<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="en"><front><journal-meta><journal-id journal-id-type="publisher-id">digitallaw</journal-id><journal-title-group><journal-title xml:lang="en">Journal of Digital Technologies and Law</journal-title><trans-title-group xml:lang="ru"><trans-title>Journal of Digital Technologies and Law</trans-title></trans-title-group></journal-title-group><issn pub-type="epub">2949-2483</issn><publisher><publisher-name>Kazan Innovative University named after V. G. Timiryasov</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.21202/jdtl.2025.6</article-id><article-id custom-type="edn" pub-id-type="custom">xujvtm</article-id><article-id custom-type="elpub" pub-id-type="custom">digitallaw-512</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>ARTICLES</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>СТАТЬИ</subject></subj-group></article-categories><title-group><article-title>Universal Information Security Governance System: Organizational and Legal Principles</article-title><trans-title-group xml:lang="ru"><trans-title>Универсальная система управления информационной безопасностью: организационно-правовые принципы</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-3884-495X</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Хади</surname><given-names>М. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Hadi</surname><given-names>M. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Хади Мусадак Ахмед – магистр наук (инженер систем управления), кафедра управления и системной инженерии</p><p>Аль-Вейда, г. Багдад</p></bio><bio xml:lang="en"><p>Musadaq Ahmed Hadi – MSc. (Control Engineer), Control and Systems Engineering Department</p><p>Al-Wehda, Baghdad</p></bio><email xlink:type="simple">musadaq.ahmed@alshaab.edu.iq</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0007-8441-3505</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Абдулредха</surname><given-names>М. Н.</given-names></name><name name-style="western" xml:lang="en"><surname>Abdulredha</surname><given-names>M. N.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Абдулредха Мохаммед Наджм – магистр компьютерных наук, кафедра компьютерных наук</p><p>Аль-Джадрийя, г. Багдад</p></bio><bio xml:lang="en"><p>Mohammed Najm Abdulredha – MSc. (Computer Science), Department of Computer Science</p><p>Al-Jadriya, Baghdad</p></bio><email xlink:type="simple">mohammed.najm.422@gmail.com</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Технологический университет</institution><country>Ирак</country></aff><aff xml:lang="en"><institution>University of Technology</institution><country>Iraq</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Багдадский университет</institution><country>Ирак</country></aff><aff xml:lang="en"><institution>University of Baghdad</institution><country>Iraq</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>27</day><month>03</month><year>2025</year></pub-date><volume>3</volume><issue>1</issue><elocation-id>125–142</elocation-id><permissions><copyright-statement>Copyright &amp;#x00A9; Hadi M.A., Abdulredha M.N., 2025</copyright-statement><copyright-year>2025</copyright-year><copyright-holder xml:lang="ru">Хади М.А., Абдулредха М.Н.</copyright-holder><copyright-holder xml:lang="en">Hadi M.A., Abdulredha M.N.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.lawjournal.digital/jour/article/view/512">https://www.lawjournal.digital/jour/article/view/512</self-uri><abstract><sec><title>Objective</title><p>Objective: to develop universal organizational and legal principles for building an information security governance system that will allow each organization to create its own effective information security governance system, taking into account its unique business goals and tasks.</p></sec><sec><title>Methods</title><p>Methods: the research integrates the key elements of information security governance, such as vision, strategy, goals, policies, standards, processes, and matrices. Vision and goals set the direction of an organization’s development; policies and standards provide a conceptual framework for information protection; processes allow for systematic achievement of objectives; and matrices provide tools for evaluating and monitoring the entire structure. The proposed principles are consistent with international </p><p>standards, regulatory requirements, and best practices in the field of information security.</p></sec><sec><title>Results</title><p>Results: the research showed that the developed information security governance system allows for a clear distribution of roles and responsibilities among the employees, ensuring effective implementation of the governance system. The authors also analyzed the existing principles of information security, integrating them into a security strategy that meets the corporate goals. The proposed universal system complies with regulatory legal requirements and can be adapted for organizations of any scale and profile.</p></sec><sec><title>Scientific novelty</title><p>Scientific novelty: the paper represents a practical approach to the implementation of an information security governance system based on the authors’ experience, international standards, control systems and legal acts. Unlike existing approaches, the proposed system is flexible and can be adapted to any organization, which makes it a universal tool for information security governance.</p></sec><sec><title>Practical significance</title><p>Practical significance: the research provides a structured approach to creating a universal information security governance system that can be used by organizations lacking knowledge and resources to implement such initiatives. The authors propose a general structure that can be adapted depending on the organization’s assets, the employees’ training and awareness of information security issues. This makes the paper a valuable resource for professionals seeking to increase information security in their organizations.</p></sec></abstract><trans-abstract xml:lang="ru"><sec><title>Цель</title><p>Цель: разработка универсальных организационно-правовых принципов построения системы управления информационной безопасностью, которые позволят каждой организации создать собственную эффективную систему управления информационной безопасностью с учетом ее уникальных бизнес-целей и задач.</p></sec><sec><title>Методы</title><p>Методы: основаны на интеграции ключевых элементов управления информационной безопасностью, таких как видение, стратегия, цели, политики, стандарты, процессы и матрицы. Видение и цели задают направление развития организации, политики и стандарты обеспечивают концептуальную основу для защиты информации, процессы позволяют систематически достигать поставленных задач, а матрицы предоставляют инструменты для оценки и контроля всей структуры. Предложенные принципы согласуются с международными стандартами, нормативными требованиями и лучшими практиками в области информационной безопасности.</p></sec><sec><title>Результаты</title><p>Результаты: разработанная система управления информационной безопасностью позволяет четко распределить роли и обязанности среди сотрудников организации, обеспечивая эффективное внедрение системы управления. Авторы также анализируют существующие принципы безопасности информационных технологий, интегрируя их в стратегию безопасности, которая соответствует целям организации. Предложенная универсальная система соответствует нормативным правовым требованиям и может быть адаптирована для использования в организациях любого масштаба и профиля.</p></sec><sec><title>Научная новизна</title><p>Научная новизна: заключается в представлении практического подхода к внедрению системы управления информационной безопасностью, основанного на опыте авторов, а также на мировых стандартах, системах контроля и правовых актах. В отличие от существующих подходов предлагаемая система является гибкой и может быть адаптирована под специфику любой организации, что делает ее универсальным инструментом для управления информационной безопасностью.</p></sec><sec><title>Практическая значимость</title><p>Практическая значимость: состоит в предоставлении структурированного подхода к созданию универсальной системы управления информационной безопасностью, который может быть использован организациями, испытывающими недостаток знаний и ресурсов для реализации подобных инициатив. Авторы предлагают общую структуру, которая может быть адаптирована в зависимости от активов организации, уровня подготовки сотрудников и их осведомленности в вопросах информационной безопасности. Это делает настоящую работу ценным ресурсом для специалистов, стремящихся повысить уровень защиты информации в своих организациях</p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>законодательство</kwd><kwd>защита информации</kwd><kwd>информационная безопасность</kwd><kwd>информационные технологии</kwd><kwd>кибербезопасность</kwd><kwd>организационная структура</kwd><kwd>право</kwd><kwd>правовое регулирование</kwd><kwd>управление информационной безопасностью</kwd><kwd>цифровые технологии</kwd></kwd-group><kwd-group xml:lang="en"><kwd>cybersecurity</kwd><kwd>digital technologies</kwd><kwd>information protection</kwd><kwd>information security governance</kwd><kwd>information security</kwd><kwd>information technologies</kwd><kwd>law</kwd><kwd>legal regulation</kwd><kwd>legislation</kwd><kwd>organizational structure</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Al Neaimi, A., Ranginya, T., &amp; Lutaaya, P. (2015). A framework for effectiveness of cyber security defenses, a case of the United Arab Emirates (UAE). International Journal of Cyber-Security and Digital Forensics, 4(1), 290–301. https://doi.org/10.17781/p001502</mixed-citation><mixed-citation xml:lang="en">Al Neaimi, A., Ranginya, T., &amp; Lutaaya, P. (2015). A framework for effectiveness of cyber security defenses, a case of the United Arab Emirates (UAE). International Journal of Cyber-Security and Digital Forensics, 4(1), 290–301. https://doi.org/10.17781/p001502</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">AlGhamdi, S., Win, K. T., &amp; Vlahu-Gjorgievska, E. (2020). Information security governance challenges AND CRITICAL SUCCESS FACTORS: Systematic review. Computers &amp; Security, 99, 102030. https://doi.org/10.1016/j.cose.2020.102030</mixed-citation><mixed-citation xml:lang="en">AlGhamdi, S., Win, K. T., &amp; Vlahu-Gjorgievska, E. (2020). Information security governance challenges AND CRITICAL SUCCESS FACTORS: Systematic review. Computers &amp; Security, 99, 102030. https://doi.org/10.1016/j.cose.2020.102030</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Bendovschi, A. (2015). Cyber-attacks – trends, patterns and security countermeasures. Procedia Economics and Finance, 28, 24–31. https://doi.org/10.1016/s2212-5671(15)01077-1</mixed-citation><mixed-citation xml:lang="en">Bendovschi, A. (2015). Cyber-attacks – trends, patterns and security countermeasures. Procedia Economics and Finance, 28, 24–31. https://doi.org/10.1016/s2212-5671(15)01077-1</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Bettwy, G., Beevers, M., &amp; Williams, M. (2016). CISM Review Manual Certified Information Security manager. Rolling Meadows, Ill: ISACA.</mixed-citation><mixed-citation xml:lang="en">Bettwy, G., Beevers, M., &amp; Williams, M. (2016). CISM Review Manual Certified Information Security manager. Rolling Meadows, Ill: ISACA.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Carcary, M., Renaud, K., McLaughlin, S., &amp; O’Brien, C. (2016). A framework for Information Security Governance and Management. IT Professional, 18(2), 22–30. https://doi.org/10.1109/mitp.2016.27</mixed-citation><mixed-citation xml:lang="en">Carcary, M., Renaud, K., McLaughlin, S., &amp; O’Brien, C. (2016). A framework for Information Security Governance and Management. IT Professional, 18(2), 22–30. https://doi.org/10.1109/mitp.2016.27</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Carr, M., &amp; Tanczer, L. M. (2018). UK cybersecurity industrial policy: An analysis of drivers, market failures and interventions. Journal of Cyber Policy, 3(3), 430–444. https://doi.org/10.1080/23738871.2018.1550523</mixed-citation><mixed-citation xml:lang="en">Carr, M., &amp; Tanczer, L. M. (2018). UK cybersecurity industrial policy: An analysis of drivers, market failures and interventions. Journal of Cyber Policy, 3(3), 430–444. https://doi.org/10.1080/23738871.2018.1550523</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Corriss, L. (2010). Information security governance. Proceedings of the 2010 Workshop on Governance of Technology, Information and Policies (pp. 35–41). https://doi.org/10.1145/1920320.1920326</mixed-citation><mixed-citation xml:lang="en">Corriss, L. (2010). Information security governance. Proceedings of the 2010 Workshop on Governance of Technology, Information and Policies (pp. 35–41). https://doi.org/10.1145/1920320.1920326</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Creemers, R. (2023). Cybersecurity law and regulation in China: Securing the smart state. China Law and Society Review, 6(2), 111–145. https://doi.org/10.1163/25427466-06020001</mixed-citation><mixed-citation xml:lang="en">Creemers, R. (2023). Cybersecurity law and regulation in China: Securing the smart state. China Law and Society Review, 6(2), 111–145. https://doi.org/10.1163/25427466-06020001</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Fazlida, M. R., &amp; Said, J. (2015). Information security: Risk, governance and implementation setback. Procedia Economics and Finance, 28, 243–248. https://doi.org/10.1016/s2212-5671(15)01106-5</mixed-citation><mixed-citation xml:lang="en">Fazlida, M. R., &amp; Said, J. (2015). Information security: Risk, governance and implementation setback. Procedia Economics and Finance, 28, 243–248. https://doi.org/10.1016/s2212-5671(15)01106-5</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Hadi, M. A., Abdulredha, M. N., &amp; Hasan, E. (2023). Introduction to ChatGPT: A new revolution of artificial intelligence with machine learning algorithms and cybersecurity. Science Archives, 04(04), 276–285. https://doi.org/10.47587/sa.2023.4406</mixed-citation><mixed-citation xml:lang="en">Hadi, M. A., Abdulredha, M. N., &amp; Hasan, E. (2023). Introduction to ChatGPT: A new revolution of artificial intelligence with machine learning algorithms and cybersecurity. Science Archives, 04(04), 276–285. https://doi.org/10.47587/sa.2023.4406</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Johnston, A. C., &amp; Hale, R. (2009). Improved security through information security governance. Communications of the ACM, 52(1), 126–129. https://doi.org/10.1145/1435417.1435446</mixed-citation><mixed-citation xml:lang="en">Johnston, A. C., &amp; Hale, R. (2009). Improved security through information security governance. Communications of the ACM, 52(1), 126–129. https://doi.org/10.1145/1435417.1435446</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Moulton, R., &amp; Coles, R. S. (2003). Applying information security governance. Computers &amp; Security, 22(7), 580–584. https://doi.org/10.1016/s0167-4048(03)00705-3</mixed-citation><mixed-citation xml:lang="en">Moulton, R., &amp; Coles, R. S. (2003). Applying information security governance. Computers &amp; Security, 22(7), 580–584. https://doi.org/10.1016/s0167-4048(03)00705-3</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Nicho, M. (2018). A process model for implementing Information Systems Security governance. Information &amp; Computer Security, 26(1), 10–38. https://doi.org/10.1108/ics-07-2016-0061</mixed-citation><mixed-citation xml:lang="en">Nicho, M. (2018). A process model for implementing Information Systems Security governance. Information &amp; Computer Security, 26(1), 10–38. https://doi.org/10.1108/ics-07-2016-0061</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Ohki, E., Harada, Y., Kawaguchi, Sh., Shiozaki, T., &amp; Kagaya, T. (2009). Information security governance framework. Proceedings of the first ACM workshop on Information security governance (pp. 1–6). https://doi.org/10.1145/1655168.1655170</mixed-citation><mixed-citation xml:lang="en">Ohki, E., Harada, Y., Kawaguchi, Sh., Shiozaki, T., &amp; Kagaya, T. (2009). Information security governance framework. Proceedings of the first ACM workshop on Information security governance (pp. 1–6). https://doi.org/10.1145/1655168.1655170</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Priyadarshini, I., &amp; Cotton, C. (2022). Cyber laws in the United States. Cybersecurity (pp. 157–237). https://doi.org/10.1201/9781003187127-6</mixed-citation><mixed-citation xml:lang="en">Priyadarshini, I., &amp; Cotton, C. (2022). Cyber laws in the United States. Cybersecurity (pp. 157–237). https://doi.org/10.1201/9781003187127-6</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Rao, U. H., &amp; Nayak, U. (2014). History of computer security. The InfoSec Handbook (pp. 13–25). https://doi.org/10.1007/978-1-4302-6383-8_2</mixed-citation><mixed-citation xml:lang="en">Rao, U. H., &amp; Nayak, U. (2014). History of computer security. The InfoSec Handbook (pp. 13–25). https://doi.org/10.1007/978-1-4302-6383-8_2</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Rastogi, R., &amp; von Solms, R. (2005). Information security governance – a re-definition. Security Management, Integrity, and Internal Control in Information Systems (pp. 223–236). https://doi.org/10.1007/0-38731167-x_14</mixed-citation><mixed-citation xml:lang="en">Rastogi, R., &amp; von Solms, R. (2005). Information security governance – a re-definition. Security Management, Integrity, and Internal Control in Information Systems (pp. 223–236). https://doi.org/10.1007/0-38731167-x_14</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Rebollo, O., Mellado, D., Fernández-Medina, E., &amp; Mouratidis, H. (2015). Empirical evaluation of a cloud computing information security governance framework. Information and Software Technology, 58, 44–57. https://doi.org/10.1016/j.infsof.2014.10.003</mixed-citation><mixed-citation xml:lang="en">Rebollo, O., Mellado, D., Fernández-Medina, E., &amp; Mouratidis, H. (2015). Empirical evaluation of a cloud computing information security governance framework. Information and Software Technology, 58, 44–57. https://doi.org/10.1016/j.infsof.2014.10.003</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Rocha Flores, W., Antonsen, E., &amp; Ekstedt, M. (2014). Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers &amp; Security, 43, 90–110. https://doi.org/10.1016/j.cose.2014.03.004</mixed-citation><mixed-citation xml:lang="en">Rocha Flores, W., Antonsen, E., &amp; Ekstedt, M. (2014). Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers &amp; Security, 43, 90–110. https://doi.org/10.1016/j.cose.2014.03.004</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Shingarev, A., &amp; Kazakova, A. (2021). The Russian Federation’s approach to Cybersecurity. The Oxford Handbook of Cyber Security (pp. 672–684). https://doi.org/10.1093/oxfordhb/9780198800682.013.44</mixed-citation><mixed-citation xml:lang="en">Shingarev, A., &amp; Kazakova, A. (2021). The Russian Federation’s approach to Cybersecurity. The Oxford Handbook of Cyber Security (pp. 672–684). https://doi.org/10.1093/oxfordhb/9780198800682.013.44</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Singh, H. P., &amp; Alshammari, T. S. (2020). An institutional theory perspective on developing a cyber security legal framework: A case of Saudi Arabia. Beijing Law Review, 11(03), 637–650. https://doi.org/10.4236/blr.2020.113039</mixed-citation><mixed-citation xml:lang="en">Singh, H. P., &amp; Alshammari, T. S. (2020). An institutional theory perspective on developing a cyber security legal framework: A case of Saudi Arabia. Beijing Law Review, 11(03), 637–650. https://doi.org/10.4236/blr.2020.113039</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Tan, T. C., Ruighaver, A. B., &amp; Ahmad, A. (2010). Information security governance: When compliance becomes more important than security. Security and Privacy – Silver Linings in the Cloud (pp. 55–67). https://doi.org/10.1007/978-3-642-15257-3_6</mixed-citation><mixed-citation xml:lang="en">Tan, T. C., Ruighaver, A. B., &amp; Ahmad, A. (2010). Information security governance: When compliance becomes more important than security. Security and Privacy – Silver Linings in the Cloud (pp. 55–67). https://doi.org/10.1007/978-3-642-15257-3_6</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">Ula, M., Ula, M., &amp; Fuadi, W. (2017). A method for Evaluating Information Security Governance (ISG) components in banking environment. Journal of Physics: Conference Series, 812, 012031. https://doi.org/10.1088/17426596/812/1/012031</mixed-citation><mixed-citation xml:lang="en">Ula, M., Ula, M., &amp; Fuadi, W. (2017). A method for Evaluating Information Security Governance (ISG) components in banking environment. Journal of Physics: Conference Series, 812, 012031. https://doi.org/10.1088/17426596/812/1/012031</mixed-citation></citation-alternatives></ref><ref id="cit24"><label>24</label><citation-alternatives><mixed-citation xml:lang="ru">Von Solms, S. H., &amp; von Solms, R. (2010). Information security governance. New York, United States: Springer.</mixed-citation><mixed-citation xml:lang="en">Von Solms, S. H., &amp; von Solms, R. (2010). Information security governance. New York, United States: Springer.</mixed-citation></citation-alternatives></ref><ref id="cit25"><label>25</label><citation-alternatives><mixed-citation xml:lang="ru">Von Solms, R., Thomson, K.-L., &amp; Maninjwa, P. M. (2011). Information security governance control through comprehensive policy architectures. Information Security for South Africa (pp. 1–6). https://doi.org/10.1109/issa.2011.6027522</mixed-citation><mixed-citation xml:lang="en">Von Solms, R., Thomson, K.-L., &amp; Maninjwa, P. M. (2011). Information security governance control through comprehensive policy architectures. Information Security for South Africa (pp. 1–6). https://doi.org/10.1109/issa.2011.6027522</mixed-citation></citation-alternatives></ref><ref id="cit26"><label>26</label><citation-alternatives><mixed-citation xml:lang="ru">Wu, M., Aranovich, R., &amp; Filkov, V. (2021). Evolution and differentiation of the cybersecurity communities in three social question and answer sites: A mixed-methods analysis. PLOS ONE, 16(12). https://doi.org/10.1371/journal.pone.0261954</mixed-citation><mixed-citation xml:lang="en">Wu, M., Aranovich, R., &amp; Filkov, V. (2021). Evolution and differentiation of the cybersecurity communities in three social question and answer sites: A mixed-methods analysis. PLOS ONE, 16(12). https://doi.org/10.1371/journal.pone.0261954</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
