10.1108\/JIC-04-2019-0079","article-title":"How does intellectual capital align with cyber security?","volume":"20","year":"2019","journal-title":"Journal of Intellectual Capital"},{"key":"key2022102015354466500_ref062","doi-asserted-by":"crossref","first-page":"568","DOI":"10.1016\/j.procs.2017.11.075","article-title":"A comparison of cybersecurity risk analysis tools","volume":"121","year":"2017","journal-title":"Procedia Computer Science"},{"issue":"2","key":"key2022102015354466500_ref063","first-page":"12","article-title":"The board's role in managing cybersecurity risks","volume":"59","year":"2018","journal-title":"MIT Sloan Management Review"},{"key":"key2022102015354466500_ref064","volume-title":"Digital Asset Valuation and Cyber Risk Measurement: principles of Cybernomics","year":"2019"},{"key":"key2022102015354466500_ref065","doi-asserted-by":"publisher","article-title":"Information security governance in big data environments: a systematic mapping","year":"2018","DOI":"10.1016\/j.procs.2018.10.057"},{"issue":"5","key":"key2022102015354466500_ref066","doi-asserted-by":"crossref","first-page":"1205","DOI":"10.1007\/s10796-016-9648-8","article-title":"Economic valuation for information security investment: a systematic literature review","volume":"19","year":"2017","journal-title":"Information Systems Frontiers"},{"issue":"2","key":"key2022102015354466500_ref067","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/IJEIS.2018040101","article-title":"Corporate information security investment decisions: a qualitative data analysis approach","volume":"14","year":"2018","journal-title":"International Journal of Enterprise Information Systems"},{"issue":"2","key":"key2022102015354466500_ref068","doi-asserted-by":"crossref","first-page":"261","DOI":"10.1108\/ICS-02-2019-0033","article-title":"What do we know about information security governance?: \u2018from the basement to the boardroom\u2019: towards digital security governance","volume":"28","year":"2020","journal-title":"Information and Computer Security"},{"issue":"2","key":"key2022102015354466500_ref069","doi-asserted-by":"crossref","first-page":"138","DOI":"10.69554\/ARLA6266","article-title":"The cyber security threat stops in the boardroom","volume":"7","year":"2014","journal-title":"Journal of Business Continuity and Emergency Planning"},{"key":"key2022102015354466500_ref070","first-page":"25","volume-title":"e-Learning, e-Education, and Online Training","year":"2020"},{"issue":"2","key":"key2022102015354466500_ref071","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1145\/503345.503348","article-title":"Five dimensions of information security awareness","volume":"31","year":"2001","journal-title":"Computers and Society"},{"key":"key2022102015354466500_ref072","unstructured":"Sobers, R. (2021), \u201c134 cyber security statistics and trends for 2021\u201d, available at: www.varonis.com\/blog\/cybersecurity-statistics\/"},{"issue":"2","key":"key2022102015354466500_ref073","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1016\/j.ijinfomgt.2015.11.009","article-title":"Information security management needs more holistic approach: a literature review","volume":"36","year":"2016","journal-title":"International Journal of Information Management"},{"issue":"2","key":"key2022102015354466500_ref074","first-page":"225","article-title":"Fiddling on the roof: Recent developments in cybersecurity","volume":"2","year":"2013","journal-title":"American University Business Law Review"},{"key":"key2022102015354466500_ref075","volume-title":"Cyber Security Culture","year":"2013"},{"key":"key2022102015354466500_ref076","first-page":"3","volume-title":"Computer Security","year":"2020"},{"key":"key2022102015354466500_ref077","doi-asserted-by":"crossref","unstructured":"UK Government (2020), \u201cCyber security breaches survey 2020\u201d, available at: www.gov.uk\/government\/statistics\/cyber-security-breaches-survey-2020","DOI":"10.1016\/S1361-3723(20)30037-3"},{"issue":"4","key":"key2022102015354466500_ref078","doi-asserted-by":"crossref","first-page":"346","DOI":"10.1057\/jdg.2013.11","article-title":"The emerging role of the board of directors in enterprise business technology governance","volume":"10","year":"2013","journal-title":"International Journal of Disclosure and Governance"},{"issue":"9","key":"key2022102015354466500_ref079","doi-asserted-by":"crossref","first-page":"593","DOI":"10.1089\/cyber.2020.0526","article-title":"Successful gamification of cybersecurity training","volume":"24","year":"2021","journal-title":"Cyberpsychology, Behavior and Social Networking"},{"issue":"4","key":"key2022102015354466500_ref080","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1080\/10580530701586136","article-title":"An information security governance framework","volume":"24","year":"2007","journal-title":"Information Systems Management"},{"issue":"3","key":"key2022102015354466500_ref081","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1016\/j.cose.2006.03.004","article-title":"Information security \u2013 the fourth wave","volume":"25","year":"2006","journal-title":"Computers and Security"},{"issue":"1","key":"key2022102015354466500_ref082","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1108\/ICS-04-2017-0025","article-title":"Cybersecurity and information security\u2013what goes where?","volume":"26","year":"2018","journal-title":"Information and Computer Security"},{"issue":"7","key":"key2022102015354466500_ref083","doi-asserted-by":"crossref","first-page":"494","DOI":"10.1016\/j.cose.2006.08.013","article-title":"Information security governance: due care","volume":"25","year":"2006","journal-title":"Computers and Security"},{"key":"key2022102015354466500_ref084","volume-title":"Information Security Governance","year":"2008"},{"key":"key2022102015354466500_ref085","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ijhcs.2018.06.004","article-title":"Exploring susceptibility to phishing in the workplace","volume":"120","year":"2018","journal-title":"International Journal of Human-Computer Studies"},{"key":"key2022102015354466500_ref086","volume-title":"The Pentester Blueprint: starting a Career as an Ethical Hacker","year":"2021"},{"key":"key2022102015354466500_ref087","first-page":"66","article-title":"Human factors in cybersecurity: issues and challenges in big data","year":"2020","journal-title":"Security, Privacy, Forensics Issues in Big Data"},{"key":"key2022102015354466500_ref088","doi-asserted-by":"crossref","first-page":"555","DOI":"10.1002\/9781119245445.ch28","article-title":"Information technology and cyber security governance in a digital world","volume-title":"The Handbook of Board Governance","year":"2016"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2021-0112\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2021-0112\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:09Z","timestamp":1753406589000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/30\/4\/517-548\/107922"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,2,9]]},"references-count":88,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2022,2,9]]},"published-print":{"date-parts":[[2022,10,20]]}},"alternative-id":["10.1108\/ICS-08-2021-0112"],"URL":"https:\/\/doi.org\/10.1108\/ics-08-2021-0112","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,2,9]]}}}