{"id":"https://openalex.org/W2015633796","doi":"https://doi.org/10.1108/09685221211267648","title":"Identifying linkages between statements in information security policy, procedures and controls","display_name":"Identifying linkages between statements in information security policy, procedures and controls","publication_year":2012,"publication_date":"2012-10-05","ids":{"openalex":"https://openalex.org/W2015633796","doi":"https://doi.org/10.1108/09685221211267648","mag":"2015633796"},"language":"en","primary_location":{"id":"doi:10.1108/09685221211267648","is_oa":false,"landing_page_url":"https://doi.org/10.1108/09685221211267648","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069821461","display_name":"Vinod Pathari","orcid":"https://orcid.org/0000-0002-2601-5265"},"institutions":[{"id":"https://openalex.org/I162827531","display_name":"Indian Institute of Technology Bombay","ror":"https://ror.org/02qyf5152","country_code":"IN","type":"education","lineage":["https://openalex.org/I162827531"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Vinod Pathari","raw_affiliation_strings":["SJM School of Management, IIT Bombay, Mumbai, India","(SJM School of Management, IIT Bombay, Mumbai, India)"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"SJM School of Management, IIT Bombay, Mumbai, India","institution_ids":["https://openalex.org/I162827531"]},{"raw_affiliation_string":"(SJM School of Management, IIT Bombay, Mumbai, India)","institution_ids":["https://openalex.org/I162827531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5043108732","display_name":"Rajendra Sonar","orcid":null},"institutions":[{"id":"https://openalex.org/I162827531","display_name":"Indian Institute of Technology Bombay","ror":"https://ror.org/02qyf5152","country_code":"IN","type":"education","lineage":["https://openalex.org/I162827531"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Rajendra Sonar","raw_affiliation_strings":["SJM School of Management, IIT Bombay, Mumbai, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"SJM School of Management, IIT Bombay, Mumbai, India","institution_ids":["https://openalex.org/I162827531"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I162827531"],"apc_list":null,"apc_paid":null,"fwci":3.6754,"has_fulltext":false,"cited_by_count":23,"citation_normalized_percentile":{"value":0.93512252,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"20","issue":"4","first_page":"264","last_page":"280"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9857000112533569,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6799713373184204},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.6637840867042542},{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.6477542519569397},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.6155112981796265},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.5672590136528015},{"id":"https://openalex.org/keywords/hierarchy","display_name":"Hierarchy","score":0.5389121174812317},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5343813896179199},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.5309041738510132},{"id":"https://openalex.org/keywords/separation-of-duties","display_name":"Separation of duties","score":0.5193027853965759},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.513468325138092},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.4746057391166687},{"id":"https://openalex.org/keywords/centrality","display_name":"Centrality","score":0.4344685673713684},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.41706371307373047},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.37886297702789307},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.35002532601356506},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.34125959873199463},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.2695632874965668},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2631564736366272},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.23107275366783142},{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.10746225714683533},{"id":"https://openalex.org/keywords/marketing","display_name":"Marketing","score":0.1011856198310852}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6799713373184204},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.6637840867042542},{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.6477542519569397},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.6155112981796265},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.5672590136528015},{"id":"https://openalex.org/C31170391","wikidata":"https://www.wikidata.org/wiki/Q188619","display_name":"Hierarchy","level":2,"score":0.5389121174812317},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5343813896179199},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.5309041738510132},{"id":"https://openalex.org/C100587491","wikidata":"https://www.wikidata.org/wiki/Q1474665","display_name":"Separation of duties","level":4,"score":0.5193027853965759},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.513468325138092},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4746057391166687},{"id":"https://openalex.org/C53811970","wikidata":"https://www.wikidata.org/wiki/Q5062194","display_name":"Centrality","level":2,"score":0.4344685673713684},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41706371307373047},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.37886297702789307},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.35002532601356506},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.34125959873199463},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.2695632874965668},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2631564736366272},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.23107275366783142},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.10746225714683533},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.1011856198310852},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C34447519","wikidata":"https://www.wikidata.org/wiki/Q179522","display_name":"Market economy","level":1,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/09685221211267648","is_oa":false,"landing_page_url":"https://doi.org/10.1108/09685221211267648","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6800000071525574,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W35369483","https://openalex.org/W1563399113","https://openalex.org/W1640327256","https://openalex.org/W1667620227","https://openalex.org/W1966669815","https://openalex.org/W1967082215","https://openalex.org/W1967972019","https://openalex.org/W1971937094","https://openalex.org/W1977534227","https://openalex.org/W2008709683","https://openalex.org/W2030495869","https://openalex.org/W2036910349","https://openalex.org/W2038501348","https://openalex.org/W2045522788","https://openalex.org/W2049188895","https://openalex.org/W2067978381","https://openalex.org/W2071674092","https://openalex.org/W2077703048","https://openalex.org/W2087194317","https://openalex.org/W2163094763","https://openalex.org/W2170554716"],"related_works":["https://openalex.org/W2366423890","https://openalex.org/W1528506334","https://openalex.org/W78712225","https://openalex.org/W2145041315","https://openalex.org/W3022883970","https://openalex.org/W2173238669","https://openalex.org/W1993185027","https://openalex.org/W2130339907","https://openalex.org/W2015633796","https://openalex.org/W1564075543"],"abstract_inverted_index":{"Purpose":[0],"The":[1,21,55,102,155,209,229,249,390],"information":[2],"security":[3,47,70,91,227,325,339,347,368,410],"policy":[4,172,298,326,369],"document":[5,327],"of":[6,27,39,46,57,69,85,98,112,142,152,168,170,192,201,225,279,345,373,386,400,409],"an":[7,63,74,99,158,270,312,378,387],"organization":[8],"needs":[9,282],"to":[10,34,61,65,72,88,115,147,220,244,256,264,283,286,302,336,338,349,370,380,403],"be":[11,191,218,245,257,274,284,293,329],"translated":[12],"into":[13,179],"controls":[14,30,321],"and":[15,23,31,49,77,125,139,187,200,322,397,407],"procedures":[16,32],"at":[17,276],"the":[18,29,52,95,105,110,121,137,149,166,207,213,254,277,287,319,323,334,351,363,367,375,382,398,405],"implementation":[19,53,261],"level.":[20],"technical":[22,106],"business":[24],"personnel":[25],"in\u2010charge":[26],"implementing":[28],"need":[33,240,364],"consider":[35],"a":[36,43,67,117,131,143,153,222,303,343,356],"large":[37,223],"number":[38,224],"security\u2010related":[40],"statements":[41,71,86,177,348,411],"from":[42,94],"heterogeneous":[44],"pool":[45],"documentation":[48,97],"decide":[50],"on":[51,136,162,173,183,197,206],"plan.":[54],"purpose":[56],"this":[58,113],"paper":[59],"is":[60,92,355],"propose":[62,377],"approach":[64,160,379],"analyze":[66],"set":[68,84,344],"establish":[73,362],"implicit":[75],"hierarchy":[76],"relative":[78,150,185],"importance":[79,151,194],"among":[80],"them.":[81],"Design/methodology/approach":[82],"A":[83],"relevant":[87],"e\u2010mail":[89],"service":[90,114],"chosen":[93],"classified":[96],"IT":[100],"firm.":[101],"authors":[103,156,376],"contacted":[104],"person":[107],"who":[108],"was":[109],"owner":[111],"obtain":[116],"one\u2010on\u2010one":[118],"comparison":[119],"between":[120,318,353],"policies.":[122],"These":[123],"policies":[124,211,230,252],"their":[126,184,238],"inter\u2010relationships":[127],"are":[128,145,212,232,253,412],"represented":[129],"as":[130,263],"graph.":[132],"Centrality":[133],"measures":[134],"based":[135,161,182],"in":[138,235,332,416],"out":[140],"degrees":[141],"node":[144],"used":[146],"calculate":[148],"policy.":[154],"present":[157],"improved":[159],"DEMATEL,":[163],"which":[164],"considers":[165],"level":[167,278,289],"influence":[169],"one":[171,198],"another.":[174],"Findings":[175],"Security":[176],"fall":[178],"different":[180],"categories":[181],"intensity":[186,408],"nature.":[188],"They":[189],"could":[190,217,292,328],"high":[193],"or":[195,203,311,384],"low":[196],"axis":[199],"driving":[202],"receiving":[204],"nature":[205,406],"other.":[208],"driver":[210,251],"action":[214,271,309],"items":[215],"that":[216,231],"implemented":[219,275,320],"satisfy":[221],"other":[226,242,360],"requirements.":[228],"predominantly":[233],"receiver":[234],"nature,":[236],"for":[237,259,365],"fulfillment,":[239],"many":[241],"requirements":[243],"satisfied.":[246],"Practical":[247],"implications":[248],"intense":[250],"ones":[255],"considered":[258],"immediate":[260],"so":[262],"achieve":[265],"maximum":[266],"benefits.":[267],"If":[268],"such":[269],"item":[272],"cannot":[273],"consideration,":[280],"it":[281,291],"communicated":[285],"appropriate":[288],"where":[290],"addressed":[294],"effectively.":[295],"An":[296],"orphaned":[297],"statement":[299],"can":[300],"indicate":[301],"high\u2010level":[304],"requirement":[305],"left":[306],"without":[307],"any":[308],"plan":[310],"unnecessary":[313],"control.":[314],"Establishing":[315],"clear":[316],"linkages":[317,352],"organization's":[324],"very":[330],"effective":[331,388],"convincing":[333],"employees":[335],"adhere":[337],"practices.":[340],"Originality/value":[341],"Analyzing":[342],"informal":[346],"identify":[350,381],"them":[354],"novel":[357],"idea.":[358],"While":[359],"works":[361],"translating":[366],"lower":[371],"levels":[372],"implementation,":[374],"existence":[383],"absence":[385],"translation.":[389],"graph":[391],"representation":[392],"with":[393],"associated":[394],"centrality":[395],"measures,":[396],"application":[399],"DEMATEL":[401],"technique":[402],"deduce":[404],"not":[413],"yet":[414],"found":[415],"literature.":[417]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":3}],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2025-10-10T00:00:00"}
