{"id":"https://openalex.org/W2122066218","doi":"https://doi.org/10.3217/jucs-015-15-3038","title":"Managing Security and its Maturity in Small and Medium-sized Enterprises","display_name":"Managing Security and its Maturity in Small and Medium-sized Enterprises","publication_year":2009,"publication_date":"2009-01-01","ids":{"openalex":"https://openalex.org/W2122066218","doi":"https://doi.org/10.3217/jucs-015-15-3038","mag":"2122066218"},"language":"en","primary_location":{"id":"pmh:oai:CiteSeerX.psu:10.1.1.494.1572","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.494.1572","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.jucs.org/jucs_15_15/managing_security_and_its/jucs_15_15_3038_3058_sanchez.pdf","raw_type":"text"},"type":"article","indexed_in":[],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.3217/jucs-015-15-3038","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102913231","display_name":"Luis S\u00e1nchez","orcid":"https://orcid.org/0000-0003-0086-1065"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Luis S\u00e1nchez","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0003-0086-1065","affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050111930","display_name":"Antonio Santos-Olmo","orcid":"https://orcid.org/0000-0002-2349-3894"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Antonio Santos-Olmo","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0002-2349-3894","affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032305592","display_name":"David G. Rosado","orcid":"https://orcid.org/0000-0003-4613-5501"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"David G. Rosado","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0003-4613-5501","affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5083263115","display_name":"Mario Piattini","orcid":"https://orcid.org/0000-0002-7212-8279"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mario Piattini","raw_affiliation_strings":[],"raw_orcid":"https://orcid.org/0000-0002-7212-8279","affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5102913231"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.6582,"has_fulltext":false,"cited_by_count":14,"citation_normalized_percentile":{"value":0.9536779,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"15","issue":null,"first_page":"3038","last_page":"3058"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9907000064849854,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7595207691192627},{"id":"https://openalex.org/keywords/maturity","display_name":"Maturity (psychological)","score":0.7454975843429565},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6557397842407227},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5618316531181335},{"id":"https://openalex.org/keywords/small-and-medium-sized-enterprises","display_name":"Small and medium-sized enterprises","score":0.5260612368583679},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.4492173194885254},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.4399517774581909},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.4111044108867645},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.35470831394195557},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.32112208008766174},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.31911540031433105},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.20725750923156738},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.06706508994102478}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7595207691192627},{"id":"https://openalex.org/C101433766","wikidata":"https://www.wikidata.org/wiki/Q3543263","display_name":"Maturity (psychological)","level":2,"score":0.7454975843429565},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6557397842407227},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5618316531181335},{"id":"https://openalex.org/C48879800","wikidata":"https://www.wikidata.org/wiki/Q622439","display_name":"Small and medium-sized enterprises","level":2,"score":0.5260612368583679},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4492173194885254},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.4399517774581909},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.4111044108867645},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.35470831394195557},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.32112208008766174},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.31911540031433105},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.20725750923156738},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.06706508994102478},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C138496976","wikidata":"https://www.wikidata.org/wiki/Q175002","display_name":"Developmental psychology","level":1,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"pmh:oai:CiteSeerX.psu:10.1.1.494.1572","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.494.1572","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.jucs.org/jucs_15_15/managing_security_and_its/jucs_15_15_3038_3058_sanchez.pdf","raw_type":"text"},{"id":"pmh:oai:zenodo.org:7000989","is_oa":true,"landing_page_url":"https://doi.org/10.3217/jucs-015-15-3038","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"JUCS - Journal of Universal Computer Science, 15((15)), 3038-3058, (2009-09-01)","raw_type":"info:eu-repo/semantics/article"},{"id":"mag:2122066218","is_oa":false,"landing_page_url":"https://www.jucs.org/jucs_15_15/managing_security_and_its/jucs_15_15_3038_3058_sanchez.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S58563349","display_name":"JUCS - Journal of Universal Computer Science","issn_l":"0948-695X","issn":["0948-695X","0948-6968"],"is_oa":false,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310317875","host_organization_name":"Verlag der Technischen Universit\u00e4t Graz","host_organization_lineage":["https://openalex.org/P4310317875"],"host_organization_lineage_names":["Verlag der Technischen Universit\u00e4t Graz"],"type":"journal"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":"JUCS - Journal of Universal Computer Science","raw_type":null}],"best_oa_location":{"id":"pmh:oai:zenodo.org:7000989","is_oa":true,"landing_page_url":"https://doi.org/10.3217/jucs-015-15-3038","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"JUCS - Journal of Universal Computer Science, 15((15)), 3038-3058, (2009-09-01)","raw_type":"info:eu-repo/semantics/article"},"sustainable_development_goals":[{"score":0.5299999713897705,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W224488695","https://openalex.org/W643795676","https://openalex.org/W1498306255","https://openalex.org/W1501321335","https://openalex.org/W1535481799","https://openalex.org/W1567144604","https://openalex.org/W1595738880","https://openalex.org/W1966669815","https://openalex.org/W1976388537","https://openalex.org/W1978129800","https://openalex.org/W1990675148","https://openalex.org/W2001566875","https://openalex.org/W2019551619","https://openalex.org/W2048976958","https://openalex.org/W2057553235","https://openalex.org/W2067978381","https://openalex.org/W2100850683","https://openalex.org/W2104061947","https://openalex.org/W2112405650","https://openalex.org/W2126942052","https://openalex.org/W2129527513"],"related_works":["https://openalex.org/W2283045927","https://openalex.org/W2907919589","https://openalex.org/W988169119","https://openalex.org/W2104061947","https://openalex.org/W385646957","https://openalex.org/W126159160","https://openalex.org/W80935081","https://openalex.org/W2400714225","https://openalex.org/W3146542490","https://openalex.org/W2309382694","https://openalex.org/W2338732850","https://openalex.org/W163425325","https://openalex.org/W190288886","https://openalex.org/W561172101","https://openalex.org/W3038065805","https://openalex.org/W3136513759","https://openalex.org/W1629226293","https://openalex.org/W2947423318","https://openalex.org/W2032769217","https://openalex.org/W2958616483"],"abstract_inverted_index":{"Abstract:":[0],"Due":[1],"to":[2,16,124],"the":[3,14,39,62,85,95,102,111],"growing":[4],"dependence":[5],"of":[6,50,64,74,88,107],"information":[7,18,46],"society":[8],"on":[9],"Information":[10,30],"and":[11,22,41,58,66,105,113,128],"Communication":[12],"Technologies,":[13],"need":[15],"protect":[17],"is":[19,120],"getting":[20],"more":[21,23,57,59],"important":[24],"for":[25,37,43,61,83,101,110,116],"enterprises.":[26],"In":[27,90],"this":[28,72,91],"context,":[29],"Security":[31],"Management":[32],"Systems":[33],"(ISMSs),":[34],"have":[35,76,99],"arisen":[36],"supporting":[38],"processes":[40],"systems":[42,53],"effectively":[44],"managing":[45],"security.":[47],"The":[48],"fact":[49],"having":[51],"these":[52],"available":[54,115],"has":[55],"become":[56],"vital":[60],"evolution":[63],"Small":[65],"Medium-Sized":[67],"Enterprises":[68],"(SMEs),":[69],"but":[70],"however,":[71],"type":[73],"enterprises":[75],"special":[77],"characteristics":[78],"which":[79],"make":[80],"it":[81],"difficult":[82],"them":[84],"correct":[86],"deployment":[87],"ISMSs.":[89],"article,":[92],"we":[93,98,130],"show":[94],"methodology":[96],"that":[97],"created":[100],"development,":[103],"implementation":[104],"maintenance":[106],"ISMSs,":[108],"adapted":[109],"needs":[112],"resources":[114],"SMEs.":[117],"This":[118],"approach":[119],"being":[121],"directly":[122],"applied":[123],"real":[125],"case":[126],"studies":[127],"thus,":[129],"are":[131],"obtaining":[132],"a":[133],"constant":[134],"improvement":[135],"in":[136],"its":[137],"application.":[138]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2016,"cited_by_count":4},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":2}],"updated_date":"2026-04-28T14:05:53.105641","created_date":"2025-10-10T00:00:00"}