{"id":"https://openalex.org/W2252699368","doi":"https://doi.org/10.1080/08874417.2016.1117369","title":"Organizational Characteristics Influencing SME Information Security Maturity","display_name":"Organizational Characteristics Influencing SME Information Security Maturity","publication_year":2016,"publication_date":"2016-01-15","ids":{"openalex":"https://openalex.org/W2252699368","doi":"https://doi.org/10.1080/08874417.2016.1117369","mag":"2252699368"},"language":"en","primary_location":{"id":"doi:10.1080/08874417.2016.1117369","is_oa":true,"landing_page_url":"https://doi.org/10.1080/08874417.2016.1117369","pdf_url":"https://www.tandfonline.com/doi/pdf/10.1080/08874417.2016.1117369?needAccess=true","source":{"id":"https://openalex.org/S83133229","display_name":"Journal of Computer Information Systems","issn_l":"0887-4417","issn":["0887-4417","2380-2057"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Information Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://www.tandfonline.com/doi/pdf/10.1080/08874417.2016.1117369?needAccess=true","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038669926","display_name":"Frederik Mijnhardt","orcid":null},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Frederik Mijnhardt","raw_affiliation_strings":["Utrecht University, Utrecht, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Utrecht University, Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086005142","display_name":"Thijs Baars","orcid":null},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Thijs Baars","raw_affiliation_strings":["Utrecht University, Utrecht, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Utrecht University, Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033880574","display_name":"Marco Spruit","orcid":"https://orcid.org/0000-0002-9237-221X"},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Marco Spruit","raw_affiliation_strings":["Utrecht University, Utrecht, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Utrecht University, Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5038669926"],"corresponding_institution_ids":["https://openalex.org/I193662353"],"apc_list":null,"apc_paid":null,"fwci":8.3065,"has_fulltext":false,"cited_by_count":47,"citation_normalized_percentile":{"value":0.97307451,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"56","issue":"2","first_page":"106","last_page":"115"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.989799976348877,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.989300012588501,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cobit","display_name":"COBIT","score":0.8422303199768066},{"id":"https://openalex.org/keywords/maturity","display_name":"Maturity (psychological)","score":0.7547808885574341},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.680467963218689},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.6757190227508545},{"id":"https://openalex.org/keywords/cornerstone","display_name":"Cornerstone","score":0.6412510275840759},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.5151840448379517},{"id":"https://openalex.org/keywords/capability-maturity-model","display_name":"Capability Maturity Model","score":0.513237476348877},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.49909090995788574},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.49903321266174316},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.47928255796432495},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.4381810426712036},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.42394378781318665},{"id":"https://openalex.org/keywords/certified-information-security-manager","display_name":"Certified Information Security Manager","score":0.4172673225402832},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.39830222725868225},{"id":"https://openalex.org/keywords/information-technology","display_name":"Information technology","score":0.39369162917137146},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.3482595384120941},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.29091399908065796},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2488597333431244},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.23047932982444763},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.07415568828582764}],"concepts":[{"id":"https://openalex.org/C2776723946","wikidata":"https://www.wikidata.org/wiki/Q544025","display_name":"COBIT","level":3,"score":0.8422303199768066},{"id":"https://openalex.org/C101433766","wikidata":"https://www.wikidata.org/wiki/Q3543263","display_name":"Maturity (psychological)","level":2,"score":0.7547808885574341},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.680467963218689},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.6757190227508545},{"id":"https://openalex.org/C2780616401","wikidata":"https://www.wikidata.org/wiki/Q1133673","display_name":"Cornerstone","level":2,"score":0.6412510275840759},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.5151840448379517},{"id":"https://openalex.org/C85890633","wikidata":"https://www.wikidata.org/wiki/Q929673","display_name":"Capability Maturity Model","level":3,"score":0.513237476348877},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.49909090995788574},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.49903321266174316},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.47928255796432495},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.4381810426712036},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.42394378781318665},{"id":"https://openalex.org/C180823521","wikidata":"https://www.wikidata.org/wiki/Q1662502","display_name":"Certified Information Security Manager","level":5,"score":0.4172673225402832},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.39830222725868225},{"id":"https://openalex.org/C121017731","wikidata":"https://www.wikidata.org/wiki/Q11661","display_name":"Information technology","level":2,"score":0.39369162917137146},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3482595384120941},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29091399908065796},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2488597333431244},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.23047932982444763},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.07415568828582764},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C138496976","wikidata":"https://www.wikidata.org/wiki/Q175002","display_name":"Developmental psychology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1080/08874417.2016.1117369","is_oa":true,"landing_page_url":"https://doi.org/10.1080/08874417.2016.1117369","pdf_url":"https://www.tandfonline.com/doi/pdf/10.1080/08874417.2016.1117369?needAccess=true","source":{"id":"https://openalex.org/S83133229","display_name":"Journal of Computer Information Systems","issn_l":"0887-4417","issn":["0887-4417","2380-2057"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Information Systems","raw_type":"journal-article"},{"id":"pmh:uu:oai:dspace.library.uu.nl:1874/350645","is_oa":true,"landing_page_url":"https://dspace.library.uu.nl/handle/1874/350645","pdf_url":null,"source":{"id":"https://openalex.org/S4306401843","display_name":"Data Archiving and Networked Services (DANS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1322597698","host_organization_name":"Royal Netherlands Academy of Arts and Sciences","host_organization_lineage":["https://openalex.org/I1322597698"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Computer Information Systems, 56(2), 106","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"doi:10.1080/08874417.2016.1117369","is_oa":true,"landing_page_url":"https://doi.org/10.1080/08874417.2016.1117369","pdf_url":"https://www.tandfonline.com/doi/pdf/10.1080/08874417.2016.1117369?needAccess=true","source":{"id":"https://openalex.org/S83133229","display_name":"Journal of Computer Information Systems","issn_l":"0887-4417","issn":["0887-4417","2380-2057"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Information Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2252699368.pdf","grobid_xml":"https://content.openalex.org/works/W2252699368.grobid-xml"},"referenced_works_count":38,"referenced_works":["https://openalex.org/W103807719","https://openalex.org/W202747687","https://openalex.org/W385646957","https://openalex.org/W603825570","https://openalex.org/W1503878887","https://openalex.org/W1557523735","https://openalex.org/W1742813727","https://openalex.org/W1846192801","https://openalex.org/W1964338855","https://openalex.org/W1988315607","https://openalex.org/W2003513364","https://openalex.org/W2006887122","https://openalex.org/W2027145423","https://openalex.org/W2030319141","https://openalex.org/W2055847123","https://openalex.org/W2079037403","https://openalex.org/W2084035166","https://openalex.org/W2086007337","https://openalex.org/W2091494072","https://openalex.org/W2104035395","https://openalex.org/W2125888615","https://openalex.org/W2126317818","https://openalex.org/W2128175225","https://openalex.org/W2136451344","https://openalex.org/W2138645518","https://openalex.org/W2144205856","https://openalex.org/W2151461605","https://openalex.org/W2157583131","https://openalex.org/W2159112235","https://openalex.org/W2167593462","https://openalex.org/W2168586253","https://openalex.org/W2485931559","https://openalex.org/W2496777941","https://openalex.org/W3125368296","https://openalex.org/W3151685851","https://openalex.org/W4205472781","https://openalex.org/W4244564832","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W2584162156","https://openalex.org/W107025203","https://openalex.org/W2049188895","https://openalex.org/W3048038405","https://openalex.org/W2483557577","https://openalex.org/W1567258312","https://openalex.org/W2741061559","https://openalex.org/W2126017555","https://openalex.org/W4244250244","https://openalex.org/W2311009932"],"abstract_inverted_index":{"In":[0],"the":[1,12,57,74,98,105],"current":[2],"business":[3],"environment,":[4],"many":[5],"organizations":[6,41],"use":[7],"popular":[8],"standards":[9,28],"such":[10],"as":[11,70],"ISO":[13],"27000x":[14],"series,":[15],"COBIT,":[16],"and":[17,29,83,96,129],"related":[18],"frameworks":[19,30],"to":[20,36,45,48,114,125,133],"protect":[21],"themselves":[22],"against":[23],"security":[24,51,69,86,101],"incidents.":[25],"However,":[26],"these":[27,40],"are":[31],"overly":[32],"complicated":[33],"for":[34,66,80,88,110],"small":[35],"medium-sized":[37],"enterprises,":[38],"leaving":[39],"with":[42,100],"no":[43],"easy":[44],"understand":[46],"toolkit":[47],"address":[49],"their":[50],"needs.":[52],"This":[53],"research":[54],"builds":[55],"upon":[56],"recent":[58],"Information":[59,108],"Security":[60,109],"Focus":[61],"Area":[62],"Maturity":[63],"(ISFAM)":[64],"model":[65,113],"SME":[67],"information":[68,85],"a":[71],"cornerstone":[72],"in":[73,119],"development":[75],"of":[76],"an":[77,92],"assessment":[78],"tool":[79],"tailor-made,":[81],"fast,":[82],"easy-to-use":[84],"advice":[87],"SMEs.":[89],"By":[90],"performing":[91],"extensive":[93],"literature":[94],"review":[95],"evaluating":[97],"results":[99],"experts,":[102],"we":[103],"propose":[104],"Characterizing":[106],"Organizations\u2019":[107],"SMEs":[111,127],"(CHOISS)":[112],"relate":[115],"measurable":[116],"organizational":[117],"characteristics":[118],"four":[120],"categories":[121],"through":[122],"47":[123],"parameters":[124],"help":[126],"distinguish":[128],"prioritize":[130],"which":[131],"risks":[132],"mitigate.":[134]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":8},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}