{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T10:40:34Z","timestamp":1776163234288,"version":"3.50.1"},"reference-count":38,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,1,1]]},"abstract":"<p>This article describes a two-step decision support model for investing in information technology security, both development and application. In the first step, the risk level of each of the system's components is mapped, with the aim of identifying the subsystems that pose the highest risk. In the second step, the model determines how much to invest in various technological tools and workplace culture programs to enhance information security. An application of this model to an information system in an academic institution in Israel is described. This system comprises ten subsystems and the authors identify the three that bear the most risk. These findings are used to determine the parameters of the investment allocation problem and find the optimal investment plan. The results of the model's application indicate that hacking for the purpose of cheating is a greater threat than other types of security issues. Additionally, the results support the claim that information security officials tend to overinvest in security technological tools and underinvest in improving security workplace culture.<\/p>","DOI":"10.4018\/irmj.2018010104","type":"journal-article","created":{"date-parts":[[2017,11,28]],"date-time":"2017-11-28T14:16:49Z","timestamp":1511878609000},"page":"83-96","source":"Crossref","is-referenced-by-count":7,"title":["A Risk Management Model for an Academic Institution's Information System"],"prefix":"10.4018","volume":"31","author":[{"given":"Michael","family":"Dreyfuss","sequence":"first","affiliation":[{"name":"Jerusalem College of Technology, Jerusalem, Israel"}]},{"given":"Yahel","family":"Giat","sequence":"additional","affiliation":[{"name":"Jerusalem College of Technology, Jerusalem, Israel"}]}],"member":"2432","reference":[{"key":"IRMJ.2018010104-0","doi-asserted-by":"publisher","DOI":"10.1016\/j.frl.2014.07.002"},{"key":"IRMJ.2018010104-1","doi-asserted-by":"publisher","DOI":"10.1007\/s10845-012-0683-0"},{"key":"IRMJ.2018010104-2","doi-asserted-by":"publisher","DOI":"10.1109\/ITNG.2015.124"},{"key":"IRMJ.2018010104-3","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2014.40"},{"key":"IRMJ.2018010104-4","first-page":"97","article-title":"Information security is information risk management.","author":"B.Blakley","year":"2002","journal-title":"Proceedings of the 2001 workshop on new security paradigms"},{"key":"IRMJ.2018010104-5","first-page":"1","article-title":"Religiosity and test-taking ethics among Business School students.","volume":"4","author":"J. H.Burton","year":"2011","journal-title":"Journal of Academic and Business Ethics"},{"key":"IRMJ.2018010104-6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28827-2_9"},{"key":"IRMJ.2018010104-7","doi-asserted-by":"crossref","unstructured":"Chorppath, A. K., & Alpcan, T. (2012). Risk management for it security: When theory meets practice. In Proceedings of the 2012 5th International Conference on New Technologies, Mobility and Security (NTMS). IEEE.","DOI":"10.1109\/NTMS.2012.6208739"},{"key":"IRMJ.2018010104-8","doi-asserted-by":"publisher","DOI":"10.1145\/1132469.1132472"},{"key":"IRMJ.2018010104-9","doi-asserted-by":"publisher","DOI":"10.1109\/TPWRS.2015.2418222"},{"key":"IRMJ.2018010104-10","doi-asserted-by":"publisher","DOI":"10.1145\/782941.783000"},{"key":"IRMJ.2018010104-11","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2009.05.003"},{"key":"IRMJ.2018010104-12","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.006"},{"key":"IRMJ.2018010104-13","first-page":"41","article-title":"Identifying security risk modules in a university\u2019s information system.","volume":"2016","author":"M.Dreyfuss","year":"2016","journal-title":"Proceedings of Informing Science & IT Education Conference"},{"key":"IRMJ.2018010104-14","doi-asserted-by":"publisher","DOI":"10.1007\/s10799-015-0232-6"},{"key":"IRMJ.2018010104-15","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2010.06.005"},{"key":"IRMJ.2018010104-16","doi-asserted-by":"publisher","DOI":"10.4236\/ajor.2013.36046"},{"key":"IRMJ.2018010104-17","doi-asserted-by":"publisher","DOI":"10.4018\/irmj.2010040103"},{"key":"IRMJ.2018010104-18","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2014.256"},{"key":"IRMJ.2018010104-19","doi-asserted-by":"publisher","DOI":"10.1145\/2808783.2808792"},{"key":"IRMJ.2018010104-20","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2013.10.011"},{"key":"IRMJ.2018010104-21","doi-asserted-by":"publisher","DOI":"10.1108\/09685220610648355"},{"key":"IRMJ.2018010104-22","doi-asserted-by":"publisher","DOI":"10.1111\/isj.12043"},{"issue":"2","key":"IRMJ.2018010104-23","first-page":"91","article-title":"Information security activities of college students: An exploratory study.","volume":"14","author":"S.Mensch","year":"2011","journal-title":"Academy of Information and Management Sciences Journal"},{"key":"IRMJ.2018010104-24","doi-asserted-by":"publisher","DOI":"10.1016\/j.respol.2005.03.003"},{"key":"IRMJ.2018010104-25","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.05.002"},{"key":"IRMJ.2018010104-26","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2014.10.003"},{"key":"IRMJ.2018010104-27","doi-asserted-by":"publisher","DOI":"10.1016\/j.cor.2010.11.013"},{"key":"IRMJ.2018010104-28","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2013.01.001"},{"key":"IRMJ.2018010104-29","first-page":"119","article-title":"Information security risk assessment: towards a business practice perspective.","author":"P.Shedden","year":"2010","journal-title":"8th Australian Information Security Management Conference"},{"key":"IRMJ.2018010104-30","unstructured":"Smith, G. (2014, August 3). Why study? College hackers are changing F's to A's, The Huffington Post. Retrieved 15 February, 2017 from http:\/\/www.huffingtonpost.com\/2014\/03\/05\/student-hacking_n_4907344.html"},{"issue":"3","key":"IRMJ.2018010104-31","first-page":"51","article-title":"Challenges in managing information security in academic institutions: Case of MDI India","volume":"3","author":"V.Sridhar","year":"2007","journal-title":"Journal of Information System Security"},{"key":"IRMJ.2018010104-32","doi-asserted-by":"publisher","DOI":"10.1097\/YCO.0000000000000235"},{"key":"IRMJ.2018010104-33","doi-asserted-by":"publisher","DOI":"10.2307\/249551"},{"key":"IRMJ.2018010104-34","doi-asserted-by":"publisher","DOI":"10.1080\/10580530802384639"},{"key":"IRMJ.2018010104-35","doi-asserted-by":"publisher","DOI":"10.1007\/s10799-015-0252-2"},{"key":"IRMJ.2018010104-36","article-title":"Critical success factors analysis on effective information security management: A literature review.","author":"Z.Tu","year":"2014","journal-title":"Twentieth Americas Conference on Information Systems"},{"key":"IRMJ.2018010104-37","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719036"}],"container-title":["Information Resources Management Journal"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=193613","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,16]],"date-time":"2023-01-16T20:59:07Z","timestamp":1673902747000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IRMJ.2018010104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2018,1,1]]},"references-count":38,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,1]]}},"URL":"https:\/\/doi.org\/10.4018\/irmj.2018010104","relation":{},"ISSN":["1040-1628","1533-7979"],"issn-type":[{"value":"1040-1628","type":"print"},{"value":"1533-7979","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,1,1]]}}}