{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T09:50:28Z","timestamp":1770457828589,"version":"3.49.0"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030420475","type":"print"},{"value":"9783030420482","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-42048-2_16","type":"book-chapter","created":{"date-parts":[[2020,2,21]],"date-time":"2020-02-21T05:18:51Z","timestamp":1582262331000},"page":"238-257","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["From ISO\/IEC 27002:2013 Information Security Controls to Personal Data Protection Controls: Guidelines for GDPR Compliance"],"prefix":"10.1007","author":[{"given":"Vasiliki","family":"Diamantopoulou","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aggeliki","family":"Tsohou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria","family":"Karyda","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,2,22]]},"reference":[{"key":"16_CR1","unstructured":"European Commission: Directive 95\/46\/EC of the European parliament and of the council. http:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX:31995L0046. Accessed 14 May 2017"},{"key":"16_CR2","unstructured":"European Parliament: Regulation (EU) 2016\/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46\/EC (general data protection regulation) (2016)"},{"key":"16_CR3","doi-asserted-by":"crossref","unstructured":"Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the octave approach. Technical report, Software Engineering Institute, Carnegie-Mellon University Pittsburgh, PA (2003)","DOI":"10.21236\/ADA634134"},{"key":"16_CR4","unstructured":"Cavoukian, A., et al.: Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada 5 (2009)"},{"key":"16_CR5","unstructured":"CNIL 2018: Privacy impact assessment (PIA) - knowledge bases. Technical report (2018)"},{"key":"16_CR6","unstructured":"CSA 2018: GDPR preparation and challenges survey report from cloud security alliance (CSA). Technical report (2018). https:\/\/cloudsecurityalliance.org\/articles\/gdpr-preparation-and-challenges-survey-report\/. Accessed 09 July 2019"},{"key":"16_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1007\/978-3-030-27813-7_7","volume-title":"Trust, Privacy and Security in Digital Business","author":"V Diamantopoulou","year":"2019","unstructured":"Diamantopoulou, V., Tsohou, A., Karyda, M.: General data protection regulation and ISO\/IEC 27001:2013: synergies of activities towards organisations\u2019 compliance. In: Gritzalis, S., Weippl, E.R., Katsikas, S.K., Anderst-Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) TrustBus 2019. LNCS, vol. 11711, pp. 94\u2013109. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-27813-7_7"},{"key":"16_CR8","unstructured":"ENISA: Recommended cryptographic measures - securing personal data. Technical report (2013)"},{"key":"16_CR9","unstructured":"Ernst & Young 2018: Global forensic data analytics survey. Technical report (2018). https:\/\/www.ey.com\/Publication\/vwLUAssets\/ey-how-can-you-disrupt-risk-in-an-era-of-digital-transformation\/%24FILE\/ey-how-can-you-disrupt-risk-in-an-era-of-digital-transformation.pdf. Accessed 09 July 2019"},{"key":"16_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1007\/3-540-45732-1_11","volume-title":"Computer Safety, Reliability and Security","author":"R Fredriksen","year":"2002","unstructured":"Fredriksen, R., Kristiansen, M., Gran, B.A., St\u00f8len, K., Opperud, T.A., Dimitrakos, T.: The CORAS framework for a model-based risk management process. In: Anderson, S., Felici, M., Bologna, S. (eds.) SAFECOMP 2002. LNCS, vol. 2434, pp. 94\u2013105. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45732-1_11"},{"key":"16_CR11","unstructured":"Gartner 2017: Gartner says organizations are unprepared for the 2018 European data protection regulation. Technical report (2017). https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2017-05-03-gartner-says-organizations-are-unprepared-for-the-2018-european-data-protection-regulation. Accessed 09 July 2019"},{"key":"16_CR12","unstructured":"IAAP: Privacy tech vendor report. Technical report (2018)"},{"key":"16_CR13","unstructured":"IAPP 2018: Annual governance report. Technical report (2018). https:\/\/iapp.org\/resources\/article\/iapp-ey-annual-governance-report-2018\/. Accessed 09 July 2019"},{"key":"16_CR14","unstructured":"IAPP 2019: GDPR one year later: looking backward and forward. Technical report (2019). https:\/\/iapp.org\/news\/a\/gdpr-one-year-later-looking-backward-and-forward\/. Accessed 09 July 2019"},{"key":"16_CR15","unstructured":"ISO\/IEC: ISO 27001:2013 information technology - security techniques - code of practice for information security controls. Technical report (2013)"},{"key":"16_CR16","unstructured":"ISO\/IEC: ISO 27001:2013 information technology - security techniques - information security management systems - requirements. Technical report (2013)"},{"key":"16_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-98385-1_1","volume-title":"Trust, Privacy and Security in Digital Business","author":"C Lambrinoudakis","year":"2018","unstructured":"Lambrinoudakis, C.: The general data protection regulation (GDPR) era: ten steps for compliance of data processors and data controllers. In: Furnell, S., Mouratidis, H., Pernul, G. (eds.) TrustBus 2018. LNCS, vol. 11033, pp. 3\u20138. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98385-1_1"},{"key":"16_CR18","first-page":"297","volume":"94","author":"NF Palmieri III","year":"2019","unstructured":"Palmieri III, N.F.: Data protection in an increasingly globalized world. Ind. LJ 94, 297 (2019)","journal-title":"Ind. LJ"},{"key":"16_CR19","unstructured":"Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (2010)"},{"issue":"2","key":"16_CR20","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/s12525-015-0191-0","volume":"25","author":"S Spiekermann","year":"2015","unstructured":"Spiekermann, S., Acquisti, A., B\u00f6hme, R., Hui, K.L.: The challenges of personal data markets and privacy. Electron. Mark. 25(2), 161\u2013167 (2015)","journal-title":"Electron. Mark."},{"key":"16_CR21","unstructured":"Thomson Reuters 2019: Study finds organizations are not ready for GDPR compliance issues. Technical report (2019). https:\/\/legal.thomsonreuters.com\/en\/insights\/articles\/study-finds-organizations-not-ready-gdpr-compliance-issues. Accessed 09 July 2019"},{"key":"16_CR22","unstructured":"Working Party 29: Guidelines on data protection impact assessment. Technical report (2019)"},{"key":"16_CR23","unstructured":"Yazar, Z.: A qualitative risk analysis and management tool-CRAMM. In: SANS InfoSec Reading Room White Paper, vol. 11, pp. 12\u201332 (2002)"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-42048-2_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,20]],"date-time":"2025-02-20T23:04:10Z","timestamp":1740092650000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-42048-2_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030420475","9783030420482"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-42048-2_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"22 February 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SECPRE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security and Privacy Requirements Engineering","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg City","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"secpre2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/samosweb.aegean.gr\/secpre2019\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"14","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"57% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}