{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T13:45:09Z","timestamp":1773409509564,"version":"3.50.1"},"reference-count":8,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010,2]]},"DOI":"10.1109\/ares.2010.37","type":"proceedings-article","created":{"date-parts":[[2010,3,29]],"date-time":"2010-03-29T15:52:36Z","timestamp":1269877956000},"page":"258-261","source":"Crossref","is-referenced-by-count":10,"title":["Extending the Gordon and Loeb Model for Information Security Investment"],"prefix":"10.1109","author":[{"given":"Jan","family":"Willemson","sequence":"first","affiliation":[]}],"member":"263","reference":[{"key":"ref4","article-title":"A method for quantitative risk analysis","author":"meritt","year":"1999","journal-title":"Proceedings of the 22nd National Information Systems Security Conference"},{"key":"ref3","author":"hoo","year":"2000","journal-title":"How Much Is Enough? A Risk-Management Approach to Computer Security"},{"key":"ref6","first-page":"55","article-title":"Return On Security Investment (ROSI) – A practical quantitative model","volume":"38","author":"sonnenreich","year":"2006","journal-title":"Journal of Research and Practice in Information Technology"},{"key":"ref5","author":"schechter","year":"2004","journal-title":"Computer security strength & risk A quantitative approach"},{"key":"ref8","article-title":"On the Gordon & Loeb Model for Information Security Investment","author":"willemson","year":"2006","journal-title":"Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS 2006)"},{"key":"ref7","article-title":"Vulnerability and Effects of Information Security Investment: A Firm Level Empirical Analysis of Japan","author":"tanaka","year":"2005","journal-title":"International Forum of Financial Information Systems and Cybersecurity A Public Policy Perspective"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-006-9011-6"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581274"}],"event":{"name":"2010 International Conference on Availability, Reliability, and Security (ARES)","location":"Krakow, Poland","start":{"date-parts":[[2010,2,15]]},"end":{"date-parts":[[2010,2,18]]}},"container-title":["2010 International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/5437532\/5437988\/05438086.pdf?arnumber=5438086","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,18]],"date-time":"2017-03-18T15:53:13Z","timestamp":1489852393000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/5438086\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,2]]},"references-count":8,"URL":"https:\/\/doi.org\/10.1109\/ares.2010.37","relation":{},"subject":[],"published":{"date-parts":[[2010,2]]}}}