{"id":"https://openalex.org/W4386718248","doi":"https://doi.org/10.1108/ics-02-2023-0027","title":"Lost in the middle \u2013 a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)","display_name":"Lost in the middle \u2013 a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)","publication_year":2023,"publication_date":"2023-09-13","ids":{"openalex":"https://openalex.org/W4386718248","doi":"https://doi.org/10.1108/ics-02-2023-0027"},"language":"en","primary_location":{"id":"doi:10.1108/ics-02-2023-0027","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-02-2023-0027","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012377065","display_name":"Richard G. Mathieu","orcid":null},"institutions":[{"id":"https://openalex.org/I200694920","display_name":"Johnson & Wales University","ror":"https://ror.org/03w2cyv53","country_code":"US","type":"education","lineage":["https://openalex.org/I200694920"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Richard G. Mathieu","raw_affiliation_strings":["Johnson and Wales University, Charlotte, North Carolina, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Johnson and Wales University, Charlotte, North Carolina, USA","institution_ids":["https://openalex.org/I200694920"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5092865096","display_name":"Alan E. Turovlin","orcid":null},"institutions":[{"id":"https://openalex.org/I102149020","display_name":"University of North Carolina at Charlotte","ror":"https://ror.org/04dawnj30","country_code":"US","type":"education","lineage":["https://openalex.org/I102149020"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alan E. Turovlin","raw_affiliation_strings":["Business Informations Systems and Operations Management Department, The University of North Carolina at Charlotte, Charlotte, North Carolina, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Business Informations Systems and Operations Management Department, The University of North Carolina at Charlotte, Charlotte, North Carolina, USA","institution_ids":["https://openalex.org/I102149020"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5012377065"],"corresponding_institution_ids":["https://openalex.org/I200694920"],"apc_list":null,"apc_paid":null,"fwci":0.8766,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.79781976,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":"31","issue":"5","first_page":"655","last_page":"674"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9911999702453613,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.681856095790863},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.6576898097991943},{"id":"https://openalex.org/keywords/enterprise-resource-planning","display_name":"Enterprise resource planning","score":0.6565961241722107},{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.5962469577789307},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5874330997467041},{"id":"https://openalex.org/keywords/cart","display_name":"Cart","score":0.4994964599609375},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.47401362657546997},{"id":"https://openalex.org/keywords/categorization","display_name":"Categorization","score":0.43138301372528076},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.3730722665786743},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3625239133834839},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2907898724079132},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.22432982921600342},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.18242371082305908},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1658351719379425},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.10480141639709473}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.681856095790863},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.6576898097991943},{"id":"https://openalex.org/C2777960535","wikidata":"https://www.wikidata.org/wiki/Q131508","display_name":"Enterprise resource planning","level":2,"score":0.6565961241722107},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.5962469577789307},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5874330997467041},{"id":"https://openalex.org/C2777275308","wikidata":"https://www.wikidata.org/wiki/Q234668","display_name":"Cart","level":2,"score":0.4994964599609375},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.47401362657546997},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.43138301372528076},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.3730722665786743},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3625239133834839},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2907898724079132},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.22432982921600342},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.18242371082305908},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1658351719379425},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.10480141639709473},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-02-2023-0027","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-02-2023-0027","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/8","score":0.5099999904632568,"display_name":"Decent work and economic growth"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W136686879","https://openalex.org/W150078352","https://openalex.org/W192142699","https://openalex.org/W1519043595","https://openalex.org/W1557168211","https://openalex.org/W1975213073","https://openalex.org/W1990653630","https://openalex.org/W2015420596","https://openalex.org/W2023458977","https://openalex.org/W2039777473","https://openalex.org/W2081485366","https://openalex.org/W2086949839","https://openalex.org/W2095500266","https://openalex.org/W2100624393","https://openalex.org/W2105779206","https://openalex.org/W2109914336","https://openalex.org/W2113693268","https://openalex.org/W2129308322","https://openalex.org/W2163049969","https://openalex.org/W2164339440","https://openalex.org/W2169594473","https://openalex.org/W2188591201","https://openalex.org/W2207457333","https://openalex.org/W2408473397","https://openalex.org/W2460077413","https://openalex.org/W2511633677","https://openalex.org/W2516920790","https://openalex.org/W2586460471","https://openalex.org/W2616062454","https://openalex.org/W2790023090","https://openalex.org/W2889312421","https://openalex.org/W2918161214","https://openalex.org/W2969540857","https://openalex.org/W3008706722","https://openalex.org/W3046546040","https://openalex.org/W3082191933","https://openalex.org/W3091198691","https://openalex.org/W3105299798","https://openalex.org/W3127950237","https://openalex.org/W3190104128","https://openalex.org/W3213725453","https://openalex.org/W4200161418","https://openalex.org/W4200596777","https://openalex.org/W4206263705","https://openalex.org/W4206609882","https://openalex.org/W4210294208","https://openalex.org/W4210939681","https://openalex.org/W4220844517","https://openalex.org/W4245426947","https://openalex.org/W4281704435","https://openalex.org/W4281961728","https://openalex.org/W4286630230","https://openalex.org/W4293083238","https://openalex.org/W4304128419","https://openalex.org/W4306958323","https://openalex.org/W4306959132"],"related_works":["https://openalex.org/W3193909393","https://openalex.org/W4226229889","https://openalex.org/W2322350723","https://openalex.org/W2106922437","https://openalex.org/W2618011907","https://openalex.org/W2807901368","https://openalex.org/W2158491338","https://openalex.org/W2945144341","https://openalex.org/W2974098477","https://openalex.org/W4244679540"],"abstract_inverted_index":{"Purpose":[0],"Cyber":[1],"risk":[2,67],"has":[3,198,213],"significantly":[4],"increased":[5],"over":[6],"the":[7,69,83,101,131,145,187,190,219],"past":[8],"twenty":[9],"years.":[10],"In":[11],"many":[12],"organizations,":[13],"data":[14],"and":[15,64,106,117,126,136,161,183,197],"operations":[16],"are":[17,167],"managed":[18],"through":[19],"a":[20,46,76,90,115,154,170],"complex":[21],"technology":[22],"stack":[23],"underpinned":[24],"by":[25,40],"an":[26,97],"Enterprise":[27],"Resource":[28],"Planning":[29],"(ERP)":[30],"system":[31],"such":[32],"as":[33],"systemanalyse":[34],"programmentwicklung":[35],"(SAP).":[36],"The":[37,122,150],"ERP":[38,48,84,151],"environment":[39],"itself":[41],"can":[42],"be":[43],"overwhelming":[44,175],"for":[45,82,209],"typical":[47],"Manager,":[49],"coupled":[50],"with":[51],"increasing":[52,66],"cybersecurity":[53,221],"issues":[54],"that":[55],"arise":[56],"creating":[57],"periods":[58],"of":[59,104,124,134,189],"intense":[60,179],"time":[61,180],"pressure,":[62,181],"stress":[63,182],"workload,":[65],"to":[68,74,79,95,100,130,169,174,178,218],"organization.":[70],"This":[71],"paper":[72],"aims":[73],"identify":[75],"pragmatic":[77,91],"approach":[78,92],"prioritize":[80,96],"vulnerabilities":[81,113,166],"Manager.":[85],"Design/methodology/approach":[86],"Applying":[87],"attention-based":[88],"theory,":[89],"is":[93,153,195,204],"developed":[94],"organization\u2019s":[98],"response":[99],"National":[102,109,132,138],"Institute":[103,133],"Standards":[105,135],"Technology":[107],"(NIST)":[108],"Vulnerability":[110,139],"Database":[111,140],"(NVD)":[112],"using":[114],"Classification":[116],"Regression":[118],"Tree":[119],"(CART).":[120],"Findings":[121],"application":[123],"classification":[125],"regression":[127],"tree":[128],"(CART)":[129],"Technology\u2019s":[137],"identifies":[141],"prioritization":[142],"unavailable":[143],"within":[144],"NIST\u2019s":[146],"categorization.":[147],"Practical":[148],"implications":[149],"Manager":[152],"role":[155],"between":[156],"technology,":[157],"functionality,":[158],"centralized":[159],"control":[160],"organization":[162],"data.":[163],"Without":[164],"CART,":[165],"left":[168],"reactive":[171],"approach,":[172],"subject":[173],"situations":[176],"due":[177],"workload.":[184],"Originality/value":[185],"To":[186],"best":[188],"authors\u2019":[191],"knowledge,":[192],"this":[193],"work":[194],"original":[196],"not":[199,215],"been":[200,216],"published":[201],"elsewhere,":[202],"nor":[203],"it":[205],"currently":[206],"under":[207],"consideration":[208],"publication":[210],"elsewhere.":[211],"CART":[212],"previously":[214],"applied":[217],"prioritizing":[220],"vulnerabilities.":[222]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-10-10T00:00:00"}