{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T17:27:19Z","timestamp":1754155639629,"version":"3.41.2"},"reference-count":74,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2013,7,12]],"date-time":"2013-07-12T00:00:00Z","timestamp":1373587200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,7,12]]},"abstract":"Purpose<\/jats:title>The purpose of this study is to find out whether efforts to improve the information security of government agencies and homeland information security have paid off and also different incentives (internal\/external) impact s on the improvement of information security of the government agencies?<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>This study examines the information security status of 24 federal agencies in the USA over the period 2002 through 2007 using latent growth modeling. The information security status of these agencies was tracked with the grades revealed in the Federal Computer Security Report Cards. In addition, the number of employees (internal threat incentives) and budgets incentives of federal agencies were gathered from the agencies and other governmental websites for the same period of time.<\/jats:p><\/jats:sec>Findings<\/jats:title>Results indicated that high critical\u2010information agencies even though they have an overall low performance in information security, they are performing better than the low critical\u2010information agencies regarding solving external threats. Results also revealed that whereas agencies have generally paid more attention to information security over the years, their performances are more pertinent to change in budget incentives than other incentives.<\/jats:p><\/jats:sec>Research limitations\/implications<\/jats:title>The outcomes reported are confined to the data presented by the Federal Computer Security Report Cards. Another limitation is the number of employees that counts the total number of employees in the agencies whether they are related to the systems of the agencies or not. Finally, using a time\u2010lag analysis of budget to predict the current security score would be more straightforward, but this could not be applied in this study due to the insufficient sample size, as \u201cthe House Committee on Oversight and Government Reform\u201d no longer released the report cards after 2007.<\/jats:p><\/jats:sec>Practical implications<\/jats:title>The results should be of interest for the federal agencies that are included in this study, as well as for the organizations that are responsible for the information security of government agencies at different levels. Policy makers, IT managers, software developers and security specialists can also use the outcomes reported in this study for the better decision making that can enhance the information security in the public sector. The theoretical and methodological framework used in this study may also contribute to the current literature of homeland information security incentives and be helpful for future studies on its critical success factors.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>This study examines fundamental issues that have not yet to be established. To our knowledge, this is the first study that assesses different incentives that have an effect on the Federal agencies' information security performance because of the lack of data in this domain. Also, the statistical techniques used to test the research propositions fit the objective of the study. Not only this, but the results found in this research assure the importance of one of the incentives that has been identified in the literature as a crucial element that affects the information security performance of the organizations.<\/jats:p><\/jats:sec>","DOI":"10.1108\/imcs-04-2012-0022","type":"journal-article","created":{"date-parts":[[2013,7,25]],"date-time":"2013-07-25T14:13:46Z","timestamp":1374761626000},"page":"155-176","source":"Crossref","is-referenced-by-count":2,"title":["Push and pull effects of homeland information security incentives"],"prefix":"10.1108","volume":"21","author":[{"given":"Kai S.","family":"Koong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohammad I.","family":"Merhi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jun","family":"Sun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022031020180899500_b1","unstructured":"Acock, A.C. and Li, F. (1999), Latent Growth Curve Analysis: A Gentle Introduction, available at: http:\/\/oregonstate.edu\/dept\/hdfs\/papers\/lgcgeneral.pdf (accessed November 12, 2010)."},{"key":"key2022031020180899500_b2","unstructured":"Al\u2010Awadi, M. and Renaud, K. (2007), \u201cSuccess factors in information security implementation in organizations\u201d, IADIS International Conference e\u2010Society 2007, Lisbon, Portugal, pp. 169\u2010176."},{"key":"key2022031020180899500_b3","unstructured":"Anderson, R. (2001), \u201cWhy information security is hard: an economic perspective\u201d, Proceedings of the 17th Annual Computer Security Applications Conference, New Orleans, LA, pp. 358\u2010365."},{"key":"key2022031020180899500_b4","doi-asserted-by":"crossref","unstructured":"Anderson, R. and Moore, T. (2006), \u201cThe economics of information security\u201d, Science, Vol. 314 No. 610, pp. 610\u2010613.","DOI":"10.1126\/science.1130992"},{"key":"key2022031020180899500_b5","doi-asserted-by":"crossref","unstructured":"Anderson, R., Moore, T., Nagaraja, S. and Ozment, A. (2007), \u201cIncentives and information security\u201d, in Nisan, N., Roughgarden, T., Tardos, E. and Vazirani, V.V. (Eds), Algorithmic Game Theory, Cambridge University Press, New York, NY, pp. 633\u2010650.","DOI":"10.1017\/CBO9780511800481.027"},{"key":"key2022031020180899500_b6","doi-asserted-by":"crossref","unstructured":"Baskerville, R. and Siponen, M. (2002), \u201cAn information security meta\u2010policy for emergent organizations\u201d, Logistics Information Management, Vol. 15 Nos 5\/6, pp. 337\u2010346.","DOI":"10.1108\/09576050210447019"},{"key":"key2022031020180899500_b7","unstructured":"Bjorck, F. (2002), \u201cImplementing information security management systems \u2013 an empirical study of critical success factors\u201d, available at: http:\/\/people.dsv.su.se\/\u02dcbjorck\/files\/success\u2010factors.pdf."},{"key":"key2022031020180899500_b8","doi-asserted-by":"crossref","unstructured":"Bulgurcu, B., Cavusoglu, H. and Benbasat, I. (2010), \u201cInformation security policy compliance: an empirical study of rationality\u2010based beliefs and information security awareness\u201d, MIS Quarterly, Vol. 34 No. 3, pp. 523\u2010548.","DOI":"10.2307\/25750690"},{"key":"key2022031020180899500_b9","doi-asserted-by":"crossref","unstructured":"Chakrabarti, A. and Manimaran, G. (2002), \u201cInternet infrastructure security: a taxonomy\u201d, IEEE Network, Vol. 16 No. 6, pp. 13\u201021.","DOI":"10.1109\/MNET.2002.1081761"},{"key":"key2022031020180899500_b10","doi-asserted-by":"crossref","unstructured":"Chen, Y.\u2010S., Chong, P.P. and Zhang, B. (2004), \u201cCyber security management and e\u2010government\u201d, Electronic Government: An International Journal, Vol. 1 No. 3, pp. 316\u2010327.","DOI":"10.1504\/EG.2004.005555"},{"key":"key2022031020180899500_b11","unstructured":"Condon, S. (2008), \u201cGovernment elaborates, slightly, on cybersecurity plan\u201d, CNET News, available at: http:\/\/news.cnet.com\/8301\u201013578_3\u201010041899\u201038.html (accessed November 3, 2009)."},{"key":"key2022031020180899500_b12","doi-asserted-by":"crossref","unstructured":"D'Arcy, J., Hovav, A. and Galletta, D. (2009), \u201cUser awareness of security countermeasures and its impact on information systems misuse: a deterrence approach\u201d, Information Systems Research, Vol. 20 No. 1, pp. 79\u201098.","DOI":"10.1287\/isre.1070.0160"},{"key":"key2022031020180899500_b13","unstructured":"Davis, T. (2007), Seventh Report Card on Computer Security at Federal Departments and Agencies, available at: www.coact.com\/FISMA\/FISMA_FY2006_ReportCard.pdf (accessed December 13, 2010)."},{"key":"key2022031020180899500_b14","unstructured":"Davis, T. (2008), Seventh Report Card on Computer Security at Federal Departments and Agencies, available at: www.coact.com\/FISMA\/FISMA_FY2007_ReportCard.pdf (accessed December 13, 2010)."},{"key":"key2022031020180899500_b15","unstructured":"Devaraj, S. and Kohli, R. (2002), The IT Payoff: Measuring the Business Value of Information Technology Investments, Financial Times Prentice\u2010Hall Books, Upper Saddle River, NJ."},{"key":"key2022031020180899500_b16","doi-asserted-by":"crossref","unstructured":"Dinnie, G. (1999), \u201cThe second annual global information security survey\u201d, Information Management & Computer Security, Vol. 7 No. 3, pp. 112\u2010120.","DOI":"10.1108\/09685229910693812"},{"key":"key2022031020180899500_b17","doi-asserted-by":"crossref","unstructured":"Dlamini, M.T., Eloff, J.H.P. and Eloff, M.M. (2009), \u201cInformation security: the moving target\u201d, Computers & Security, Vol. 29 Nos 3\/4, pp. 189\u2010198.","DOI":"10.1016\/j.cose.2008.11.007"},{"key":"key2022031020180899500_b18","doi-asserted-by":"crossref","unstructured":"Duncan, T.E. and Duncan, S.C. (2004), \u201cAn introduction to latent growth curve modeling\u201d, Behavior Therapy, Vol. 35 No. 2, pp. 333\u2010363.","DOI":"10.1016\/S0005-7894(04)80042-X"},{"key":"key2022031020180899500_b19","doi-asserted-by":"crossref","unstructured":"Farn, K.\u2010J., Lin, S.\u2010K. and Lo, C.\u2010C. (2008), \u201cA study on e\u2010Taiwan information system security classification and implementation\u201d, Computer Standards & Interfaces, Vol. 30 Nos 1\/2, pp. 1\u20107.","DOI":"10.1016\/j.csi.2007.07.001"},{"key":"key2022031020180899500_b20","doi-asserted-by":"crossref","unstructured":"Furnell, S.M. and Warren, M.J. (1999), \u201cComputer hacking and cyber terrorism: the real threats in the new millennium?\u201d, Computers & Security, Vol. 18 No. 1, pp. 28\u201034.","DOI":"10.1016\/S0167-4048(99)80006-6"},{"key":"key2022031020180899500_b21","unstructured":"GAO (2004), Critical Infrastructure Protection Challenges and Efforts to Secure Control Systems, Government Accountability Office, Washington, DC, available at: www.gao.gov\/new.items\/d04354.pdf (accessed February 15, 2011)."},{"key":"key2022031020180899500_b22","unstructured":"GAO (2009a), Cybersecurity: Continued Efforts are Needed to Protect Information Systems from Evolving Threats, Government Accountability Office, Washington, DC, available at: www.gao.gov\/new.items\/d10230t.pdf (accessed February 17, 2011)."},{"key":"key2022031020180899500_b23","unstructured":"GAO (2009b), Information Security, Cyber Threats and Vulnerabilities Place Federal Systems at Risk, Government Accountability Office, Washington, DC, available at: www.gao.gov\/new.items\/d09661t.pdf (accessed February 15, 2011)."},{"key":"key2022031020180899500_b24","unstructured":"GAO (2012), Cybersecurity Threats Impacting the Nation, Government Accountability Office, Washington, DC, available at: www.gao.gov\/assets\/600\/590367.pdf (accessed June 13, 2012)."},{"key":"key2022031020180899500_b26","doi-asserted-by":"crossref","unstructured":"Garrison, C.P. and Ncube, M. (2011), \u201cA longitudinal analysis of data breaches\u201d, Information Management & Computer Security, Vol. 19 No. 4, pp. 216\u2010230.","DOI":"10.1108\/09685221111173049"},{"key":"key2022031020180899500_b27","unstructured":"Gartenberg, M. (2004), \u201cThe federal computer security card: lessons from Uncle Sam\u201d, Computer World, available at: www.computerworld.com\/s\/article\/91899\/The_federal_computer_security_report_card_Lessons_from_Uncle_Sam?taxonomyId=17&pageNumber=3 (accessed January 12, 2011)."},{"key":"key2022031020180899500_b28","doi-asserted-by":"crossref","unstructured":"Gordon, L.A. and Loeb, M.P. (2002), \u201cThe economics of information security investment\u201d, ACM Transactions on Information and Systems Security, Vol. 5 No. 4, pp. 428\u2010457.","DOI":"10.1145\/581271.581274"},{"key":"key2022031020180899500_b29","doi-asserted-by":"crossref","unstructured":"Granado, N. and White, G. (2008), \u201cCyber security and government fusion centers\u201d, Proceedings of the 41st Annual Hawaii International Conference on Systems Sciences, Waikoloa, Big Island, HI, pp. 1\u20109.","DOI":"10.1109\/HICSS.2008.111"},{"key":"key2022031020180899500_b30","doi-asserted-by":"crossref","unstructured":"Gupta, A. and Hammond, R. (2005), \u201cInformation systems security issues and decisions for small businesses: an empirical examination\u201d, Information Management & Computer Security, Vol. 13 No. 4, pp. 297\u2010310.","DOI":"10.1108\/09685220510614425"},{"key":"key2022031020180899500_b31","doi-asserted-by":"crossref","unstructured":"Hall, J.H., Sarkani, S. and Mazzuchi, T.A. (2011), \u201cImpacts of organizational capabilities in information security\u201d, Information Management & Computer Security, Vol. 19 No. 3, pp. 155\u2010176.","DOI":"10.1108\/09685221111153546"},{"key":"key2022031020180899500_b32","doi-asserted-by":"crossref","unstructured":"Haugen, S. (2005), \u201cE\u2010government, cyber\u2010crime and cyber\u2010terrorism: a population at risk\u201d, Electronic Government: An International Journal, Vol. 2 No. 4, pp. 403\u2010412.","DOI":"10.1504\/EG.2005.008331"},{"key":"key2022031020180899500_b33","unstructured":"Hoover, J.N. (2009), \u201cPentagon creating cyber warfare command\u201d, Information Week, available at: www.informationweek.com\/news\/government\/technology\/showArticle.jhtml?articleID=217000202&pgno=1&queryText=&isPrev= (accessed December 12, 2011)."},{"key":"key2022031020180899500_b34","doi-asserted-by":"crossref","unstructured":"Jurison, J. (1996), \u201cToward more effective management of information technology benefits\u201d, Journal of Strategic Information Systems, Vol. 5 No. 4, pp. 263\u2010274.","DOI":"10.1016\/S0963-8687(96)80029-1"},{"key":"key2022031020180899500_b35","doi-asserted-by":"crossref","unstructured":"Kankanhalli, A., Teo, H., Tan, B. and Wei, K. (2003), \u201cAn integrative study of information systems security effectiveness\u201d, International Journal of Information Management, Vol. 23 No. 2, pp. 139\u2010154.","DOI":"10.1016\/S0268-4012(02)00105-6"},{"key":"key2022031020180899500_b36","doi-asserted-by":"crossref","unstructured":"Kapodistria, H., Mitropoulos, S. and Douligeris, C. (2011), \u201cAn advanced web attack detection and prevention tool\u201d, Information Management & Computer Security, Vol. 19 No. 5, pp. 280\u2010299.","DOI":"10.1108\/09685221111188584"},{"key":"key2022031020180899500_b37","doi-asserted-by":"crossref","unstructured":"Kemmerer, R.A. (2003), \u201cCybersecurity\u201d, Proceedings of the 25th International Conference on Software Engineering (ICSE'03), Portland, OR, pp. 705\u2010715.","DOI":"10.1109\/ICSE.2003.1201257"},{"key":"key2022031020180899500_b38","doi-asserted-by":"crossref","unstructured":"Kisswani, N.M. and Al\u2010Bakri, A.A. (2010), \u201cSecurity, ethics and electronic commerce systems: cybercrime and the need for information sharing security\u201d, International Journal of Liability and Scientific Enquiry, Vol. 3 No. 3, pp. 225\u2010237.","DOI":"10.1504\/IJLSE.2010.033357"},{"key":"key2022031020180899500_b39","doi-asserted-by":"crossref","unstructured":"Kjaerland, M. (2006), \u201cA taxonomy and comparison of computer security incidents from the commercial and government sectors\u201d, Computers & Security, Vol. 25 No. 7, pp. 522\u2010538.","DOI":"10.1016\/j.cose.2006.08.004"},{"key":"key2022031020180899500_b40","unstructured":"Kline, R.B. (1998), Principles and Practice of Structural Equation Modeling, The Guilford Press, New York, NY."},{"key":"key2022031020180899500_b41","doi-asserted-by":"crossref","unstructured":"Knapp, K.J., Morris, R.F., Marshall, T.E. and Byrd, T.A. (2009), \u201cInformation security policy: an organizational level process model\u201d, Computers & Security, Vol. 28 No. 7, pp. 493\u2010508.","DOI":"10.1016\/j.cose.2009.07.001"},{"key":"key2022031020180899500_b42","doi-asserted-by":"crossref","unstructured":"Ku, C.\u2010Y., Chang, Y.\u2010W. and Yen, D.C. (2009), \u201cNational information security policy and its implementation: a case study in Taiwan\u201d, Telecommunications Policy, Vol. 33 No. 7, pp. 371\u2010384.","DOI":"10.1016\/j.telpol.2009.03.002"},{"key":"key2022031020180899500_b43","doi-asserted-by":"crossref","unstructured":"Lee, S. and Kim, S.H. (2006), \u201cA lag effect of it investment on firm performance\u201d, Information Resources Management Journal, Vol. 19 No. 1, pp. 43\u201069.","DOI":"10.4018\/irmj.2006010103"},{"key":"key2022031020180899500_b44","unstructured":"Lewis, J.A. (2002), Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats, Center for Strategic and International Studies, Washington, DC, available at: www.csis.org\/tech\/0211_lewis.pdf (accessed June 17, 2011)."},{"key":"key2022031020180899500_b45","doi-asserted-by":"crossref","unstructured":"Loch, K.D., Carr, H.H. and Warkentin, M.E. (1992), \u201cThreats to information systems: today's reality, yesterday's understanding\u201d, MIS Quarterly, Vol. 16 No. 2, pp. 173\u2010186.","DOI":"10.2307\/249574"},{"key":"key2022031020180899500_b46","unstructured":"Lu, Y., Polgar, M., Luo, X. and Cao, Y. (2010), \u201cSocial network analysis of a criminal hacker community\u201d, Journal of Computer Information Systems, Vol. 51 No. 2, pp. 31\u201041."},{"key":"key2022031020180899500_b51","unstructured":"McCullagh, D. (2009a), \u201cA cybersecurity quiz: can you tell Obama from Bush?\u201d, CNET News, available at: http:\/\/news.cnet.com\/8301\u201013578_3\u201010252263\u201038.html (accessed November 3, 2009)."},{"key":"key2022031020180899500_b52","unstructured":"McCullagh, D. (2009b), \u201cObama on cybersecurity: we're not that prepared\u201d, CNET News, available at: http:\/\/news.cnet.com\/8301\u201013578_3\u201010252154\u201038.html (accessed November 3, 2009)."},{"key":"key2022031020180899500_b47","doi-asserted-by":"crossref","unstructured":"MacCallum, R. and Austin, J.T. (2000), \u201cApplications of structural equation modeling in psychological research\u201d, Annual Review of Psychology, Vol. 51, pp. 201\u2010226.","DOI":"10.1146\/annurev.psych.51.1.201"},{"key":"key2022031020180899500_b48","unstructured":"Matsuura, K. (2003), \u201cInformation security and economics in computer networks: an interdisciplinary survey and a proposal of integrated optimization of investment\u201d, Proceedings of the 9th International Conference of Computing in Economics and Finance (CEF 2003), Seattle, Washington, DC, pp. 1\u201013."},{"key":"key2022031020180899500_b49","doi-asserted-by":"crossref","unstructured":"Maughan, D. (2010), \u201cInside risks, the need for a national cybersecurity research and development agenda\u201d, Communications of the ACM, Vol. 53 No. 2, pp. 29\u201031.","DOI":"10.1145\/1646353.1646365"},{"key":"key2022031020180899500_b50","doi-asserted-by":"crossref","unstructured":"May, P.J., Sapotichne, J. and Workman, S. (2009), \u201cWidespread policy disruption: terrorism, public risks, and homeland security\u201d, The Policy Studies Journal, Vol. 37 No. 2, pp. 171\u2010194.","DOI":"10.1111\/j.1541-0072.2009.00309.x"},{"key":"key2022031020180899500_b54","doi-asserted-by":"crossref","unstructured":"Palanisamy, R. (2004), \u201cIssues and challenges in e\u2010governance planning\u201d, Electronic Government: An International Journal, Vol. 1 No. 3, pp. 253\u2010272.","DOI":"10.1504\/EG.2004.005551"},{"key":"key2022031020180899500_b55","doi-asserted-by":"crossref","unstructured":"Patel, A., Qassim, Q. and Wills, C. (2010), \u201cA survey of intrusion detection and prevention systems\u201d, Information Management & Computer Security, Vol. 18 No. 4, pp. 277\u2010290.","DOI":"10.1108\/09685221011079199"},{"key":"key2022031020180899500_b56","doi-asserted-by":"crossref","unstructured":"Pfleeger, S.L. and Rue, R. (2008), \u201cCybersecurity economic issues: clearing the path to good practice\u201d, IEEE Software, Vol. 25 No. 1, pp. 35\u201042.","DOI":"10.1109\/MS.2008.4"},{"key":"key2022031020180899500_b57","doi-asserted-by":"crossref","unstructured":"Predd, J., Pfleeger, S.L., Hunker, J. and Bulford, C. (2008), \u201cInsiders behaving badly\u201d, IEEE Security & Privacy, Vol. 6 No. 4, pp. 66\u201070.","DOI":"10.1109\/MSP.2008.87"},{"key":"key2022031020180899500_b58","doi-asserted-by":"crossref","unstructured":"Quinn, J.B. and Baily, M.N. (1994), \u201cInformation technology: increasing productivity in services\u201d, Academy of Management Executive, Vol. 8 No. 3, pp. 28\u201051.","DOI":"10.5465\/ame.1994.9503101167"},{"key":"key2022031020180899500_b59","unstructured":"Richardson, R. (2009), 14th Annual CSI Computer Crime and Security Survey, available at: http:\/\/gocsi.com\/sites\/default\/files\/pdf_survey\/CSI%20Survey%202009%20Comprehensive%20Edition.pdf (accessed February 23, 2012)."},{"key":"key2022031020180899500_b60","unstructured":"Ridgon, E.E. (1998), Modern Methods for Business Research, Lawrence Erlbaum Associates, Mahwah, NJ, pp. 251\u2010294."},{"key":"key2022031020180899500_b61","unstructured":"Rosenbach, E. and Peritz, A.J. (2009), \u201cCyber security and the intelligence community\u201d, available at: http:\/\/belfercenter.ksg.harvard.edu\/publication\/19158\/cyber_security_and_the_intelligence_community.html (accessed March 20, 2010)."},{"key":"key2022031020180899500_b62","doi-asserted-by":"crossref","unstructured":"Shafer, S.M. and Byrd, T.A. (2000), \u201cA framework for measuring the efficiency of organizational investments in information technology using data envelopment analysis\u201d, Omega, Vol. 28 No. 2, pp. 125\u2010141.","DOI":"10.1016\/S0305-0483(99)00039-0"},{"key":"key2022031020180899500_b63","unstructured":"Shropshire, J.D., Warkentin, M. and Johnston, A.C. (2010), \u201cImpact of negative message framing on security adoption\u201d, Journal of Computer Information Systems, Vol. 51 No. 1, pp. 41\u201051."},{"key":"key2022031020180899500_b64","doi-asserted-by":"crossref","unstructured":"Smith, A.D. (2005), \u201cIdentity theft as a threat to CRM and e\u2010commerce\u201d, Electronic Government: An International Journal, Vol. 2 No. 2, pp. 219\u2010246.","DOI":"10.1504\/EG.2005.007096"},{"key":"key2022031020180899500_b66","doi-asserted-by":"crossref","unstructured":"Stanton, J.M., Stam, R.K., Mastrangelo, P. and Jolton, J. (2005), \u201cAnalysis of end user security behaviors\u201d, Computers & Security, Vol. 24 No. 2, pp. 124\u2010133.","DOI":"10.1016\/j.cose.2004.07.001"},{"key":"key2022031020180899500_b67","doi-asserted-by":"crossref","unstructured":"Straub, D. and Welke, R. (1998), \u201cCoping with systems risk: security planning models for management decision making\u201d, MIS Quarterly, Vol. 22 No. 4, pp. 441\u2010469.","DOI":"10.2307\/249551"},{"key":"key2022031020180899500_b68","doi-asserted-by":"crossref","unstructured":"Tanaka, H., Matsuura, K. and Sudoh, O. (2005), \u201cVulnerability and information security investment: an empirical analysis of e\u2010local government in Japan\u201d, Journal of Accounting and Public Policy, Vol. 24 No. 1, pp. 37\u201059.","DOI":"10.1016\/j.jaccpubpol.2004.12.003"},{"key":"key2022031020180899500_b70","doi-asserted-by":"crossref","unstructured":"Vlachos, V., Minou, M., Assimakopouos, V. and Toska, A. (2011), \u201cThe landscape of cybercrime in Greece\u201d, Information Management & Computer Security, Vol. 19 No. 2, pp. 113\u2010123.","DOI":"10.1108\/09685221111143051"},{"key":"key2022031020180899500_b71","doi-asserted-by":"crossref","unstructured":"Vroom, C. and von Solms, R. (2004), \u201cTowards information security behavioural compliance\u201d, Computers & Security, Vol. 23 No. 3, pp. 191\u2010198.","DOI":"10.1016\/j.cose.2004.01.012"},{"key":"key2022031020180899500_b73","doi-asserted-by":"crossref","unstructured":"Warkentin, M. and Willison, R. (2009), \u201cBehavioral and policy issues in information systems security: the insider threat\u201d, European Journal of Information Systems, Vol. 18 No. 2, pp. 101\u2010105.","DOI":"10.1057\/ejis.2009.12"},{"key":"key2022031020180899500_b72","unstructured":"Warkentin, M., Carter, L. and McBride, M.E. (2011), \u201cExploring the role of individual employee characteristics and personality on employee compliance with cyber security policies\u201d, paper presented at the 2011 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11\/WG11.13, available at: http:\/\/ifip.byu.edu\/2011\/Warkentin%20et%20al.%20Employee%20Characteristics.pdf."},{"key":"key2022031020180899500_b69","unstructured":"(The) White House (2003), The National Strategy to Secure Cyberspace, The White House, Washington, DC, available at: www.whitehouse.gov\/pcipb\/cyberspace_strategy.pdf (accessed November 3, 2010)."},{"key":"key2022031020180899500_frd1","unstructured":"Garamone, J. (2010), Cybercom Chief Details Cyberspace Defense, available at: www.defense.gov\/news\/newsarticle.aspx?id=60987 (accessed March 22, 2011)."},{"key":"key2022031020180899500_frd2","unstructured":"Oltsik, J. (2009), \u201cA busy cybersecurity week in Washington\u201d, CNET News, available at: http:\/\/news.cnet.com\/8301\u20101009_3\u201010187101\u201083.html (accessed November 3, 2009)."},{"key":"key2022031020180899500_frd3","doi-asserted-by":"crossref","unstructured":"Smith, A.D. (2007), \u201cEstablishing standards for wireless security in a security\u2010conscious world\u201d, International Journal of Services and Standards, Vol. 3 No. 3, pp. 263\u2010276.","DOI":"10.1504\/IJSS.2007.013748"},{"key":"key2022031020180899500_frd4","doi-asserted-by":"crossref","unstructured":"Williams, P.A.H. (2008), \u201cIn a \u2018trusting\u2019 environment, everyone is responsible for information security\u201d, Information Security Technical Report, Vol. 13 No. 4, pp. 207\u2010215.","DOI":"10.1016\/j.istr.2008.10.009"}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/IMCS-04-2012-0022","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-04-2012-0022\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-04-2012-0022\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T21:50:45Z","timestamp":1753393845000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/21\/3\/155-176\/181052"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,7,12]]},"references-count":74,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,7,12]]}},"alternative-id":["10.1108\/IMCS-04-2012-0022"],"URL":"https:\/\/doi.org\/10.1108\/imcs-04-2012-0022","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2013,7,12]]}}}