{"id":"https://openalex.org/W2065222653","doi":"https://doi.org/10.1145/1940941.1940954","title":"A primer on carrying out a successful yet rigorous security risk management based case study","display_name":"A primer on carrying out a successful yet rigorous security risk management based case study","publication_year":2010,"publication_date":"2010-10-01","ids":{"openalex":"https://openalex.org/W2065222653","doi":"https://doi.org/10.1145/1940941.1940954","mag":"2065222653"},"language":"en","primary_location":{"id":"doi:10.1145/1940941.1940954","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1940941.1940954","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2010 Information Security Curriculum Development Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5024436217","display_name":"Humayun Zafar","orcid":"https://orcid.org/0000-0001-9936-9753"},"institutions":[{"id":"https://openalex.org/I172980758","display_name":"Kennesaw State University","ror":"https://ror.org/00jeqjx33","country_code":"US","type":"education","lineage":["https://openalex.org/I172980758"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Humayun Zafar","raw_affiliation_strings":["Kennesaw State University, MD, Kennesaw, GA","Kennesaw State University, MD, Kennesaw, GA#TAB#"],"affiliations":[{"raw_affiliation_string":"Kennesaw State University, MD, Kennesaw, GA","institution_ids":["https://openalex.org/I172980758"]},{"raw_affiliation_string":"Kennesaw State University, MD, Kennesaw, GA#TAB#","institution_ids":["https://openalex.org/I172980758"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5024436217"],"corresponding_institution_ids":["https://openalex.org/I172980758"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.15191248,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"48","last_page":"48"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9746999740600586,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.948199987411499,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.6798139810562134},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.6649560332298279},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6402308940887451},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.6172427535057068},{"id":"https://openalex.org/keywords/security-awareness","display_name":"Security awareness","score":0.5630910396575928},{"id":"https://openalex.org/keywords/certified-information-security-manager","display_name":"Certified Information Security Manager","score":0.5600498914718628},{"id":"https://openalex.org/keywords/threat","display_name":"Threat","score":0.534477949142456},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.4818607270717621},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.46424683928489685},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.4486454129219055},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.4476791024208069},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.4343753159046173},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.4241902232170105},{"id":"https://openalex.org/keywords/critical-security-studies","display_name":"Critical security studies","score":0.422545850276947},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.413187175989151},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.3934171199798584},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3835276663303375},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3664502501487732},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.35150253772735596},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.13076376914978027}],"concepts":[{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.6798139810562134},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.6649560332298279},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6402308940887451},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.6172427535057068},{"id":"https://openalex.org/C2778652015","wikidata":"https://www.wikidata.org/wiki/Q7445019","display_name":"Security awareness","level":3,"score":0.5630910396575928},{"id":"https://openalex.org/C180823521","wikidata":"https://www.wikidata.org/wiki/Q1662502","display_name":"Certified Information Security Manager","level":5,"score":0.5600498914718628},{"id":"https://openalex.org/C17520342","wikidata":"https://www.wikidata.org/wiki/Q7797190","display_name":"Threat","level":5,"score":0.534477949142456},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.4818607270717621},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46424683928489685},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.4486454129219055},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.4476791024208069},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.4343753159046173},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.4241902232170105},{"id":"https://openalex.org/C505623098","wikidata":"https://www.wikidata.org/wiki/Q3002932","display_name":"Critical security studies","level":5,"score":0.422545850276947},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.413187175989151},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3934171199798584},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3835276663303375},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3664502501487732},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.35150253772735596},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.13076376914978027},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1940941.1940954","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1940941.1940954","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2010 Information Security Curriculum Development Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2584162156","https://openalex.org/W1557523735","https://openalex.org/W23579156","https://openalex.org/W1567258312","https://openalex.org/W2185133343","https://openalex.org/W1974991139","https://openalex.org/W4285782133","https://openalex.org/W3159280571","https://openalex.org/W3081429474","https://openalex.org/W2991148700"],"abstract_inverted_index":{"Information":[0],"security":[1,23,29,36,43,70,95,107],"is":[2,144,167],"a":[3,10,32,77,106,113,187],"complex,":[4],"multidimensional":[5],"issue":[6],"that":[7,127,150],"can":[8],"have":[9,44,52,130],"significant":[11],"impact":[12,169],"on":[13,173],"organizations.":[14],"For":[15],"organizations,":[16],"understanding":[17],"potential":[18],"threats,":[19],"educating":[20],"personnel":[21],"in":[22,41,60,84],"awareness,":[24],"and":[25,27,47,97,132,158],"establishing":[26],"executing":[28],"policies":[30],"are":[31],"part":[33],"of":[34,39,68,80,82,124,141,170,177,186],"the":[35,125,134,147,168,174],"culture.":[37],"Methods":[38],"research":[40,83,96,148,164],"information":[42,69,94],"been":[45,54,74],"proposed":[46],"compared":[48],"at":[49,112],"length,":[50],"but":[51],"not":[53],"used":[55,152],"to":[56,93,100,105,120,145,161],"their":[57],"full":[58],"extent":[59],"organizational":[61],"level":[62],"studies.":[63],"The":[64,139],"perceived":[65,171,175],"intrusive":[66],"nature":[67],"based":[71],"studies":[72],"has":[73],"mentioned":[75],"as":[76],"leading":[78],"cause":[79],"lack":[81],"this":[85,142],"area.":[86],"We":[87,117,154],"considered":[88],"prior":[89,156],"recommendations":[90,157],"with":[91,136],"regard":[92],"applied":[98],"them":[99,160],"our":[101,163],"own":[102],"study":[103,135,183],"pertaining":[104],"risk":[108],"management":[109,128],"(SRM)":[110],"program":[111],"Fortune":[114],"500":[115],"firm.":[116],"were":[118],"able":[119],"successfully":[121],"allay":[122],"many":[123],"concerns":[126],"may":[129],"had,":[131],"completed":[133],"positive":[137],"results.":[138],"purpose":[140],"paper":[143],"present":[146],"method":[149],"was":[151],"successfully.":[153],"implemented":[155],"modified":[159],"address":[162],"question:":[165],"What":[166],"CSFs":[172],"effectiveness":[176],"an":[178],"organization's":[179],"SRM":[180],"program?":[181],"Our":[182],"included":[184],"creation":[185],"validated":[188],"instrument.":[189]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}