{"id":"https://openalex.org/W4413371455","doi":"https://doi.org/10.1093/cybsec/tyaf020","title":"Toward effective cybersecurity management: a hierarchical process model with performance assessment","display_name":"Toward effective cybersecurity management: a hierarchical process model with performance assessment","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4413371455","doi":"https://doi.org/10.1093/cybsec/tyaf020"},"language":"en","primary_location":{"id":"doi:10.1093/cybsec/tyaf020","is_oa":true,"landing_page_url":"https://doi.org/10.1093/cybsec/tyaf020","pdf_url":"https://academic.oup.com/cybersecurity/article-pdf/11/1/tyaf020/64094497/tyaf020.pdf","source":{"id":"https://openalex.org/S2735156331","display_name":"Journal of Cybersecurity","issn_l":"2057-2085","issn":["2057-2085","2057-2093"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://academic.oup.com/cybersecurity/article-pdf/11/1/tyaf020/64094497/tyaf020.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5090669112","display_name":"Marina Liu","orcid":"https://orcid.org/0009-0009-8752-706X"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Marina Liu","raw_affiliation_strings":["Deakin University Deakin Cyber Research and Innovation Centre, , 221 Burwood Highway, Burwood, VIC 3125 ,","Deakin University School of Information Technology, , 221 Burwood Highway, Burwood, VIC 3125 ,"],"raw_orcid":"https://orcid.org/0009-0009-8752-706X","affiliations":[{"raw_affiliation_string":"Deakin University Deakin Cyber Research and Innovation Centre, , 221 Burwood Highway, Burwood, VIC 3125 ,","institution_ids":["https://openalex.org/I149704539"]},{"raw_affiliation_string":"Deakin University School of Information Technology, , 221 Burwood Highway, Burwood, VIC 3125 ,","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066982173","display_name":"Malcolm Shore","orcid":"https://orcid.org/0000-0002-5632-5395"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Malcolm Shore","raw_affiliation_strings":["Deakin University Deakin Cyber Research and Innovation Centre, , 221 Burwood Highway, Burwood, VIC 3125 ,"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Deakin University Deakin Cyber Research and Innovation Centre, , 221 Burwood Highway, Burwood, VIC 3125 ,","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102897591","display_name":"William Yeoh","orcid":"https://orcid.org/0000-0002-2964-4518"},"institutions":[{"id":"https://openalex.org/I4210148693","display_name":"Metropolitan University","ror":"https://ror.org/04hdrrs71","country_code":"BD","type":"education","lineage":["https://openalex.org/I4210148693"]}],"countries":["BD"],"is_corresponding":false,"raw_author_name":"William Yeoh","raw_affiliation_strings":["Hong Kong Metropolitan University Lee Shau Kee School of Business and Administration, , Ho Man Tin , Hong Kong SAR"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hong Kong Metropolitan University Lee Shau Kee School of Business and Administration, , Ho Man Tin , Hong Kong SAR","institution_ids":["https://openalex.org/I4210148693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016008862","display_name":"Frank Jiang","orcid":"https://orcid.org/0000-0003-3088-8525"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Frank Jiang","raw_affiliation_strings":["Deakin University Deakin Cyber Research and Innovation Centre, , 221 Burwood Highway, Burwood, VIC 3125 ,","Deakin University School of Information Technology, , 221 Burwood Highway, Burwood, VIC 3125 ,"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Deakin University Deakin Cyber Research and Innovation Centre, , 221 Burwood Highway, Burwood, VIC 3125 ,","institution_ids":["https://openalex.org/I149704539"]},{"raw_affiliation_string":"Deakin University School of Information Technology, , 221 Burwood Highway, Burwood, VIC 3125 ,","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002810652","display_name":"Sherali Zeadally","orcid":"https://orcid.org/0000-0002-5982-8190"},"institutions":[{"id":"https://openalex.org/I143302722","display_name":"University of Kentucky","ror":"https://ror.org/02k3smh20","country_code":"US","type":"education","lineage":["https://openalex.org/I143302722"]},{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA","US"],"is_corresponding":false,"raw_author_name":"Sherali Zeadally","raw_affiliation_strings":["Imam Abdulrahman bin Faisal University (IAU) , Dammam ,","University of Kentucky College of Communication and Information, , 308 Lucille Little Library, Lexington, KY 40506 ,"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imam Abdulrahman bin Faisal University (IAU) , Dammam ,","institution_ids":["https://openalex.org/I76571253"]},{"raw_affiliation_string":"University of Kentucky College of Communication and Information, , 308 Lucille Little Library, Lexington, KY 40506 ,","institution_ids":["https://openalex.org/I143302722"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5090669112"],"corresponding_institution_ids":["https://openalex.org/I149704539"],"apc_list":{"value":1864,"currency":"USD","value_usd":1864},"apc_paid":{"value":1864,"currency":"USD","value_usd":1864},"fwci":2.0163,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.89358446,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"11","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5517473220825195},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5246075391769409},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4369845390319824},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.35516202449798584},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.25157174468040466},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10028383135795593}],"concepts":[{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5517473220825195},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5246075391769409},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4369845390319824},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.35516202449798584},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.25157174468040466},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10028383135795593}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1093/cybsec/tyaf020","is_oa":true,"landing_page_url":"https://doi.org/10.1093/cybsec/tyaf020","pdf_url":"https://academic.oup.com/cybersecurity/article-pdf/11/1/tyaf020/64094497/tyaf020.pdf","source":{"id":"https://openalex.org/S2735156331","display_name":"Journal of Cybersecurity","issn_l":"2057-2085","issn":["2057-2085","2057-2093"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity","raw_type":"journal-article"},{"id":"pmh:oai:figshare.com:article/30100504","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal contribution"}],"best_oa_location":{"id":"doi:10.1093/cybsec/tyaf020","is_oa":true,"landing_page_url":"https://doi.org/10.1093/cybsec/tyaf020","pdf_url":"https://academic.oup.com/cybersecurity/article-pdf/11/1/tyaf020/64094497/tyaf020.pdf","source":{"id":"https://openalex.org/S2735156331","display_name":"Journal of Cybersecurity","issn_l":"2057-2085","issn":["2057-2085","2057-2093"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4413371455.pdf","grobid_xml":"https://content.openalex.org/works/W4413371455.grobid-xml"},"referenced_works_count":45,"referenced_works":["https://openalex.org/W1489409926","https://openalex.org/W1963628174","https://openalex.org/W1963879048","https://openalex.org/W1978374817","https://openalex.org/W2002356434","https://openalex.org/W2004878847","https://openalex.org/W2119716788","https://openalex.org/W2125009468","https://openalex.org/W2168841879","https://openalex.org/W2271655342","https://openalex.org/W2407825313","https://openalex.org/W2523441178","https://openalex.org/W2529723639","https://openalex.org/W2546952811","https://openalex.org/W2770559264","https://openalex.org/W2794886350","https://openalex.org/W2892759841","https://openalex.org/W2907729092","https://openalex.org/W2909510017","https://openalex.org/W2950504429","https://openalex.org/W3013171296","https://openalex.org/W3014589148","https://openalex.org/W3018028361","https://openalex.org/W3034690165","https://openalex.org/W3044094540","https://openalex.org/W3082488652","https://openalex.org/W3088996122","https://openalex.org/W3154477588","https://openalex.org/W3158082435","https://openalex.org/W4206517825","https://openalex.org/W4229508569","https://openalex.org/W4238188142","https://openalex.org/W4285090724","https://openalex.org/W4285292029","https://openalex.org/W4352978369","https://openalex.org/W4385266398","https://openalex.org/W4385366999","https://openalex.org/W4385562826","https://openalex.org/W4411268569","https://openalex.org/W6641184051","https://openalex.org/W6645849157","https://openalex.org/W6713293402","https://openalex.org/W6746715828","https://openalex.org/W6757566773","https://openalex.org/W6805185797"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4281737987","https://openalex.org/W4386449603","https://openalex.org/W3124412501","https://openalex.org/W2048235121"],"abstract_inverted_index":{"Abstract":[0],"The":[1],"conventional":[2],"approach":[3,28],"to":[4,62,98,108,131],"managing":[5,48],"a":[6,21,41,58,64],"cybersecurity":[7,37,52,66,116,126,139],"program":[8],"typically":[9],"involves":[10],"building":[11],"an":[12],"Information":[13],"Security":[14],"Management":[15,90],"System":[16],"based":[17],"on":[18,83],"one":[19],"or":[20],"combination":[22],"of":[23,35,71,115,137],"security":[24],"standards.":[25],"However,":[26],"this":[27],"is":[29],"inadequate":[30],"for":[31,46],"meeting":[32],"the":[33,88,109,113,133],"requirements":[34],"modern":[36],"programs.":[38,140],"It":[39],"lacks":[40],"systematic":[42],"and":[43,49,78,91,102,128,135],"structured":[44],"method":[45],"efficiently":[47],"comprehensively":[50],"measuring":[51],"efforts.":[53],"In":[54],"response,":[55],"we":[56,86],"conducted":[57],"three-round":[59],"Delphi":[60],"study":[61,106],"develop":[63],"hierarchical":[65],"management":[67],"process":[68,100],"model":[69],"consisting":[70],"6":[72],"strategic":[73],"processes,":[74,77],"11":[75],"tactical":[76],"19":[79],"operational":[80],"processes.":[81],"Based":[82],"these":[84],"findings,":[85],"developed":[87],"Cybersecurity":[89],"Performance":[92],"Assessment":[93],"model,":[94,121],"which":[95],"helps":[96],"organizations":[97,122],"assess":[99],"maturity":[101,136],"control":[103],"effectiveness.":[104],"Our":[105],"contributes":[107],"theoretical":[110],"knowledge":[111],"in":[112],"field":[114],"management.":[117],"By":[118],"adopting":[119],"our":[120],"can":[123],"enhance":[124],"their":[125,138],"assurance":[127],"identify":[129],"pathways":[130],"improve":[132],"effectiveness":[134]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-26T08:31:28.666265","created_date":"2025-10-10T00:00:00"}