{"id":"https://openalex.org/W2948947981","doi":"https://doi.org/10.1108/ics-09-2018-0108","title":"From theory to practice: guidelines for enhancing information security management","display_name":"From theory to practice: guidelines for enhancing information security management","publication_year":2019,"publication_date":"2019-06-03","ids":{"openalex":"https://openalex.org/W2948947981","doi":"https://doi.org/10.1108/ics-09-2018-0108","mag":"2948947981"},"language":"en","primary_location":{"id":"doi:10.1108/ics-09-2018-0108","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-09-2018-0108","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109403512","display_name":"Ioanna Topa","orcid":null},"institutions":[{"id":"https://openalex.org/I98805295","display_name":"University of the Aegean","ror":"https://ror.org/03zsp3p94","country_code":"GR","type":"education","lineage":["https://openalex.org/I98805295"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Ioanna Topa","raw_affiliation_strings":["University of the Aegean, Mytilene, Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of the Aegean, Mytilene, Greece","institution_ids":["https://openalex.org/I98805295"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103142090","display_name":"Maria Karyda","orcid":"https://orcid.org/0000-0001-9402-8570"},"institutions":[{"id":"https://openalex.org/I98805295","display_name":"University of the Aegean","ror":"https://ror.org/03zsp3p94","country_code":"GR","type":"education","lineage":["https://openalex.org/I98805295"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Maria Karyda","raw_affiliation_strings":["University of the Aegean, Mytilene, Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of the Aegean, Mytilene, Greece","institution_ids":["https://openalex.org/I98805295"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.232,"has_fulltext":false,"cited_by_count":33,"citation_normalized_percentile":{"value":0.94755313,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"27","issue":"3","first_page":"326","last_page":"342"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9923999905586243,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/itil-security-management","display_name":"ITIL security management","score":0.8812097311019897},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.8305429816246033},{"id":"https://openalex.org/keywords/information-security-management-system","display_name":"Information security management system","score":0.8044882416725159},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.646078884601593},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6340646147727966},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.5430178046226501},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.5139402747154236},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.47984787821769714},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.42437613010406494},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.37474533915519714},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.363338440656662},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.33621782064437866},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.3108310401439667},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.29607653617858887},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.28647053241729736},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.27563613653182983},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2651991844177246},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.17841383814811707},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.06382477283477783}],"concepts":[{"id":"https://openalex.org/C114351632","wikidata":"https://www.wikidata.org/wiki/Q5974820","display_name":"ITIL security management","level":5,"score":0.8812097311019897},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.8305429816246033},{"id":"https://openalex.org/C111153917","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management system","level":5,"score":0.8044882416725159},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.646078884601593},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6340646147727966},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.5430178046226501},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.5139402747154236},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.47984787821769714},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.42437613010406494},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.37474533915519714},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.363338440656662},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.33621782064437866},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3108310401439667},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.29607653617858887},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.28647053241729736},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.27563613653182983},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2651991844177246},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.17841383814811707},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.06382477283477783},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-09-2018-0108","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-09-2018-0108","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W60643473","https://openalex.org/W1485200701","https://openalex.org/W1489771250","https://openalex.org/W1602619638","https://openalex.org/W1607912078","https://openalex.org/W1777481936","https://openalex.org/W1901676853","https://openalex.org/W1903013269","https://openalex.org/W1970809283","https://openalex.org/W1971422931","https://openalex.org/W1987381312","https://openalex.org/W1989210507","https://openalex.org/W1997836764","https://openalex.org/W1998102636","https://openalex.org/W2000891179","https://openalex.org/W2007409322","https://openalex.org/W2010902645","https://openalex.org/W2017836055","https://openalex.org/W2018125809","https://openalex.org/W2021464460","https://openalex.org/W2029536274","https://openalex.org/W2033213440","https://openalex.org/W2058640412","https://openalex.org/W2076538849","https://openalex.org/W2078076646","https://openalex.org/W2081526168","https://openalex.org/W2085901425","https://openalex.org/W2091418534","https://openalex.org/W2105992541","https://openalex.org/W2107557415","https://openalex.org/W2126826472","https://openalex.org/W2137510760","https://openalex.org/W2147577685","https://openalex.org/W2153462231","https://openalex.org/W2156438052","https://openalex.org/W2170554716","https://openalex.org/W2181301463","https://openalex.org/W2337703333","https://openalex.org/W2522954953"],"related_works":["https://openalex.org/W578019356","https://openalex.org/W2003676537","https://openalex.org/W2948947981","https://openalex.org/W2483557577","https://openalex.org/W1982946593","https://openalex.org/W40842196","https://openalex.org/W203815982","https://openalex.org/W2000891179","https://openalex.org/W2609802486","https://openalex.org/W2066297175"],"abstract_inverted_index":{"Purpose":[0],"This":[1,188,220],"study":[2,189,221],"aims":[3],"to":[4,15,69,155,171,194,215],"identify":[5,54,87],"the":[6,31,52,97,104,107,121,131,150,162,167,182,223],"implications":[7,98,187,226],"of":[8,49,74,99,158,164,227,243],"security":[9,13,25,35,59,78,100,114,124,134,172,177,198,228,247,260],"behaviour":[10,60,101,125,229],"determinants":[11,102],"for":[12],"management":[14,26,115,144,178,199,261],"propose":[16],"respective":[17],"guidelines":[18,110,170,191,257],"which":[19,111],"can":[20,112],"be":[21],"integrated":[22],"with":[23],"current":[24],"practices,":[27],"including":[28,142],"those":[29],"following":[30],"widely":[32,75],"adopted":[33,76],"information":[34,77,133,246],"standards":[36,79,135,204,248],"ISO":[37,80,132,136,184,203,207,209,211],"27001,":[38,81,137,206,250],"27002,":[39,82,138,208,251],"27003":[40,83,139,252],"and":[41,61,84,86,103,140,160,196,225,233,253,255],"27005.":[42],"Design/methodology/approach":[43],"Based":[44],"on":[45,96,174,192,258],"an":[46],"exhaustive":[47],"analysis":[48,73,242],"related":[50,237],"literature,":[51,238],"authors":[53,65,108,119,168],"critical":[55],"factors":[56,68,122],"influencing":[57],"employee":[58],"ISP":[62,217,265],"compliance.":[63,165,218,266],"The":[64,118],"use":[66],"these":[67],"perform":[70],"a":[71,240],"gap":[72,241],"27005":[85],"issues":[88],"not":[89],"covered":[90],"or":[91,127],"only":[92],"partially":[93],"addressed.":[94],"Drawing":[95],"identified":[105],"gaps,":[106],"provide":[109,169],"enhance":[113,216],"practices.":[116],"Findings":[117],"uncover":[120],"shaping":[123],"barely":[126],"partly":[128],"considered":[129],"in":[130,236],"27005,":[141],"top":[143],"participation,":[145],"accommodating":[146],"individual":[147],"characteristics,":[148],"embracing":[149],"cultural":[151],"context,":[152],"encouraging":[153],"employees":[154],"comply":[156],"out":[157],"habit":[159],"considering":[161],"cost":[163],"Furthermore,":[166],"managers":[173],"enhancing":[175,259],"their":[176],"practices":[179,200,262],"when":[180],"implementing":[181,202],"above":[183],"Standards.":[185],"Practical":[186],"offers":[190],"how":[193],"create":[195],"design":[197],"whilst":[201],"(ISO":[205,249],"27003,":[210],"27005)":[212,254],"so":[213],"as":[214],"Originality/value":[219],"analyses":[222],"role":[224],"determinants,":[230],"discusses":[231],"discrepancies":[232],"conflicting":[234],"findings":[235],"provides":[239],"commonly":[244],"used":[245],"proposes":[256],"towards":[263],"improving":[264]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}