{"id":"https://openalex.org/W1922849872","doi":"https://doi.org/10.2308/isys-51257","title":"SECURQUAL: An Instrument for Evaluating the Effectiveness of Enterprise Information Security Programs","display_name":"SECURQUAL: An Instrument for Evaluating the Effectiveness of Enterprise Information Security Programs","publication_year":2015,"publication_date":"2015-08-01","ids":{"openalex":"https://openalex.org/W1922849872","doi":"https://doi.org/10.2308/isys-51257","mag":"1922849872"},"language":"en","primary_location":{"id":"doi:10.2308/isys-51257","is_oa":false,"landing_page_url":"https://doi.org/10.2308/isys-51257","pdf_url":null,"source":{"id":"https://openalex.org/S82262387","display_name":"Journal of Information Systems","issn_l":"0888-7985","issn":["0888-7985","1558-7959"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310316290","host_organization_name":"American Accounting Association","host_organization_lineage":["https://openalex.org/P4310316290"],"host_organization_lineage_names":["American Accounting Association"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075730165","display_name":"Paul John Steinbart","orcid":null},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Paul John Steinbart","raw_affiliation_strings":["Arizona State University"],"affiliations":[{"raw_affiliation_string":"Arizona State University","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042188598","display_name":"Robyn L. Raschke","orcid":"https://orcid.org/0000-0001-6745-7994"},"institutions":[{"id":"https://openalex.org/I133999245","display_name":"University of Nevada, Las Vegas","ror":"https://ror.org/0406gha72","country_code":"US","type":"education","lineage":["https://openalex.org/I133999245"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robyn L. Raschke","raw_affiliation_strings":["University of Nevada, Las Vegas"],"affiliations":[{"raw_affiliation_string":"University of Nevada, Las Vegas","institution_ids":["https://openalex.org/I133999245"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003689610","display_name":"Graham Gal","orcid":"https://orcid.org/0000-0001-6526-9367"},"institutions":[{"id":"https://openalex.org/I24603500","display_name":"University of Massachusetts Amherst","ror":"https://ror.org/0072zz521","country_code":"US","type":"education","lineage":["https://openalex.org/I24603500"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Graham Gal","raw_affiliation_strings":["University of Massachusetts Amherst","University of Massachusetts: Amherst#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Amherst","institution_ids":["https://openalex.org/I24603500"]},{"raw_affiliation_string":"University of Massachusetts: Amherst#TAB#","institution_ids":["https://openalex.org/I24603500"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083955206","display_name":"William N. Dilla","orcid":"https://orcid.org/0000-0003-0189-4934"},"institutions":[{"id":"https://openalex.org/I173911158","display_name":"Iowa State University","ror":"https://ror.org/04rswrd78","country_code":"US","type":"education","lineage":["https://openalex.org/I173911158"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"William N. Dilla","raw_affiliation_strings":["Iowa State University"],"affiliations":[{"raw_affiliation_string":"Iowa State University","institution_ids":["https://openalex.org/I173911158"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5075730165"],"corresponding_institution_ids":["https://openalex.org/I55732556"],"apc_list":null,"apc_paid":null,"fwci":5.5622,"has_fulltext":false,"cited_by_count":33,"citation_normalized_percentile":{"value":0.95651461,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"30","issue":"1","first_page":"71","last_page":"92"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9861999750137329,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6299616098403931},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5859081745147705},{"id":"https://openalex.org/keywords/rubric","display_name":"Rubric","score":0.5330566167831421},{"id":"https://openalex.org/keywords/scope","display_name":"Scope (computer science)","score":0.5138261914253235},{"id":"https://openalex.org/keywords/measure","display_name":"Measure (data warehouse)","score":0.5137751698493958},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4891672432422638},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.4617116451263428},{"id":"https://openalex.org/keywords/maturity","display_name":"Maturity (psychological)","score":0.4576228857040405},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.4373038709163666},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.43421363830566406},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3759409189224243},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.3065671920776367},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2226971685886383},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.18617206811904907},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.14548060297966003},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.10529324412345886},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.10147595405578613}],"concepts":[{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6299616098403931},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5859081745147705},{"id":"https://openalex.org/C111640148","wikidata":"https://www.wikidata.org/wiki/Q847349","display_name":"Rubric","level":2,"score":0.5330566167831421},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.5138261914253235},{"id":"https://openalex.org/C2780009758","wikidata":"https://www.wikidata.org/wiki/Q6804172","display_name":"Measure (data warehouse)","level":2,"score":0.5137751698493958},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4891672432422638},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.4617116451263428},{"id":"https://openalex.org/C101433766","wikidata":"https://www.wikidata.org/wiki/Q3543263","display_name":"Maturity (psychological)","level":2,"score":0.4576228857040405},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.4373038709163666},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.43421363830566406},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3759409189224243},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.3065671920776367},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2226971685886383},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.18617206811904907},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.14548060297966003},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.10529324412345886},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.10147595405578613},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C145420912","wikidata":"https://www.wikidata.org/wiki/Q853077","display_name":"Mathematics education","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C138496976","wikidata":"https://www.wikidata.org/wiki/Q175002","display_name":"Developmental psychology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.2308/isys-51257","is_oa":false,"landing_page_url":"https://doi.org/10.2308/isys-51257","pdf_url":null,"source":{"id":"https://openalex.org/S82262387","display_name":"Journal of Information Systems","issn_l":"0888-7985","issn":["0888-7985","1558-7959"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310316290","host_organization_name":"American Accounting Association","host_organization_lineage":["https://openalex.org/P4310316290"],"host_organization_lineage_names":["American Accounting Association"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Systems","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7099999785423279,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":60,"referenced_works":["https://openalex.org/W1501321335","https://openalex.org/W1517565658","https://openalex.org/W1536398137","https://openalex.org/W1595575146","https://openalex.org/W1602619638","https://openalex.org/W1821885698","https://openalex.org/W1863670505","https://openalex.org/W1965074910","https://openalex.org/W1988050849","https://openalex.org/W1988315607","https://openalex.org/W1988897250","https://openalex.org/W2000822019","https://openalex.org/W2006553501","https://openalex.org/W2010902645","https://openalex.org/W2013587720","https://openalex.org/W2014312299","https://openalex.org/W2014750887","https://openalex.org/W2039501686","https://openalex.org/W2052176782","https://openalex.org/W2055847123","https://openalex.org/W2056075452","https://openalex.org/W2058012887","https://openalex.org/W2067978381","https://openalex.org/W2072047708","https://openalex.org/W2075986741","https://openalex.org/W2081436185","https://openalex.org/W2081657462","https://openalex.org/W2085766370","https://openalex.org/W2088435437","https://openalex.org/W2088489410","https://openalex.org/W2091494072","https://openalex.org/W2099647042","https://openalex.org/W2100408980","https://openalex.org/W2100432931","https://openalex.org/W2105992541","https://openalex.org/W2119587968","https://openalex.org/W2125336328","https://openalex.org/W2131951904","https://openalex.org/W2132747867","https://openalex.org/W2133446051","https://openalex.org/W2140863794","https://openalex.org/W2142318891","https://openalex.org/W2143472739","https://openalex.org/W2146410840","https://openalex.org/W2148514199","https://openalex.org/W2153613336","https://openalex.org/W2157635163","https://openalex.org/W2169149941","https://openalex.org/W2170899042","https://openalex.org/W2337703333","https://openalex.org/W2789825598","https://openalex.org/W2997057290","https://openalex.org/W3004248202","https://openalex.org/W3126055879","https://openalex.org/W3143898318","https://openalex.org/W3145342109","https://openalex.org/W3146559281","https://openalex.org/W6638385487","https://openalex.org/W6672265769","https://openalex.org/W6674974534"],"related_works":["https://openalex.org/W2248314326","https://openalex.org/W2126017555","https://openalex.org/W2356973015","https://openalex.org/W4293770853","https://openalex.org/W2546952811","https://openalex.org/W2149739119","https://openalex.org/W4299810435","https://openalex.org/W2077703048","https://openalex.org/W23579156","https://openalex.org/W2777401565"],"abstract_inverted_index":{"ABSTRACT":[0],"The":[1],"ever-increasing":[2],"number":[3,31],"of":[4,15,32,40,43,105,108,122],"security":[5,19,47,70,111,124,148],"incidents":[6,149],"underscores":[7],"the":[8,12,41,88,106,131],"need":[9],"to":[10,56,95,142],"understand":[11],"key":[13],"determinants":[14],"an":[16,44,73,97,102],"effective":[17],"information":[18,46,110,123,145,147],"program.":[20],"Research":[21],"that":[22,100,115,138],"addresses":[23],"this":[24,85],"topic":[25],"requires":[26],"objective":[27,69,103,120],"measures,":[28,71],"such":[29,72],"as":[30,38,65,133],"incidents,":[33],"vulnerabilities,":[34],"and":[35,79,150],"non-compliance":[36],"issues,":[37],"indicators":[39],"effectiveness":[42,107,136],"organization's":[45],"activities.":[48],"However,":[49],"these":[50,83],"measures":[51,121],"are":[52],"not":[53],"readily":[54],"available":[55],"researchers.":[57],"While":[58],"some":[59],"research":[60,128],"has":[61],"used":[62],"subjective":[63],"assessments":[64],"a":[66,134],"surrogate":[67,135],"for":[68],"approach":[74],"raises":[75],"questions":[76],"about":[77,146],"scope":[78],"reliability.":[80],"To":[81],"remedy":[82],"deficiencies,":[84],"study":[86],"uses":[87],"COBIT":[89],"Version":[90],"4.1":[91],"Maturity":[92],"Model":[93],"Rubrics":[94],"develop":[96],"instrument":[98,132],"(SECURQUAL)":[99],"obtains":[101],"measure":[104,137],"enterprise":[109],"programs.":[112],"We":[113],"show":[114],"SECURQUAL":[116],"scores":[117],"reliably":[118],"predict":[119],"program":[125],"effectiveness.":[126],"Future":[127],"might":[129],"use":[130],"avoids":[139],"asking":[140],"respondents":[141],"disclose":[143],"sensitive":[144],"vulnerabilities.":[151]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}