Notes

References

[1] McLean, K., "Information Security Awareness - Selling the Cause," IFIP/Sec '92:
Proceedings of the IFIP TC11, Eigth International Conference on Information Security,
North-Holland Publishing Co, Amsterdam, The Netherlands, The Netherlands, 1992, pp. 179-
193.

[2] Purser, S.A., "Improving the ROI of the security management process," Computers &
Security, Vol. 23, No. 7, 2004, pp. 542-546.

[3] Purser, S., "A Practical Guide to Managing Information Security (Artech House
Technology Management Library)," Artech House, Inc, Norwood, MA, USA, 2004,

[4] Stanley, A.K., "The Status of IT Security in Leading European Organisations," IFIP/Sec
'92: Proceedings of the IFIP TC11, Eigth International Conference on Information Security,
North-Holland Publishing Co, Amsterdam, The Netherlands, The Netherlands, 1992, pp. 61-
72.

[5] Siponen, M., "Five dimensions of information security awareness," SIGCAS Comput.Soc.,
Vol. 31, No. 2, 2001, pp. 24-29.

[6] Price Water House Coopers, "2008 Information Security Breaches Survey," Department
for Business, Enterprise & Regulatory Reform, Technical Report, United Kingdom, 2008.

[7] Gurbaxani, V., "Diffusion in computing networks: the case of BITNET,"
Communications of the ACM, Vol. 33, No. 12, 1990, pp. 65-75.

[8] Rogers, E., "Diffusion of innovations," New York, 1995,

[9] Galliers, R., and Leidner, D.E., "Strategic Information Management: Challenges and
Strategies in Managing Information Systems," Butterworth-Heinemann, Newton, MA, USA,
2002,

[10] Dhillon, G., Tejay, G., and Hong, W., "Identifying Governance Dimensions to Evaluate
Information Systems Security in Organizations," HICSS '07: Proceedings of the 40th Annual
Hawaii International Conference on System Sciences, IEEE Computer Society, Washington,
DC, USA, 2007, pp. 157b.

[11] Stanton, J.M., Marshall, P., and and K. Stam, "Behavioral Information Security:
Defining the Criterion Space." 2003,

[12] Saltzer, J.H., and Schroeder, M.D., "The protection of information in computer
systems," Proceedings of the IEEE, Vol. 63, 1975, pp. 1278-1308.

[13] Hansche, S., "Designing a Security Awareness Program: Part I." Information Systems
Security, Vol. 9, No. 6, 2001, pp. 14.
134 References

[14] Leach, J., "Improving user security behaviour," Computers & Security, Vol. 22, No. 8,
2003, pp. 685-692.

[15] Nellis, R., "SANS Institute - Creating an IT Security Awareness Program for Senior
Management," 2007,

[16] Wagner, G.C., "Information Security's Biggest Enemy," 2006,

[17] Schneier, B., "Beyond Fear: Thinking Sensibly about Security in an Uncertain World,"
Springer-Verlag New York, Inc, Secaucus, NJ, USA, 2003,

[18] Posthumus, S., and von Solms, R., "A framework for the governance of information
security," Computers & Security, Vol. 23, No. 8, 2004, pp. 638-646.

[19] von Solms, R., and von Solms, S.H.(., "Information security governance: Due care,"
Computers & Security, Vol. 25, No. 7, 2006, pp. 494-497.

[20] Williams, P., "Information Security Governance," Information Security Technical
Report, Vol. 6, No. 3, 2001, pp. 60-70.

[21] Klempt, P., Schmidpeter, H., Sowa, S., "Business Oriented Information Security
Management - A Layered Approach," OTM Conferences (2), 2007, pp. 1835-1852.

[22] von Solms, B., "Corporate Governance and Information Security," Computers &
Security, Vol. 20, No. 3, 2001, pp. 215-218.

[23] Mossel, E., and Roch, S., "On the submodularity of influence in social networks," STOC
'07: Proceedings of the thirty-ninth annual ACM symposium on Theory of computing, ACM,
New York, NY, USA, 2007, pp. 128-134.

[24] Stolfo, S.J., Hershkop, S., Hu, C., "Behavior-based modeling and its application to Email
analysis," ACM Trans.Inter.Tech., Vol. 6, No. 2, 2006, pp. 187-221.

[25] EvenDar, E., and Shapira, A., "A Note on Maximizing the Spread of Influence in Social
Networks," WINE, 2007, pp. 281-286 ee = {http://d.do.org/10.1007/978-3-540-77105-0_27.

[26] Zhou, D., Manavoglu, E., Li, J., "Probabilistic models for discovering e-communities,"
WWW '06: Proceedings of the 15th international conference on World Wide Web, ACM,
New York, NY, USA, 2006, pp. 173-182.

[27] IT Governance Institute, "Information Security Governance: Guidance for Board of
Directors and Executive Management," IT Governance Institute, United States of America,
2006.

[28] Deloitte, "2007 Global Security Survey," Deloitte Touche Tohmatsu, United Kingdom,
2008.

[29] Computer Security Institute, "CSI Survey 2007: The 12th Annual Computer Crime and
Security Survey," Computer Security Institute, 12th Annual Computer Crime and Security
Survey, United States of America, 2008.

[30] Allen, J., "Governing for Enterprise Security," 2007,

[31] Anonymous "CERT's Podcast Series: Security for Business Leaders," Vol. 2008, No.
10/06/2008,

[32] ENISA - European Network and Information Security Agency, "A User's Guide: How to
Raise Information Security Awareness," 2007,

[33] Kruger, H.A., and Kearney, W.D., "A prototype for assessing information security
awareness," Computers & Security, Vol. 25, No. 4, 2006, pp. 289-296.

[34] Anonymous "Oxford English Dictionary Welcome," Vol. 2008, No. 10/06/2008,

[35] Information Security Forum, "Effective Security Awareness: Technical Report,"
Information Security Forum, United Kingdom, 2002.

[36] PentaSafe Security Technologies, "2002 Security Awareness Index Report: The State of
Security Awareness among Organizations Worldwide," PentaSafe Security Technologies,
2002.

[37] Parker, B.D., "Motivating the Workforce to Support Security," 2007,

[38] PriceWaterHouseCoopers, "ENISA - Information security awareness initiatives: Current
practice and the measurement of success," PwC, 2007.

[39] Information Security Forum, "The Standard of Good Practice for Information Security,"
Information Security Forum, United Kingdom, 2007.

[40] Computer Security Institute / Federal Bureau of Investigation, "2006 CSI/FBI Computer
Crime and Security Survey," Computer Security Institute, 11th Annual Computer Crime and
Security Survey, United States of America, 2007.

[41] Kabay, M.E., "Using Social Psychology to Implement Security Policies," Computer
Security Handbook, edited by John Wiley & Sons, 2002, pp. 35.

[42] von Solms, B., and Thomson, M.E., "Information security awareness: educating your
users effectively," Information Management & Computer Security, Vol. 6, No. 4, 1998, pp.
167.

[43] Zimbardo, P.L., Michael, "The psychology of attitude change and social influence,"
Boston, Mass., 1991,

[44] Puhakainen, P., "A design theory for information security awareness," 2006,

[45] Skinner, B.F. ed., "The Behaviour of Organisms: An Experimental Analysis," Prentice-
Hall, 1938,

[46] Sherrington, C., "The integrative action of the nervous system / by Charles S.
Sherrington," New Haven, 1911, pp. 1 .
136 References

[47] Peter, J.P., and Nord, W.R., "A Clarification and Extension of Operant Conditioning
Principles in Marketing," Journal of Marketing, Vol. 46, No. 3, 1982, pp. 102-107.

[48] Peel, D., "The significance of behavioural learning theory to the development of
effective coaching practice," Vol. 3, No. 1, 2007, pp. 18.

[49] Lindesmith, A.R., and Strauss, A.L., "Comparative Psychology and Social Psychology,"
The American Journal of Sociology, Vol. 58, No. 3, 1952, pp. 272-279.

[50] Schneier, B., "Hall Of Fame - Bruce Schneier - Reconceptualizing Security," Vol. 2008,
No. 29/06/2008, 2008,

[51] Skinner, B.F., "Science and human behaviour," Macmillan, New York, 1953, pp. 1 .

[52] Hewstone, Miles Stroebe,Wolfgang Stephenson, "Introduction to social psychology :"
Oxford :, 1996,

[53] Zimbardo, P., G., Ebbesen, E., B., and Maslach, C. eds., "Influencing attitudes and
changing behaviour - an introduction to method, theory and applications of social control and
personal power," Addison-Wesley, 1969,

[54] Pahnila, S., Siponen, M., and Mahmood, A., "Employees' Behavior towards IS Security
Policy Compliance," HICSS '07: Proceedings of the 40th Annual Hawaii International
Conference on System Sciences, IEEE Computer Society, Washington, DC, USA, 2007, pp.
156b.

[55] Stuart, E.W., Shimp, T.A., and Engle, R.W., "Classical Conditioning of Consumer
Attitudes: Four Experiments in an Advertising Context," The Journal of Consumer Research,
Vol. 14, No. 3, 1987, pp. 334-349.

[56] Rogers, E.M., and Kincaid, D.L., "Communication networks: Toward a new paradigm
for research," 1981,

[57] Shannon, C.E., "A Mathematical Theory of Communication," Bell System Technical
Journal, No. 27, 1948, pp. 379-423.

[58] Faris, E., "The Beginnings of Social Psychology," The American Journal of Sociology,
Vol. 50, No. 6, 1945, pp. 422-428.

[59] Rogers, E.M., and Agarwala-Rogers, R., "Communication in Organisations," Free Press,
New York, 1976,

[60] Krebs, V., "Managing Core Competencies of the Corporation," Vol. 2008, 1996,

[61] Blundel, R., and Blundel, R., "Effective organisational communication : perspectives,
principles and practices," Financial Times Prentice Hall, Harlow, England; New York, 2004,

[62] Anonymous "Employment and Labour Market Analysis - Employment in Europe," Vol.
2008, No. 11/07/2008,

[63] Carley, K., Lee, J., and Krackhardt, D., "Destabilizing networks," Connections, No. 24,
2002, pp. 79-92.

[64] Carley, K., "Information Security: The Human Perspective," Connections, 2000, pp. 1-5.

[65] Cai, D., Shao, Z., He, X., "Mining hidden community in heterogeneous social
networks," LinkKDD '05: Proceedings of the 3rd international workshop on Link discovery,
ACM, New York, NY, USA, 2005, pp. 58-65.

[66] Kempe, D., Kleinberg, J., and Tardos, E., "Maximizing the spread of influence through a
social network," 2003,

[67] Wu, F., Huberman, B.A., Adamic, L.A., "Information Flow in Social Groups," 2003,

[68] Domingos, P., and Richardson, M., "Mining the network value of customers," KDD '01:
Proceedings of the seventh ACM SIGKDD international conference on Knowledge discovery
and data mining, ACM, New York, NY, USA, 2001, pp. 57-66.

[69] Kempe, D., Kleinberg, J.M., and Tardos, {., "Influential Nodes in a Diffusion Model for
Social Networks," ICALP, 2005, pp. 1127-1138.

[70] Bird, C., Gourley, A., Devanbu, P.T., "Mining email social networks," MSR, 2006, pp.
137-143.

[71] Gladwell, M., "The Tipping Point: How Little Things Can Make a Big Difference,"
Back Bay Books, 2002,

[72] Škerlavaj, M., and Dimovski, V., "Social Network Approach to Organizational
Learning," Vol. 2008, No. 01/05,

[73] Valente, T.W., and Davis, R.L., "Accelerating the Diffusion of Innovations Using
Opinion Leaders," Annals of the American Academy of Political and Social Science, Vol.
566, No. The Social Diffusion of Ideas and Things, 1999, pp. 55-67.

[74] Feick, L.F., and Price, L.L., "The Market Maven: A Diffuser of Marketplace
Information," Journal of Marketing, Vol. 51, No. 1, 1987, pp. 83-97.

[75] Cosmas, S.C., and Sheth, J.N., "Identification of Opinion Leaders across Cultures: An
Assessment for Use in the Diffusion of Innovations and Ideas," Journal of International
Business Studies, Vol. 11, No. 1, 1980, pp. 66-73.

[76] Godes, D., Mayzlin, D., Chen, Y., "The Firm's Management of Social Interactions,"
Marketing Letters, Vol. 16, No. 3, 2005, pp. 415-428.

[77] Persky, J., "Retrospectives: Pareto's Law," The Journal of Economic Perspectives, Vol.
6, No. 2, 1992, pp. 181-192.

[78] Koch, R., "The 80/20 Principle: The Secret of Achieving More With Less," Nicholas
Brealey Publishing, 2007,
138 References

[79] Kvam, K., Lie, R., and Bakkelund, D., "Legacy system exorcism by Pareto's principle,"
OOPSLA '05: Companion to the 20th annual ACM SIGPLAN conference on Object-oriented
programming, systems, languages, and applications, ACM, New York, NY, USA, 2005, pp.
250-256.

[80] Scott, J., "Social network analysis :" London :, 1991,

[81] Tichy, N.M., Tushman, M.L., and Fombrun, C., "Social Network Analysis for
Organizations," The Academy of Management Review, Vol. 4, No. 4, 1979, pp. 507-519.

[82] Tyler, J.R., Wilkinson, D.M., and Huberman, B.A., "Email as Spectroscopy: Automated
Discovery of Community Structure within Organizations," 2003,

[83] Silk, A.J., "Response Set and the Measurement of Self-Designated Opinion Leadership,"
The Public Opinion Quarterly, Vol. 35, No. 3, 1971, pp. 383-397.

[84] Schwartz, M.F., and Wood, D.C.M., "Discovering shared interests using graph analysis,"
Communications of the ACM, Vol. 36, No. 8, 1993, pp. 78-89.

[85] Gloor, P.A., Laubacher, R., Dynes, S.B.C., "Visualization of Communication Patterns in
Collaborative Innovation Networks - Analysis of Some W3C Working Groups," CIKM '03:
Proceedings of the twelfth international conference on Information and knowledge
management, ACM, New York, NY, USA, 2003, pp. 56-60.

[86] Culotta, A., Bekkerman, R., and McCallum, A., "Extracting social networks and contact
information from email and the web," In CEAS-1, 2004,

[87] Carvalho, V.R., Wu, W., and Cohen, W.W., "Discovering Leadership Roles in Email
Workgroups," CEAS 2007, Mountain View, CA, 2007 bib2html_dl_pdf =
http://www.cs.cmu.edu/~vitor/publications/papers/carvalho07ceas.pdf,

[88] Adamic, L., and Adar, E., "How to search a social network," Social Networks, Vol. 27,
No. 3, 2005, pp. 187-203.

[89] Choudhury, T., and Pentland, A., "Characterizing social networks using the sociometer,"
In Proceedings of the North American Association of Computational Social and
Organizational Science (NAACSOS, 2004,

[90] Phelps, J.E., Lewis, R., Mobilio, L., "Viral Marketing or Electronic Word-of-Mouth
Advertising: Examining Consumer Responses and Motivations to Pass Along Email,"
Journal of Advertising Research, Vol. 44, No. 04, 2005, pp. 333-348.

[91] Modzelewski, F.M., "Finding a Cure for Viral Marketing Ills," 13th September 2000,

[92] Subramani, M.R., and Rajagopalan, B., "Knowledge-sharing and influence in online
social networks via viral marketing," Communications of the ACM, Vol. 46, No. 12, 2003,
pp. 300-307.

[93] Jurvetson, S., and Draper, T., "Viral Marketing," November 1998,
139

[94] Leskovec, J., Adamic, L.A., and Huberman, B.A., "The Dynamics of Viral Marketing,"
2005,

[95] Richardson, M., and Domingos, P., "Mining knowledge-sharing sites for viral
marketing," KDD '02: Proceedings of the eighth ACM SIGKDD international conference on
Knowledge discovery and data mining, ACM, New York, NY, USA, 2002, pp. 61-70.

[96] Cyrot, J.L., Urdl, C., and Alves, I.G., "Networks Work: Viral Marketing as a Tool for
Launching Innovations," 2003,

[97] Patel, N., "Internet based viral marketing for global competition: The road ahead,"
Conference on Global Competition and Competitiveness of Indian Corporate, Indian Institute
of Management Kozhikode, 2007,

[98] Dobele, A., Toleman, D., and Beverland, M., "Controlled infection! Spreading the brand
message through viral marketing," Business Horizons, Vol. 48, No. 2, 2005, pp. 143-149.

[99] Ludwig, M.A., "The Little Black Book of Computer Viruses," Vol. Volume One: The
Basic Technology, American Eagle Publications, Inc., 1996,

[100] Helm, S., "Viral Marketing - Establishing Customer Relationships by 'Word-ofmouse',"
Electronic Markets, Vol. 10, No. 3, 2000, pp. 158.

[101] Bharathi, S., Kempe, D., and Salek, M., "Competitive Influence Maximization in Social
Networks," 2007, pp. 306-311.

[102] Anonymous "cost effective viral marketing and viral seeding," Vol. 2008, No.
20/07/2008,

[103] Denning, , "The social life of innovation," Communications of the ACM, Vol. 47, No.
4, 2004, pp. 15.

[104] Denning, , "Innovation as language action," Communications of the ACM, Vol. 49, No.
5, 2006, pp. 47.

[105] Drucker, P., "Innovation and entrepreneurship : Practice and Principles," Oxford :
Great Britain, 1994

[106] Brown, L., "Innovation diffusion :" London :, 1981,

[107] Sundbo, J., "The theory of innovation :" Cheltenham :, 1998

[108] Prescott, M.B., "Diffusion of innovation theory: borrowings, extensions, and
modifications from IT researchers," SIGMIS Database, Vol. 26, No. 2-3, 1995, pp. 16-19.

[109] Prescott, M.B., and Conger, S.A., "Information technology innovations: a classification
by IT locus of impact and research approach," SIGMIS Database, Vol. 26, No. 2-3, 1995, pp.
20-41.

[110] Rogers, E.M., and Scott, K.L., "Diffusion of Innovations Model and Outreach from the
National Network of Libraries of Medicine to Native American Communities," Vol. 2008,
No. 06/07/2008, 2006

[111] Strang, D., and Soule, S.A., "Diffusion in Organizations and Social Movements: From
Hybrid Corn to Poison Pills," Annual Review of Sociology, Vol. 24, 1998, pp. 265-290.

[112] Anonymous "Diffusion of Innovations - NCOA," Vol. 2008, No. 06/07/2008

[113] Fuller, M.A., Hardin, A.M., and Scott, C.L., "Diffusion of virtual innovation," SIGMIS
Database, Vol. 38, No. 4, 2007, pp. 40-44.

[114] Valente, T.W., "Social network thresholds in the diffusion of innovations," Social
Networks, Vol. 18, No. 1, 1996, pp. 69-89