{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T19:05:29Z","timestamp":1774551929521,"version":"3.50.1"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030222765","type":"print"},{"value":"9783030222772","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-22277-2_3","type":"book-chapter","created":{"date-parts":[[2019,12,31]],"date-time":"2019-12-31T12:02:28Z","timestamp":1577793748000},"page":"63-90","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Towards New Quantitative Cybersecurity Risk Analysis Models for Information Systems: A Cloud Computing Case Study"],"prefix":"10.1007","author":[{"given":"Mouna","family":"Jouini","sequence":"first","affiliation":[]},{"given":"Latifa Ben","family":"Arfa Rabai","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,1,1]]},"reference":[{"key":"3_CR1","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/j.jnca.2016.05.010","volume":"71","author":"M AhmadKhan","year":"2016","unstructured":"AhmadKhan, M. (2016). A survey of security issues for cloud computing. Journal of Network and Computer Applications, 71, 11\u201329.","journal-title":"Journal of Network and Computer Applications"},{"key":"3_CR2","unstructured":"Applegate, D. S., & Stavrou, A. (2013). Towards a cyber conflict taxonomy. In 5th International Conference on Cyber Conflict."},{"issue":"4","key":"3_CR3","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1007\/s11334-010-0123-2","volume":"6","author":"A Ben Aissa","year":"2010","unstructured":"Ben Aissa, A., Abercrombie, R. K., Sheldon, F. T., & Mili, A. (2010). Quantifying security threats and their potential impact: A case study. Innovation in Systems and Software Engineering, 6(4), 269\u2013281.","journal-title":"Innovation in Systems and Software Engineering"},{"issue":"1","key":"3_CR4","first-page":"63","volume":"25","author":"L Ben Arfa","year":"2013","unstructured":"Ben Arfa, L., Jouini, M., Ben Aissa, A., & Mili, A. (2013). A cybersecurity model in cloud computing environments. Journal of King Saud University Computer and Information Sciences, 25(1), 63\u201375.","journal-title":"Journal of King Saud University Computer and Information Sciences"},{"key":"3_CR5","doi-asserted-by":"crossref","unstructured":"Boehme, R., & Nowey, T. (2008). Economic security metrics. In E. Irene, F. Felix, & R. Ralf (Eds.), Dependability metrics (Vol. 4909, pp. 176\u2013187).","DOI":"10.1007\/978-3-540-68947-8_15"},{"key":"3_CR6","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1016\/j.ijepes.2013.02.008","volume":"50","author":"E Bompard","year":"2013","unstructured":"Bompard, E., Huang, T., Wu, Y., & Cremenescu, M. (2013). Classification and trend analysis of threats origins to the security of power systems. Electrical Power and Energy Systems, 50, 50\u201364.","journal-title":"Electrical Power and Energy Systems"},{"issue":"1","key":"3_CR7","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1186\/s13677-018-0114-7","volume":"7","author":"E Cayirci","year":"2018","unstructured":"Cayirci, E., & de Oliveira, A. S. (2018). Modelling trust and risk for cloud services. Journal of Cloud Computing, 7(1), 14.","journal-title":"Journal of Cloud Computing"},{"issue":"1","key":"3_CR8","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1186\/s13677-016-0064-x","volume":"5","author":"E Cayirci","year":"2016","unstructured":"Cayirci, E., Garaga, A., De Oliveira, A. S., & Roudier, Y. (2016). A risk assessment model for selecting cloud service providers. Journal of Cloud Computing, 5(1), 14.","journal-title":"Journal of Cloud Computing"},{"key":"3_CR9","unstructured":"Chanchala, J., & Singh, U. K. (2016). Quantitative information security risk assessment model for university computing environment. In International Conference on Information Technology (ICIT)."},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Chandran, S., Hrudya, P., & Poornachandran, P. (2015). An efficient classification model for detecting advanced persistent threat. In International Conference on Advances in Computing, Communications and Informatics (ICACCI).","DOI":"10.1109\/ICACCI.2015.7275911"},{"key":"3_CR11","unstructured":"Cloud Security Alliance. (2018). The treacherous - Top threats to cloud computing + industry insights."},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"Demchenko, Y., Gommans, L., de Laat, C., & Oudenaarde, B. (2005). Web services and grid security vulnerabilities and threats analysis and model. In Proceedings of 6th IEEE\/ACM International Workshop on Grid Computing.","DOI":"10.1109\/GRID.2005.1542751"},{"key":"3_CR13","volume-title":"Report on cloud computing security risk assessment","author":"ENSIA","year":"2010","unstructured":"ENSIA. (2010). Report on cloud computing security risk assessment. \nhttp:\/\/www.enisa.europa.eu\/act\/rm\/files\/deliverables\/cloudcomputing-risk-assessment"},{"key":"3_CR14","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1016\/j.ins.2013.02.036","volume":"256","author":"N Feng","year":"2013","unstructured":"Feng, N., Wang, H. J., & Li, M. (2013). A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information Sciences, 256, 57\u201373.","journal-title":"Information Sciences"},{"key":"3_CR15","unstructured":"Gens, F. (2011). New IDC IT cloud services survey: Top benefits and challenges. IDC eXchange 2011. \nhttp:\/\/blogs.idc.com\/ie\/?p=730"},{"key":"3_CR16","unstructured":"Gururaj, R., Iftikhar, M., & Khan, F. A. (2017). A comprehensive survey on security in cloud computing. In International Workshop on Cyber Security and Digital Investigation (CSDI) (Vol. 110, pp. 465\u2013472)."},{"issue":"1","key":"3_CR17","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1109\/COMST.2008.4483667","volume":"10","author":"V Igure","year":"2008","unstructured":"Igure, V., & Williams, R. (2008). Taxonomies of attacks and vulnerabilities in computer systems. Communications Surveys & Tutorials, 10(1), 6\u201319.","journal-title":"Communications Surveys & Tutorials"},{"issue":"3","key":"3_CR18","first-page":"265","volume":"1","author":"M Jouini","year":"2012","unstructured":"Jouini, M., Ben Aissa, A., Ben Arfa, L., & Mili, A. (2012). Towards quantitative measures of information security: A cloud computing case study. International Journal of Cyber Security and Digital Forensics, 1(3), 265\u2013279.","journal-title":"International Journal of Cyber Security and Digital Forensics"},{"key":"3_CR19","doi-asserted-by":"crossref","unstructured":"Jouini, M., & Ben Arfa, L. (2014). Surveying and analyzing security problems in cloud computing environments. In Tenth International Conference on Computational Intelligence and Security, CIS 2014 (pp. 689\u2013693).","DOI":"10.1109\/CIS.2014.169"},{"key":"3_CR20","doi-asserted-by":"crossref","unstructured":"Jouini, M., & Ben Arfa, L. (2016). Comparative study of information security risk assessment models for cloud computing systems. In The 6th International Symposium on Frontiers in Ambient and Mobile Systems (FAMS 2016) (Vol. 83, pp. 1084\u20131089)","DOI":"10.1016\/j.procs.2016.04.227"},{"key":"3_CR21","doi-asserted-by":"publisher","first-page":"1851","DOI":"10.4018\/978-1-5225-3923-0.ch077","volume-title":"Computer systems and software engineering: Concepts, methodologies, tools, and applications","author":"M Jouini","year":"2018","unstructured":"Jouini, M., & Ben Arfa, L. (2018). Threats classification: State of the art. In Computer systems and software engineering: Concepts, methodologies, tools, and applications (pp. 1851\u20131876). Hershey: IGI Global."},{"key":"3_CR22","doi-asserted-by":"crossref","unstructured":"Jouini, M., Ben Arfa, L., & Ben Aissa, A. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489\u2013496. ANT\/SEIT 2014.","DOI":"10.1016\/j.procs.2014.05.452"},{"key":"3_CR23","unstructured":"Jouini, M., Ben Arfa, L., Ben Aissa, A., & Mili, A. (2012). An economic model of security threats for cloud computing systems. In Proceedings of International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (pp. 100\u2013105)."},{"key":"3_CR24","doi-asserted-by":"crossref","unstructured":"Kumar, P. R., Raj, P. H., & Jelciana, P. (2018). Exploring data security issues and solutions in cloud computing. In International Conference on Smart Computing and Communications (ICSCC2017) (Vol. 125, pp. 691\u2013697).","DOI":"10.1016\/j.procs.2017.12.089"},{"issue":"1","key":"3_CR25","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1016\/j.cose.2011.09.005","volume":"31","author":"T H Lacey","year":"2011","unstructured":"Lacey, T. H., Mills, R. F., Mullins, B. E., Raines, R. A., Oxley, M. E., & Rogers, S. K. (2011). RIPsec - Using reputation based multilayer security to protect MANETs. Computers and Security, 31(1), 122\u2013136.","journal-title":"Computers and Security"},{"key":"3_CR26","unstructured":"Mell, P., & Grance, T. (2009). Effectively and securely using the cloud computing paradigm. In ACM Cloud Computing Security Workshop."},{"key":"3_CR27","volume-title":"NIST Special Publication 800\u2013145","author":"P Mell","year":"2011","unstructured":"Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing. NIST Special Publication 800-145. Gaithersburg: National Institute of Standards and Technology."},{"key":"3_CR28","doi-asserted-by":"publisher","first-page":"29","DOI":"10.5121\/ijcsit.2014.6103","volume":"6","author":"L Ming-Chang","year":"2014","unstructured":"Ming-Chang, L. (2014). Information security risk analysis methods and research trends: AHP and fuzzy comprehensive method. International Journal of Computer Science & Information Technology, 6, 29\u201345.","journal-title":"International Journal of Computer Science & Information Technology"},{"key":"3_CR29","unstructured":"Mohammed, A., Abdullah, A., Phu, D., & Bala, S. (2012). Information security threats classification pyramid. In Proceedings of IEEE 24th International Conference on Advanced Information Networking and Applications Workshops (WAINA) (pp. 208\u2013221)."},{"key":"3_CR30","doi-asserted-by":"crossref","unstructured":"M\u2019rhaoaurh, I., Okar, C., Namir, A., & Chafiq, N. (2018). Challenges of cloud computing use: A systematic literature review. In MATEC Web of Conferences 200 (00007).","DOI":"10.1051\/matecconf\/201820000007"},{"key":"3_CR31","unstructured":"Ramadianti, N., Medard, P., & Mganga, C. (2011). Enhancing information security in cloud computing services using SLA based metrics. School of Computing Blekinge Institute of Technology SE-371 79 Karlskrona Sweden, Master\u2019s Thesis."},{"key":"3_CR32","doi-asserted-by":"crossref","unstructured":"Ravi Kumar, P., Herbert Rajb, P., & Jelcianac, P. (2018). Exploring data security issues and solutions in cloud computing. In 6th International Conference on Smart Computing and Communications (Vol. 125, pp. 691\u2013697).","DOI":"10.1016\/j.procs.2017.12.089"},{"key":"3_CR33","first-page":"25","volume":"25","author":"B Rok","year":"2013","unstructured":"Rok, B., & Bork, J. (2013). A quantitative model for information security risk management. Engineering Management Journal, 25, 25\u201337.","journal-title":"Engineering Management Journal"},{"key":"3_CR34","unstructured":"Shiu, S., Baldwin, A., Beres, Y., Mont, M. C., & Duggan, G. (2011). Economic methods and decision-making by security professionals. In The Tenth Workshop on the Economics of Information Security (WEIS)."},{"key":"3_CR35","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1016\/j.jnca.2016.11.027","volume":"79","author":"A Singh","year":"2017","unstructured":"Singh, A., & Chatterjee, K. (2017). Cloud security issues and challenges: A survey. Journal of Network and Computer Applications, 79, 88\u2013115.","journal-title":"Journal of Network and Computer Applications"},{"key":"3_CR36","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1016\/j.jnca.2016.09.002","volume":"75","author":"S Singh","year":"2016","unstructured":"Singh, S., Jeong, Y., & Park, J. H. (2016). A survey on cloud computing security: Issues, threats, and solutions. Journal of Network and Computer Applications, 75, 200\u2013222.","journal-title":"Journal of Network and Computer Applications"},{"key":"3_CR37","unstructured":"Speaks, S. (2010). Reliability and MTBF overview. Vicor Reliability Engineering."},{"key":"3_CR38","doi-asserted-by":"publisher","first-page":"964","DOI":"10.1016\/j.future.2016.11.031","volume":"78","author":"C Stergiou","year":"2018","unstructured":"Stergiou, C., Psannis, K. E., Kim, B., & Gupta, B. (2018). Secure integration of IoT and cloud computing. Future Generation Computer Systems, 78, 964\u2013975.","journal-title":"Future Generation Computer Systems"},{"key":"3_CR39","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1016\/j.compeleceng.2018.06.006","volume":"71","author":"N Subramanian","year":"2018","unstructured":"Subramanian, N., & Jeyaraj, N. (2018). Recent security challenges in cloud computing. Computers & Electrical Engineering, 71, 28\u201342.","journal-title":"Computers & Electrical Engineering"},{"key":"3_CR40","unstructured":"The Center for Internet Security (CIS). (2009). The CIS Security Metrics v1.0.0."},{"key":"3_CR41","unstructured":"Wooley, P. S. (2011). Identifying cloud computing security risks. Technical report, 7 University of Oregon Eugene."},{"issue":"4","key":"3_CR42","first-page":"664","volume":"20","author":"M Yang","year":"2018","unstructured":"Yang, M., Jiang, R., Gao, T., Xie, W., & Wang, J. (2018). Research on cloud computing security risk assessment based on information entropy and Markov chain. IJ Network Security, 20(4), 664\u2013673.","journal-title":"IJ Network Security"}],"container-title":["Handbook of Computer Networks and Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-22277-2_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,12,31]],"date-time":"2019-12-31T12:03:34Z","timestamp":1577793814000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-22277-2_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030222765","9783030222772"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-22277-2_3","relation":{},"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"1 January 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}