{"id":"https://openalex.org/W2093796625","doi":"https://doi.org/10.1108/09685220810893207","title":"Information security management objectives and practices: a parsimonious framework","display_name":"Information security management objectives and practices: a parsimonious framework","publication_year":2008,"publication_date":"2008-07-18","ids":{"openalex":"https://openalex.org/W2093796625","doi":"https://doi.org/10.1108/09685220810893207","mag":"2093796625"},"language":"en","primary_location":{"id":"doi:10.1108/09685220810893207","is_oa":false,"landing_page_url":"https://doi.org/10.1108/09685220810893207","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5034135974","display_name":"Qingxiong Ma","orcid":null},"institutions":[{"id":"https://openalex.org/I28324025","display_name":"University of Central Missouri","ror":"https://ror.org/02c63wv67","country_code":"US","type":"education","lineage":["https://openalex.org/I28324025"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qingxiong Ma","raw_affiliation_strings":["Department of Computer Information Systems, University of Central Missouri, Warrensburg, Missouri, USA","(Department of Computer Information Systems, University of Central Missouri, Warrensburg, Missouri, USA)"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Information Systems, University of Central Missouri, Warrensburg, Missouri, USA","institution_ids":["https://openalex.org/I28324025"]},{"raw_affiliation_string":"(Department of Computer Information Systems, University of Central Missouri, Warrensburg, Missouri, USA)","institution_ids":["https://openalex.org/I28324025"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038492844","display_name":"Allen C. Johnston","orcid":"https://orcid.org/0000-0003-0301-4187"},"institutions":[{"id":"https://openalex.org/I32389192","display_name":"University of Alabama at Birmingham","ror":"https://ror.org/008s83205","country_code":"US","type":"education","lineage":["https://openalex.org/I32389192"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Allen C. Johnston","raw_affiliation_strings":["Department of Accounting and Information Systems, University of Alabama Birmingham, Birmingham, Alabama, USA","(Department of Accounting and Information Systems, University of Alabama Birmingham, Birmingham, Alabama, USA)"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Accounting and Information Systems, University of Alabama Birmingham, Birmingham, Alabama, USA","institution_ids":["https://openalex.org/I32389192"]},{"raw_affiliation_string":"(Department of Accounting and Information Systems, University of Alabama Birmingham, Birmingham, Alabama, USA)","institution_ids":["https://openalex.org/I32389192"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059189714","display_name":"John Pearson","orcid":"https://orcid.org/0000-0002-9876-7837"},"institutions":[{"id":"https://openalex.org/I110378019","display_name":"Southern Illinois University Carbondale","ror":"https://ror.org/049kefs16","country_code":"US","type":"education","lineage":["https://openalex.org/I110378019","https://openalex.org/I2801502357"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J. Michael Pearson","raw_affiliation_strings":["Department of Management, Southern Illinois University, Carbondale, Illinois, USA","Department of Management , Southern Illinois University , Carbondale, Illinois, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Management, Southern Illinois University, Carbondale, Illinois, USA","institution_ids":["https://openalex.org/I110378019"]},{"raw_affiliation_string":"Department of Management , Southern Illinois University , Carbondale, Illinois, USA","institution_ids":["https://openalex.org/I110378019"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":14.887,"has_fulltext":false,"cited_by_count":86,"citation_normalized_percentile":{"value":0.98645568,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":"16","issue":"3","first_page":"251","last_page":"270"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.7589358687400818},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6880006194114685},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.6083607077598572},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.5952416658401489},{"id":"https://openalex.org/keywords/accountability","display_name":"Accountability","score":0.5119889378547668},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.4995760917663574},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.496481716632843},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.4740804433822632},{"id":"https://openalex.org/keywords/certified-information-security-manager","display_name":"Certified Information Security Manager","score":0.4639546275138855},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.4511208236217499},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4246419668197632},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.4235053062438965},{"id":"https://openalex.org/keywords/information-security-management-system","display_name":"Information security management system","score":0.42089104652404785},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.38088083267211914},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33860254287719727},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2310105562210083},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2132147252559662},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.11993977427482605},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.09008058905601501},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.08774957060813904}],"concepts":[{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.7589358687400818},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6880006194114685},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.6083607077598572},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.5952416658401489},{"id":"https://openalex.org/C2776007630","wikidata":"https://www.wikidata.org/wiki/Q2798912","display_name":"Accountability","level":2,"score":0.5119889378547668},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.4995760917663574},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.496481716632843},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.4740804433822632},{"id":"https://openalex.org/C180823521","wikidata":"https://www.wikidata.org/wiki/Q1662502","display_name":"Certified Information Security Manager","level":5,"score":0.4639546275138855},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.4511208236217499},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4246419668197632},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4235053062438965},{"id":"https://openalex.org/C111153917","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management system","level":5,"score":0.42089104652404785},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.38088083267211914},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33860254287719727},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2310105562210083},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2132147252559662},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.11993977427482605},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.09008058905601501},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.08774957060813904},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/09685220810893207","is_oa":false,"landing_page_url":"https://doi.org/10.1108/09685220810893207","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W161990904","https://openalex.org/W569784118","https://openalex.org/W578857494","https://openalex.org/W619630246","https://openalex.org/W1481031713","https://openalex.org/W1551223930","https://openalex.org/W1559424115","https://openalex.org/W1569036986","https://openalex.org/W1582097881","https://openalex.org/W1583996436","https://openalex.org/W1971422931","https://openalex.org/W1973026488","https://openalex.org/W1991895580","https://openalex.org/W1997603734","https://openalex.org/W1997901747","https://openalex.org/W2000667443","https://openalex.org/W2049571112","https://openalex.org/W2069179278","https://openalex.org/W2075505590","https://openalex.org/W2076589653","https://openalex.org/W2119587968","https://openalex.org/W2144268912","https://openalex.org/W2182775993","https://openalex.org/W2339926190","https://openalex.org/W2466820758","https://openalex.org/W2612166593","https://openalex.org/W2798346766","https://openalex.org/W4236158753","https://openalex.org/W4285719527","https://openalex.org/W6606660865","https://openalex.org/W6692300446"],"related_works":["https://openalex.org/W2584162156","https://openalex.org/W2483557577","https://openalex.org/W2066297175","https://openalex.org/W2126017555","https://openalex.org/W3048038405","https://openalex.org/W2232533402","https://openalex.org/W1567258312","https://openalex.org/W3152008927","https://openalex.org/W4389145579","https://openalex.org/W4285782133"],"abstract_inverted_index":{"Purpose":[0],"As":[1],"part":[2],"of":[3,38,57,62,80,99,126,193,202,211,257],"their":[4,238],"continuing":[5],"efforts":[6],"to":[7,42,178,190,233],"establish":[8],"effective":[9],"information":[10,15,26,93,122,146,179,194,229,250],"security":[11,16,27,94,123,128,180,195,203,230,251],"management":[12],"(ISM)":[13],"practices,":[14],"researchers":[17],"and":[18,22,29,64,71,76,83,96,104,117,130,148,167,205,216,228,259,266,272],"practitioners":[19],"have":[20],"proposed":[21],"developed":[23],"many":[24,264],"different":[25],"standards":[28,267],"guidelines.":[30],"Building":[31],"on":[32,86,262],"these":[33,81],"previous":[34,212],"efforts,":[35],"the":[36,55,78,97,102,127,155,170,191,209,249,263],"purpose":[37],"this":[39],"study":[40,188],"is":[41,52,182],"put":[43],"forth":[44],"a":[45,59,199,246,254],"framework":[46,51],"for":[47,149,161,225,253],"ISM.":[48],"Design/methodology/approach":[49],"This":[50,187,243],"derived":[53],"from":[54,90],"development":[56],"an":[58],"priori":[60],"set":[61,201,256],"objectives":[63,82,103,181,204,258],"practices":[65,84,206,260],"as":[66,120],"suggested":[67],"by":[68,197],"literature,":[69],"standards,":[70],"reports":[72],"found":[73],"in":[74,208,214,248,269],"academia":[75,215,271],"practice;":[77],"refinement":[79],"based":[85,261],"survey":[87],"data":[88],"obtained":[89],"354":[91],"certified":[92],"professionals;":[95],"examination":[98],"interrelationships":[100],"between":[101],"practices.":[105],"Findings":[106],"The":[107,174],"empirical":[108],"analysis":[109],"suggests:":[110],"four":[111],"factors":[112],"(information":[113],"integrity,":[114],"confidentiality,":[115],"accountability,":[116],"availability)":[118],"serve":[119],"critical":[121],"objectives;":[124],"most":[125,175],"areas":[129],"items":[131],"covered":[132],"under":[133],"ISO":[134],"17799":[135],"are":[136,169],"valid":[137],"with":[138,158],"one":[139],"new":[140],"area":[141],"\u2013":[142],"\u201cexternal\u201d":[143],"or":[144],"\u201cinter\u2010organizational":[145],"security\u201d;":[147],"moderately":[150],"information\u2010sensitive":[151,163],"organizations,":[152,164],"\u201cconfidentiality\u201d":[153],"has":[154],"highest":[156],"correlation":[157],"ISM":[159,172,235],"practices;":[160],"highly":[162],"\u201cconfidentiality\u201d,":[165],"\u201caccountability\u201d,":[166],"\u201cintegrity\u201d":[168],"major":[171],"objectives.":[173],"important":[176],"contributor":[177],"\u201caccess":[183],"control\u201d.":[184],"Research":[185],"limitations/implications":[186],"contributes":[189],"domain":[192],"research":[196],"developing":[198],"parsimonious":[200,255],"grounded":[207],"findings":[210,222],"works":[213],"practical":[217],"literature.":[218],"Practical":[219],"implications":[220],"These":[221],"provide":[223],"insights":[224],"business":[226],"managers":[227],"professionals":[231],"attempting":[232],"implement":[234],"programs":[236],"within":[237],"respective":[239],"organizational":[240],"settings.":[241],"Originality/value":[242],"paper":[244],"fulfills":[245],"need":[247],"community":[252],"guidelines":[265],"available":[268],"both":[270],"practice.":[273]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":9},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":10},{"year":2013,"cited_by_count":8},{"year":2012,"cited_by_count":6}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
