Why there aren’t more information security research studies

Why there aren’t more information security research studies: Noting a serious lack of empirical research in the area of security risk management (SRM), we proposed a conceptual model based on the study of SRM at the firm level.