{"id":"https://openalex.org/W2535609820","doi":"https://doi.org/10.1108/ics-09-2015-0041","title":"Explaining small business InfoSec posture using social theories","display_name":"Explaining small business InfoSec posture using social theories","publication_year":2016,"publication_date":"2016-11-14","ids":{"openalex":"https://openalex.org/W2535609820","doi":"https://doi.org/10.1108/ics-09-2015-0041","mag":"2535609820"},"language":"en","primary_location":{"id":"doi:10.1108/ics-09-2015-0041","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-09-2015-0041","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030181857","display_name":"Eli Rohn","orcid":"https://orcid.org/0000-0003-4341-4142"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"Eli Rohn","raw_affiliation_strings":["Department of Information Systems Engineering, Ben Gurion University of the Negev, Beersheba, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Systems Engineering, Ben Gurion University of the Negev, Beersheba, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018361338","display_name":"Gilad Sabari","orcid":null},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Gilad Sabari","raw_affiliation_strings":["Department of Information Systems Engineering, Ben Gurion University of the Negev, Beersheba, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Systems Engineering, Ben Gurion University of the Negev, Beersheba, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5052117919","display_name":"Guy Leshem","orcid":null},"institutions":[{"id":"https://openalex.org/I154488051","display_name":"Ashkelon Academic College","ror":"https://ror.org/00sfwx025","country_code":"IL","type":"education","lineage":["https://openalex.org/I154488051"]},{"id":"https://openalex.org/I72373871","display_name":"Achva Academic College","ror":"https://ror.org/024hcay96","country_code":"IL","type":"education","lineage":["https://openalex.org/I72373871"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Guy Leshem","raw_affiliation_strings":["Department of Computer Science, Ashqelon Academic College, Ashqelon, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Ashqelon Academic College, Ashqelon, Israel","institution_ids":["https://openalex.org/I154488051","https://openalex.org/I72373871"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5030181857"],"corresponding_institution_ids":["https://openalex.org/I124227911"],"apc_list":null,"apc_paid":null,"fwci":7.592,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.97187461,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"24","issue":"5","first_page":"534","last_page":"556"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9945999979972839,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6310404539108276},{"id":"https://openalex.org/keywords/interview","display_name":"Interview","score":0.5853905081748962},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.551701545715332},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.5402822494506836},{"id":"https://openalex.org/keywords/grounded-theory","display_name":"Grounded theory","score":0.5391405820846558},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.5227784514427185},{"id":"https://openalex.org/keywords/cobit","display_name":"COBIT","score":0.5054111480712891},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.49559247493743896},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.4821419417858124},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.38995257019996643},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.3519629240036011},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.33703988790512085},{"id":"https://openalex.org/keywords/qualitative-research","display_name":"Qualitative research","score":0.3033578395843506},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.2703365087509155},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2692548632621765},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.23101630806922913},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.18089690804481506},{"id":"https://openalex.org/keywords/sociology","display_name":"Sociology","score":0.13257083296775818}],"concepts":[{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6310404539108276},{"id":"https://openalex.org/C24845683","wikidata":"https://www.wikidata.org/wiki/Q178651","display_name":"Interview","level":2,"score":0.5853905081748962},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.551701545715332},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.5402822494506836},{"id":"https://openalex.org/C156325361","wikidata":"https://www.wikidata.org/wiki/Q1152864","display_name":"Grounded theory","level":3,"score":0.5391405820846558},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.5227784514427185},{"id":"https://openalex.org/C2776723946","wikidata":"https://www.wikidata.org/wiki/Q544025","display_name":"COBIT","level":3,"score":0.5054111480712891},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.49559247493743896},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.4821419417858124},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.38995257019996643},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3519629240036011},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.33703988790512085},{"id":"https://openalex.org/C190248442","wikidata":"https://www.wikidata.org/wiki/Q839486","display_name":"Qualitative research","level":2,"score":0.3033578395843506},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.2703365087509155},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2692548632621765},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.23101630806922913},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.18089690804481506},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.13257083296775818},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C19165224","wikidata":"https://www.wikidata.org/wiki/Q23404","display_name":"Anthropology","level":1,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.0},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-09-2015-0041","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-09-2015-0041","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5799999833106995,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W107598005","https://openalex.org/W1595738880","https://openalex.org/W1903013269","https://openalex.org/W1964165805","https://openalex.org/W1965991535","https://openalex.org/W1986304022","https://openalex.org/W2007130490","https://openalex.org/W2007409322","https://openalex.org/W2014071948","https://openalex.org/W2016274652","https://openalex.org/W2038889476","https://openalex.org/W2039615995","https://openalex.org/W2045993917","https://openalex.org/W2050618934","https://openalex.org/W2063141940","https://openalex.org/W2066978993","https://openalex.org/W2069700160","https://openalex.org/W2070907750","https://openalex.org/W2073220979","https://openalex.org/W2077966063","https://openalex.org/W2083543258","https://openalex.org/W2110955866","https://openalex.org/W2119587968","https://openalex.org/W2120492617","https://openalex.org/W2132726456","https://openalex.org/W2133469585","https://openalex.org/W2141678062","https://openalex.org/W2153193315","https://openalex.org/W2156565637","https://openalex.org/W2157300266","https://openalex.org/W2170899042","https://openalex.org/W2191972067","https://openalex.org/W2503386675","https://openalex.org/W2796585648","https://openalex.org/W2900744207","https://openalex.org/W3011865677","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W2604745674","https://openalex.org/W2584162156","https://openalex.org/W3048038405","https://openalex.org/W2741061559","https://openalex.org/W107025203","https://openalex.org/W3005750480","https://openalex.org/W4386208045","https://openalex.org/W2901339057","https://openalex.org/W2049188895","https://openalex.org/W2311009932"],"abstract_inverted_index":{"Purpose":[0],"This":[1,143],"study":[2,23],"aims":[3],"to":[4,129,138,147,153,171,204,233],"investigate":[5],"information":[6,20,40,139,144,155,168],"technology":[7],"security":[8,21,41,156,176,237],"practices":[9,235],"of":[10,82,96,132,236],"very":[11],"small":[12,122,164],"enterprises.":[13],"Design/methodology/approach":[14],"The":[15,48,64,108],"authors":[16,37,49,65,198],"perform":[17,44],"a":[18,25],"formal":[19],"field":[22,191,201],"using":[24,61,68],"representative":[26],"sample.":[27],"Using":[28],"the":[29,36,54,69,74,84,97,113,197,200],"Control":[30],"Objectives":[31],"for":[32],"IT":[33],"(COBIT)":[34],"framework,":[35],"evaluate":[38],"67":[39],"controls":[42,85,98],"and":[43,56,73,90,112,160,163,169,181,207,217,221,229],"206":[45],"related":[46],"tests.":[47],"state":[50],"six":[51],"hypotheses":[52],"about":[53],"findings":[55,67],"accept":[57],"or":[58,102],"reject":[59],"those":[60],"inferential":[62],"statistics.":[63],"explain":[66,118],"social":[70,109],"comparison":[71,110],"theory":[72,111,117],"rare":[75,114],"events":[76,115],"bias":[77,116],"theory.":[78],"Findings":[79],"Only":[80],"one-third":[81],"all":[83],"examined":[86],"were":[87,99],"designed":[88],"properly":[89],"operated":[91],"as":[92,106,226],"expected.":[93],"About":[94],"half":[95],"either":[100],"ill-designed":[101],"did":[103],"not":[104],"operate":[105],"intended.":[107],"managers\u2019s":[119],"reliance":[120],"on":[121,158],"experience":[123],"samples":[124],"which":[125,136],"in":[126,231],"turn":[127],"leads":[128],"erroneous":[130],"comprehension":[131],"their":[133,172],"business":[134,165],"environment,":[135],"relates":[137],"security.":[140],"Practical":[141],"implications":[142],"is":[145],"valuable":[146],"executive":[148],"branch":[149],"policy":[150],"makers":[151],"striving":[152],"reduce":[154],"vulnerability":[157],"local":[159],"national":[161],"levels":[162],"organizations":[166],"providing":[167],"advice":[170],"members.":[173],"Originality/value":[174],"Information":[175],"surveys":[177],"are":[178,187],"usually":[179],"over-optimistic":[180],"avoid":[182],"self-incrimination,":[183],"yielding":[184],"results":[185],"that":[186],"less":[188],"accurate":[189],"than":[190],"work.":[192],"To":[193],"obtain":[194],"grounded":[195],"facts,":[196],"used":[199],"research":[202],"approach":[203],"gather":[205],"qualitative":[206],"quantitative":[208],"data":[209],"by":[210],"physically":[211],"visiting":[212],"active":[213],"organizations,":[214],"interviewing":[215],"managers":[216],"staff,":[218],"observing":[219],"processes":[220],"reviewing":[222],"written":[223],"materials":[224],"such":[225],"policies,":[227],"procedure":[228],"logs,":[230],"accordance":[232],"common":[234],"audits.":[238]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":10}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}