{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T22:55:13Z","timestamp":1743029713560,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030425036"},{"type":"electronic","value":"9783030425043"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-42504-3_24","type":"book-chapter","created":{"date-parts":[[2020,3,10]],"date-time":"2020-03-10T18:03:57Z","timestamp":1583863437000},"page":"376-392","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Aggregating Corporate Information Security Maturity Levels of Different Assets"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3534-313X","authenticated-orcid":false,"given":"Michael","family":"Schmid","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0893-7856","authenticated-orcid":false,"given":"Sebastian","family":"Pape","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,3,6]]},"reference":[{"issue":"2","key":"24_CR1","doi-asserted-by":"publisher","first-page":"106","DOI":"10.14445\/22312803\/IJCTT-V41P119","volume":"41","author":"RK Abbas Ahmed","year":"2016","unstructured":"Abbas Ahmed, R.K.: Security metrics and the risks: an overview. Int. J. Comput. Trends Technol. 41(2), 106\u2013112 (2016)","journal-title":"Int. J. Comput. Trends Technol."},{"issue":"1","key":"24_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.5121\/ijcnc.2015.7101","volume":"7","author":"S Abraham","year":"2015","unstructured":"Abraham, S., Nair, S.: A predictive framework for cyber security analytics using attack graphs. Int. J. Comput. Netw. Commun. 7(1), 1\u201317 (2015)","journal-title":"Int. J. Comput. Netw. Commun."},{"key":"24_CR3","doi-asserted-by":"crossref","unstructured":"Ahmed, Y., Naqvi, S., Josephs, M.: Aggregation of security metrics for decision making: a reference architecture. In: ACM International Conference Proceeding Series (2018)","DOI":"10.1145\/3241403.3241458"},{"key":"24_CR4","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/978-3-642-39498-0_12","volume-title":"The Economics of Information Security and Privacy","author":"R Anderson","year":"2013","unstructured":"Anderson, R., et al.: Measuring the cost of cybercrime. In: B\u00f6hme, R. (ed.) The Economics of Information Security and Privacy, pp. 265\u2013300. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39498-0_12"},{"key":"24_CR5","unstructured":"Anderson, R., et al.: Measuring the changing cost of cybercrime our framework for analysing the costs of cybercrime. In: Workshop on the Economics of Information Security (WEIS), pp. 1\u201332 (2019)"},{"issue":"2","key":"24_CR6","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1016\/j.jides.2016.10.002","volume":"3","author":"A Beck","year":"2016","unstructured":"Beck, A., Rass, S.: Using neural networks to aid CVSS risk aggregation - an empirically validated approach. J. Innov. Digit. Ecosyst. 3(2), 148\u2013154 (2016)","journal-title":"J. Innov. Digit. Ecosyst."},{"issue":"1","key":"24_CR7","doi-asserted-by":"publisher","first-page":"57","DOI":"10.6000\/1929-6029.2015.04.01.6","volume":"4","author":"M Bland","year":"2015","unstructured":"Bland, M.: Estimating mean and standard deviation from the sample size, three quartiles, minimum, and maximum. Int. J. Stat. Med. Res. 4(1), 57\u201364 (2015)","journal-title":"Int. J. Stat. Med. Res."},{"key":"24_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/978-3-642-16825-3_2","volume-title":"Advances in Information and Computer Security","author":"R B\u00f6hme","year":"2010","unstructured":"B\u00f6hme, R.: Security metrics and security investment models. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 10\u201324. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-16825-3_2"},{"key":"24_CR9","doi-asserted-by":"crossref","unstructured":"Cheng, P., Wang, L., Jajodia, S., Singhal, A.: Aggregating CVSS base scores for semantics-rich network security metrics. In: Proceedings of the IEEE Symposium on Reliable Distributed Systems (2012)","DOI":"10.1109\/SRDS.2012.4"},{"key":"24_CR10","volume-title":"Applied Statistics in Business and Economics","author":"DP Doane","year":"2016","unstructured":"Doane, D.P., Seward, L.E.: Applied Statistics in Business and Economics. McGraw-Hill Higher Education, New York (2016)"},{"issue":"4","key":"24_CR11","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"LA Gordon","year":"2002","unstructured":"Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. 5(4), 438\u2013457 (2002)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"issue":"4","key":"24_CR12","doi-asserted-by":"publisher","first-page":"561","DOI":"10.3233\/JCS-130475","volume":"21","author":"J Homer","year":"2013","unstructured":"Homer, J., et al.: Aggregating vulnerability metrics in enterprise networks using attack graphs. J. Comput. Secur. 21(4), 561\u2013597 (2013)","journal-title":"J. Comput. Secur."},{"key":"24_CR13","unstructured":"ISACA: COBIT 5: A business framework for governance and management of enterprise IT (2012)"},{"key":"24_CR14","unstructured":"ISO\/IEC 27001: Information technology - security techniques - information security management systems - requirements. International Organization for Standardization (2013)"},{"key":"24_CR15","unstructured":"ISO\/IEC 27701: Security techniques - extension to ISO\/IEC 27001 and ISO\/IEC 27002 for privacy information management - requirements and guidelines. International Organization for Standardization (2019)"},{"issue":"1","key":"24_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10257-016-0306-y","volume":"15","author":"H Khajouei","year":"2017","unstructured":"Khajouei, H., Kazemi, M., Moosavirad, S.H.: Ranking information security controls by using fuzzy analytic hierarchy process. Inf. Syst. e-Bus. Manag. 15(1), 1\u201319 (2017)","journal-title":"Inf. Syst. e-Bus. Manag."},{"key":"24_CR17","first-page":"29","volume":"6","author":"MC Lee","year":"2014","unstructured":"Lee, M.C.: Information security risk analysis methods and research trends: AHP and fuzzy comprehensive method. Int. J. Comput. Sci. Inf. Technol. (IJCSIT) 6, 29\u201345 (2014)","journal-title":"Int. J. Comput. Sci. Inf. Technol. (IJCSIT)"},{"issue":"3","key":"24_CR18","doi-asserted-by":"publisher","first-page":"214","DOI":"10.4103\/0976-500X.83300","volume":"2","author":"S Manikandan","year":"2011","unstructured":"Manikandan, S.: Measures of central tendency: median and mode. J. Pharmacol. Pharmacother. 2(3), 214\u2013215 (2011)","journal-title":"J. Pharmacol. Pharmacother."},{"key":"24_CR19","first-page":"10","volume":"4","author":"AA Nasser","year":"2018","unstructured":"Nasser, A.A.: Measuring the information security maturity of enterprises under uncertainty using fuzzy AHP. I.J. Inf. Technol. Comput. Sci. 4, 10\u201325 (2018)","journal-title":"I.J. Inf. Technol. Comput. Sci."},{"issue":"4","key":"24_CR20","doi-asserted-by":"publisher","first-page":"2704","DOI":"10.1109\/COMST.2017.2745505","volume":"19","author":"A Ramos","year":"2017","unstructured":"Ramos, A., Lazar, M., Filho, R.H., Rodrigues, J.J.: Model-based quantitative network security metrics: a survey. IEEE Commun. Surv. Tutor. 19(4), 2704\u20132734 (2017)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"24_CR21","unstructured":"Rudolph, M., Schwarz, R.: Security indicators - a state of the art survey public report. FhG IESE VII(043) (2012)"},{"key":"24_CR22","first-page":"21","volume":"5","author":"M Saleh","year":"2011","unstructured":"Saleh, M.: Information security maturity model. Int. J. Comput. Sci. Secur. (IJCSS) 5, 21 (2011)","journal-title":"Int. J. Comput. Sci. Secur. (IJCSS)"},{"key":"24_CR23","doi-asserted-by":"crossref","unstructured":"Savola, R.M.: Towards a taxonomy for information security metrics. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 28\u201330 (2007)","DOI":"10.1145\/1314257.1314266"},{"key":"24_CR24","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/978-3-030-22312-0_16","volume-title":"ICT Systems Security and Privacy Protection","author":"M Schmid","year":"2019","unstructured":"Schmid, M., Pape, S.: A structured comparison of the corporate information security maturity level. In: Dhillon, G., Karlsson, F., Hedstr\u00f6m, K., Z\u00faquete, A. (eds.) SEC 2019. IAICT, vol. 562, pp. 223\u2013237. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-22312-0_16"},{"key":"24_CR25","doi-asserted-by":"publisher","first-page":"101656","DOI":"10.1016\/j.cose.2019.101656","volume":"90","author":"Christopher Schmitz","year":"2020","unstructured":"Schmitz, C., Pape, S.: LiSRA: lightweight security risk assessment for decision support in information security. Comput. Secur. 90 (2020)","journal-title":"Computers & Security"},{"issue":"4","key":"24_CR26","first-page":"46","volume":"10","author":"I Syamsuddin","year":"2009","unstructured":"Syamsuddin, I., Hwang, J.: The application of AHP to evaluate information security policy decision making. Int. J. Simul. Syst. Sci. Technol. 10(4), 46\u201350 (2009)","journal-title":"Int. J. Simul. Syst. Sci. Technol."},{"issue":"8","key":"24_CR27","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1088\/1751-8113\/44\/8\/085201","volume":"44","author":"L Vinet","year":"2011","unstructured":"Vinet, L., Zhedanov, A.: A \u2018missing\u2019 family of classical orthogonal polynomials. J. Phys. A Math. Theor. 44(8), 16 (2011)","journal-title":"J. Phys. A Math. Theor."}],"container-title":["IFIP Advances in Information and Communication Technology","Privacy and Identity Management. Data for Better Living: AI and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-42504-3_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,10]],"date-time":"2024-03-10T01:23:47Z","timestamp":1710033827000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-42504-3_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030425036","9783030425043"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-42504-3_24","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"6 March 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Privacy and Identity","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Summer School on Privacy and Identity Management","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Windisch","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Switzerland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 August 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 August 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"privacy-identity2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ifip-summerschool.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"31","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"22","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"71% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}