International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Factors for Better Adoption of Information Security on Custom-Made Software at SMEs: A Systematic Review and Framework

  • Fatimah Alghamdi (Faculty of Computing and Information, King Abdul-Aziz University Jeddah, KSA) ;
  • Moutasm Tamimi (Zarqa University) ;
  • Nermin Hamza (Faculty of Computing and Information, King Abdul-Aziz University Jeddah, KSA, Faculty of Graduate Studies for Statistical Research, Cairo University)
  • Received : 2023.02.05
  • Published : 2023.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Investigations on information security factors re- main elusive at small and medium enterprises (SMEs), es- specially for custom-made software solutions. This article aims to investigate, classify, adopt factors from recent literature addressing information security resources. SMEs al- ready have information security in place, but they are not easy to adopt through the negotiation processes between the in-house software development companies and custom-made software clients at SMEs. This article proposes a strategic framework for implementing the process of adoption of the information security factors at SMEs after conducting a systematic snapshot approach for investigating and classifying the resources. The systematic snapshot was conducted using a search strategy with inclusion and exclusion criteria to retain 128 final reviewed papers from a large number of papers within the period of 2001-2022. These papers were analyzed based on a classification schema including management, organizational, development, and environmental categories in software development lifecycle (SDLC) phases in order to define new security factors. The reviewed articles addressed research gaps, trends, and common covered evidence-based decisions based on the findings of the systematic mapping. Hence, this paper boosts the broader cooperation between in-house software development companies and their clients to elicit, customize, and adopt the factors based on clients' demands.

Keywords

References

  1. Y. Barlette and V. V. Fomin, "The adoption of information security management standards: A literature review," in Information Resources Management: Concepts, Methodologies, Tools and Applications: IGI Global, 2010, pp. 69-90.
  2. M. Tamimi and I. Jebreen, "A Systematic Snapshot of Small Packaged Software Vendors' Enterprises," International Journal of Enterprise Information Systems (IJEIS), vol. 14, no. 2, pp. 21-42, 2018. https://doi.org/10.4018/IJEIS.2018040102
  3. S. U. Khan, M. Niazi, and R. Ahmad, "Critical success factors for offshore software development outsourcing vendors: A systematic literature review," in Global Software Engineering, 2009. ICGSE 2009. Fourth IEEE International Conference on, 2009: IEEE, pp. 207-216.
  4. G. Kalus and M. Kuhrmann, "Criteria for software process tailoring: a systematic review," in Proceedings of the 2013 International Conference on Software and System Process, 2013, pp. 171-180.
  5. M. Tamimi, F. Alghandi, and A. Yaseen, "A SYSTEM-ATIC SNAPSHOT REVIEW OF CUSTOM-MADE SOFTWARE ENTERPRISES FROM THE DEVELOPMENT PERSPECTIVES," International Journal of Information Systems Management Research Development (IJISMRD), vol. 9, no. 1, pp. 1-22, 2019, doi: 10.24247/ijismrdjun20191.
  6. V. Dimopoulos, S. Furnell, M. Jennex, and I. Kritharas, "Approaches to IT Security in Small and Medium Enterprises," in AISM, 2004, pp. 73-82.
  7. K. Alnafjan, "An empirical investigation into the adoption of Software Engineering Practice in Saudi Arabia," International Journal of Computer Science Issues (IJCSI), vol. 9, no. 3, p. 328, 2012.
  8. B. W. Boehm and P. N. Papaccio, "Understanding and controlling software costs," IEEE transactions on software engineering, vol. 14, no. 10, pp. 1462-1477, 1988. https://doi.org/10.1109/32.6191
  9. P. Morrison, D. Moye, R. Pandita, and L. Williams, "Mapping the field of software life cycle security metrics," Information and Software Technology, vol. 102, pp. 146-159, 2018. https://doi.org/10.1016/j.infsof.2018.05.011
  10. D. Geer, "Are companies actually using secure development life cycles?," Computer, vol. 43, no. 6, pp. 12-16, 2010.' https://doi.org/10.1109/MC.2010.159
  11. M. Tamimi, A. Alzahrani, R. Aljohani, M. Alshahrani, and B. Alharbi, "Security Review based on ISO 27000/ ISO 27001/ ISO 27002 Standards: A Case Study Research," International Journal of Management and Applied Science, vol. 5, no. 8, pp. 120-123, 2019.
  12. D.-L. Huang, P.-L. P. Rau, G. Salvendy, F. Gao, and J. Zhou, "Factors affecting perception of information security and their impacts on IT adoption and security practices," International Journal of Human-Computer Studies, vol. 69, no. 12, pp. 870-883, 2011. https://doi.org/10.1016/j.ijhcs.2011.07.007
  13. J. H. Sinard and P. Gershkovich, "Custom software development for use in a clinical laboratory," Journal of Pathology Informatics, vol. 3, 2012.
  14. F. Alghamdi, N. Hamza, and M. Tamimi, "Factors that Influence the Adoption of Information Security on Requirement Phase for Custom-Made Software at SMEs," in 2019 2nd International Conference on Computer Applications Information Security (ICCAIS), 2019: IEEE, pp. 1-6.
  15. T. Moutasm and J. Issam, "A Systematic Snapshot of Small Packaged Software Vendors' Enterprises," in Research Anthology on Recent Trends, Tools, and Implications of Computer Programming, A. Information Resources Management Ed. Hershey, PA, USA: IGI Global, 2021, pp. 1262-1285.
  16. I. Jebreen, M. Tamimi, H. Almajali, and F. Janabi, "Integration Testing in Small Packaged Software Vendors: A Systemic Snapshot," in Proceedings of the 2nd International Conference on E-Education, E-Business and ETechnology, 2018, pp. 106-110.
  17. D. Mellado, C. Blanco, L. E. Sanchez, and E. Fernandez-Medina, "A systematic review of security requirements engineering," Computer Standards Interfaces, vol. 32, no. 4, pp. 153-165, 2010. https://doi.org/10.1016/j.csi.2010.01.006
  18. P. Williams, "Information security governance," Information security technical report, vol. 6, no. 3, pp. 60-70, 2001. https://doi.org/10.1016/S1363-4127(01)00309-0
  19. H. El-Hadary and S. El-Kassas, "Capturing security requirements for software systems," Journal of advanced research, vol. 5, no. 4, pp. 463-472, 2014. https://doi.org/10.1016/j.jare.2014.03.001
  20. I. A. Tondel, M. G. Jaatun, and P. H. Meland, "Security requirements for the rest of us: A survey," IEEE software, vol. 25, no. 1, pp. 20-27, 2008. https://doi.org/10.1109/MS.2008.19
  21. C. Onwubiko and A. P. Lenaghan, "Managing security threats and vulnerabilities for small to medium enterprises," in 2007 IEEE Intelligence and Security Informatics, 2007: IEEE, pp. 244-249.
  22. R. L. Jones and A. Rastogi, "Secure coding: building security into the software development life cycle," Information Systems Security, vol. 13, no. 5, pp. 29-39, 2004. https://doi.org/10.1201/1086/44797.13.5.20041101/84907.5
  23. S. Myagmar, A. J. Lee, and W. Yurcik, "Threat modeling as a basis for security requirements," in Symposium on requirements engineering for information security (SREIS), 2005, vol. 2005: Citeseer, pp. 1-8.
  24. D. Mairiza and D. Zowghi, "An ontological framework to manage the relative conflicts between security and usability requirements," in 2010 Third International Workshop on Managing Requirements Knowledge, 2010: IEEE, pp. 1-6.
  25. Y. Acar, C. Stransky, D. Wermke, M. L. Mazurek, and S. Fahl, "Security developer studies with github users: Exploring a convenience sample," in Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), 2017, pp. 81-95.
  26. G. Sindre and A. L. Opdahl, "Eliciting security requirements with misuse cases," Requirements engineering, vol. 10, no. 1, pp. 34-44, 2005. https://doi.org/10.1007/s00766-004-0194-4
  27. C. Buschow and M. Suhr, "Change management and new organizational forms of content creation," in Media and change management: Springer, 2022, pp. 381-397.
  28. S. Snowden, J. Spafford, R. Michaelides, and J. Hopkins, "Technology acceptance and m-commerce in an operational environment," Journal of Enterprise Information Management, vol. 19, no. 5, pp. 525-539, 2006. https://doi.org/10.1108/17410390610703657
  29. G. Rezaei and M. R. Hashemi, "An SDN-based Firewall for Networks with Varying Security Requirements," in 2021 26th International Computer Conference, Computer Society of Iran (CSICC), 2021: IEEE, pp. 1-7.
  30. R. Mitra, "Security Level Identification and Secure Software Design of Safety Critical Embedded Systems: Methodologies and Process," in INCOSE International Symposium, 2017, vol. 27, no. 1: Wiley Online Library, pp. 1300-1313.
  31. K. Popovic and Z. Hocenski, "Cloud computing security issues and challenges," in The 33rd International Convention MIPRO, 2010: IEEE, pp. 344-349.
  32. A. Verma and S. Kaushal, "Cloud computing security issues and challenges: a survey," in International Conference on Advances in Computing and Communications, 2011: Springer, pp. 445-454.
  33. H. Hashimi, A. Hafez, and M. Beraka, "A novel view of risk management in software development life cycle," in 2012 12th International Symposium on Pervasive Systems, Algorithms and Networks, 2012: IEEE, pp. 128134.
  34. F. Mijnhardt, T. Baars, and M. Spruit, "Organizational characteristics influencing SME information security maturity," Journal of Computer Information Systems, vol. 56, no. 2, pp. 106-115, 2016. https://doi.org/10.1080/08874417.2016.1117369
  35. M. Essafi, L. Labed, and H. B. Ghezala, "S2d-prom: A strategy oriented process model for secure software development," in International Conference on Software Engineering Advances (ICSEA 2007), 2007: IEEE, pp. 24-24.
  36. S. Al-Dhahri, M. Al-Sarti, and A. A. Aziz, "Information Security Management System," International Journal of Computer Applications, vol. 158, no. 7, pp. 29-33, 2017. https://doi.org/10.5120/ijca2017912851
  37. N. D'Apuzzo, "3D body scanning technology for fashion and apparel industry," in Videometrics IX, 2007, vol. 6491: International Society for Optics and Photonics, p. 64910O.
  38. G. Virone, N. Noury, and J. Demongeot, "A system for automatic measurement of circadian activity deviations in telemedicine," IEEE Transactions on Biomedical Engineering, vol. 49, no. 12, pp. 1463-1469, 2002. https://doi.org/10.1109/TBME.2002.805452
  39. Y. Cherdantseva and J. Hilton, "A reference model of information assurance security," in 2013 International Conference on Availability, Reliability and Security, 2013: IEEE, pp. 546-555.
  40. M. U. A. Khan and M. Zulkernine, "On selecting appropriate development processes and requirements engineering methods for secure software," in 2009 33rd Annual IEEE International Computer Software and Applications Conference, 2009, vol. 2: IEEE, pp. 353-358.
  41. G. Dhillon and J. Backhouse, "Current directions in IS security research: towards socio-organizational perspectives," Information Systems Journal, vol. 11, no. 2, pp. 127-153, 2001. https://doi.org/10.1046/j.1365-2575.2001.00099.x
  42. E. B. Fernandez, "A Methodology for Secure Software Design," in Software Engineering Research and Practice, 2004, pp. 130-136.
  43. D.-M. Zhao, J.-H. Wang, J. Wu, and J.-F. Ma, "Us-ing fuzzy logic and entropy theory to risk assessment of the information security," in 2005 International Conference on Machine Learning and Cybernetics, 2005, vol. 4: IEEE, pp. 2448-2453.
  44. L. Wallace, M. Keil, and A. Rai, "How software project risk affects project performance: An investigation of the dimensions of risk and an exploratory model," Decision sciences, vol. 35, no. 2, pp. 289-321, 2004. https://doi.org/10.1111/j.00117315.2004.02059.x
  45. L. Wallace and M. Keil, "Software project risks and their effect on outcomes," Communications of the ACM,vol. 47, no. 4, pp. 68-73, 2004. https://doi.org/10.1145/975817.975819
  46. M. S. Saleh and A. Alfantookh, "A new comprehensive framework for enterprise information security risk management," Applied computing and informatics, vol. 9, no. 2, pp. 107-118, 2011. https://doi.org/10.1016/j.aci.2011.05.002
  47. S. Islam and W. Dong, "Human factors in software security risk management," in Proceedings of the first international workshop on Leadership and management in software architecture, 2008: ACM, pp. 13-16.
  48. M. Sulayman, C. Urquhart, E. Mendes, and S. Seidel, "Software process improvement success factors for small and medium Web companies: A qualitative study," Information and Software Technology, vol. 54, no. 5, pp. 479500, 2012.
  49. S. Mittal, P. K. Das, V. Mulwad, A. Joshi, and T. Finin, "Cybertwitter: Using twitter to generate alerts for cybersecurity threats and vulnerabilities," in 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), 2016: IEEE, pp. 860-867.
  50. R. Sabillon, J. Serra-Ruiz, V. Cavaller, and J. Cano, "A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM)," in 2017 International Conference on Information Systems and Computer Science (INCISCOS), 2017: IEEE, pp. 253-259.
  51. D. J. Sebastian and A. Hahn, "Exploring emerging cybersecurity risks from network-connected DER devices," in 2017 North American Power Symposium (NAPS), 2017: IEEE, pp. 1-6.
  52. D. Krenczyk and A. Dobrza nska-Danikiewicz, "The deadlock protection method used in the production systems," Journal of Materials Processing Technology, vol. 164, pp. 1388-1394, 2005.
  53. D. Krenczyk and B. Skolud, "Production preparation and order verification systems integration using method based on data transformation and data mapping," in International Conference on Hybrid Artificial Intelligence Systems, 2011: Springer, pp. 397-404.
  54. J. J. Pauli and D. Xu, "Misuse case-based design and analysis of secure software architecture," in International Conference on Information Technology: Coding and Computing (ITCC'05)-Volume II, 2005, vol. 2: IEEE, pp. 398-403.
  55. M. Almorsy, J. Grundy, and A. S. Ibrahim, "Automated software architecture security risk analysis using formalized signatures," in 2013 35th International Conference on Software Engineering (ICSE), 2013: IEEE, pp. 662671.
  56. D. Xu and K. E. Nygard, "Threat-driven modeling and verification of secure software using aspect-oriented Petri nets," IEEE transactions on software engineering, vol. 32, no. 4, pp. 265-278, 2006 https://doi.org/10.1109/TSE.2006.40
  57. D. Concha, J. Espadas, D. Romero, and A. Molina, "The e-HUB evolution: from a custom software architecture to a software-as-a-service implementation," Computers in Industry, vol. 61, no. 2, pp. 145-151, 2010 https://doi.org/10.1016/j.compind.2009.10.010
  58. M. J. Callaghan, J. Harkin, E. McColgan, T. M. McGinnity, and L. P. Maguire, "Client-server architecture for collaborative remote experimentation," Journal of Network and Computer Applications, vol. 30, no. 4, pp. 1295-1308, 2007. https://doi.org/10.1016/j.jnca.2006.09.006
  59. D.-R. Liu, M.-Y. Wu, and S.-T. Lee, "Role-based authorizations for workflow systems in support of task-based separation of duty," Journal of systems and software, vol. 73, no. 3, pp. 375-387, 2004. https://doi.org/10.1016/S0164-1212(03)00175-4
  60. H. Studiawan, C. Payne, and F. Sohel, "Graph clustering and anomaly detection of access control log for forensic purposes," Digital Investigation, vol. 21, pp. 76-87, 2017. https://doi.org/10.1016/j.diin.2017.05.001
  61. V. Amrutiya, S. Jhamb, P. Priyadarshi, and A. Bhatia, "Trustless Two-Factor Authentication Using Smart Contracts in Blockchains," in 2019 International Conference on Information Networking (ICOIN), 2019: IEEE, pp. 66-71.
  62. W. Xu, X. Zhang, H. Hu, G.-J. Ahn, and J.-P. Seifert, "Remote attestation with domain-based integrity model and policy analysis," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 3, pp. 429-442, 2011. https://doi.org/10.1109/TDSC.2011.61
  63. M. P. Papazoglou, P. Traverso, S. Dustdar, and F. Leymann, "Service-oriented computing: State of the art and research challenges," Computer, vol. 40, no. 11, pp. 3845, 2007.
  64. D. Fensel and C. Bussler, "The web service modeling framework WSMF," Electronic Commerce Research and Applications, vol. 1, no. 2, pp. 113-137, 2002. https://doi.org/10.1016/S1567-4223(02)00015-7
  65. A. Chechulin, I. Kotenko, and V. Desnitsky, "An approach for network information flow analysis for systems of embedded components," in International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, 2012: Springer, pp. 146-155.
  66. Y. Deng, J. Wang, J. J. Tsai, and K. Beznosov, "An approach for modeling and analysis of security system architectures," IEEE Transactions on knowledge and data engineering, vol. 15, no. 5, pp. 1099-1119, 2003. https://doi.org/10.1109/TKDE.2003.1232267
  67. W. Xiong and R. Lagerstrom, "Threat modeling-A systematic literature review," Computers Security, vol. 84, pp. 53-69, 2019. https://doi.org/10.1016/j.cose.2019.03.010
  68. R. Scandariato, K. Wuyts, and W. Joosen, "A descriptive study of Microsoft's threat modeling technique," Requirements Engineering, vol. 20, no. 2, pp. 163-180, 2015. https://doi.org/10.1007/s00766-013-0195-2
  69. D. Dhillon, "Developer-driven threat modeling: Lessons learned in the trenches," IEEE Security Privacy, vol. 9, no. 4, pp. 41-47, 2011. https://doi.org/10.1109/MSP.2011.47
  70. P. H. Meland and J. Jensen, "Secure software design in practice," in 2008 Third International Conference on Availability, Reliability and Security, 2008: IEEE, pp. 1164-1171.
  71. A. Dautovic, R. Plosch, and M. Saft, "Automatic checking of quality best practices in software development documents," in 2011 11th international conference on quality software, 2011: IEEE, pp. 208-217.
  72. R. S. Geiger, N. Varoquaux, C. Mazel-Cabasse, and C. Holdgraf, "The types, roles, and practices of documentation in data analytics open source software libraries," Computer Supported Cooperative Work (CSCW), vol. 27, no. 3-6, pp. 767-802, 2018. https://doi.org/10.1007/s10606-018-9333-1
  73. B. McFee, J. W. Kim, M. Cartwright, J. Salamon, R. M. Bittner, and J. P. Bello, "Open-source practices for music signal processing research: Recommendations for transparent, sustainable, and reproducible audio research," IEEE Signal Processing Magazine, vol. 36, no. 1, pp. 128-137, 2018. https://doi.org/10.1109/MSP.2018.2875349
  74. D. Quinones and C. Rusu, "How to develop usability heuristics: A systematic literature review," Computer Standards Interfaces, vol. 53, pp. 89-122, 2017. https://doi.org/10.1016/j.csi.2017.03.009
  75. M. A. Sharkh, M. Jammal, A. Shami, and A. Ouda, "Resource allocation in a network-based cloud computing environment: design challenges," IEEE Communications Magazine, vol. 51, no. 11, pp. 46-52, 2013. https://doi.org/10.1109/MCOM.2013.6658651
  76. S. Lipner, "The trustworthy computing security development lifecycle," in 20th Annual Computer Security Applications Conference, 2004: IEEE, pp. 2-13.
  77. A. Castaldo, G. De Luca, and B. Barile, "DOES INITIAL ACCESS TO BANK LOANS PREDICT START-UPS'FUTURE DEFAULT PROBABILITY? EVIDENCE FROM ITALY," Contemporary Economic Policy, 2020.
  78. P. B. Prince and S. J. Lovesum, "Privacy Enforced Access Control Model for Secured Data Handling in CloudBased Pervasive Health Care System," SN Computer Science, vol. 1, no. 5, pp. 1-8, 2020. https://doi.org/10.1007/s42979-019-0007-y
  79. E. Markakis et al., "Acceleration at the edge for supporting smes security: The fortika paradigm," IEEE Communications Magazine, vol. 57, no. 2, pp. 41-47, 2019. https://doi.org/10.1109/MCOM.2019.1800506
  80. T. Brown, A. Kogan, Y. Lev, and V. Luchangco, "Investigating the performance of hardware transactions on a multi-socket machine," in Proceedings of the 28th ACM Symposium on Parallelism in Algorithms and Architectures, 2016: ACM, pp. 121-132.
  81. H. Shahriar and M. Zulkernine, "Mitigating program security vulnerabilities: Approaches and challenges," ACM Computing Surveys (CSUR), vol. 44, no. 3, p. 11, 2012.
  82. E. Kaynak, E. Tatoglu, and V. Kula, "An analysis of the factors affecting the adoption of electronic commerce by SMEs: Evidence from an emerging market," Inter-2005.
  83. A. K. Jain and D. Shanbhag, "Addressing security and privacy risks in mobile applications," IT Professional, vol. 14, no. 5, pp. 28-33, 2012. https://doi.org/10.1109/MITP.2012.72
  84. C. Dannewitz, J. Golic, B. Ohlman, and B. Ahlgren, "Secure naming for a network of information," in 2010 INFOCOM IEEE conference on computer communications workshops, 2010: IEEE, pp. 1-6.
  85. Y. Hashimoto et al., "Safety securing approach against cyber-attacks for process control system," Computers Chemical Engineering, vol. 57, pp. 181-186, 2013. https://doi.org/10.1016/j.compchemeng.2013.04.019
  86. D. Wei, Y. Lu, M. Jafari, P. Skare, and K. Rohde, "An integrated security system of protecting smart grid against cyber attacks," in 2010 Innovative Smart Grid Technologies (ISGT), 2010: IEEE, pp. 1-7.
  87. M. Khouzani, S. Sarkar, and E. Altman, "Optimal dissemination of security patches in mobile wireless networks," IEEE Transactions on Information Theory, vol. 58, no. 7, pp. 4714-4732, 2012. https://doi.org/10.1109/TIT.2012.2195295
  88. B. Brykczynski and R. A. Small, "Reducing internetbased intrusions: Effective security patch management," IEEE software, vol. 20, no. 1, pp. 50-57, 2003. https://doi.org/10.1109/MS.2003.1159029
  89. D. P. Gilliam, T. L. Wolfe, J. S. Sherif, and M. Bishop, "Software security checklist for the software life cycle," in WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003., 2003: IEEE, pp. 243-248.
  90. S. Bellovin, "Security by checklist," IEEE Security Privacy, vol. 6, no. 2, pp. 88-88, 2008. https://doi.org/10.1109/MSP.2008.43
  91. R. Almadhoun, M. Kadadha, M. Alhemeiri, M. Alshehhi, and K. Salah, "A user authentication scheme of IoT devices using blockchain-enabled fog nodes," in 2018 IEEE/ACS 15th international conference on computer systems and applications (AICCSA), 2018: IEEE, pp. 18.
  92. C. Jiang and P. Zhang, "VNE Solution for Network Differentiated QoS and Security Requirements from the Perspective of Deep Reinforcement Learning," in QoSAware Virtual Network Embedding: Springer, 2021, pp. 61-84.
  93. S. Bu and B.-H. Wang, "Improving the security of chaotic encryption by using a simple modulating method," Chaos, Solitons Fractals, vol. 19, no. 4, pp. 919-924, 2004. https://doi.org/10.1016/S0960-0779(03)00260-1
  94. S. M. Farooq, S. Nabirasool, S. Kiran, S. S. Hussain, and T. S. Ustun, "MPTCP based mitigation of denial of service (DoS) attack in PMU communication networks," in 2018 IEEE International Conference on Power Electronics, Drives and Energy Systems (PEDES), 2018: IEEE, pp. 1-5.
  95. P. Danzi, M. Angjelichinoski, C. Stefanovic, T. Drag-national marketing review, vol. 22, no. 6, pp. 623-640,
  96. M. Felderer and E. Fourneret, "A systematic classification of security regression testing approaches," International Journal on Software Tools for Technology Transfer, vol. 17, no. 3, pp. 305-319, 2015. https://doi.org/10.1007/s10009-015-0365-2
  97. J. Highsmith and A. Cockburn, "Agile software development: The business of innovation," Computer, vol. 34, no. 9, pp. 120-127, 2001. https://doi.org/10.1109/2.947100
  98. K. Mohan, B. Ramesh, and V. Sugumaran, "Integrating software product line engineering and agile development," IEEE software, vol. 27, no. 3, pp. 48-55, 2010. https://doi.org/10.1109/MS.2010.31
  99. M. E. Delamaro, J. Maidonado, and A. P. Mathur, "Interface mutation: An approach for integration testing," IEEE transactions on software engineering, vol. 27, no. 3, pp. 228-247, 2001. https://doi.org/10.1109/32.910859
  100. L. Shaul and D. Tauber, "CSFs along ERP life-cycle in SMEs: a field study," Industrial Management Data Systems, vol. 112, no. 3, pp. 360-384, 2012. https://doi.org/10.1108/02635571211210031
  101. H. Holm, T. Sommestad, J. Almroth, and M. Persson, "A quantitative evaluation of vulnerability scanning," Information Management Computer Security, vol. 19, no. 4, pp. 231-247, 2011. https://doi.org/10.1108/09685221111173058
  102. J. Fonseca, M. Vieira, and H. Madeira, "Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks," in 13th Pacific Rim international symposium on dependable computing (PRDC 2007), 2007: IEEE, pp. 365-372.
  103. U. Bayer, A. Moser, C. Kruegel, and E. Kirda, "Dynamic analysis of malicious code," Journal in Computer Virology, vol. 2, no. 1, pp. 67-77, 2006. https://doi.org/10.1007/s11416-006-0012-2
  104. S. C. Talukder and M. M. Rahman, "Customer requirements oriented component based software development life cycle model," in 2015 International Conference on Computers, Communications, and Systems (ICCCS), 2015: IEEE, pp. 61-68.
  105. M. Geogy and A. Dharani, "Prominence of each phase in Software development life cycle contributes to the overall quality of a product," in 2015 International Conference on Soft-Computing and Networks Security (ICSNS), 2015: IEEE, pp. 1-2.
  106. A.-K. Groven, K. Haaland, R. Glott, and A. Tannenberg, "Security measurements within the framework of quality assessment models for free/libre open source software," in Proceedings of the fourth european conference on software architecture: Companion volume, 2010: ACM, pp. 229-235.
  107. S. Subashini and V. Kavitha, "A survey on security issues in service delivery models of cloud computing," Journal of network and computer applications, vol. 34, no. 1, pp. 1-11, 2011. https://doi.org/10.1016/j.jnca.2010.07.006
  108. J. E. Mateer and R. W. Jones, "Information systems, indirect risks and safety: An 8-step safety management process," in 2018 13th IEEE Conference on Industrial Electronics and Applications (ICIEA), 2018: IEEE, pp. 352-357.
  109. P. Chapman, "Are your IT staff ready for the pandemic-driven insider threat?," Network Security, vol. 2020, no. 4, pp. 8-11, 2020. https://doi.org/10.1016/S1353-4858(20)30042-8
  110. A. Vangala, B. Bera, S. Saha, A. K. Das, N. Kumar, and Y. H. Park, "Blockchain-Enabled Certificate-Based Authentication for Vehicle Accident Detection and Notification in Intelligent Transportation Systems," IEEE Sensors Journal, 2020.
  111. G. K. Verma, B. Singh, N. Kumar, M. S. Obaidat, D. He, and H. Singh, "An efficient and provable certificatebased proxy signature scheme for IIoT environment," Information Sciences, vol. 518, pp. 142-156, 2020. https://doi.org/10.1016/j.ins.2020.01.006
  112. H. Pan, Y. Zhu, Z. Pan, and X. Lu, "An efficient scheme of merging multiple public key infrastructures in ERP," in International Conference on Web-Age Information Management, 2005: Springer, pp. 919-924.
  113. H. Liu and H. Goto, "Certificate-based, disruptiontolerant authentication system with automatic CA certificate distribution for Eduroam," in 2014 IEEE 38th International Computer Software and Applications Conference Workshops, 2014: IEEE, pp. 169-173.
  114. U. Somani, K. Lakhani, and M. Mundra, "Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing," in 2010 First International Conference On Parallel, Distributed and Grid Computing (PDGC 2010), 2010: IEEE, pp. 211-216.
  115. B. Gastermann, M. Stopper, A. Kossik, and B. Katalinic, "Secure implementation of an on-premises cloud storage service for small and mediumsized enterprises," Procedia Engineering, vol. 100, pp. 574-583, 2015. https://doi.org/10.1016/j.proeng.2015.01.407
  116. N. Kundu, S. K. Debnath, D. Mishra, and T. Choudhury, "Post-quantum digital signature scheme based on multivariate cubic problem," Journal of Information Security and Applications, vol. 53, p. 102512, 2020.
  117. T. Kwon and J.-i. Lee, "Practical digital signature generation using biometrics," in International Conference on Computational Science and Its Applications, 2004: Springer, pp. 728-737
  118. R. Kolluru and P. H. Meredith, "Security and trust management in supply chains," Information Management Computer Security, vol. 9, no. 5, pp. 233-236, 2001 https://doi.org/10.1108/09685220110408031
  119. A. Ramtohul and K. Soyjaudah, "Information security governance for eservices in southern African developing countries e-Government projects," Journal of Science Technology Policy Management, vol. 7, no. 1, pp. 26-42, 2016. https://doi.org/10.1108/JSTPM-04-2014-0014
  120. M. Najjar, "A blue print practical implementation of PKI using open PGP at University of Tabuk," in 2013 Science and Information Conference, 2013: IEEE, pp. 358-362.
  121. D. Chadwick, A. Otenko, and E. Ball, "Role-based access control with X. 509 attribute certificates," IEEE Internet Computing, vol. 7, no. 2, pp. 62-69, 2003. https://doi.org/10.1109/MIC.2003.1189190
  122. R. Lippmann, S. Webster, and D. Stetson, "The effect of identifying vulnerabilities and patching software on the utility of network intrusion detection," in International Workshop on Recent Advances in Intrusion Detection, 2002: Springer, pp. 307-326.
  123. D. Novikov, R. V. Yampolskiy, and L. Reznik, "Artificial intelligence approaches for intrusion detection," in 2006 IEEE Long Island Systems, Applications and Technology Conference, 2006: IEEE, pp. 1-8.
  124. J. Witschey, S. Xiao, and E. Murphy-Hill, "Technical and personal factors influencing developers' adoption of security tools," in Proceedings of the 2014 ACM Workshop on Security Information Workers, 2014: ACM, pp. 23-26.
  125. E. Albrechtsen and J. Hovden, "The information security digital divide between information security managers and users," Computers Security, vol. 28, no. 6, pp. 476490, 2009.
  126. R. Rivera-Castro et al., "Topology-Based Clusterwise Regression for User Segmentation and Demand Forecasting," in 2019 IEEE International Conference on Data Science and Advanced Analytics (DSAA), 2019: IEEE, pp. 326-336.
  127. B. Uchendu, J. R. Nurse, M. Bada, and S. Furnell, "Developing a cyber security culture: Current practices and future needs," Computers Security, vol. 109, p. 102387, 2021.
  128. O. Temizkan, R. L. Kumar, S. Park, and C. Subramaniam, "Patch release behaviors of software vendors in response to vulnerabilities: An empirical analysis," Journal of management information systems, vol. 28, no. 4, pp. 305-338, 2012. https://doi.org/10.2753/MIS0742-1222280411
  129. A. Khajeh-Hosseini, I. Sommerville, J. Bogaerts, and P. Teregowda, "Decision support tools for cloud migration in the enterprise," in 2011 IEEE 4th International Conference on Cloud Computing, 2011: IEEE, pp. 541548.
  130. A. Kusumawati, "Information Security Awareness: Study on a Government Agency," in 2018 International Conference on Sustainable Information Engineering and Technology (SIET), 2018: IEEE, pp. 224-229.
  131. H. Aldawood and G. Skinner, "Educating and raising awareness on cyber security social engineering: A literature review," in 2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE), 2018: IEEE, pp. 62-68.
  132. R. Bitton, A. Finkelshtein, L. Sidi, R. Puzis, L. Rokach, and A. Shabtai, "Taxonomy of mobile users' security awareness," Computers Security, vol. 73, pp. 266293, 2018.
  133. P. Baillette, Y. Barlette, and A. Leclercq-Vandelannoitte, "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, vol. 43, pp. 76-84, 2018. https://doi.org/10.1016/j.ijinfomgt.2018.07.007
  134. H.-S. Rhee, C. Kim, and Y. U. Ryu, "Self-efficacy in information security: Its influence on end users' information security practice behavior," Computers Security, vol. 28, no. 8, pp. 816-826, 2009. https://doi.org/10.1016/j.cose.2009.05.008
  135. J. Shropshire, M. Warkentin, and S. Sharma, "Personality, attitudes, and intentions: Predicting initial adoption of information security behavior," Computers Security, vol. 49, pp. 177-191, 2015. https://doi.org/10.1016/j.cose.2015.01.002
  136. F. F. H. Nah, S. Faja, and T. Cata, "Characteristics of ERP software maintenance: a multiple case study," Journal of software maintenance and evolution: research and practice, vol. 13, no. 6, pp. 399-414, 2001. https://doi.org/10.1002/smr.239
  137. E. Meneses, O. Sarood, and L. V. Kale, "Energy profile of rollback-recovery strategies in high performance computing," Parallel Computing, vol. 40, no. 9, pp. 536-547, 2014. https://doi.org/10.1016/j.parco.2014.03.005