{"id":"https://openalex.org/W4319723630","doi":"https://doi.org/10.1108/ics-10-2022-0160","title":"Policy components \u2013 a conceptual model for modularizing and tailoring of information security policies","display_name":"Policy components \u2013 a conceptual model for modularizing and tailoring of information security policies","publication_year":2023,"publication_date":"2023-02-09","ids":{"openalex":"https://openalex.org/W4319723630","doi":"https://doi.org/10.1108/ics-10-2022-0160"},"language":"en","primary_location":{"id":"doi:10.1108/ics-10-2022-0160","is_oa":true,"landing_page_url":"https://doi.org/10.1108/ics-10-2022-0160","pdf_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-10-2022-0160/full/pdf?title=policy-components-a-conceptual-model-for-modularizing-and-tailoring-of-information-security-policies","source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-10-2022-0160/full/pdf?title=policy-components-a-conceptual-model-for-modularizing-and-tailoring-of-information-security-policies","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107898170","display_name":"Elham Rostami","orcid":null},"institutions":[{"id":"https://openalex.org/I26437253","display_name":"\u00d6rebro University","ror":"https://ror.org/05kytsw45","country_code":"SE","type":"education","lineage":["https://openalex.org/I26437253"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Elham Rostami","raw_affiliation_strings":["Department of Informatics, rebro University, rebro, Sweden","Department of Informatics, \u00d6rebro University, \u00d6rebro, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, rebro University, rebro, Sweden","institution_ids":["https://openalex.org/I26437253"]},{"raw_affiliation_string":"Department of Informatics, \u00d6rebro University, \u00d6rebro, Sweden","institution_ids":["https://openalex.org/I26437253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109295104","display_name":"Fredrik Karlsson","orcid":"https://orcid.org/0000-0002-3265-7627"},"institutions":[{"id":"https://openalex.org/I26437253","display_name":"\u00d6rebro University","ror":"https://ror.org/05kytsw45","country_code":"SE","type":"education","lineage":["https://openalex.org/I26437253"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Fredrik Karlsson","raw_affiliation_strings":["Department of Informatics, rebro University, rebro, Sweden","Department of Informatics, \u00d6rebro University, \u00d6rebro, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, rebro University, rebro, Sweden","institution_ids":["https://openalex.org/I26437253"]},{"raw_affiliation_string":"Department of Informatics, \u00d6rebro University, \u00d6rebro, Sweden","institution_ids":["https://openalex.org/I26437253"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5042573275","display_name":"Shang Gao","orcid":"https://orcid.org/0000-0002-3722-6797"},"institutions":[{"id":"https://openalex.org/I26437253","display_name":"\u00d6rebro University","ror":"https://ror.org/05kytsw45","country_code":"SE","type":"education","lineage":["https://openalex.org/I26437253"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Shang Gao","raw_affiliation_strings":["Department of Informatics, rebro University, rebro, Sweden","Department of Informatics, \u00d6rebro University, \u00d6rebro, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, rebro University, rebro, Sweden","institution_ids":["https://openalex.org/I26437253"]},{"raw_affiliation_string":"Department of Informatics, \u00d6rebro University, \u00d6rebro, Sweden","institution_ids":["https://openalex.org/I26437253"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5107898170"],"corresponding_institution_ids":["https://openalex.org/I26437253"],"apc_list":null,"apc_paid":null,"fwci":5.0988,"has_fulltext":true,"cited_by_count":11,"citation_normalized_percentile":{"value":0.95431881,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"31","issue":"3","first_page":"331","last_page":"352"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.9832000136375427,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.979200005531311,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7406719923019409},{"id":"https://openalex.org/keywords/conceptual-model","display_name":"Conceptual model","score":0.5624516010284424},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.48539695143699646},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4181336760520935},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.4150567650794983},{"id":"https://openalex.org/keywords/situational-ethics","display_name":"Situational ethics","score":0.4119032621383667},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.38289833068847656},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.36730509996414185},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.3491869866847992},{"id":"https://openalex.org/keywords/systems-engineering","display_name":"Systems engineering","score":0.3246225118637085},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1331394612789154}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7406719923019409},{"id":"https://openalex.org/C13606891","wikidata":"https://www.wikidata.org/wiki/Q2623243","display_name":"Conceptual model","level":2,"score":0.5624516010284424},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.48539695143699646},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4181336760520935},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.4150567650794983},{"id":"https://openalex.org/C9114305","wikidata":"https://www.wikidata.org/wiki/Q1428317","display_name":"Situational ethics","level":2,"score":0.4119032621383667},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.38289833068847656},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36730509996414185},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.3491869866847992},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.3246225118637085},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1331394612789154},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-10-2022-0160","is_oa":true,"landing_page_url":"https://doi.org/10.1108/ics-10-2022-0160","pdf_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-10-2022-0160/full/pdf?title=policy-components-a-conceptual-model-for-modularizing-and-tailoring-of-information-security-policies","source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1108/ics-10-2022-0160","is_oa":true,"landing_page_url":"https://doi.org/10.1108/ics-10-2022-0160","pdf_url":"https://www.emerald.com/insight/content/doi/10.1108/ICS-10-2022-0160/full/pdf?title=policy-components-a-conceptual-model-for-modularizing-and-tailoring-of-information-security-policies","source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Partnerships for the goals","score":0.4099999964237213,"id":"https://metadata.un.org/sdg/17"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4319723630.pdf","grobid_xml":"https://content.openalex.org/works/W4319723630.grobid-xml"},"referenced_works_count":63,"referenced_works":["https://openalex.org/W4541880","https://openalex.org/W49470133","https://openalex.org/W1498397673","https://openalex.org/W1546949519","https://openalex.org/W1570653153","https://openalex.org/W1597451108","https://openalex.org/W1732868078","https://openalex.org/W1923687271","https://openalex.org/W1987381312","https://openalex.org/W1989533032","https://openalex.org/W2000667443","https://openalex.org/W2001791196","https://openalex.org/W2002678421","https://openalex.org/W2006937759","https://openalex.org/W2011553746","https://openalex.org/W2027062817","https://openalex.org/W2034517403","https://openalex.org/W2040832659","https://openalex.org/W2043293668","https://openalex.org/W2043607013","https://openalex.org/W2046263561","https://openalex.org/W2048584594","https://openalex.org/W2049188895","https://openalex.org/W2065903999","https://openalex.org/W2067698228","https://openalex.org/W2069735547","https://openalex.org/W2071674092","https://openalex.org/W2077703048","https://openalex.org/W2081046118","https://openalex.org/W2088630140","https://openalex.org/W2098047992","https://openalex.org/W2110029459","https://openalex.org/W2131997083","https://openalex.org/W2136922540","https://openalex.org/W2146119179","https://openalex.org/W2147871456","https://openalex.org/W2156438052","https://openalex.org/W2156565637","https://openalex.org/W2169571673","https://openalex.org/W2170899042","https://openalex.org/W2219108172","https://openalex.org/W2280165587","https://openalex.org/W2400714225","https://openalex.org/W2403298133","https://openalex.org/W2464676481","https://openalex.org/W2560364308","https://openalex.org/W2563326334","https://openalex.org/W2602686199","https://openalex.org/W2804610270","https://openalex.org/W2810659605","https://openalex.org/W2889358827","https://openalex.org/W2894084822","https://openalex.org/W2900406291","https://openalex.org/W2964515046","https://openalex.org/W2970865746","https://openalex.org/W3000750497","https://openalex.org/W3023431289","https://openalex.org/W3085586618","https://openalex.org/W3089146004","https://openalex.org/W3107036873","https://openalex.org/W3151685851","https://openalex.org/W4286544689","https://openalex.org/W6637747552"],"related_works":["https://openalex.org/W2510463387","https://openalex.org/W2338700700","https://openalex.org/W2104185553","https://openalex.org/W2348149400","https://openalex.org/W2362250697","https://openalex.org/W2762148434","https://openalex.org/W2093432410","https://openalex.org/W2271843438","https://openalex.org/W1932020719","https://openalex.org/W2159099526"],"abstract_inverted_index":{"Purpose":[0],"This":[1,25,65],"paper":[2],"aims":[3],"to":[4,80,92,120,151,168,192,215],"propose":[5],"a":[6,28,50,93,115,146,205,225],"conceptual":[7,45,75,127],"model":[8,46,76,110,128,142,191,223],"of":[9,19,40,70,172,239],"policy":[10],"components":[11],"for":[12,135,148,211,231],"software":[13,119,150,160,194,233],"that":[14,73,84,98,161,195,234],"supports":[15,235],"modularizing":[16,236],"and":[17,97,132,227,237],"tailoring":[18,238],"information":[20,88,197,212],"security":[21,89,198,213],"policies":[22],"(ISPs).":[23],"Design/methodology/approach":[24],"study":[26],"used":[27,79,103],"design":[29,35,152,216],"science":[30],"research":[31],"approach,":[32],"drawing":[33],"on":[34],"knowledge":[36],"from":[37,59],"the":[38,74,109,138,141,156,177,181,190,209],"field":[39],"situational":[41],"method":[42],"engineering.":[43],"The":[44,125,221],"was":[47],"developed":[48],"as":[49,68,114,145,175],"unified":[51],"modeling":[52],"language":[53],"class":[54],"diagram":[55],"using":[56],"existing":[57],"ISPs":[58,164],"public":[60],"agencies":[61],"in":[62,90,180,200],"Sweden.":[63],"Findings":[64],"study\u2019s":[66],"demonstration":[67],"proof":[69],"concept":[71],"indicates":[72],"can":[77,101,111,143,188,207],"be":[78,102,112],"create":[81],"free-standing":[82],"modules":[83,100],"provide":[85],"guidance":[86],"about":[87],"relation":[91],"specific":[94],"work":[95],"task":[96],"these":[99],"across":[104],"multiple":[105],"tailored":[106,153,202],"ISPs.":[107,122,154,203,219,240],"Thus,":[108],"considered":[113],"step":[116],"toward":[117],"developing":[118,149,232],"tailor":[121],"Research":[123],"limitations/implications":[124],"proposed":[126,222],"bears":[129],"several":[130],"short-":[131],"long-term":[133],"implications":[134,186],"research.":[136],"In":[137,155],"short":[139],"term,":[140,158],"act":[144],"foundation":[147],"long":[157],"having":[159],"enables":[162],"tailorable":[163],"will":[165],"allow":[166],"researchers":[167],"do":[169],"new":[170],"types":[171],"studies,":[173],"such":[174],"evaluating":[176],"software's":[178],"effectiveness":[179],"ISP":[182],"development":[183],"process.":[184],"Practical":[185],"Practitioners":[187],"use":[189],"develop":[193],"assist":[196],"managers":[199,214],"designing":[201],"Such":[204],"tool":[206],"offer":[208],"opportunity":[210],"more":[217],"purposeful":[218],"Originality/value":[220],"offers":[224],"detailed":[226],"well-elaborated":[228],"starting":[229],"point":[230]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":3}],"updated_date":"2026-03-10T14:07:55.174380","created_date":"2025-10-10T00:00:00"}