{"id":"https://openalex.org/W2754938188","doi":"https://doi.org/10.1093/comjnl/bxx093","title":"Risk and the Small-Scale Cyber Security Decision Making Dialogue\u2014a UK Case Study","display_name":"Risk and the Small-Scale Cyber Security Decision Making Dialogue\u2014a UK Case Study","publication_year":2017,"publication_date":"2017-09-15","ids":{"openalex":"https://openalex.org/W2754938188","doi":"https://doi.org/10.1093/comjnl/bxx093","mag":"2754938188"},"language":"en","primary_location":{"id":"doi:10.1093/comjnl/bxx093","is_oa":true,"landing_page_url":"https://doi.org/10.1093/comjnl/bxx093","pdf_url":"https://academic.oup.com/comjnl/article-pdf/61/4/472/24509646/bxx093.pdf","source":{"id":"https://openalex.org/S44643521","display_name":"The Computer Journal","issn_l":"0010-4620","issn":["0010-4620","1460-2067"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The Computer Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://academic.oup.com/comjnl/article-pdf/61/4/472/24509646/bxx093.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011829088","display_name":"Emma Osborn","orcid":"https://orcid.org/0000-0002-9605-5510"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Emma Osborn","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5090084463","display_name":"Andrew Simpson","orcid":"https://orcid.org/0000-0003-3597-2232"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Andrew Simpson","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK","institution_ids":["https://openalex.org/I40120149"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5011829088"],"corresponding_institution_ids":["https://openalex.org/I40120149"],"apc_list":{"value":2635,"currency":"GBP","value_usd":3232},"apc_paid":null,"fwci":3.034,"has_fulltext":false,"cited_by_count":35,"citation_normalized_percentile":{"value":0.93057448,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"61","issue":"4","first_page":"472","last_page":"495"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12221","display_name":"Cybersecurity and Cyber Warfare Studies","score":0.9921000003814697,"subfield":{"id":"https://openalex.org/subfields/3320","display_name":"Political Science and International Relations"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6390743851661682},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.6379280090332031},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.5311554670333862},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.48873209953308105},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.48383036255836487},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.4790188670158386},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.46673783659935},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.4617055058479309},{"id":"https://openalex.org/keywords/prioritization","display_name":"Prioritization","score":0.4424532353878021},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.432468056678772},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.424092173576355},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.36005210876464844},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.35832303762435913},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.31579411029815674},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.2283124029636383}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6390743851661682},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.6379280090332031},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.5311554670333862},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.48873209953308105},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.48383036255836487},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.4790188670158386},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.46673783659935},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.4617055058479309},{"id":"https://openalex.org/C2777615720","wikidata":"https://www.wikidata.org/wiki/Q11888847","display_name":"Prioritization","level":2,"score":0.4424532353878021},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.432468056678772},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.424092173576355},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.36005210876464844},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.35832303762435913},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.31579411029815674},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2283124029636383},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1093/comjnl/bxx093","is_oa":true,"landing_page_url":"https://doi.org/10.1093/comjnl/bxx093","pdf_url":"https://academic.oup.com/comjnl/article-pdf/61/4/472/24509646/bxx093.pdf","source":{"id":"https://openalex.org/S44643521","display_name":"The Computer Journal","issn_l":"0010-4620","issn":["0010-4620","1460-2067"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The Computer Journal","raw_type":"journal-article"},{"id":"pmh:oai:ora.ox.ac.uk:uuid:b0c15e13-0dd3-42a4-9c16-9940e03858dc","is_oa":false,"landing_page_url":"https://ora.ox.ac.uk/objects/uuid:b0c15e13-0dd3-42a4-9c16-9940e03858dc","pdf_url":null,"source":{"id":"https://openalex.org/S4306402636","display_name":"Oxford University Research Archive (ORA) (University of Oxford)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I40120149","host_organization_name":"University of Oxford","host_organization_lineage":["https://openalex.org/I40120149"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Journal article"}],"best_oa_location":{"id":"doi:10.1093/comjnl/bxx093","is_oa":true,"landing_page_url":"https://doi.org/10.1093/comjnl/bxx093","pdf_url":"https://academic.oup.com/comjnl/article-pdf/61/4/472/24509646/bxx093.pdf","source":{"id":"https://openalex.org/S44643521","display_name":"The Computer Journal","issn_l":"0010-4620","issn":["0010-4620","1460-2067"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The Computer Journal","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7599999904632568,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2754938188.pdf","grobid_xml":"https://content.openalex.org/works/W2754938188.grobid-xml"},"referenced_works_count":21,"referenced_works":["https://openalex.org/W409344806","https://openalex.org/W651159806","https://openalex.org/W1463485212","https://openalex.org/W1497998017","https://openalex.org/W1602002062","https://openalex.org/W1992854649","https://openalex.org/W2024488177","https://openalex.org/W2030660416","https://openalex.org/W2047147601","https://openalex.org/W2096129883","https://openalex.org/W2109026747","https://openalex.org/W2129660502","https://openalex.org/W2143971286","https://openalex.org/W2149163211","https://openalex.org/W2333295261","https://openalex.org/W2518516139","https://openalex.org/W2906151105","https://openalex.org/W2914712643","https://openalex.org/W3022452870","https://openalex.org/W3144627111","https://openalex.org/W4254148325"],"related_works":["https://openalex.org/W2345270111","https://openalex.org/W2372674753","https://openalex.org/W3195904671","https://openalex.org/W2894900144","https://openalex.org/W2026081827","https://openalex.org/W2979370664","https://openalex.org/W4382365358","https://openalex.org/W2293554594","https://openalex.org/W2165572034","https://openalex.org/W2368805764"],"abstract_inverted_index":{"Despite":[0],"a":[1,35,59,80,157,177],"long-standing":[2],"understanding":[3],"that":[4,37,49,119],"developments":[5],"in":[6,99,113],"personal":[7],"and":[8,65,79,96,169],"cloud":[9],"computing":[10],"practices":[11],"would":[12],"change":[13],"the":[14,62,89,114,120,130,162,170,173],"way":[15],"we":[16],"approach":[17],"security,":[18],"small-scale":[19],"IT":[20],"users":[21],"(SSITUs)":[22],"remain":[23],"ill-served":[24],"by":[25,45,123,147],"existing":[26],"cyber":[27,41,93],"security":[28,42,63,94,153,171],"practices.":[29],"This":[30],"paper":[31],"discusses":[32],"results":[33],"from":[34],"survey":[36],"considered":[38],"(in":[39],"part)":[40],"decisions":[43,131,154],"made":[44],"SSITUs.":[46],"We":[47,117],"determine":[48],"SSITUs":[50,100,124,148],"are":[51,165],"focusing":[52],"on":[53,129,160],"easy-to-implement":[54],"technical":[55],"measures,":[56],"leading":[57],"to":[58,87,91,104,107,167],"disconnect":[60],"between":[61],"implemented":[64],"any":[66],"risks":[67,109],"identified;":[68],"available":[69],"resources,":[70],"knowledge,":[71],"prioritization":[72],"of":[73,82,172],"business":[74],"processes,":[75],"reduced":[76],"system":[77],"control":[78],"lack":[81],"threat":[83],"intelligence":[84],"all":[85],"combine":[86],"limit":[88],"ability":[90],"make":[92,133,151],"decisions;":[95],"assessing":[97],"risk":[98],"will":[101,155],"not":[102],"lead":[103],"sufficient":[105],"investment":[106],"mitigate":[108],"for":[110],"risk-holding":[111],"stakeholders":[112],"supply":[115,174],"chain.":[116],"conclude":[118],"constraints":[121],"faced":[122,146],"have":[125,142,156],"far":[126],"greater":[127],"impact":[128,159],"they":[132,150,164],"than":[134],"either":[135],"our":[136],"risk-holding,":[137],"or":[138],"security-providing,":[139],"participants":[140],"may":[141],"anticipated.":[143],"Any":[144],"limitations":[145],"as":[149,176],"their":[152],"significant":[158],"both":[161],"measures":[163],"able":[166],"apply":[168],"chain":[175],"whole.":[178]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":3}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}