{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T08:41:43Z","timestamp":1651826503135},"reference-count":81,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,10]]},"abstract":"<jats:p>Data is rapidly becoming one of the most important assets in global markets, and criminals are spotting opportunities to exploit new potential income sources. In response to this, organizations are dedicating increasing resources to information security programs. However, faced with unrelenting breach reports and rising costs, decision makers inevitably wonder which type of security investment is economically viable. In this article, the authors present an empirically tested model describing the underlying key constructs for assessing information security value in an organization. Based on identified latent variables previously put forward in the literature, the authors use a partial least squares structural equation modeling approach to verify the model's soundness. They identify five crucial variables for value-focused information security investment. The relationships among these latent variables are then investigated and contributions of the structural model assessed. The key findings are finally presented to highlight opportunities for security practitioners to apply the proposed model.<\/jats:p>","DOI":"10.4018\/ijsds.2018100104","type":"journal-article","created":{"date-parts":[[2018,9,28]],"date-time":"2018-09-28T18:18:13Z","timestamp":1538158693000},"page":"47-69","source":"Crossref","is-referenced-by-count":1,"title":["A Structural Model Approach for Assessing Information Security Value in Organizations"],"prefix":"10.4018","volume":"9","author":[{"given":"Daniel","family":"Schatz","sequence":"first","affiliation":[{"name":"University of East London, London, UK"}]},{"given":"Rabih","family":"Bashroush","sequence":"additional","affiliation":[{"name":"University of East London, London, UK"}]}],"member":"2432","reference":[{"key":"IJSDS.2018100104-0","doi-asserted-by":"publisher","DOI":"10.1088\/1742-6596\/890\/1\/012163"},{"key":"IJSDS.2018100104-1","doi-asserted-by":"publisher","DOI":"10.1109\/MWSCAS.2003.1562323"},{"key":"IJSDS.2018100104-2","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2001.991552"},{"key":"IJSDS.2018100104-3","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.11"},{"key":"IJSDS.2018100104-4","unstructured":"Baryshnikov, Y. (2012). IT Security Investment and Gordon-Loeb's 1\/e Rule. Paper presented at the WEIS."},{"key":"IJSDS.2018100104-5","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2001.11045660"},{"key":"IJSDS.2018100104-6","doi-asserted-by":"publisher","DOI":"10.3758\/s13428-011-0081-0"},{"key":"IJSDS.2018100104-7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-75227-1_1"},{"key":"IJSDS.2018100104-8","doi-asserted-by":"publisher","DOI":"10.1016\/0960-2593(95)90080-2"},{"key":"IJSDS.2018100104-9","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2008.02.002"},{"key":"IJSDS.2018100104-10","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2008.295"},{"key":"IJSDS.2018100104-11","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222250211"},{"key":"IJSDS.2018100104-12","author":"M.Cremonini","year":"2005","journal-title":"Evaluating information security investments from attackers perspective: the return-on-attack"},{"key":"IJSDS.2018100104-13","author":"J. W.Creswell","year":"2013","journal-title":"Research design: Qualitative, quantitative, and mixed methods approaches"},{"key":"IJSDS.2018100104-14","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(05)70301-9"},{"key":"IJSDS.2018100104-15","doi-asserted-by":"publisher","DOI":"10.2307\/249008"},{"key":"IJSDS.2018100104-16","unstructured":"Dethlefs, R. (2015). How cyber attacks became more profitable than the drug trade. Fortune. Retrieved from http:\/\/fortune.com\/2015\/05\/01\/how-cyber-attacks-became-more-profitable-than-the-drug-trade\/"},{"key":"IJSDS.2018100104-17","doi-asserted-by":"publisher","DOI":"10.1145\/341852.341877"},{"key":"IJSDS.2018100104-18","doi-asserted-by":"publisher","DOI":"10.1111\/j.1365-2575.2006.00219.x"},{"key":"IJSDS.2018100104-19","doi-asserted-by":"publisher","DOI":"10.2307\/41166154"},{"key":"IJSDS.2018100104-20","unstructured":"European Network and Information Security Agency. (2012). Introduction to Return on Security Investment. Retrieved from https:\/\/www.enisa.europa.eu\/activities\/cert\/other-work\/introduction-to-return-on-security-investment"},{"key":"IJSDS.2018100104-21","unstructured":"Ferrara, E. (2013). Determine The Value Of Information Security Assets And Liabilities \u2014 Information Security Economics 102. Retrieved from http:\/\/www.forrester.com\/Determine+The+Value+Of+Information+Security+Assets+And+Liabilities+8212+Information+Security+Economics+102\/fulltext\/-\/E-RES94861"},{"key":"IJSDS.2018100104-22","doi-asserted-by":"crossref","unstructured":"Fielder, A., Panaousis, E. A., Malacaria, P., Hankin, C., & Smeraldi, F. (2015). Comparing Decision Support Approaches for Cyber Security Investment.","DOI":"10.1016\/j.dss.2016.02.012"},{"key":"IJSDS.2018100104-23","doi-asserted-by":"publisher","DOI":"10.1093\/biomet\/61.1.101"},{"key":"IJSDS.2018100104-24","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4020-6268-1_30"},{"key":"IJSDS.2018100104-25","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581274"},{"issue":"5","key":"IJSDS.2018100104-26","first-page":"26","article-title":"Return on Information Security Investment: Myths vs Realities.","volume":"84","author":"L. A.Gordon","year":"2002","journal-title":"Strategic Finance"},{"key":"IJSDS.2018100104-27","doi-asserted-by":"crossref","unstructured":"Gordon, L. A., Loeb, M. P., & Tseng, C.-Y. (2006). Capital budgeting and informational impediments: a management accounting perspective. Contemporary Issues in Management Accounting, 146-165.","DOI":"10.1093\/acprof:oso\/9780199283361.003.0007"},{"key":"IJSDS.2018100104-28","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2016.72004"},{"key":"IJSDS.2018100104-29","author":"J. F.Hair","year":"2016","journal-title":"A primer on partial least squares structural equation modeling (PLS-SEM)"},{"key":"IJSDS.2018100104-30","doi-asserted-by":"publisher","DOI":"10.2753\/MTP1069-6679190202"},{"key":"IJSDS.2018100104-31","doi-asserted-by":"publisher","DOI":"10.1108\/09685221111153546"},{"key":"IJSDS.2018100104-32","doi-asserted-by":"publisher","DOI":"10.1177\/1094428114526928"},{"key":"IJSDS.2018100104-33","doi-asserted-by":"publisher","DOI":"10.1108\/IMDS-09-2015-0382"},{"key":"IJSDS.2018100104-34","doi-asserted-by":"publisher","DOI":"10.1007\/s11747-014-0403-8"},{"key":"IJSDS.2018100104-35","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(95)97088-R"},{"key":"IJSDS.2018100104-36","unstructured":"Hoo, K. J. S. (2000). How much is enough? A risk-management approach to computer security."},{"key":"IJSDS.2018100104-37","doi-asserted-by":"publisher","DOI":"10.1504\/IJADS.2016.080126"},{"key":"IJSDS.2018100104-38","doi-asserted-by":"publisher","DOI":"10.1145\/2428556.2428563"},{"key":"IJSDS.2018100104-39","doi-asserted-by":"publisher","DOI":"10.1086\/376806"},{"key":"IJSDS.2018100104-40","doi-asserted-by":"publisher","DOI":"10.1016\/S0268-4012(02)00105-6"},{"key":"IJSDS.2018100104-41","doi-asserted-by":"publisher","DOI":"10.1016\/j.pursup.2015.04.005"},{"key":"IJSDS.2018100104-42","doi-asserted-by":"crossref","unstructured":"Kock, N. (2011). Using WarpPLS in e-collaboration studies: An overview of five main analysis steps. Advancing Collaborative Knowledge Environments: New Trends in E-Collaboration: New Trends in E-Collaboration, 180.","DOI":"10.4018\/978-1-61350-459-8.ch011"},{"key":"IJSDS.2018100104-43","doi-asserted-by":"publisher","DOI":"10.4018\/ijec.2014010101"},{"key":"IJSDS.2018100104-44","author":"N.Kock","year":"2014","journal-title":"Stable P value calculation methods in PLS-SEM"},{"key":"IJSDS.2018100104-45","unstructured":"Kock, N. (2017). WarpPLS User Manual: Version 6.0. Retrieved from http:\/\/cits.tamiu.edu\/WarpPLS\/UserManual_v_6_0.pdf"},{"key":"IJSDS.2018100104-46","doi-asserted-by":"publisher","DOI":"10.1111\/isj.12131"},{"key":"IJSDS.2018100104-47","doi-asserted-by":"publisher","DOI":"10.4218\/etrij.15.0114.1042"},{"key":"IJSDS.2018100104-48","doi-asserted-by":"publisher","DOI":"10.1007\/s10845-010-0402-7"},{"key":"IJSDS.2018100104-49","doi-asserted-by":"publisher","DOI":"10.1177\/154193120504901605"},{"key":"IJSDS.2018100104-50","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1007\/978-0-387-09762-6_5","article-title":"Productivity Space of Information Security in an Extension of the Gordon-Loeb\u2019s Investment Model.","author":"K.Matsuura","year":"2009","journal-title":"Managing Information Risk and the Economics of Security"},{"issue":"1","key":"IJSDS.2018100104-51","first-page":"18","article-title":"Return on information security investment-the viability of an anti-spam solution in a wireless environment.","volume":"10","author":"A.Mizzi","year":"2010","journal-title":"International Journal of Network Security"},{"key":"IJSDS.2018100104-52","unstructured":"Moore, T., Dynes, S., & Chang, F. R. (2015). Identifying How Firms Manage Cybersecurity Investment. Retrieved from http:\/\/blog.smu.edu\/research\/files\/2015\/10\/SMU-IBM.pdf"},{"key":"IJSDS.2018100104-53","doi-asserted-by":"publisher","DOI":"10.1007\/s10669-013-9470-5"},{"key":"IJSDS.2018100104-54","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.128"},{"key":"IJSDS.2018100104-55","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.1993.11518001"},{"key":"IJSDS.2018100104-56","unstructured":"Ponemon Institute. (2017). Cost of Cyber Crime Study 2017. Retrieved from https:\/\/www.accenture.com\/t20170926T072837Z__w__\/us-en\/_acnmedia\/PDF-61\/Accenture-2017-CostCyberCrimeStudy.pdf"},{"key":"IJSDS.2018100104-57","doi-asserted-by":"publisher","DOI":"10.1108\/IMR-04-2014-0148"},{"key":"IJSDS.2018100104-58","unstructured":"Riek, M., B\u00f6hme, R., & Moore, T. (2014). Understanding the influence of cybercrime risk on the e-service adoption of European Internet users. Paper presented at theWorkshop on the Economics of Information Security (WEIS)."},{"key":"IJSDS.2018100104-59","doi-asserted-by":"publisher","DOI":"10.1016\/j.emj.2016.05.006"},{"key":"IJSDS.2018100104-60","doi-asserted-by":"crossref","unstructured":"Ringle, C. M., Sarstedt, M., & Straub, D. (2012). A critical look at the use of PLS-SEM in MIS Quarterly.","DOI":"10.2307\/41410402"},{"key":"IJSDS.2018100104-61","doi-asserted-by":"crossref","unstructured":"Rold\u00e1n, J. L., & S\u00e1nchez-Franco, M.J. (2012). Variance-Based Structural Equation Modeling: Guidelines for Using Partial Least Squares in Information Systems Research. In M. Manuel, G. Ovsei, L. S. Annette, & R. Mahesh (Eds.), Research Methodologies, Innovations and Philosophies in Software Systems Engineering and Information Systems (pp. 193-221). Hershey, PA: IGI Global.","DOI":"10.4018\/978-1-4666-0179-6.ch010"},{"key":"IJSDS.2018100104-62","doi-asserted-by":"publisher","DOI":"10.1177\/1094428112474693"},{"key":"IJSDS.2018100104-63","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.98"},{"key":"IJSDS.2018100104-64","unstructured":"Sanchez, G. (2015). The saga of PLS. Retrieved from http:\/\/sagaofpls.github.io"},{"key":"IJSDS.2018100104-65","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-016-9648-8"},{"key":"IJSDS.2018100104-66","doi-asserted-by":"publisher","DOI":"10.4018\/IJEIS.2018040101"},{"key":"IJSDS.2018100104-67","doi-asserted-by":"publisher","DOI":"10.4018\/IJEIS.2018040101"},{"key":"IJSDS.2018100104-68","doi-asserted-by":"publisher","DOI":"10.1108\/02635570610653498"},{"issue":"1","key":"IJSDS.2018100104-69","first-page":"45","article-title":"Return on security investment (ROSI) - A practical quantitative model.","volume":"38","author":"W.Sonnenreich","year":"2006","journal-title":"Journal of Research and Practice in Information Technology"},{"key":"IJSDS.2018100104-70","unstructured":"The Economist. (2017). The world\u2019s most valuable resource is no longer oil, but data. Retrieved from https:\/\/www.economist.com\/news\/leaders\/21721656-data-economy-demands-new-approach-antitrust-rules-worlds-most-valuable-resource"},{"key":"IJSDS.2018100104-71","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(06)70356-6"},{"key":"IJSDS.2018100104-72","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.10.005"},{"key":"IJSDS.2018100104-73","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(96)88939-5"},{"key":"IJSDS.2018100104-74","unstructured":"Weish\u00e4upl, E., Yasasin, E., & Schryen, G. (2015). IT Security Investments through the Lens of the Resource-based View: A new theoretical Model and Literature Review."},{"key":"IJSDS.2018100104-75","doi-asserted-by":"publisher","DOI":"10.2307\/20650284"},{"key":"IJSDS.2018100104-76","doi-asserted-by":"publisher","DOI":"10.1145\/859670.859675"},{"key":"IJSDS.2018100104-77","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2010.37"},{"key":"IJSDS.2018100104-78","doi-asserted-by":"publisher","DOI":"10.1016\/0014-2921(74)90008-7"},{"key":"IJSDS.2018100104-79","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4613-8171-6_14"},{"key":"IJSDS.2018100104-80","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(04)00064-8"}],"container-title":["International Journal of Strategic Decision Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=215353","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T08:20:33Z","timestamp":1651825233000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJSDS.2018100104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2018,10]]},"references-count":81,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.4018\/ijsds.2018100104","relation":{},"ISSN":["1947-8569","1947-8577"],"issn-type":[{"value":"1947-8569","type":"print"},{"value":"1947-8577","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,10]]}}}