{"id":"https://openalex.org/W2090651397","doi":"https://doi.org/10.1108/imcs-02-2013-0011","title":"Deriving an information security assurance indicator at the organizational level","display_name":"Deriving an information security assurance indicator at the organizational level","publication_year":2013,"publication_date":"2013-10-24","ids":{"openalex":"https://openalex.org/W2090651397","doi":"https://doi.org/10.1108/imcs-02-2013-0011","mag":"2090651397"},"language":"en","primary_location":{"id":"doi:10.1108/imcs-02-2013-0011","is_oa":false,"landing_page_url":"https://doi.org/10.1108/imcs-02-2013-0011","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069821461","display_name":"Vinod Pathari","orcid":"https://orcid.org/0000-0002-2601-5265"},"institutions":[{"id":"https://openalex.org/I162827531","display_name":"Indian Institute of Technology Bombay","ror":"https://ror.org/02qyf5152","country_code":"IN","type":"education","lineage":["https://openalex.org/I162827531"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Vinod Pathari","raw_affiliation_strings":["Indian Institute of Technology Bombay, Mumbai, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Indian Institute of Technology Bombay, Mumbai, India","institution_ids":["https://openalex.org/I162827531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5043108732","display_name":"Rajendra Sonar","orcid":null},"institutions":[{"id":"https://openalex.org/I162827531","display_name":"Indian Institute of Technology Bombay","ror":"https://ror.org/02qyf5152","country_code":"IN","type":"education","lineage":["https://openalex.org/I162827531"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Rajendra M. Sonar","raw_affiliation_strings":["Indian Institute of Technology Bombay, Mumbai, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Indian Institute of Technology Bombay, Mumbai, India","institution_ids":["https://openalex.org/I162827531"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5069821461"],"corresponding_institution_ids":["https://openalex.org/I162827531"],"apc_list":null,"apc_paid":null,"fwci":0.8361,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.83577173,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":"21","issue":"5","first_page":"401","last_page":"419"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12805","display_name":"Cognitive Science and Mapping","score":0.9926000237464905,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13062","display_name":"Cognitive Computing and Networks","score":0.9825000166893005,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.749998152256012},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5342012643814087},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5269861221313477},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.5240557193756104},{"id":"https://openalex.org/keywords/information-assurance","display_name":"Information assurance","score":0.520915687084198},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.5087612271308899},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.4402673840522766},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.4386548697948456},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.43270379304885864},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.3496355414390564},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3365863561630249},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.3295099139213562},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.32944566011428833},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2076176404953003},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.20662268996238708},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.13538235425949097},{"id":"https://openalex.org/keywords/systems-engineering","display_name":"Systems engineering","score":0.1142520010471344},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.10076341032981873},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.08610010147094727}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.749998152256012},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5342012643814087},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5269861221313477},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.5240557193756104},{"id":"https://openalex.org/C2780795517","wikidata":"https://www.wikidata.org/wiki/Q6030997","display_name":"Information assurance","level":3,"score":0.520915687084198},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.5087612271308899},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.4402673840522766},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.4386548697948456},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.43270379304885864},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.3496355414390564},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3365863561630249},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.3295099139213562},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.32944566011428833},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2076176404953003},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.20662268996238708},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.13538235425949097},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.1142520010471344},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.10076341032981873},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.08610010147094727},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/imcs-02-2013-0011","is_oa":false,"landing_page_url":"https://doi.org/10.1108/imcs-02-2013-0011","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W7393850","https://openalex.org/W35369483","https://openalex.org/W94067085","https://openalex.org/W1483280370","https://openalex.org/W1558153660","https://openalex.org/W2001506155","https://openalex.org/W2007999111","https://openalex.org/W2015633796","https://openalex.org/W2026628014","https://openalex.org/W2033783561","https://openalex.org/W2044839138","https://openalex.org/W2053741629","https://openalex.org/W2055788618","https://openalex.org/W2062830664","https://openalex.org/W2067978381","https://openalex.org/W2069033598","https://openalex.org/W2070036949","https://openalex.org/W2095224843","https://openalex.org/W2098415077","https://openalex.org/W2122385484","https://openalex.org/W2134984841","https://openalex.org/W2147495040","https://openalex.org/W2159443917","https://openalex.org/W2166602595","https://openalex.org/W2314578386","https://openalex.org/W3145128584","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W2188040994","https://openalex.org/W4386208045","https://openalex.org/W2991148700","https://openalex.org/W2497647994","https://openalex.org/W4232461742","https://openalex.org/W815057058","https://openalex.org/W3196275927","https://openalex.org/W3195449469","https://openalex.org/W1988974780","https://openalex.org/W2749905988"],"abstract_inverted_index":{"Purpose":[0],"\u2013":[1,58,119,202,231,296],"Measurement":[2],"of":[3,62,123,179,181,190,218,255,330,360],"information":[4,25,241,261,292,350],"security":[5,26,64,138,161,188,242,253,262,293,305,334,351],"assurance":[6,209,254],"(ISA)":[7],"is":[8,70,206,215,342],"an":[9,49,110,319],"important":[10],"but":[11],"difficult":[12,238],"task.":[13],"This":[14,35,79,214,232,258,323],"paper":[15],"aims":[16],"to":[17,41,47,66,108,154,245,249,272,317],"propose":[18],"a":[19,182,301,309],"framework,":[20],"which":[21],"helps":[22,234,279],"in":[23,136,222,235,240,264,283,349,357],"refining":[24,63,267],"requirements":[27],"into":[28],"controls":[29,134,151,269],"whose":[30,87],"effectiveness":[31],"can":[32,163,193],"be":[33,155,195,273],"measured.":[34],"work":[36,233,324],"also":[37,194],"provides":[38,354],"aggregation":[39,338],"techniques":[40],"combine":[42],"these":[43,102,142],"measurements":[44],"so":[45],"as":[46,76],"obtain":[48,109,318],"indicator":[50,111,320],"for":[51,112,291,304,312,321,345],"ISA":[52,113],"at":[53,114],"the":[54,77,81,115,124,132,160,186,191,204,208,219,251,256,260,280,314,328,346,358,364],"organizational":[55],"level.":[56,117],"Design/methodology/approach":[57],"A":[59],"top-down":[60,302],"approach":[61,303,311],"objectives":[65,83],"measurable":[67],"independent":[68],"tasks":[69],"carried":[71],"out":[72],"using":[73,197,340],"assign":[74],"graph":[75],"model.":[78],"captures":[80],"various":[82],"and":[84,90,140,169,174,226,247,266,308,326,353],"their":[85,165,171,289],"interrelationships":[86,128],"initial":[88,103,227],"values":[89,104,210,316],"relative":[91],"impacts":[92],"are":[93,105,144,153,157,212],"obtained":[94,211],"from":[95],"experts.":[96],"Using":[97],"fuzzy":[98],"cognitive":[99],"model":[100],"(FCM),":[101],"combined":[106],"together":[107],"firm's":[116],"Findings":[118],"The":[120,177,276,297,336],"two":[121,237],"applications":[122],"framework":[125,205,278,299],"revealed":[126],"that":[127,141,152,270],"do":[129],"exist":[130],"between":[131,333],"different":[133],"employed":[135],"actual":[137],"implementations":[139],"dependencies":[143,362],"seldom":[145],"accounted":[146],"for.":[147],"When":[148],"those":[149,268],"few":[150],"measured":[156],"clearly":[158],"identified,":[159],"experts":[162],"focus":[164],"attention":[166],"on":[167,185],"them":[168],"ensure":[170],"correct":[172],"implementation":[173],"appropriate":[175],"measurement.":[176],"extent":[178],"impact":[180,224],"single":[183],"control":[184,306],"overall":[187,252],"picture":[189],"firm":[192],"found":[196],"this":[198],"approach.":[199],"Research":[200],"limitations/implications":[201],"While":[203],"generic,":[207],"context-sensitive.":[213],"primarily":[216],"because":[217],"subjectivity":[220],"involved":[221],"assigning":[223],"measures":[225],"values.":[228],"Practical":[229],"implications":[230],"answering":[236],"questions":[239],"management:":[243],"\u201cwhat":[244],"measure?\u201d":[246],"\u201chow":[248],"quantify":[250],"organization?\u201d":[257],"assists":[259],"team":[263],"identifying":[265],"needs":[271],"appropriately":[274],"emphasized.":[275],"proposed":[277,337],"top":[281],"management":[282],"doing":[284],"\u201cwhat-if\u201d":[285],"analysis,":[286],"thereby":[287],"aiding":[288],"decision-making":[290],"investments.":[294],"Originality/value":[295],"novel":[298],"proposes":[300],"refinement":[307],"bottom-up":[310],"combining":[313],"confidence":[315],"ISA.":[322],"identifies":[325],"accommodates":[327],"possibilities":[329],"having":[331],"interdependencies":[332],"controls.":[335,365],"method":[339],"FCM":[341],"being":[343],"applied":[344],"first":[347],"time":[348],"context":[352],"convergence":[355],"even":[356],"presence":[359],"cyclic":[361],"amongst":[363]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2016,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}