{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T00:52:32Z","timestamp":1740099152476,"version":"3.37.3"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030015343"},{"type":"electronic","value":"9783030015350"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-01535-0_14","type":"book-chapter","created":{"date-parts":[[2018,10,24]],"date-time":"2018-10-24T16:31:29Z","timestamp":1540398689000},"page":"183-197","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Automating Information Security Risk Assessment for IT Services"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2111-9348","authenticated-orcid":false,"given":"Sandra","family":"Rueda","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7586-0353","authenticated-orcid":false,"given":"Oscar","family":"Avila","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,10,25]]},"reference":[{"key":"14_CR1","doi-asserted-by":"crossref","unstructured":"Anikin, I.: Information security risk assessment and management in computer networks. In: International Siberian Conference on Control and Communications (2015)","DOI":"10.1109\/SIBCON.2015.7146975"},{"key":"14_CR2","unstructured":"Anikin, I., Emaletdinova, L.Y.: Information security risk management in computer networks based on fuzzy logic and cost\/benefit ratio estimation. In: Proceedings of the 8th International Conference on Security of Information and Networks, SIN 2015, Sochi, Russia, pp. 8\u201311. ACM (2015). ISBN 978-1-4503-3453-2"},{"key":"14_CR3","unstructured":"Center for Internet Security. CIS Controls. https:\/\/www.cisecurity.org\/controls\/"},{"key":"14_CR4","unstructured":"MITRE Corporation: CVE Common Vulnerabilities and Exposures (2017). http:\/\/cve.mitre.org"},{"key":"14_CR5","doi-asserted-by":"crossref","unstructured":"Ekelhart, A., et al.: Security ontologies: improving quantitative risk analysis. In: 40th Annual Hawaii International Conference on System Sciences, HICSS 2007, p. 156a. IEEE (2007)","DOI":"10.1109\/HICSS.2007.478"},{"key":"14_CR6","doi-asserted-by":"publisher","first-page":"1024","DOI":"10.1007\/978-3-540-72588-6_165","volume-title":"Computational Science \u2013 ICCS 2007","author":"Jung-Ho Eom","year":"2007","unstructured":"Eom, J.-H., et al.: Risk assessment method based on business process oriented asset evaluation for information system security. In: Proceedings of the 7th International Conference on Computational Science, ICCS 2007, pp. 1024\u20131031. Springer, Heidelberg (2007). ISBN 978-3-540-72587-9"},{"key":"14_CR7","unstructured":"FIRST Organization: Common Vulnerability Scoring System SIG. https:\/\/www.first.org\/cvss"},{"key":"14_CR8","unstructured":"FIRST Organization: Common Vulnerability Scoring System v3.0 Specification Document. 3.0. FIRST Organization Inc"},{"issue":"3","key":"14_CR9","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1016\/S1005-8885(13)60220-4","volume":"20","author":"J-Z Guan","year":"2013","unstructured":"Guan, J.-Z., et al.: Knowledge-based information security risk assessment method. J. China Univ. Posts Telecommun. 20(3), 60\u201363 (2013)","journal-title":"J. China Univ. Posts Telecommun."},{"issue":"1","key":"14_CR10","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1016\/j.ijinfomgt.2015.09.003","volume":"36","author":"APH Gusm\u00e3o de","year":"2016","unstructured":"de Gusm\u00e3o, A.P.H.: Information security risk analysis model using fuzzy decision theory. Int. J. Inf. Manage. 36(1), 25\u201334 (2016)","journal-title":"Int. J. Inf. Manage."},{"issue":"3","key":"14_CR11","doi-asserted-by":"publisher","first-page":"913","DOI":"10.1007\/s11277-015-3140-5","volume":"89","author":"Y-M Je","year":"2016","unstructured":"Je, Y.-M., You, Y.-Y., Na, K.-S.: Information security evaluation using multi-attribute threat index. Wireless Pers. Commun. 89(3), 913\u2013925 (2016)","journal-title":"Wireless Pers. Commun."},{"issue":"3","key":"14_CR12","first-page":"297","volume":"10","author":"B Karabey","year":"2013","unstructured":"Karabey, B., Baykal, N.: Attack tree based information security risk assessment method integrating enterprise objectives with vulnerabilities. Int. Arab J. Inf. Technol. 10(3), 297\u2013304 (2013)","journal-title":"Int. Arab J. Inf. Technol."},{"key":"14_CR13","doi-asserted-by":"crossref","unstructured":"Khanmohammadi, K., Houmb, S.H.: Business process-based information security risk assessment. In: Fourth International Conference on Network and System Security (2010)","DOI":"10.1109\/NSS.2010.37"},{"key":"14_CR14","doi-asserted-by":"crossref","unstructured":"Korchenko, O., et al.: Increment order of linguistic variables method in information security risk assessment. In: International Scientific-Practical Conference Problems of Infocommunications Science and Technology (2015)","DOI":"10.1109\/INFOCOMMST.2015.7357330"},{"key":"14_CR15","unstructured":"Mell, P., Scarfone, K., Romanosky, S.: A Complete Guide to the Common Vulnerability Scoring System Version 2.0"},{"key":"14_CR16","unstructured":"Sajko, M., Hadjine, N., Pesut, D.: Multi-criteria model for evaluation of information security risk assessment methods and tools. In: International Convention on Information and Communication Technology, Electronics and Microelectronics (2010)"},{"key":"14_CR17","first-page":"180","volume-title":"Enacting Research Methods in Information Systems","author":"Hannu Salmela","year":"2016","unstructured":"Salmela, H.: Analysing business losses caused by information systems risk: a business process analysis approach, pp. 180\u2013216 (2016). cited By 0"},{"key":"14_CR18","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.cose.2015.11.001","volume":"57","author":"A Shameli-Sendi","year":"2016","unstructured":"Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14\u201330 (2016)","journal-title":"Comput. Secur."},{"key":"14_CR19","unstructured":"Sherwood, J., Clark, A., Lynas, D.: Architecture, Enterprise Security (2009)"},{"key":"14_CR20","unstructured":"International Organization for Standardization: ISO 27005. Information Security Risk Management (2011)"},{"key":"14_CR21","unstructured":"Symantec. Internet Security Threat Report. Techical report Symantec (2016)"},{"key":"14_CR22","unstructured":"The OpenWeb Application Security Project. OWASP Risk Rating Methodology. http:\/\/www.owasp.org"},{"key":"14_CR23","unstructured":"U.S. National Institute of Standards and Technology - NIST. National Vulnerability Database. http:\/\/nvd.nist.gov"},{"key":"14_CR24","unstructured":"U.S. National Institute of Standards and Technology - NIST. Official Common Platform Enumeration (CPE). https:\/\/nvd.nist.gov\/products\/cpe"},{"key":"14_CR25","unstructured":"U.S. National Institute of Standards and Technology - NIST. SP 800\u201330. Guide for Conducting Risk Assessments (2012)"}],"container-title":["Communications in Computer and Information Science","Applied Informatics"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-01535-0_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,27]],"date-time":"2019-10-27T22:51:38Z","timestamp":1572216698000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-01535-0_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030015343","9783030015350"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-01535-0_14","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"ICAI","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Informatics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bogot\u00e1","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Colombia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 November 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 November 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icai22018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/icai.itiud.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}