{"id":"https://openalex.org/W1973018227","doi":"https://doi.org/10.1109/issa.2013.6641062","title":"Information security risk management in small-scale organisations: A case study of secondary schools computerised information systems","display_name":"Information security risk management in small-scale organisations: A case study of secondary schools computerised information systems","publication_year":2013,"publication_date":"2013-08-01","ids":{"openalex":"https://openalex.org/W1973018227","doi":"https://doi.org/10.1109/issa.2013.6641062","mag":"1973018227"},"language":"en","primary_location":{"id":"doi:10.1109/issa.2013.6641062","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issa.2013.6641062","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 Information Security for South Africa","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103015474","display_name":"Moses Moyo","orcid":"https://orcid.org/0000-0001-8707-6179"},"institutions":[{"id":"https://openalex.org/I165390105","display_name":"University of South Africa","ror":"https://ror.org/048cwvf49","country_code":"ZA","type":"education","lineage":["https://openalex.org/I165390105"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Moses Moyo","raw_affiliation_strings":["School of Computing Science, UNISA, Pretoria, South Africa","Sch. of Comput. Sci., UNISA, Pretoria, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Computing Science, UNISA, Pretoria, South Africa","institution_ids":["https://openalex.org/I165390105"]},{"raw_affiliation_string":"Sch. of Comput. Sci., UNISA, Pretoria, South Africa","institution_ids":["https://openalex.org/I165390105"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019141547","display_name":"Hanifa Abdullah","orcid":"https://orcid.org/0000-0002-0240-3327"},"institutions":[{"id":"https://openalex.org/I165390105","display_name":"University of South Africa","ror":"https://ror.org/048cwvf49","country_code":"ZA","type":"education","lineage":["https://openalex.org/I165390105"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Hanifa. Abdullah","raw_affiliation_strings":["School of Computing Science, UNISA, Pretoria, South Africa","Sch. of Comput. Sci., UNISA, Pretoria, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Computing Science, UNISA, Pretoria, South Africa","institution_ids":["https://openalex.org/I165390105"]},{"raw_affiliation_string":"Sch. of Comput. Sci., UNISA, Pretoria, South Africa","institution_ids":["https://openalex.org/I165390105"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049460657","display_name":"Rita Nienaber","orcid":null},"institutions":[{"id":"https://openalex.org/I165390105","display_name":"University of South Africa","ror":"https://ror.org/048cwvf49","country_code":"ZA","type":"education","lineage":["https://openalex.org/I165390105"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Rita C. Nienaber","raw_affiliation_strings":["School of Computing Science, UNISA, Pretoria, South Africa","Sch. of Comput. Sci., UNISA, Pretoria, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Computing Science, UNISA, Pretoria, South Africa","institution_ids":["https://openalex.org/I165390105"]},{"raw_affiliation_string":"Sch. of Comput. Sci., UNISA, Pretoria, South Africa","institution_ids":["https://openalex.org/I165390105"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.3447,"has_fulltext":false,"cited_by_count":14,"citation_normalized_percentile":{"value":0.92745189,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9876999855041504,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.9861000180244446,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.7930627465248108},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6678197383880615},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.6019363403320312},{"id":"https://openalex.org/keywords/risk-management-information-systems","display_name":"Risk management information systems","score":0.5911054015159607},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.5890380144119263},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.5826076865196228},{"id":"https://openalex.org/keywords/certified-information-security-manager","display_name":"Certified Information Security Manager","score":0.5390557050704956},{"id":"https://openalex.org/keywords/threat","display_name":"Threat","score":0.5094767212867737},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.509470522403717},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.4970560371875763},{"id":"https://openalex.org/keywords/business-continuity","display_name":"Business continuity","score":0.4868306517601013},{"id":"https://openalex.org/keywords/unavailability","display_name":"Unavailability","score":0.4757656455039978},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.46928417682647705},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4687383770942688},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.46180078387260437},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.4478069245815277},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4452965557575226},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.44196489453315735},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.43949174880981445},{"id":"https://openalex.org/keywords/it-risk-management","display_name":"IT risk management","score":0.42478734254837036},{"id":"https://openalex.org/keywords/management-information-systems","display_name":"Management information systems","score":0.41764628887176514},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.23613858222961426},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.21807575225830078},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.20532545447349548},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.14805370569229126},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.0860738456249237}],"concepts":[{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.7930627465248108},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6678197383880615},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.6019363403320312},{"id":"https://openalex.org/C81146079","wikidata":"https://www.wikidata.org/wiki/Q7336283","display_name":"Risk management information systems","level":4,"score":0.5911054015159607},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.5890380144119263},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.5826076865196228},{"id":"https://openalex.org/C180823521","wikidata":"https://www.wikidata.org/wiki/Q1662502","display_name":"Certified Information Security Manager","level":5,"score":0.5390557050704956},{"id":"https://openalex.org/C17520342","wikidata":"https://www.wikidata.org/wiki/Q7797190","display_name":"Threat","level":5,"score":0.5094767212867737},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.509470522403717},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.4970560371875763},{"id":"https://openalex.org/C2778143579","wikidata":"https://www.wikidata.org/wiki/Q831801","display_name":"Business continuity","level":2,"score":0.4868306517601013},{"id":"https://openalex.org/C2780505938","wikidata":"https://www.wikidata.org/wiki/Q17093282","display_name":"Unavailability","level":2,"score":0.4757656455039978},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.46928417682647705},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4687383770942688},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.46180078387260437},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.4478069245815277},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4452965557575226},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.44196489453315735},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.43949174880981445},{"id":"https://openalex.org/C95609273","wikidata":"https://www.wikidata.org/wiki/Q5975208","display_name":"IT risk management","level":3,"score":0.42478734254837036},{"id":"https://openalex.org/C29848774","wikidata":"https://www.wikidata.org/wiki/Q61905","display_name":"Management information systems","level":3,"score":0.41764628887176514},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.23613858222961426},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.21807575225830078},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.20532545447349548},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.14805370569229126},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0860738456249237},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/issa.2013.6641062","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issa.2013.6641062","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 Information Security for South Africa","raw_type":"proceedings-article"},{"id":"pmh:oai:uir.unisa.ac.za:10500/14611","is_oa":false,"landing_page_url":"http://hdl.handle.net/10500/14611","pdf_url":null,"source":{"id":"https://openalex.org/S4306400472","display_name":"Unisa Institutional Repository (University of South Africa)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I165390105","host_organization_name":"University of South Africa","host_organization_lineage":["https://openalex.org/I165390105"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Dissertation"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Quality Education","score":0.550000011920929,"id":"https://metadata.un.org/sdg/4"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":52,"referenced_works":["https://openalex.org/W27794398","https://openalex.org/W74135474","https://openalex.org/W110993677","https://openalex.org/W148432940","https://openalex.org/W172968368","https://openalex.org/W337844128","https://openalex.org/W592397901","https://openalex.org/W1516534262","https://openalex.org/W1535148893","https://openalex.org/W1537923806","https://openalex.org/W1539265701","https://openalex.org/W1547253197","https://openalex.org/W1589275176","https://openalex.org/W1602002062","https://openalex.org/W1969542607","https://openalex.org/W1984113586","https://openalex.org/W1984679292","https://openalex.org/W1997761579","https://openalex.org/W2005115103","https://openalex.org/W2014504488","https://openalex.org/W2044935933","https://openalex.org/W2047547657","https://openalex.org/W2072431063","https://openalex.org/W2075093277","https://openalex.org/W2080597390","https://openalex.org/W2085901425","https://openalex.org/W2113537253","https://openalex.org/W2125936181","https://openalex.org/W2126070475","https://openalex.org/W2126826472","https://openalex.org/W2136121476","https://openalex.org/W2136135185","https://openalex.org/W2138387127","https://openalex.org/W2150374398","https://openalex.org/W2157910941","https://openalex.org/W2158242434","https://openalex.org/W2159016751","https://openalex.org/W2161013171","https://openalex.org/W2170582926","https://openalex.org/W2188441833","https://openalex.org/W2219593280","https://openalex.org/W2313916166","https://openalex.org/W2369295637","https://openalex.org/W2419522156","https://openalex.org/W2501752401","https://openalex.org/W2810129728","https://openalex.org/W3144127399","https://openalex.org/W4242983915","https://openalex.org/W4285719527","https://openalex.org/W4297907807","https://openalex.org/W6717477725","https://openalex.org/W6825350210"],"related_works":["https://openalex.org/W4285782133","https://openalex.org/W2295556620","https://openalex.org/W2100472776","https://openalex.org/W2793054839","https://openalex.org/W3159280571","https://openalex.org/W2341744854","https://openalex.org/W1945127678","https://openalex.org/W2991148700","https://openalex.org/W2587686732","https://openalex.org/W1973018227"],"abstract_inverted_index":{"The":[0],"use":[1],"of":[2,11,20,36,44,69,79,96,111,146,157],"computerised":[3,119,178],"information":[4,21,46,74,84,107,120,137,179,187,192,197,220],"systems":[5,85,121,180,193],"has":[6],"become":[7],"an":[8],"integral":[9],"part":[10],"South":[12],"African":[13],"secondary":[14,163,226],"schools,":[15],"bringing":[16],"about":[17,114],"a":[18,80,124,172],"host":[19],"security":[22,103,138,188,221],"challenges":[23],"that":[24],"schools":[25,113],"have":[26,131],"to":[27,32,48,59,72,88,100,117,135,143,161,170,183,217],"deal":[28],"with":[29],"in":[30,102,181,223],"addition":[31],"their":[33,73,118,177,191],"core":[34],"business":[35],"teaching":[37],"and":[38,52,64,76,91,150,166,194,207],"learning.":[39],"Schools":[40,128],"handle":[41],"large":[42],"volumes":[43],"sensitive":[45],"pertaining":[47],"educators,":[49],"learners,":[50],"creditors":[51],"financial":[53,152],"records,":[54],"which":[55],"they":[56],"are":[57,66,86],"obliged":[58],"secure.":[60],"Unfortunately,":[61],"school":[62],"management":[63,126,140,148,165,174,215],"users":[65,167],"not":[67,130],"aware":[68],"the":[70,77,115,132,144,155,202],"risks":[71,116,189,222],"assets":[75],"repercussions":[78],"compromise":[81],"thereof.":[82],"Computerised":[83],"susceptible":[87],"both":[89],"internal":[90],"external":[92],"threats":[93],"but":[94],"ease":[95],"access":[97],"is":[98,122,160],"likely":[99],"manifest":[101],"breaches,":[104],"thereby":[105],"undermining":[106],"security.":[108],"One":[109],"way":[110],"enlightening":[112],"through":[123],"risk":[125,139,147,173,214],"programme.":[127],"may":[129],"full":[133],"capacity":[134],"perform":[136,171],"exercises":[141],"due":[142],"unavailability":[145],"experts":[149],"scarce":[151],"resources.":[153],"Therefore,":[154],"objective":[156],"this":[158],"paper":[159],"educate":[162],"schools'":[164],"on":[168],"how":[169],"exercise":[175],"for":[176,210],"order":[182],"reduce":[184],"or":[185],"mitigate":[186],"within":[190],"protect":[195],"vital":[196],"assets.":[198],"This":[199],"study":[200],"uses":[201],"Operationally":[203],"Critical":[204],"Threat,":[205],"Asset,":[206],"Vulnerability":[208],"Evaluation":[209],"small":[211],"organisations":[212],"(OCTAVE-Small)":[213],"methodology":[216],"address":[218],"these":[219],"two":[224],"selected":[225],"schools.":[227]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}