{"id":"https://openalex.org/W4387321118","doi":"https://doi.org/10.1108/ics-07-2023-0116","title":"Determining cybersecurity culture maturity and deriving verifiable improvement measures","display_name":"Determining cybersecurity culture maturity and deriving verifiable improvement measures","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387321118","doi":"https://doi.org/10.1108/ics-07-2023-0116"},"language":"en","primary_location":{"id":"doi:10.1108/ics-07-2023-0116","is_oa":true,"landing_page_url":"https://doi.org/10.1108/ics-07-2023-0116","pdf_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-07-2023-0116/full/pdf?title=determining-cybersecurity-culture-maturity-and-deriving-verifiable-improvement-measures","source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-07-2023-0116/full/pdf?title=determining-cybersecurity-culture-maturity-and-deriving-verifiable-improvement-measures","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071478822","display_name":"Peter Dornheim","orcid":null},"institutions":[{"id":"https://openalex.org/I205892228","display_name":"Berlin School of Economics and Law","ror":"https://ror.org/03rkmps36","country_code":"DE","type":"education","lineage":["https://openalex.org/I205892228"]},{"id":"https://openalex.org/I4577782","display_name":"Technische Universit\u00e4t Berlin","ror":"https://ror.org/03v4gjf40","country_code":"DE","type":"education","lineage":["https://openalex.org/I4577782"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Peter Dornheim","raw_affiliation_strings":["Faculty for Economics and Management, Technische Universitt Berlin, Berlin, Germany","Faculty for Economics and Management, Technische Universit\u00e4t Berlin, Berlin, Germany"],"affiliations":[{"raw_affiliation_string":"Faculty for Economics and Management, Technische Universitt Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I4577782","https://openalex.org/I205892228"]},{"raw_affiliation_string":"Faculty for Economics and Management, Technische Universit\u00e4t Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I4577782"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041821350","display_name":"R\u00fcdiger Zarnekow","orcid":"https://orcid.org/0000-0001-6826-8853"},"institutions":[{"id":"https://openalex.org/I205892228","display_name":"Berlin School of Economics and Law","ror":"https://ror.org/03rkmps36","country_code":"DE","type":"education","lineage":["https://openalex.org/I205892228"]},{"id":"https://openalex.org/I4577782","display_name":"Technische Universit\u00e4t Berlin","ror":"https://ror.org/03v4gjf40","country_code":"DE","type":"education","lineage":["https://openalex.org/I4577782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ruediger Zarnekow","raw_affiliation_strings":["Faculty for Economics and Management, Technische Universitt Berlin, Berlin, Germany","Faculty for Economics and Management, Technische Universit\u00e4t Berlin, Berlin, Germany"],"affiliations":[{"raw_affiliation_string":"Faculty for Economics and Management, Technische Universitt Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I4577782","https://openalex.org/I205892228"]},{"raw_affiliation_string":"Faculty for Economics and Management, Technische Universit\u00e4t Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I4577782"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5071478822"],"corresponding_institution_ids":["https://openalex.org/I205892228","https://openalex.org/I4577782"],"apc_list":null,"apc_paid":null,"fwci":7.6378,"has_fulltext":true,"cited_by_count":17,"citation_normalized_percentile":{"value":0.9732433,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"32","issue":"2","first_page":"179","last_page":"196"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12221","display_name":"Cybersecurity and Cyber Warfare Studies","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/3320","display_name":"Political Science and International Relations"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7011792659759521},{"id":"https://openalex.org/keywords/maturity","display_name":"Maturity (psychological)","score":0.6754642724990845},{"id":"https://openalex.org/keywords/accountability","display_name":"Accountability","score":0.5948194861412048},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.576328694820404},{"id":"https://openalex.org/keywords/capability-maturity-model","display_name":"Capability Maturity Model","score":0.5438476204872131},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5187326073646545},{"id":"https://openalex.org/keywords/originality","display_name":"Originality","score":0.512050211429596},{"id":"https://openalex.org/keywords/data-breach","display_name":"Data breach","score":0.4100061058998108},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.22513100504875183},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.11410543322563171},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.1024085283279419}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7011792659759521},{"id":"https://openalex.org/C101433766","wikidata":"https://www.wikidata.org/wiki/Q3543263","display_name":"Maturity (psychological)","level":2,"score":0.6754642724990845},{"id":"https://openalex.org/C2776007630","wikidata":"https://www.wikidata.org/wiki/Q2798912","display_name":"Accountability","level":2,"score":0.5948194861412048},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.576328694820404},{"id":"https://openalex.org/C85890633","wikidata":"https://www.wikidata.org/wiki/Q929673","display_name":"Capability Maturity Model","level":3,"score":0.5438476204872131},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5187326073646545},{"id":"https://openalex.org/C2776950860","wikidata":"https://www.wikidata.org/wiki/Q2914681","display_name":"Originality","level":3,"score":0.512050211429596},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.4100061058998108},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.22513100504875183},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.11410543322563171},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.1024085283279419},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C11012388","wikidata":"https://www.wikidata.org/wiki/Q170658","display_name":"Creativity","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-07-2023-0116","is_oa":true,"landing_page_url":"https://doi.org/10.1108/ics-07-2023-0116","pdf_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-07-2023-0116/full/pdf?title=determining-cybersecurity-culture-maturity-and-deriving-verifiable-improvement-measures","source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1108/ics-07-2023-0116","is_oa":true,"landing_page_url":"https://doi.org/10.1108/ics-07-2023-0116","pdf_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-07-2023-0116/full/pdf?title=determining-cybersecurity-culture-maturity-and-deriving-verifiable-improvement-measures","source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.44999998807907104,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387321118.pdf","grobid_xml":"https://content.openalex.org/works/W4387321118.grobid-xml"},"referenced_works_count":19,"referenced_works":["https://openalex.org/W1736209534","https://openalex.org/W2008556210","https://openalex.org/W2082765746","https://openalex.org/W2088489410","https://openalex.org/W2149739119","https://openalex.org/W2568632554","https://openalex.org/W2786705330","https://openalex.org/W2895033590","https://openalex.org/W2901197445","https://openalex.org/W2947292565","https://openalex.org/W2973076405","https://openalex.org/W2978293247","https://openalex.org/W2980440708","https://openalex.org/W3059467696","https://openalex.org/W3177310074","https://openalex.org/W3212047750","https://openalex.org/W4229009559","https://openalex.org/W4283022488","https://openalex.org/W4292940448"],"related_works":["https://openalex.org/W4283172224","https://openalex.org/W2992877076","https://openalex.org/W2563825355","https://openalex.org/W4382725623","https://openalex.org/W2888066950","https://openalex.org/W3217511980","https://openalex.org/W2806063704","https://openalex.org/W4384822944","https://openalex.org/W2886478029","https://openalex.org/W2912268755"],"abstract_inverted_index":{"Purpose":[0],"The":[1,155],"human":[2,16],"factor":[3,17],"is":[4,48,195],"the":[5,15,33,66,81,92,96,103,150,153,162,174],"most":[6],"important":[7],"defense":[8],"asset":[9],"against":[10],"cyberattacks.":[11],"To":[12],"ensure":[13],"that":[14,135,178,188],"stays":[18],"strong,":[19],"a":[20,29,70,86,203],"cybersecurity":[21,40,67,93,109,115,117,119,123,136,165,167,170,192,222],"culture":[22,41,68,94,110,137,193],"must":[23],"be":[24,60,140],"established":[25,57],"and":[26,35,64,95,121,129,142,169,211,221],"cultivated":[27],"in":[28,80],"company":[30,89],"to":[31,53,62,90,107,112,202,215,219],"guide":[32],"attitudes":[34],"behaviors":[36],"of":[37,69,85,152,164,191],"employees.":[38],"Many":[39],"frameworks":[42,194],"exist;":[43],"however,":[44],"their":[45],"practical":[46,189,212],"application":[47,190,213],"difficult.":[49],"This":[50,185],"paper":[51,186],"aims":[52],"demonstrate":[54,134],"how":[55],"an":[56],"framework":[58],"can":[59,139],"applied":[61,97],"determine":[63],"improve":[65],"company.":[71],"Design/methodology/approach":[72],"Two":[73],"surveys":[74,101],"were":[75],"conducted":[76],"within":[77],"eight":[78],"months":[79],"internal":[82],"IT":[83],"department":[84],"global":[87],"software":[88],"analyze":[91],"improvement":[98],"measures.":[99],"Both":[100],"comprised":[102],"same":[104],"23":[105],"questions":[106],"measure":[108],"according":[111],"six":[113],"dimensions:":[114],"accountability,":[116,166],"commitment,":[118],"necessity":[120],"importance,":[122],"policy":[124,171],"effectiveness,":[125,172],"information":[126],"usage":[127],"perception":[128],"management":[130],"buy-in.":[131],"Findings":[132],"Results":[133],"maturity":[138],"determined":[141],"improved":[143],"if":[144,197],"accurate":[145],"measures":[146],"are":[147,199],"derived":[148],"from":[149],"results":[151],"survey.":[154],"first":[156],"survey":[157,176],"showed":[158],"potential":[159],"for":[160],"improving":[161],"dimensions":[163,180],"commitment":[168],"while":[173],"second":[175],"proved":[177],"these":[179],"have":[181],"been":[182],"improved.":[183],"Originality/value":[184],"proves":[187],"possible":[196],"they":[198],"appropriately":[200],"tailored":[201],"given":[204],"organization.":[205],"In":[206],"this":[207],"regard,":[208],"scientific":[209],"research":[210],"combine":[214],"offer":[216],"real":[217],"value":[218],"researchers":[220],"executives.":[223]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-10-10T00:00:00"}