{"id":"https://openalex.org/W4412477505","doi":"https://doi.org/10.1007/s10207-025-01097-x","title":"Information security governance in the public sector: investigations, approaches, measures, and trends","display_name":"Information security governance in the public sector: investigations, approaches, measures, and trends","publication_year":2025,"publication_date":"2025-07-16","ids":{"openalex":"https://openalex.org/W4412477505","doi":"https://doi.org/10.1007/s10207-025-01097-x"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-025-01097-x","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01097-x","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01097-x.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01097-x.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033114377","display_name":"Lars Magnusson","orcid":"https://orcid.org/0009-0000-8265-0944"},"institutions":[{"id":"https://openalex.org/I223464139","display_name":"Linnaeus University","ror":"https://ror.org/00j9qag85","country_code":"SE","type":"education","lineage":["https://openalex.org/I223464139"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Lars Magnusson","raw_affiliation_strings":["Department of Informatics, Faculty of Technology, Linnaeus University, Kalmar, 391 82, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, Faculty of Technology, Linnaeus University, Kalmar, 391 82, Sweden","institution_ids":["https://openalex.org/I223464139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102762553","display_name":"Sarfraz Iqbal","orcid":"https://orcid.org/0000-0002-4437-8297"},"institutions":[{"id":"https://openalex.org/I223464139","display_name":"Linnaeus University","ror":"https://ror.org/00j9qag85","country_code":"SE","type":"education","lineage":["https://openalex.org/I223464139"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Sarfraz Iqbal","raw_affiliation_strings":["Department of Informatics, Faculty of Technology, Linnaeus University, Kalmar, 391 82, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, Faculty of Technology, Linnaeus University, Kalmar, 391 82, Sweden","institution_ids":["https://openalex.org/I223464139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034120665","display_name":"Patrik Elm","orcid":"https://orcid.org/0000-0001-6227-0290"},"institutions":[{"id":"https://openalex.org/I223464139","display_name":"Linnaeus University","ror":"https://ror.org/00j9qag85","country_code":"SE","type":"education","lineage":["https://openalex.org/I223464139"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Patrik Elm","raw_affiliation_strings":["Department of Informatics, Faculty of Technology, Linnaeus University, Kalmar, 391 82, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, Faculty of Technology, Linnaeus University, Kalmar, 391 82, Sweden","institution_ids":["https://openalex.org/I223464139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5020401249","display_name":"Fisnik Dalipi","orcid":null},"institutions":[{"id":"https://openalex.org/I223464139","display_name":"Linnaeus University","ror":"https://ror.org/00j9qag85","country_code":"SE","type":"education","lineage":["https://openalex.org/I223464139"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Fisnik Dalipi","raw_affiliation_strings":["Department of Informatics, Faculty of Technology, Linnaeus University, Kalmar, 391 82, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, Faculty of Technology, Linnaeus University, Kalmar, 391 82, Sweden","institution_ids":["https://openalex.org/I223464139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5033114377"],"corresponding_institution_ids":["https://openalex.org/I223464139"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":15.6336,"has_fulltext":true,"cited_by_count":5,"citation_normalized_percentile":{"value":0.98761073,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":100},"biblio":{"volume":"24","issue":"4","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9847000241279602,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12221","display_name":"Cybersecurity and Cyber Warfare Studies","score":0.9799000024795532,"subfield":{"id":"https://openalex.org/subfields/3320","display_name":"Political Science and International Relations"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6180722117424011},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6122843027114868},{"id":"https://openalex.org/keywords/public-sector","display_name":"Public sector","score":0.5838673710823059},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5451045632362366},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.5014379024505615},{"id":"https://openalex.org/keywords/corporate-governance","display_name":"Corporate governance","score":0.49811291694641113},{"id":"https://openalex.org/keywords/information-governance","display_name":"Information governance","score":0.43781131505966187},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3600180149078369},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.278937429189682},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.26228219270706177},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.25999096035957336},{"id":"https://openalex.org/keywords/management-information-systems","display_name":"Management information systems","score":0.10239946842193604}],"concepts":[{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6180722117424011},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6122843027114868},{"id":"https://openalex.org/C147859227","wikidata":"https://www.wikidata.org/wiki/Q294217","display_name":"Public sector","level":2,"score":0.5838673710823059},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5451045632362366},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.5014379024505615},{"id":"https://openalex.org/C39389867","wikidata":"https://www.wikidata.org/wiki/Q380767","display_name":"Corporate governance","level":2,"score":0.49811291694641113},{"id":"https://openalex.org/C189922023","wikidata":"https://www.wikidata.org/wiki/Q17056348","display_name":"Information governance","level":4,"score":0.43781131505966187},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3600180149078369},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.278937429189682},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.26228219270706177},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.25999096035957336},{"id":"https://openalex.org/C29848774","wikidata":"https://www.wikidata.org/wiki/Q61905","display_name":"Management information systems","level":3,"score":0.10239946842193604},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s10207-025-01097-x","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01097-x","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01097-x.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},{"id":"pmh:oai:DiVA.org:lnu-140852","is_oa":true,"landing_page_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-140852","pdf_url":null,"source":{"id":"https://openalex.org/S4306401598","display_name":"DiVA (Linnaeus University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I223464139","host_organization_name":"Linnaeus University","host_organization_lineage":["https://openalex.org/I223464139"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1007/s10207-025-01097-x","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01097-x","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01097-x.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320323551","display_name":"Linn\u00e9universitetet","ror":"https://ror.org/00j9qag85"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4412477505.pdf","grobid_xml":"https://content.openalex.org/works/W4412477505.grobid-xml"},"referenced_works_count":59,"referenced_works":["https://openalex.org/W1510255605","https://openalex.org/W1977534227","https://openalex.org/W1979290264","https://openalex.org/W1979356832","https://openalex.org/W2002356434","https://openalex.org/W2003676537","https://openalex.org/W2012270501","https://openalex.org/W2017206266","https://openalex.org/W2023013236","https://openalex.org/W2030660416","https://openalex.org/W2077582894","https://openalex.org/W2087952459","https://openalex.org/W2165312609","https://openalex.org/W2217650322","https://openalex.org/W2528756803","https://openalex.org/W2532473805","https://openalex.org/W2554423218","https://openalex.org/W2768053041","https://openalex.org/W2768181417","https://openalex.org/W2794726510","https://openalex.org/W2804255903","https://openalex.org/W2811374202","https://openalex.org/W2884515121","https://openalex.org/W2884627574","https://openalex.org/W2942627819","https://openalex.org/W2946917174","https://openalex.org/W2964956842","https://openalex.org/W2981056651","https://openalex.org/W2996838844","https://openalex.org/W3004617639","https://openalex.org/W3014867074","https://openalex.org/W3015133128","https://openalex.org/W3082241489","https://openalex.org/W3088297490","https://openalex.org/W3122926701","https://openalex.org/W3143257057","https://openalex.org/W3156216656","https://openalex.org/W3165359319","https://openalex.org/W3177310074","https://openalex.org/W3179032136","https://openalex.org/W3206355868","https://openalex.org/W3209490404","https://openalex.org/W4200191332","https://openalex.org/W4210318281","https://openalex.org/W4211204108","https://openalex.org/W4223582022","https://openalex.org/W4224012382","https://openalex.org/W4236894168","https://openalex.org/W4293113240","https://openalex.org/W4293676882","https://openalex.org/W4306399822","https://openalex.org/W4322624235","https://openalex.org/W4362496681","https://openalex.org/W4383649735","https://openalex.org/W4386446932","https://openalex.org/W4391294209","https://openalex.org/W4393022470","https://openalex.org/W4393043993","https://openalex.org/W4393947155"],"related_works":["https://openalex.org/W1585855485","https://openalex.org/W3158620907","https://openalex.org/W2219986456","https://openalex.org/W4214629857","https://openalex.org/W2319363110","https://openalex.org/W2516800336","https://openalex.org/W3082241489","https://openalex.org/W3131697785","https://openalex.org/W2149739119","https://openalex.org/W1567258312"],"abstract_inverted_index":{"Abstract":[0],"Information":[1,129],"security":[2,35,61,137,160,174,195,227],"governance":[3,52,112,196],"in":[4,63,76,140,155,177,222],"the":[5,29,34,48,56,72,77,108,141,151,156,183,190,217,223],"public":[6,142],"sector":[7],"involves":[8],"risk":[9,171],"management,":[10],"accountability":[11],"frameworks,":[12],"network":[13],"security,":[14],"e-government":[15],"systems":[16],"infrastructure,":[17],"mitigation":[18],"plans,":[19],"and":[20,84,96,99,125,128,179,219],"alignment":[21],"with":[22,28,33,200],"corporate":[23],"strategy.":[24],"It":[25],"equips":[26],"organizations":[27],"ability":[30],"to":[31,110,187],"deal":[32],"of":[36,59,158,166,192,225],"their":[37],"vital":[38],"information":[39,136,159,194,226],"assets":[40],"systematically.":[41],"However,":[42,144],"several":[43],"recent":[44],"hacking":[45],"incidents":[46],"reveal":[47],"fact":[49],"that":[50],"substandard":[51],"processes":[53],"are":[54],"among":[55],"common":[57],"causes":[58],"weak":[60],"measures":[62],"most":[64],"organizations.":[65,206],"This":[66],"study":[67,184,208],"has":[68],"been":[69],"conducted":[70],"following":[71],"established":[73],"protocol":[74],"outlined":[75],"Preferred":[78],"Reporting":[79],"Items":[80],"for":[81,133,204,216],"Systematic":[82,88],"Reviews":[83],"Meta-Analyses":[85],"(PRISMA)":[86],"guidelines.":[87],"Mapping":[89],"Review":[90],"(SMR)":[91],"initially":[92],"identified":[93],"1496":[94],"papers,":[95],"this":[97],"reviews":[98],"reports":[100],"on":[101],"41":[102],"papers.":[103],"The":[104,207],"reviewed":[105],"literature":[106],"emphasizes":[107],"adherence":[109],"recognized":[111],"standard":[113],"frameworks":[114,139],"such":[115],"as":[116,212],"ISO/IEC":[117],"27,001,":[118],"EU":[119,126],"General":[120],"Data":[121],"Protection":[122],"Regulations":[123],"(GDPR),":[124],"Network":[127],"Security":[130],"Act":[131],"(NIS)":[132],"providing":[134],"effective":[135],"guidance":[138],"sector.":[143],"a":[145,164,213],"general":[146],"scarcity":[147],"is":[148,163,198],"found":[149],"regarding":[150],"best":[152],"practices":[153],"followed":[154],"area":[157,224],"compliance.":[161],"There":[162],"lack":[165],"employing":[167],"key":[168],"performance":[169],"indicators,":[170],"assessment":[172],"measures,":[173],"maturity":[175],"models":[176],"organizations,":[178],"compliance":[180],"audits.":[181],"Additionally,":[182],"suggests":[185],"that,":[186],"some":[188],"extent,":[189],"adoption":[191],"appropriate":[193],"procedures":[197],"linked":[199],"available":[201],"budgeted":[202],"resources":[203],"individual":[205],"results":[209],"can":[210],"serve":[211],"starting":[214],"point":[215],"research":[218],"practitioners\u2019":[220],"community":[221],"governance.":[228]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-07T14:57:38.498316","created_date":"2025-10-10T00:00:00"}