{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T02:56:45Z","timestamp":1763348205550,"version":"3.37.3"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030322120"},{"type":"electronic","value":"9783030322137"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-32213-7_14","type":"book-chapter","created":{"date-parts":[[2019,10,15]],"date-time":"2019-10-15T19:04:57Z","timestamp":1571166297000},"page":"180-189","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Modelling Compliance Threats and Security Analysis of Cross Border Health Data Exchange"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1485-7024","authenticated-orcid":false,"given":"Mike","family":"Surridge","sequence":"first","affiliation":[]},{"given":"Ken","family":"Meacham","sequence":"additional","affiliation":[]},{"given":"Juri","family":"Papay","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7901-0839","authenticated-orcid":false,"given":"Stephen C.","family":"Phillips","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6815-2938","authenticated-orcid":false,"given":"J. Brian","family":"Pickering","sequence":"additional","affiliation":[]},{"given":"Ardavan","family":"Shafiee","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2621-5400","authenticated-orcid":false,"given":"Toby","family":"Wilkinson","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,10,16]]},"reference":[{"issue":"3.4","key":"14_CR1","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1147\/rd.513.0295","volume":"51","author":"S Muller","year":"2007","unstructured":"Muller, S., Supatgiat, C.: A quantitative optimization model for dynamic risk-based compliance management. IBM J. Res. Dev. 51(3.4), 295\u2013307 (2007)","journal-title":"IBM J. Res. Dev."},{"key":"14_CR2","unstructured":"ISO 31000. \n                    https:\/\/www.iso.org\/iso-31000-risk-management.html"},{"issue":"3","key":"14_CR3","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/s10009-014-0351-0","volume":"17","author":"A Refsdal","year":"2015","unstructured":"Refsdal, A., Solhaug, B., St\u00f8len, K.: Security risk analysis of system changes exemplified within the oil and gas domain. Int. J. Softw. Tools Technol. Transfer 17(3), 251\u2013266 (2015)","journal-title":"Int. J. Softw. Tools Technol. Transfer"},{"issue":"2","key":"14_CR4","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/s12652-013-0179-6","volume":"5","author":"B Solhaug","year":"2014","unstructured":"Solhaug, B., Seehusen, F.: Model-driven risk analysis of evolving critical infrastructures. J. Ambient Intell. Humaniz. Comput. 5(2), 187\u2013204 (2014)","journal-title":"J. Ambient Intell. Humaniz. Comput."},{"key":"14_CR5","first-page":"146","volume":"2","author":"T Mahler","year":"2008","unstructured":"Mahler, T.: Tool-supported legal risk management: a roadmap. Eur. J. Legal Stud. 2, 146 (2008)","journal-title":"Eur. J. Legal Stud."},{"issue":"2","key":"14_CR6","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1147\/sj.462.0205","volume":"46","author":"RK Bellamy","year":"2007","unstructured":"Bellamy, R.K., et al.: Seeing is believing: designing visualizations for managing risk and compliance. IBM Syst. J. 46(2), 205\u2013218 (2007)","journal-title":"IBM Syst. J."},{"key":"14_CR7","doi-asserted-by":"publisher","unstructured":"Surridge, M., et al.: Trust modelling in 5G mobile networks. In: SecSoN 2018: Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges. ACM SIGCOMM 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges, 24 August 18, pp. 14\u201319. ACM, New York (2018). \n                    https:\/\/doi.org\/10.1145\/3229616.3229621","DOI":"10.1145\/3229616.3229621"},{"key":"14_CR8","doi-asserted-by":"crossref","unstructured":"Ghanavati, S., Amyot, D., Peyton, L.: Comparative analysis between document-based and model-based compliance management approaches. In: 2008 Requirements Engineering and Law, pp. 35\u201339. IEEE, September 2008","DOI":"10.1109\/RELAW.2008.2"},{"key":"14_CR9","doi-asserted-by":"crossref","unstructured":"Breaux, T.D., Vail, M.W., Anton, A.I.: Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: 14th IEEE International Requirements Engineering Conference, RE 2006, pp. 49\u201358. IEEE, September 2006","DOI":"10.1109\/RE.2006.68"},{"key":"14_CR10","unstructured":"ISO 19600:2014 - Compliance management systems \u2013 Guidelines. \n                    https:\/\/www.iso.org\/standard\/62342.html"},{"key":"14_CR11","first-page":"1","volume":"2","author":"S Bleker","year":"2014","unstructured":"Bleker, S., Hortensius, D.: ISO 19600: The development of a global standard on compliance management. Bus. Compl. 2, 1\u201312 (2014)","journal-title":"Bus. Compl."},{"key":"14_CR12","unstructured":"RSA. \n                    https:\/\/www.rsa.com\/en-us\/products\/integrated-risk-management\/archer-platform"},{"key":"14_CR13","unstructured":"CURA. \n                    https:\/\/www.curasoftware.com"},{"key":"14_CR14","volume-title":"Threat Modeling: Designing for Security","author":"A Shostack","year":"2014","unstructured":"Shostack, A.: Threat Modeling: Designing for Security. Wiley, Indianapolis (2014)"},{"key":"14_CR15","unstructured":"VsRISK. \n                    https:\/\/www.vigilantsoftware.co.uk\/"},{"key":"14_CR16","unstructured":"Threat Modeling Tool. Microsoft. \n                    https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/threatmodeling"},{"key":"14_CR17","unstructured":"Threat Modeler. \n                    http:\/\/threatmodeler.com"},{"key":"14_CR18","unstructured":"OWASP. \n                    https:\/\/www.owasp.org\/index.php\/Category:OWASP_Top_Ten_Project"},{"key":"14_CR19","unstructured":"Meland, P.H., Spampinato, D.G., Hagen, E., Baadshaug, E.T., Krister, K.M., Velle, K.S.: SeaMonster: providing tool support for security modeling. Norsk informasjonssikkerhetskonferanse, NISK (2008)"},{"key":"14_CR20","unstructured":"securiCAD. \n                    https:\/\/www.foreseeti.com\/"},{"key":"14_CR21","unstructured":"ISO\/IEC. ISO 27005: Information technology \u2013 Security techniques \u2013 Information security risk management (2011)"},{"key":"14_CR22","unstructured":"ISO\/IEC: ISO 31010: Risk management \u2013 Risk assessment techniques (2009)"},{"key":"14_CR23","unstructured":"World Tourist Organization. \n                    http:\/\/www2.unwto.org\/"},{"issue":"3","key":"14_CR24","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1049\/iet-sen.2018.5294","volume":"13","author":"X Larrucea","year":"2019","unstructured":"Larrucea, X., Santamaria, I., Colomo-Palacios, R.: Assessing source code vulnerabilities in a cloud-based system for health systems: OpenNCP. IET Softw. 13(3), 195\u2013202 (2019)","journal-title":"IET Softw."}],"container-title":["Communications in Computer and Information Science","New Trends in Model and Data Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-32213-7_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,15]],"date-time":"2019-10-15T19:06:53Z","timestamp":1571166413000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-32213-7_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030322120","9783030322137"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-32213-7_14","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"16 October 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"MEDI","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Model and Data Engineering","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 October 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 October 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"medi2019a","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.irit.fr\/MEDI2019\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"41","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Peer Review Information from Medi International Workshops (DETECT, DSSGA and TRIDENT): out of 34 submissions and 1 invited paper, 13 full papers and 3 short papers were accepted","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}