{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T07:23:09Z","timestamp":1771658589210,"version":"3.50.1"},"publisher-location":"Cham","reference-count":107,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030519919","type":"print"},{"value":"9783030519926","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,8,15]],"date-time":"2020-08-15T00:00:00Z","timestamp":1597449600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,8,15]],"date-time":"2020-08-15T00:00:00Z","timestamp":1597449600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-51992-6_20","type":"book-chapter","created":{"date-parts":[[2020,8,14]],"date-time":"2020-08-14T16:04:03Z","timestamp":1597421043000},"page":"240-272","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["A Survey of Cybersecurity Risk Management Frameworks"],"prefix":"10.1007","author":[{"given":"Olivia","family":"Giuca","sequence":"first","affiliation":[]},{"given":"Traian Mihai","family":"Popescu","sequence":"additional","affiliation":[]},{"given":"Alina Madalina","family":"Popescu","sequence":"additional","affiliation":[]},{"given":"Gabriela","family":"Prostean","sequence":"additional","affiliation":[]},{"given":"Daniela Elena","family":"Popescu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,8,15]]},"reference":[{"key":"20_CR1","doi-asserted-by":"crossref","unstructured":"Cabinet Office: The UK cyber security strategy: protecting and promoting the UK in a digital world. Crown, London (2011)","DOI":"10.1016\/S1361-3723(11)70119-1"},{"key":"20_CR2","unstructured":"United States Army: Field Manual 3\u201338: cyber electromagnetic activities. US Army, Kansas (2014)"},{"key":"20_CR3","unstructured":"Bank of England: CBEST Intelligence-Led Testing Understanding Cyber Threat Intelligence Operations. Bank of England, London (2016)"},{"key":"20_CR4","unstructured":"ETSI: CYBER; Global Cyber Security Ecosystem (2017). https:\/\/www.etsi.org\/deliver\/etsi_tr\/103300_103399\/103306\/01.02.01_60\/tr_103306v010201p.pdf . Accessed 31 July 2018"},{"key":"20_CR5","unstructured":"Lonea, A.M., Popescu, D.E., Prostean, O.: The overall process taken by enterprises to manage the IaaS cloud services. In: Proceedings of the European Conference on Information Systems Management (ECIME 2012), University College Cork, Cork, pp. 168\u2013177 (2012)"},{"key":"20_CR6","doi-asserted-by":"publisher","unstructured":"Lonea, A.M., Tianfield, H., Popescu, D.E.: Identity management for cloud computing. In: Balas, V., Fodor, J., V\u00e1rkonyi-K\u00f3czy, A. (eds.) New Concepts and Applications in Soft Computing. Studies in Computational Intelligence, vol. 417, pp. 175\u2013199. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-28959-0_11","DOI":"10.1007\/978-3-642-28959-0_11"},{"key":"20_CR7","unstructured":"Poppensieker, T., Riemenschnitter, R.: A new posture for cybersecurity in a networked world (2018). https:\/\/www.mckinsey.com\/business-functions\/risk\/our-insights\/a-new-posture-for-cybersecurity-in-a-networked-world . Accessed 31 July 2018"},{"key":"20_CR8","unstructured":"EY: Cybersecurity regained: preparing to face cyber attacks 20th Global Information Security Survey 2017\u201318 (2018). https:\/\/www.ey.com\/Publication\/vwLUAssets\/ey-cybersecurity-regained-preparing-to-face-cyber-attacks\/$FILE\/ey-cybersecurity-regained-preparing-to-face-cyber-attacks.pdf . Accessed 31 July 2018"},{"key":"20_CR9","unstructured":"ENISA: ENISA Threat Landscape Report 2017 15 Top Cyber-Threats and Trends (2018). https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-report-2017\/at_download\/fullReport . Accessed 31 July 2018"},{"key":"20_CR10","unstructured":"EY: Governing cyber risk in financial services, pp. 2\u20137 (2017)"},{"key":"20_CR11","unstructured":"World Economic Forum: Digital Transformation Initiative Maximizing the Return on Digital Investments (2018). http:\/\/www3.weforum.org\/docs\/DTI_Maximizing_Return_Digital_WP.pdf . Accessed 31 July 2018"},{"key":"20_CR12","unstructured":"PwC: Top financial services issues of 2018 (2017). https:\/\/www.pwc.se\/sv\/pdf-reports\/finansiell-sektor\/top-financial-services-issues-of-2018.pdf . Accessed 31 July 2018"},{"key":"20_CR13","unstructured":"PwC: Revitalizing privacy and trust in a data-driven world Key findings from The Global State of Information Security\u00ae Survey 2018 (2018). https:\/\/www.pwc.com\/us\/en\/cybersecurity\/assets\/revitalizing-privacy-trust-in-data-driven-world.pdf . Accessed 31 July 2018"},{"key":"20_CR14","unstructured":"Ali, S., Padmanabhan, V., Dixon, J.: Why Cybersecurity is a Strategic Issue (2014). https:\/\/www.bain.com\/insights\/why-cybersecurity-is-a-strategic-issue\/ . Accessed 31 July 2018"},{"key":"20_CR15","unstructured":"Lindstrom, P., Rosen, M., Pike, S.: DX Security: A Security Model for the DX Platform, pp. 2\u201313 (2018)"},{"key":"20_CR16","unstructured":"Information Security Forum: IRAM2 The next generation of assessing information risk, pp. 1\u201390 (2014)"},{"key":"20_CR17","unstructured":"PwC: 10 most likely ways your operational technology network will be compromised December 2015 Cyber savvy: Securing operational technology assets (2016). https:\/\/www.pwc.com\/ca\/en\/consulting\/publications\/2016\u201301-18-pwc-cyber-savvy-securing-operational-technology-assets.pdf . Accessed 31 July 2018"},{"key":"20_CR18","unstructured":"Deloitte: ISO27032: Guidelines for cyber security a Deloitte point of view on analysing & implementing the guideline (2012). https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/ie\/Documents\/Risk\/iso27032_guidelines_cybersecurity_2011_deloitte_uk.pdf . Accessed 31 July 2018"},{"key":"20_CR19","doi-asserted-by":"crossref","unstructured":"Verizon: 2018 Data Breach Investigations Report, 11th edn (2018). https:\/\/www.verizonenterprise.com\/resources\/reports\/rp_DBIR_2018_Report_execsummary_en_xg.pdf . Accessed 31 July 2018","DOI":"10.1016\/S1361-3723(18)30040-X"},{"key":"20_CR20","unstructured":"Deloitte: The value of visibility Cybersecurity risk management examination (2017). https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/risk\/us-the-value-of-visibility-cybersecurity-risk-management-examination.pdf . Accessed 31 July 2018"},{"key":"20_CR21","unstructured":"EY: Cyber program management Identifying ways to get ahead of cybercrime (2014). https:\/\/www.ey.com\/Publication\/vwLUAssets\/EY-cyber-program-management\/$FILE\/EY-cyber-program-management.pdf . Accessed 31 July 2018"},{"key":"20_CR22","unstructured":"World Economic Forum: The Global Risks Report 2018, 13th edn (2018). http:\/\/www3.weforum.org\/docs\/WEF_GRR18_Report.pdf . Accessed 31 July 2018"},{"key":"20_CR23","unstructured":"Europol: Internet Organised Crime Threat Assessment 2017 (2017). https:\/\/www.europol.europa.eu\/sites\/default\/files\/documents\/iocta2017.pdf . Accessed 31 July 2018"},{"key":"20_CR24","unstructured":"IBM Security: IBM X-Force Threat Intelligence Index 2018 Notable security events of 2017, and a look ahead (2018). https:\/\/public.dhe.ibm.com\/common\/ssi\/ecm\/77\/en\/77014377usen\/security-ibm-security-solutions-wg-research-report-77014377usen-20180404.pdf . Accessed 31 July 2018"},{"key":"20_CR25","doi-asserted-by":"crossref","unstructured":"Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: 2017 European Intelligence and Security Informatics Conference (EISIC), Athens, pp. 91\u201398. IEEE (2017)","DOI":"10.1109\/EISIC.2017.20"},{"key":"20_CR26","unstructured":"Center for Internet Security: Top 10 Malware, January 2018. https:\/\/www.cisecurity.org\/top-10-malware-january-2018\/ . Accessed 31 July 2018"},{"key":"20_CR27","unstructured":"The British Standards Institution: Emerging trends in the cyber landscape \u2013 2018 (2017). https:\/\/www.bsigroup.com\/contentassets\/d6a55cdd1c7f4849811d48e6397340b7\/csir\u2014emerging_cyber_trends.pdf?amp;epslanguage=fr-FR . Accessed 31 July 2018"},{"key":"20_CR28","unstructured":"Deutscher, S., Bohmayr, W., Yin, W., Russo, M.: Cybersecurity Meets IT Risk Management: A Corporate Immune and Defense System (2014). https:\/\/www.bcg.com\/publications\/2014\/technology-strategy-organization-cybersecurity-meets-it-risk-management.aspx . Accessed 31 July 2018"},{"key":"20_CR29","unstructured":"Juniper Research: The Future of Cybercrime & Security: Enterprise Threats & Mitigation 2017\u20132022 (2017). https:\/\/www.juniperresearch.com\/press\/press-releases\/cybercrime-to-cost-global-business-over-$8-trn . Accessed 31 July 2018"},{"key":"20_CR30","unstructured":"National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (2018). https:\/\/nvlpubs.nist.gov\/nistpubs\/CSWP\/NIST.CSWP.04162018.pdf . Accessed 31 July 2018"},{"key":"20_CR31","unstructured":"ENISA: ENISA overview of cybersecurity and related terminology (2017). https:\/\/www.enisa.europa.eu\/publications\/enisa-position-papers-and-opinions\/enisa-overview-of-cybersecurity-and-related-terminology . Accessed 31 July 2018"},{"key":"20_CR32","unstructured":"Mayer Brown: 2018 Outlook: Cybersecurity and Data Privacy (2018). https:\/\/www.mayerbrown.com\/files\/Publication\/186b642e-812a-4b83-8e2d-138d6c9a4f6f\/Presentation\/PublicationAttachment\/dbb4215a-6522-4bb6-9007-12a81d4d7075\/Mayer-Brown-2018-Cyber-Data%20Privacy-Outlook.pdf . Accessed 31 July 2018"},{"key":"20_CR33","unstructured":"Deloitte: Cyber risk and regulation in Europe: A new paradigm form banks (2018). https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/global\/Documents\/Risk\/gx-cyber-risk-and-regulation-in-europe.pdf . Accessed 31 July 2018"},{"key":"20_CR34","unstructured":"EY: Payment Services Directive 2 for FinTech & Payment Service Providers Accelerate your growth journey (2017). https:\/\/www.ey.com\/Publication\/vwLUAssets\/HVG-payment-services-directive-2\/$FILE\/HVG-payment-services-directive-2.pdf . Accessed 31 July 2018"},{"key":"20_CR35","unstructured":"EY: Networking and Information Security (NIS) Directive An outline of consequences and next steps (2017). https:\/\/www.ey.com\/Publication\/vwLUAssets\/EY-networking-and-information-security-directive-nis\/$FILE\/EY-networking-and-information-security-directive-nis.pdf . Accessed 31 July 2018"},{"key":"20_CR36","unstructured":"ENISA: ENISA\u2019s Position on the NIS Directive (2016). https:\/\/www.enisa.europa.eu\/publications\/enisa-position-papers-and-opinions\/enisas-position-on-the-nis-directive\/ . Accessed 31 July 2018"},{"key":"20_CR37","unstructured":"EY: Cybersecurity requirements for financial services companies Overview of the finalized Cybersecurity Requirements from the New York State Department of Financial Services (DFS) (2017). https:\/\/www.ey.com\/Publication\/vwLUAssets\/EY-cybersecurity-requirements-for-financial-services-companies\/$FILE\/EY-cybersecurity-requirements-for-financial-services-companies.pdf . Accessed 31 July 2018"},{"key":"20_CR38","unstructured":"Deloitte: Data and records disposition under new cybersecurity regulations: Is your organization ready? (2018). https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/regulatory\/us-regulatory-data-disposition-nyfds-cybersecurity.pdf . Accessed 31 July 2018"},{"key":"20_CR39","unstructured":"Chaudhary, R., Hamilton, J.: The Five Critical Attributes of Effective Cybersecurity Risk Management, pp. 3\u201311 (2015)"},{"key":"20_CR40","unstructured":"Cisco: Cybersecurity Management Program (2017). https:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/security\/cybersecurity-management-programs.pdf . Accessed 31 July 2018"},{"key":"20_CR41","volume-title":"CRISC\u2122 Certified in Risk and Information Systems Control All-in-One Exam Guide","author":"BE Rogers","year":"2016","unstructured":"Rogers, B.E., Dunkerley, D.: CRISC\u2122 Certified in Risk and Information Systems Control All-in-One Exam Guide. McGraw-Hill Education, New York (2016)"},{"key":"20_CR42","unstructured":"CNSSI: Committee on National Security Systems (CNSS) Glossary. National Security Agency, Fort Meade (2015)"},{"key":"20_CR43","unstructured":"Axelos: MoR\u00ae Glossary of Terms \u2013 English (2012). https:\/\/www.axelos.com\/Corporate\/media\/Files\/Glossaries\/MoR-Glossary-of-Terms_GB.pdf . Accessed 31 July 2018"},{"key":"20_CR44","unstructured":"International Organization for Standardization: ISO\/IEC 27000:2018 Information technology \u2013 Security techniques \u2013 Information security management systems \u2013 Overview and vocabulary (2018). https:\/\/www.iso.org\/standard\/73906.html . Accessed 31 July 2018"},{"key":"20_CR45","unstructured":"Institute of Risk Management: A Risk Practitioners Guide to ISO 31000:2018 (2018). https:\/\/www.theirm.org\/media\/3513119\/IRM-Report-ISO-31000-2018-v3.pdf . Accessed 31 July 2018"},{"key":"20_CR46","unstructured":"ISO: IEC 31010:2009 Preview Risk management \u2013 Risk assessment techniques (2009). https:\/\/www.iso.org\/standard\/51073.html . Accessed 31 July 2018"},{"key":"20_CR47","unstructured":"ISO: ISO\/IEC 27005:2018 Information technology \u2013 Security techniques \u2013 Information security risk management (2018). https:\/\/www.iso.org\/standard\/75281.html . Accessed 31 July 2018"},{"key":"20_CR48","unstructured":"ENISA: Risk Management: Implementation principles and Inventories for Risk Management\/Risk Assessment methods and tools (2006). https:\/\/www.enisa.europa.eu\/publications\/risk-management-principles-and-inventories-for-risk-management-risk-assessment-methods-and-tools\/at_download\/fullReport . Accessed 31 July 2018"},{"key":"20_CR49","unstructured":"WISER Consortium: D6.2 - Best Practices & Early Assessment Pilots, Final Version (2016). https:\/\/www.cyberwiser.eu\/content\/d62-best-practices-early-assessment-pilots-final-version . Accessed 31 July 2018"},{"key":"20_CR50","unstructured":"ISO: ISO\/IEC 27032:2012 Information technology \u2013 Security techniques \u2013 Guidelines for cybersecurity (2012). https:\/\/www.iso.org\/standard\/44375.html . Accessed 31 July 2018"},{"key":"20_CR51","unstructured":"ISACA: The Risk IT Framework Excerpt (2009). http:\/\/www.isaca.org\/Knowledge-Center\/Research\/Documents\/Risk-IT-Framework-Excerpt_fmk_Eng_0109.pdf . Accessed 31 July 2018"},{"key":"20_CR52","doi-asserted-by":"crossref","unstructured":"Gashgari, G., Walters, R.J., Wills, G.: A proposed best-practice framework for information security governance. In: IoTBDS, pp. 295\u2013301 (2017)","DOI":"10.5220\/0006303102950301"},{"key":"20_CR53","unstructured":"Innotrain IT: IT Service Management Methods and Frameworks Systematization (2010). http:\/\/www.central2013.eu\/fileadmin\/user_upload\/Downloads\/outputlib\/Innotrain_Systematization_2011_04_05_FINAL.PDF . Accessed 31 July 2018"},{"key":"20_CR54","unstructured":"ENISA: Integration of risk management\/risk assessment into business governance. Project report (2008). https:\/\/www.enisa.europa.eu\/publications\/archive\/integration-of-rm-ra-into-business-governance\/at_download\/fullReport . Accessed 31 July 2018"},{"key":"20_CR55","first-page":"37","volume-title":"Information Security Risk Assessment Toolkit","author":"MRM Talabis","year":"2013","unstructured":"Talabis, M.R.M., Martin, J.L.: Information Security Risk Assessment Toolkit, pp. 37\u201341. Elsevier, Amsterdam (2013)"},{"key":"20_CR56","unstructured":"NIST: NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations (2013). https:\/\/nvlpubs.nist.gov\/nistpubs\/specialpublications\/nist.sp.800-53r4.pdf . Accessed 31 July 2018"},{"key":"20_CR57","unstructured":"Department for Business, Innovation and Skills (BIS): The Risk IT Framework Excerpt (2014). https:\/\/assets.publishing.service.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/261681\/bis-13-1294-uk-cyber-security-standards-research-report.pdf . Accessed 31 July 2018"},{"key":"20_CR58","unstructured":"Taubenberger, S.: Vulnerability identification errors in security risk assessments. Doctorate, The Open University (2014)"},{"key":"20_CR59","unstructured":"Ionita, D.: Current established risk assessment methodologies and tools. Master, University of Twente (2013)"},{"key":"20_CR60","unstructured":"NIST: NIST Special Publication 800-37 Revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems (2010). https:\/\/nvlpubs.nist.gov\/nistpubs\/specialpublications\/nist.sp.800-37r1.pdf . Accessed 31 July 2018"},{"key":"20_CR61","unstructured":"NIST: NIST Special Publication 800-53A Assessing Security and Privacy Controls in Federal Information Systems and Organizations (2014). https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-53Ar4.pdf . Accessed 31 July 2018"},{"key":"20_CR62","unstructured":"NIST: NIST Special Publication 800-30 Revision 1 Guide for Conducting Risk Assessments (2012). https:\/\/nvlpubs.nist.gov\/nistpubs\/legacy\/sp\/nistspecialpublication800-30r1.pdf . Accessed 31 July 2018"},{"key":"20_CR63","unstructured":"NIST: NIST Special Publication 800-39 Managing Information Security Risk Organization, Mission, and Information System View (2011). https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-39.pdf . Accessed 31 July 2018"},{"key":"20_CR64","unstructured":"Software Engineering Institute: Introducing OCTAVE Allegro: improving the information security risk assessment process. Technical report (2007). https:\/\/resources.sei.cmu.edu\/asset_files\/TechnicalReport\/2007_005_001_14885.pdf . Accessed 31 July 2018"},{"key":"20_CR65","unstructured":"Jones, J.A.: An introduction to factor analysis of information risk (FAIR). Risk Manag. Insight LLC (2006)"},{"key":"20_CR66","doi-asserted-by":"publisher","first-page":"1389","DOI":"10.1093\/comjnl\/bxy002","volume":"61","author":"S Tweneboah-Koduah","year":"2018","unstructured":"Tweneboah-Koduah, S., Buchanan, W.J.: Security risk assessment of critical infrastructure systems: a comparative study. Comput. J. 61, 1389\u20131406 (2018)","journal-title":"Comput. J."},{"issue":"13","key":"20_CR67","first-page":"157","volume":"1","author":"E Fulford","year":"2017","unstructured":"Fulford, E.: What factors influence companies\u2019 successful implementations of technology risk management systems? Muma Bus. Rev. 1(13), 157\u2013169 (2017)","journal-title":"Muma Bus. Rev."},{"key":"20_CR68","unstructured":"Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture. White Paper, SABSA Limited (2009)"},{"key":"20_CR69","unstructured":"Van Os, R.: Comparing security architectures: defining and testing a model for evaluating and categorizing security architecture frameworks. Master\u2019s thesis, Lule\u00e5 University of Technology, Department of Computer Science, Electrical and Space Engineering, Sweden (2014)"},{"key":"20_CR70","unstructured":"Bodeau, D.J., Graubart, R.: Cyber Resiliency Engineering Framework. MTR110237 (2011). https:\/\/www.mitre.org\/sites\/default\/files\/pdf\/11_4436.pdf . Accessed 31 July 2018"},{"key":"20_CR71","unstructured":"AICPA: SOC 2\u00ae examinations and SOC for Cybersecurity examinations: Understanding the key distinctions (2017). https:\/\/www.aicpa.org\/content\/dam\/aicpa\/interestareas\/frc\/assuranceadvisoryservices\/downloadabledocuments\/cybersecurity\/soc-2-vs-cyber-whitepaper-web-final.pdf . Accessed 31 July 2018"},{"key":"20_CR72","unstructured":"CIS: CIS Controls Framework (2018). https:\/\/www.cisecurity.org\/controls\/ . Accessed 31 July 2018"},{"key":"20_CR73","unstructured":"COSO: Internal Control \u2013 Integrated Framework, Executive Summary (2013). https:\/\/na.theiia.org\/standards-guidance\/topics\/Documents\/Executive_Summary.pdf . Accessed 31 July 2018"},{"key":"20_CR74","unstructured":"COSO: Enterprise Risk Management \u2013 Integrating with Strategy and Performance, Executive Summary (2017). https:\/\/www.coso.org\/Documents\/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf . Accessed 31 July 2018"},{"key":"20_CR75","unstructured":"ISO: ISO 31000:2018 (2018). https:\/\/www.iso.org\/standard\/65694.html . Accessed 31 July 2018"},{"key":"20_CR76","volume-title":"ITIL Foundation All-in-One Exam Guide","author":"J Davies","year":"2016","unstructured":"Davies, J.: ITIL Foundation All-in-One Exam Guide. McGraw-Hill Education, New York (2016)"},{"key":"20_CR77","unstructured":"ISACA: COBIT5 Enabling Processes (2012). http:\/\/www.isaca.org\/COBIT\/Documents\/COBIT-5-Enabling-Processes-Introduction.pdf . Accessed 31 July 2018"},{"key":"20_CR78","volume-title":"IT Capability Maturity Framework TM (IT-CMF TM) The Body of Knowledge Guide","year":"2016","unstructured":"Curley, M., Kenneally, J., Carcary, M. (eds.): IT Capability Maturity Framework TM (IT-CMF TM) The Body of Knowledge Guide, 2nd edn. Van Haren Publishing, Zaltbommel (2016)","edition":"2"},{"key":"20_CR79","unstructured":"ISO: We\u2019re ISO: we develop and publish International Standards (2018). https:\/\/www.iso.org\/standards.html . Accessed 31 July 2018"},{"key":"20_CR80","unstructured":"IEC: Developing International Standards (2018). http:\/\/www.iec.ch\/about\/activities\/standards.htm . Accessed 31 July 2018"},{"key":"20_CR81","unstructured":"ITU: ITU-T Recommendations and other publications (2018). https:\/\/www.itu.int\/en\/ITU-T\/publications\/Pages\/default.aspx . Accessed 31 July 2018"},{"key":"20_CR82","unstructured":"BSI: What is a standard? & What does it do? (2018). https:\/\/www.bsigroup.com\/en-GB\/standards\/Information-about-standards\/what-is-a-standard\/ . Accessed 31 July 2018"},{"key":"20_CR83","unstructured":"ENISA: Information security and privacy standards for SMEs.56 (2015). https:\/\/www.enisa.europa.eu\/publications\/standardisation-for-smes\/at_download\/fullReport . Accessed 31 July 2018"},{"key":"20_CR84","unstructured":"Cloud Standards Customer Council: Cloud Security Standards: What to Expect & What to Negotiate Version 2.0 (2016). https:\/\/www.omg.org\/cloud\/deliverables\/CSCC-Cloud-Security-Standards-What-to-Expect-and-What-to-Negotiate.pdf . Accessed 31 July 2018"},{"key":"20_CR85","unstructured":"ISA: The 62443 series of standards Industrial Automation and Control Systems Security (2016). https:\/\/www.isa.org\/isa99\/ . Accessed 31 July 2018"},{"key":"20_CR86","unstructured":"Cabinet Office and HMG: HMG IA Standard No. 6 Protecting Personal Data and Managing Information Risk (2011). https:\/\/data.gov.uk\/data\/contracts-finder-archive\/download\/611325\/439bbc8a-9249-4210-93a8-8c33edcba603 . Accessed 31 July 2018"},{"key":"20_CR87","unstructured":"ISO: ISO\/IEC 27001:2013 Information technology \u2013 Security techniques \u2013 Information security management systems \u2013 Requirements (2013). https:\/\/www.iso.org\/standard\/54534.html . Accessed 31 July 2018"},{"key":"20_CR88","unstructured":"ISO: ISO\/IEC 27002:2013 Information technology \u2013 Security techniques \u2013 Code of practice for information security controls (2013). https:\/\/www.iso.org\/standard\/54533.html . Accessed 31 July 2018"},{"key":"20_CR89","unstructured":"ISF: The 2011 Standard of Good Practice for Information Security, pp. 1\u2013271 (2011)"},{"key":"20_CR90","unstructured":"BSI: BSI-Standard 100-1: Information Security Management Systems (ISMS) Version 1.5 (2008). https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/BSIStandards\/standard_100-1_e_pdf.pdf?__blob=publicationFile&v=1 . Accessed 31 July 2018"},{"key":"20_CR91","unstructured":"BSI: BSI-Standard 100-2: IT-Grundschutz Methodology Version 2.0 (2008). https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/BSIStandards\/standard_100-2_e_pdf.pdf?__blob=publicationFile . Accessed 31 July 2018"},{"key":"20_CR92","unstructured":"Cross, J.: ISO 31010 risk assessment techniques and open systems. In: Sixth Workshop on Open Systems Dependability, Tokyo, pp. 15\u201318 (2017)"},{"key":"20_CR93","unstructured":"IRM: A Risk Management Standard (2002). https:\/\/www.theirm.org\/media\/886059\/ARMS_2002_IRM.pdf . Accessed 31 July 2018"},{"issue":"2","key":"20_CR94","first-page":"193","volume":"16","author":"N Mackenzie","year":"2006","unstructured":"Mackenzie, N., Knipe, S.: Research dilemmas: paradigms, methods and methodology. Issues Educ. Res. 16(2), 193\u2013205 (2006)","journal-title":"Issues Educ. Res."},{"key":"20_CR95","volume-title":"Research Methods in Business Studies","author":"P Ghauri","year":"2010","unstructured":"Ghauri, P., Gronhaug, K.: Research Methods in Business Studies, 4th edn. Pearson Education Limited, Essex (2010)","edition":"4"},{"issue":"16","key":"20_CR96","first-page":"289","volume":"11","author":"P Palvia","year":"2003","unstructured":"Palvia, P., Mao, E., Salam, A.F., Soliman, K.S.: Management information systems research: what\u2019s there in a methodology? Commun. Assoc. Inf. Syst. 11(16), 289\u2013309 (2003)","journal-title":"Commun. Assoc. Inf. Syst."},{"key":"20_CR97","volume-title":"Information Systems Development \u2013 Methodologies, Techniques and Tools","author":"D Avison","year":"2002","unstructured":"Avison, D., Fitzgerald, G.: Information Systems Development \u2013 Methodologies, Techniques and Tools, 3rd edn. McGraw-Hill Education, New York (2002)","edition":"3"},{"key":"20_CR98","unstructured":"NIST: New NIST Publication Provides Guidance for Computer Security Risk Assessments (2012). https:\/\/www.nist.gov\/news-events\/news\/2012\/09\/new-nist-publication-provides-guidance-computer-security-risk-assessments . Accessed 31 July 2018"},{"key":"20_CR99","unstructured":"CIS: CIS RAM Version 1.0 Center for Internet Security\u00ae Risk Assessment Method For Reasonable Implementation and Evaluation of CIS Controls TM. Center for Internet Security (2018). https:\/\/learn.cisecurity.org\/cis-ram . Accessed 31 July 2018"},{"key":"20_CR100","unstructured":"Carnegie Mellon University: Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016). https:\/\/www.us-cert.gov\/sites\/default\/files\/c3vp\/csc-crr-method-description-and-user-guide.pdf . Accessed 31 July 2018"},{"key":"20_CR101","unstructured":"Department of Homeland Security: Cyber Resilience Review (CRR) (2018). https:\/\/www.us-cert.gov\/ccubedvp\/assessments . Accessed 31 July 2018"},{"issue":"5","key":"20_CR102","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/MITP.2017.3680959","volume":"19","author":"JRC Nurse","year":"2017","unstructured":"Nurse, J.R.C., Creese, S., De Roure, D.: Security risk assessment in internet of things systems. IT Prof. 19(5), 20\u201326 (2017). https:\/\/doi.org\/10.1109\/MITP.2017.3680959","journal-title":"IT Prof."},{"key":"20_CR103","doi-asserted-by":"publisher","DOI":"10.1201\/b17776","volume-title":"Enterprise Security Architecture: A Business-Driven Approach","author":"J Sherwood","year":"2005","unstructured":"Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture: A Business-Driven Approach. Taylor & Francis Group, Boca Raton (2005)"},{"key":"20_CR104","volume-title":"Measuring and Managing Information Risk: A FAIR Approach","author":"J Freund","year":"2015","unstructured":"Freund, J., Jones, J.: Measuring and Managing Information Risk: A FAIR Approach. Elsevier, Oxford (2015)"},{"key":"20_CR105","doi-asserted-by":"crossref","unstructured":"Alberts, J.C., Dorofee, A.J.: OCTAVE Criteria, Version 2.0, pp. 12\u201320 (2001)","DOI":"10.21236\/ADA399229"},{"key":"20_CR106","unstructured":"American Institute of Certified Professional Accountants: Trust Services Criteria (2017). https:\/\/www.aicpa.org\/content\/dam\/aicpa\/interestareas\/frc\/assuranceadvisoryservices\/downloadabledocuments\/trust-services-criteria.pdf . Accessed 31 July 2018"},{"key":"20_CR107","unstructured":"The Open Group: Risk Taxonomy (O-RT), Version 2.0 Technical Standard (2013). https:\/\/publications.opengroup.org\/c13k . Accessed 31 July 2018"}],"container-title":["Advances in Intelligent Systems and Computing","Soft Computing Applications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-51992-6_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:11:12Z","timestamp":1667779872000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-51992-6_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,8,15]]},"ISBN":["9783030519919","9783030519926"],"references-count":107,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-51992-6_20","relation":{},"ISSN":["2194-5357","2194-5365"],"issn-type":[{"value":"2194-5357","type":"print"},{"value":"2194-5365","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,8,15]]},"assertion":[{"value":"15 August 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SOFA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop Soft Computing Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arad","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Romania","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sofa2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/sofa2018.org\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}