REFERENCES
- Aliyu, A., Maglaras, L., He, Y., Yevseyeva, I., Boiten, E., Cook, A., & Janicke, H. (2020). A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom. MDPI, Applied Sciences, 10(10), 3660. https://doi.org/10.3390/app10103660
- Anderson, T., & Shattuck, J. (2012). Design-based research: A decade of progress in education research? Educational Researcher, 41(1), 16–25. https://doi.org/10.3102/0013189X11428813
- Archibugi, D., & Michie, J. (1995). Technology and innovation: An introduction. Cambridge Journal of Economics, 19(1), 1–4. https://doi.org/10.1093/oxfordjournals.cje.a035298
- Bahl, S., & Wali, O. P. (2014), Perceived significance of information security governance to predict the information security service quality in software service industry: An empirical analysis. Information Management & Computer Security, 22(1), 2–23. https://doi.org/10.1108/IMCS-01-2013–0002
- Cohen, F. (2006). IT security governance guidebook with security program metrics. Auerbach Publishers Inc.
- Curley, M., Kenneally, J., & Carcary, M. (2016). IT Capability Maturity FrameworkTM (IT-CMFTM). Van Haren. ISBN: 9789401800501
- Da Veiga, A., & Martins, N. (2015). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162–176. https://doi.org/10.1016/j.cose.2014.12.006
- De Haes, S., & Van Grembergen, W. (2006). Information technology governance best practices in Belgian organisations. Proceedings of the Annual Hawaii International Conference on System Sciences, 8(February), 2006. https://doi.org/10.1109/HICSS.2006.222
- Deleersnyder, S., De Win, B., Glas, B., Arciniegas, F., Bartoldus, M., Carter, J., Challey, D., Clarke, J., Cornell, D., Craigue, M., Deleersnyder, S., Derry, J., De Win, B., Fern, D., & Glas, B. (2009). Software assurance maturity model. Academic Press.
- Dhillon, G., Syed, R., & de Sá-soares, F. (2017). Information security concerns in IT outsourcing: Identifying (in) congruence between clients and vendors. Information & Management, 54(4), 452–464. https://doi.org/10.1016/j.im.2016.10.002
- Dhillon, G., Syed, R., & Pedron, C. (2016). Interpreting information security culture: An organizational transformation case study. Computers & Security, 56, 63–69. https://doi.org/10.1016/j.cose.2015.10.001
- Dlamini, M. T., Eloff, J. H. P., & Eloff, M. M. (2009). Information security: The moving target. Computers & Security, 28(3–4), 189–198. https://doi.org/org/10.1016/j.cose.2008.11.007
- Edgar, T. W., & Manz, D. O. (2017). Research methods for cyber security. Syngress. ISBN: 978–0–12–805349–2
- Goodhue, L., & Straub, D. (1991). Security concerns of system users: A study of perceptions of the adequacy of security. Information & Management, 20(1), 13–27. https://doi.org/10.1016/0378-7206(91)90024-V
- Hall, S. (1959). Absolute beginnings. Universities and Left Review, 7, 17–25.
- Harris, S. (2007). CISSP certification all-in-one (Exam Guide 4th ed). McGraw-Hill Publishing.
- Hevner, A., & Chatterjee, S. (2010). Design science research in information systems. In Design research in information systems (pp. 9–22). Boston, MA: Springer. https://doi.org/10.1007/978-1-4419-5653-8
- Hong, K., Chi, Y., Chao, L. R., & Tang, J. (2006). An empirical study of information security policy on information security elevation in Taiwan. Information Management & Computer Security, 14(2), 104–115. https://doi.org/10.1108/09685220610655861
- Hung, C. N., Hwang, M. D., & Liu, Y. C. (2013). Building a maturity model of information security governance for technological colleges and universities in Taiwan. In Applied Mechanics and Materials (Vol. 284, pp. 3657–3661). Trans Tech Publications Ltd. https://doi.org/10.4028/www.scientific.net/AMM.284-287.3657
- ITG. (2008). Information security governance: Guidance for information security managers. IT Governance Institute, ISACA. Retrieved July 10, 2012, from Http://Www.Globalteksecurity.Com/SEGURIDAD_EN_LA_NUBE%20%20VIRTUALIZACION/INformation%20Security%20Governanc
- Johnson, B. G. (2014). Measuring ISO 27001 ISMS processes. Neupart.
- Lomas, E. (2010), Information governance: Information security and access within a UK context. Records Management Journal, 20(2), 182–198. https://doi.org/10.1108/09565691011064322
- Lunardi, G. L., Becker, J. L., Maçada, A. C. G., & Dolci, P. C. (2014). The impact of adopting IT governance on financial performance: An empirical analysis among Brazilian firms. International Journal of Accounting Information Systems, 15(1), 66–81. https://doi.org/10.1016/j.accinf.2013.02.001
- Maleh, Y. (2018). Security and privacy management, techniques, and protocols (Yassine Maleh (ed.); IGI Global). IGI Global. https://doi.org/10.4018/978-1-5225-5583-4
- Maleh, Y., Sahid, A., Ezzati, A., & Belaissaoui, M. (2018). A capability maturity framework for IT security governance in organizations. Advances in Intelligent Systems and Computing, 735(1), 221–233. https://doi.org/10.1007/978-3-319-76354-5_20
- Mataracioglu, T., & Ozkan, S. (2011). Governing information security in conjunction with COBIT and ISO 27001. ArXiv Preprint ArXiv:1108.2150. https://arxiv.org/pdf/1108.2150.pdf
- McKenney, S., & Reeves, T. C. (2013). Systematic review of design-based research progress: Is a little knowledge a dangerous thing? Educational Researcher, 42(2), 97–100. https://doi.org/10.3102/0013189X12463781
- Mitchell, C., Marcella, R., & Baxter, G. (1999). Corporate information security management. New Library World, 100(5), 213–227. https://doi.org/10.1108/03074809910285888
- Moody, G. D., Siponen, M., & Pahnila, S. (2018). TOWARD A UNIFIED MODEL OF INFORMATION SECURITY POLICY COMPLIANCE. MIS Quarterly, 42(1), 285–311. https://doi.org/10.25300/MISQ/2018/13853
- Moulton, R., & Coles, R. S. (2003). Applying information security governance. Computers & Security, 22(7), 580–584. https://doi.org/10.1016/S0167-4048(03)00705-3
- Ozkan, B. Y., & Spruit, M. (2020). Assessing and improving cybersecurity maturity for SMEs: Standardization aspects. RXiv Preprint ArXiv:2007.01751., 1–8. https://arxiv.org/pdf/2007.01751.pdf
- Peltier, T. R. (2013). Information security fundamentals (2nd ed.). (CRC Press (ed.)). Taylor & Francis.
- Raup-Kounovsky, A., Canestraro, D. S., Pardo, T. A., & Hrdinová, J. (2010). IT governance to fit your context: Two U.S. Case studies. Proceedings of the 4th International Conference on Theory and Practice of Electronic Governance, 211–215. https://doi.org/10.1145/1930321.1930365
- Reeves, T. C., Herrington, J., & Oliver, R. (2005). Design research: A socially responsible approach to instructional technology research in higher education.Journal of Computing in Higher Education,16(2), 96. https://doi.org/10.1007/BF02961476
- Sabillon, R., Serra-Ruiz, J., Cavaller, V., & Cano, J. (2017). A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). 2017 International Conference on Information Systems and Computer Science (INCISCOS), 253–259. https://doi.org/10.1109/INCISCOS.2017.20
- Saetang, S., & Haider, A. (2011). Conceptual aspects of IT governance in enterprise environment. Proceedings of the 49th SIGMIS Annual Conference on Computer Personnel Research, 79–82. https://doi.org/10.1145/1982143.1982164
- Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. The Information Management Journal, 39(4), 60–66. https://www.pitt.edu/~dtipper/2825/ISO_Article.pdf
- Simonsson, M., Lagerström, R., & Johnson, P. (2008). A Bayesian network for IT governance performance prediction. Proceedings of the 10th International Conference on Electronic Commerce, 1:1–1: 8. https://doi.org/10.1145/1409540.1409542
- Siponen, M., & Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46(5), 267–270. https://doi.org/10.1016/j.im.2008.12.007
- Spafford, G. (2003). The benefits of standard IT governance frameworks. ITBusinessEdge. Retrieved April 4, 2012, from Http://Www.Itmanagementonline.Com/Resources/Articles/The_Benefits_of_Standard_IT_GovErnance_Frameworks.Pdf
- Von Solms, B. (2005). Information security governance: COBIT or ISO 17799 or both? Computers and Security, 24(2), 99–104. https://doi.org/10.1016/j.cose.2005.02.002
- Von Solms, S. H. (2005). Information security governance - compliance management vs operational management. Computers and Security, 24(6), 443–447. https://doi.org/10.1016/j.cose.2005.07.003
- Waddock, S. A., & Graves, S. B. (1997). The corporate social performance-financial performance link. Strategic Management Journal, 18(4), 303–319. https://doi.org/10.1002/(SICI)1097-0266(199704)18:4<303::AID-SMJ869>3.0.CO;2-G
- Williams, P. (2001). Information security governance. Information Security Technical Report, 6(3), 60–70. https://doi.org/10.1016/S1363-4127(01)00309-0