{"id":"https://openalex.org/W2419134065","doi":"https://doi.org/10.1108/ics-01-2016-0006","title":"An information security risk-driven investment model for analysing human factors","display_name":"An information security risk-driven investment model for analysing human factors","publication_year":2016,"publication_date":"2016-06-13","ids":{"openalex":"https://openalex.org/W2419134065","doi":"https://doi.org/10.1108/ics-01-2016-0006","mag":"2419134065"},"language":"en","primary_location":{"id":"doi:10.1108/ics-01-2016-0006","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-01-2016-0006","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://research.brighton.ac.uk/en/publications/39585ed4-c0a1-4d8e-b5ce-cf6dd8e8a712","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049812324","display_name":"Reza Alavi","orcid":null},"institutions":[{"id":"https://openalex.org/I157227730","display_name":"University of East London","ror":"https://ror.org/057jrqr44","country_code":"GB","type":"education","lineage":["https://openalex.org/I157227730"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Reza Alavi","raw_affiliation_strings":["University of East London, London, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of East London, London, UK","institution_ids":["https://openalex.org/I157227730"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058734055","display_name":"Shareeful Islam","orcid":"https://orcid.org/0000-0003-0885-1881"},"institutions":[{"id":"https://openalex.org/I157227730","display_name":"University of East London","ror":"https://ror.org/057jrqr44","country_code":"GB","type":"education","lineage":["https://openalex.org/I157227730"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Shareeful Islam","raw_affiliation_strings":["University of East London, London, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of East London, London, UK","institution_ids":["https://openalex.org/I157227730"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014613493","display_name":"Haralambos Mouratidis","orcid":"https://orcid.org/0000-0002-2599-0712"},"institutions":[{"id":"https://openalex.org/I71637028","display_name":"University of Brighton","ror":"https://ror.org/04kp2b655","country_code":"GB","type":"education","lineage":["https://openalex.org/I71637028"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Haralambos Mouratidis","raw_affiliation_strings":["University of Brighton, Brighton, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Brighton, Brighton, UK","institution_ids":["https://openalex.org/I71637028"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5049812324"],"corresponding_institution_ids":["https://openalex.org/I157227730"],"apc_list":null,"apc_paid":null,"fwci":4.8313,"has_fulltext":false,"cited_by_count":36,"citation_normalized_percentile":{"value":0.95199047,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":"24","issue":"2","first_page":"205","last_page":"227"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9919999837875366,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9900000095367432,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.7565876841545105},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.621679961681366},{"id":"https://openalex.org/keywords/investment","display_name":"Investment (military)","score":0.5830345749855042},{"id":"https://openalex.org/keywords/sort","display_name":"sort","score":0.5491287708282471},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5467414855957031},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.43404728174209595},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.3845193386077881},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.37070271372795105},{"id":"https://openalex.org/keywords/management-science","display_name":"Management science","score":0.3419727683067322},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.338212251663208},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.28387928009033203},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.2311059534549713}],"concepts":[{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.7565876841545105},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.621679961681366},{"id":"https://openalex.org/C27548731","wikidata":"https://www.wikidata.org/wiki/Q88272","display_name":"Investment (military)","level":3,"score":0.5830345749855042},{"id":"https://openalex.org/C88548561","wikidata":"https://www.wikidata.org/wiki/Q347599","display_name":"sort","level":2,"score":0.5491287708282471},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5467414855957031},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.43404728174209595},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3845193386077881},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.37070271372795105},{"id":"https://openalex.org/C539667460","wikidata":"https://www.wikidata.org/wiki/Q2414942","display_name":"Management science","level":1,"score":0.3419727683067322},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.338212251663208},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28387928009033203},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2311059534549713},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C94625758","wikidata":"https://www.wikidata.org/wiki/Q7163","display_name":"Politics","level":2,"score":0.0},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1108/ics-01-2016-0006","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-01-2016-0006","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},{"id":"pmh:oai:pure.atira.dk:openaire/39585ed4-c0a1-4d8e-b5ce-cf6dd8e8a712","is_oa":true,"landing_page_url":"https://research.brighton.ac.uk/en/publications/39585ed4-c0a1-4d8e-b5ce-cf6dd8e8a712","pdf_url":null,"source":{"id":"https://openalex.org/S4306401758","display_name":"University of Brighton Repository (University of Brighton)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I71637028","host_organization_name":"University of Brighton","host_organization_lineage":["https://openalex.org/I71637028"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Alavi, R, Islam, S & Mouratidis, H 2016, 'An information security risk-driven investment model for analysing human factors', Information Management and Computer Security, vol. 24, no. 2, pp. 205-227. https://doi.org/10.1108/ICS-01-2016-0006","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:roar.uel.ac.uk:5627","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306400937","display_name":"ROAR (University of East London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I157227730","host_organization_name":"University of East London","host_organization_lineage":["https://openalex.org/I157227730"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"","raw_type":"Article"}],"best_oa_location":{"id":"pmh:oai:pure.atira.dk:openaire/39585ed4-c0a1-4d8e-b5ce-cf6dd8e8a712","is_oa":true,"landing_page_url":"https://research.brighton.ac.uk/en/publications/39585ed4-c0a1-4d8e-b5ce-cf6dd8e8a712","pdf_url":null,"source":{"id":"https://openalex.org/S4306401758","display_name":"University of Brighton Repository (University of Brighton)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I71637028","host_organization_name":"University of Brighton","host_organization_lineage":["https://openalex.org/I71637028"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Alavi, R, Islam, S & Mouratidis, H 2016, 'An information security risk-driven investment model for analysing human factors', Information Management and Computer Security, vol. 24, no. 2, pp. 205-227. https://doi.org/10.1108/ICS-01-2016-0006","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[{"score":0.7400000095367432,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W38876016","https://openalex.org/W315231380","https://openalex.org/W434366332","https://openalex.org/W628029179","https://openalex.org/W1592063330","https://openalex.org/W1963879048","https://openalex.org/W1970249404","https://openalex.org/W1970570389","https://openalex.org/W1977755513","https://openalex.org/W1993957541","https://openalex.org/W1995120430","https://openalex.org/W1996509220","https://openalex.org/W1996579245","https://openalex.org/W1999104069","https://openalex.org/W2002873375","https://openalex.org/W2011903900","https://openalex.org/W2013970953","https://openalex.org/W2031920777","https://openalex.org/W2076589653","https://openalex.org/W2085249578","https://openalex.org/W2091200708","https://openalex.org/W2165785311","https://openalex.org/W2255978900","https://openalex.org/W2335888457","https://openalex.org/W2798788768"],"related_works":["https://openalex.org/W2361805396","https://openalex.org/W2972254340","https://openalex.org/W2022231341","https://openalex.org/W2373973507","https://openalex.org/W2351154965","https://openalex.org/W2357579988","https://openalex.org/W1805912688","https://openalex.org/W2041503010","https://openalex.org/W2389484049","https://openalex.org/W4380231980"],"abstract_inverted_index":{"Purpose":[0],"The":[1,33,150,269,320],"purpose":[2],"of":[3,36,44,63,66,73,137,180,184,198,209,212,223,267,271,323,343],"this":[4,102,185,242,324],"paper":[5],"is":[6,187,276,326],"to":[7,23,29,58,93,100,156,169,200,203,256,314,327],"introduce":[8],"a":[9,85,158,236,264,273,291],"risk-driven":[10,119,232],"investment":[11,120,165,233,283],"process":[12,87,107,152],"model":[13,121,154,186,234],"for":[14,84,281,299],"analysing":[15],"human":[16,114,213,261,331],"factors":[17,262,332],"that":[18,50,126,188,241,295],"allows":[19,167],"information":[20,38,74,230,285],"security":[21,39,75,231,345],"managers":[22],"capture":[24],"possible":[25],"risk\u2013investment":[26],"relationships":[27],"and":[28,47,108,139,145,153,164,166,247,253,279,302,340,346],"reason":[30,109],"about":[31,110],"them.":[32,60],"overall":[34],"success":[35],"an":[37,89,338],"system":[40],"depends":[41],"on":[42,173],"analysis":[43,65],"the":[45,106,111,124,128,135,181,204,210,220,224,229,257,308],"risks":[46,67,112],"threats":[48],"so":[49],"appropriate":[51,64,90],"protection":[52],"mechanism":[53],"can":[54,243],"be":[55,201],"in":[56,71,235,250,284,337],"place":[57],"protect":[59],"However,":[61],"lack":[62],"may":[68],"potentially":[69],"results":[70],"failure":[72],"systems.":[76],"Existing":[77],"literature":[78],"does":[79,216],"not":[80,217],"provide":[81],"adequate":[82],"guidelines":[83],"systematic":[86],"or":[88],"modelling":[91],"language":[92],"support":[94,127],"such":[95],"analysis.":[96],"This":[97,194,305],"work":[98,325],"aims":[99],"fill":[101],"gap":[103],"by":[104,311],"introducing":[105],"considering":[113],"factors.":[115,225],"Design/methodology/approach":[116],"To":[117],"develop":[118],"along":[122],"with":[123],"activities":[125],"process.":[129,304],"These":[130],"objectives":[131],"were":[132],"achieved":[133],"through":[134],"collection":[136],"quantitative":[138],"qualitative":[140],"data":[141,317],"utilising":[142],"requirements":[143],"engineering":[144],"secure":[146],"tropos":[147],"methods.":[148],"Findings":[149],"proposed":[151],"lead":[155,298],"define":[157],"clear":[159],"relationship":[160],"between":[161],"risks,":[162],"incidents":[163,258],"organisations":[168,245],"calculate":[170],"them":[171],"based":[172],"their":[174,316],"own":[175],"figures.":[176],"Research":[177],"limitations/implications":[178],"One":[179],"major":[182],"limitations":[183],"it":[189,249],"only":[190],"supports":[191],"incident-based":[192],"investment.":[193,347],"creates":[195],"some":[196],"sort":[197],"difficulties":[199],"presented":[202],"executive":[205],"board.":[206],"Secondly,":[207],"because":[208],"nature":[211],"factors,":[214],"quantification":[215],"exactly":[218],"reflect":[219],"monetary":[221],"value":[222],"Practical":[226],"implications":[227,288],"Applying":[228],"real":[237],"case":[238],"study":[239],"shows":[240],"help":[244],"apply":[246],"use":[248],"other":[251],"incidents,":[252],"more":[254],"importantly,":[255],"which":[259,333],"critical":[260,330],"are":[263],"grave":[265],"concern":[266],"organisations.":[268],"importance":[270],"providing":[272],"financial":[274],"justification":[275],"clearly":[277],"highlighted":[278],"provided":[280],"seeking":[282],"security.":[286],"Social":[287],"It":[289],"has":[290],"big":[292],"social":[293],"impact":[294,307],"technically":[296],"could":[297],"cost":[300],"justifications":[301],"decision-making":[303],"would":[306],"whole":[309],"society":[310],"helping":[312],"individuals":[313],"keep":[315],"safe.":[318],"Originality/value":[319],"novel":[321],"contribution":[322],"analyse":[328],"specific":[329],"have":[334],"subjective":[335],"natures":[336],"objective":[339],"dynamic":[341],"domain":[342],"risk,":[344]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":2}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}