{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T15:48:28Z","timestamp":1781106508472,"version":"3.54.1"},"reference-count":38,"publisher":"IGI Global Scientific Publishing","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,4]]},"abstract":"<jats:p>This article describes how with information security steadily moving up on board room agendas, security programs are found to be under increasing scrutiny by practitioners. This level of attention by senior business leaders is new to many security professionals as their field has been of limited interest to non-executive directors so far. Currently, they have to regularly report on efficiency and value of their security capabilities whilst being measured against business priorities. Based on the Grounded Theory approach, the authors analysed the data gathered in a series of interviews with senior professionals in order to identify key factors in the context of information security investment decisions. The authors present detailed findings in context of a simplified framework that security practitioners can utilise for critical review or improvements of investment decisions in their own environments. Extensive details for each category as extracted through a qualitative data analysis are provided along with a category network analysis that highlights strong relationships within the framework.<\/jats:p>","DOI":"10.4018\/ijeis.2018040101","type":"journal-article","created":{"date-parts":[[2018,3,22]],"date-time":"2018-03-22T10:32:51Z","timestamp":1521714771000},"page":"1-20","source":"Crossref","is-referenced-by-count":8,"title":["Corporate Information Security Investment Decisions"],"prefix":"10.4018","volume":"14","author":[{"given":"Daniel","family":"Schatz","sequence":"first","affiliation":[{"name":"University of East London, London, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rabih","family":"Bashroush","sequence":"additional","affiliation":[{"name":"University of East London, London, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"IJEIS.2018040101-0","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2001.991552"},{"key":"IJEIS.2018040101-1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39498-0_12"},{"key":"IJEIS.2018040101-2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-38930-1_8"},{"key":"IJEIS.2018040101-3","unstructured":"Bin, S., Jia, Y., & Giri Kumar, T. (2008). Firm-level Resource Allocation to Information Security in the Presence of Financial Distress. Retrieved from http:\/\/ideas.repec.org\/p\/wsu\/wpaper\/yan-1.html"},{"key":"IJEIS.2018040101-4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-75227-1_1"},{"key":"IJEIS.2018040101-5","year":"2013","journal-title":"ISO\/IEC 27001 Information technology \u2013 Security techniques \u2013 Information security management systems \u2013 Requirements (ISO\/IEC 27001:2013)"},{"key":"IJEIS.2018040101-6","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222250211"},{"key":"IJEIS.2018040101-7","doi-asserted-by":"crossref","DOI":"10.4324\/9780203412497","author":"I.Dey","year":"2003","journal-title":"Qualitative data analysis: A user friendly guide for social scientists"},{"key":"IJEIS.2018040101-8","unstructured":"Drury, C. (2013). Management accounting for business (A. Cooke Ed., 5th ed.). Andover: Cengage Learning EMEA."},{"key":"IJEIS.2018040101-9","doi-asserted-by":"publisher","DOI":"10.4018\/jisp.2012070104"},{"key":"IJEIS.2018040101-10","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(95)00021-6"},{"key":"IJEIS.2018040101-11","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(97)84641-X"},{"key":"IJEIS.2018040101-12","doi-asserted-by":"crossref","unstructured":"Francke, H. H., & Blind, K. (1996). Information security in open communication networks: an economic issue? IT+TI Informationstechnik und Technische Informatik, 38(4), 38-41.","DOI":"10.1524\/itit.1996.38.4.38"},{"key":"IJEIS.2018040101-13","doi-asserted-by":"publisher","DOI":"10.1002\/sys.21236"},{"key":"IJEIS.2018040101-14","doi-asserted-by":"publisher","DOI":"10.1097\/00006199-196807000-00014"},{"key":"IJEIS.2018040101-15","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581274"},{"key":"IJEIS.2018040101-16","unstructured":"Hess, A. (2015). Inside the Sony Hack. Slate. Retrieved from http:\/\/www.slate.com\/articles\/technology\/users\/2015\/11\/sony_employees_on_the_hack_one_year_later.html"},{"key":"IJEIS.2018040101-17","unstructured":"Hoo, K. J. S. (2000). How Much Is Enough? A Risk-Management Approach to Computer Security."},{"key":"IJEIS.2018040101-18","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijpe.2012.06.022"},{"key":"IJEIS.2018040101-19","doi-asserted-by":"publisher","DOI":"10.1145\/2428556.2428563"},{"key":"IJEIS.2018040101-20","year":"2016","journal-title":"The ISF Standard of Good Practice for Information Security"},{"key":"IJEIS.2018040101-21","doi-asserted-by":"publisher","DOI":"10.1145\/2751957.2751976"},{"key":"IJEIS.2018040101-22","article-title":"Qualitative data analysis: An expanded sourcebook","author":"M. B.Miles","year":"1994","journal-title":"Sage (Atlanta, Ga.)"},{"key":"IJEIS.2018040101-23","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-02-2014-0016"},{"key":"IJEIS.2018040101-24","unstructured":"Moore, T., Dynes, S., & Chang, F. R. (2015). Identifying How Firms Manage Cybersecurity Investment. Retrieved from http:\/\/blog.smu.edu\/research\/files\/2015\/10\/SMU-IBM.pdf"},{"key":"IJEIS.2018040101-25","doi-asserted-by":"crossref","unstructured":"Neubauer, T., & Hartl, C. (2009, June 1-3). On the Singularity of Valuating IT Security Investments. Paper presented at the Eighth IEEE\/ACIS International Conference on Computer and Information Science ICIS \u201909.","DOI":"10.1109\/ICIS.2009.90"},{"key":"IJEIS.2018040101-26","doi-asserted-by":"publisher","DOI":"10.1108\/17410390810911195"},{"key":"IJEIS.2018040101-27","doi-asserted-by":"publisher","DOI":"10.1287\/inte.24.6.19"},{"key":"IJEIS.2018040101-28","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2013.01.001"},{"key":"IJEIS.2018040101-29","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-016-9648-8"},{"key":"IJEIS.2018040101-30","doi-asserted-by":"publisher","DOI":"10.1145\/2663876.2663882"},{"key":"IJEIS.2018040101-31","author":"A.Strauss","year":"1998","journal-title":"Basics of qualitative research"},{"key":"IJEIS.2018040101-32","unstructured":"Target Inc. (2013). response & resources related to Target's data breach. Retrieved from https:\/\/corporate.target.com\/about\/payment-card-issue.aspx"},{"key":"IJEIS.2018040101-33","doi-asserted-by":"publisher","DOI":"10.1257\/000282803321947001"},{"key":"IJEIS.2018040101-34","doi-asserted-by":"publisher","DOI":"10.1093\/intqhc\/mzm042"},{"key":"IJEIS.2018040101-35","unstructured":"V\u00e1zquez, D. F., Acosta, O. P., Spirito, C., Brown, S., & Reid, E. (2012, June 5-8). Conceptual framework for cyber defense information sharing within trust relationships. Paper presented at the 2012 4th International Conference on Cyber Conflict (CYCON 2012)."},{"issue":"1","key":"IJEIS.2018040101-36","first-page":"154","article-title":"Differing styles of on-site research, or\u201d If it isn\u2019t ethnography, what is it?","volume":"7","author":"H. F.Wolcott","year":"1982","journal-title":"Review Journal of Philosophy and Social Science"},{"key":"IJEIS.2018040101-37","doi-asserted-by":"publisher","DOI":"10.2307\/25148829"}],"container-title":["International Journal of Enterprise Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=203036","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T05:52:25Z","timestamp":1651816345000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJEIS.2018040101"}},"subtitle":["A Qualitative Data Analysis Approach"],"short-title":[],"issued":{"date-parts":[[2018,4]]},"references-count":38,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.4018\/ijeis.2018040101","relation":{},"ISSN":["1548-1115","1548-1123"],"issn-type":[{"value":"1548-1115","type":"print"},{"value":"1548-1123","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,4]]}}}