{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T17:40:09Z","timestamp":1774892409551,"version":"3.50.1"},"publisher-location":"Cham","reference-count":95,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030643560","type":"print"},{"value":"9783030643577","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-64357-7_6","type":"book-chapter","created":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T11:47:35Z","timestamp":1606218455000},"page":"114-147","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["The Vacuity of the Open Source Security Testing Methodology Manual"],"prefix":"10.1007","author":[{"given":"Martin R.","family":"Albrecht","sequence":"first","affiliation":[]},{"given":"Rikke Bjerg","family":"Jensen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,24]]},"reference":[{"key":"6_CR1","unstructured":"US Army and US Marine Corps. Counterinsurgency Field Manual. Number 3\u201324. Cosimo Inc. (2010)"},{"issue":"4","key":"6_CR2","doi-asserted-by":"publisher","first-page":"106","DOI":"10.14445\/22312803\/IJCTT-V41P119","volume":"41","author":"RKA Ahmed","year":"2016","unstructured":"Ahmed, R.K.A.: Security metrics and the risks: an overview. IJCTT 41(4), 106\u2013112 (2016)","journal-title":"IJCTT"},{"key":"6_CR3","doi-asserted-by":"crossref","unstructured":"AlFardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: 2013 IEEE Symposium on Security and Privacy, pp. 526\u2013540. IEEE Computer Society (2013)","DOI":"10.1109\/SP.2013.42"},{"key":"6_CR4","unstructured":"British Army: British Army Field Manual Volume 1 Part 10: Countering Insurgency. Ministry of Defence (2009)"},{"issue":"12","key":"6_CR5","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/322796.322806","volume":"42","author":"Anne Adams and Martina Angela Sasse","year":"1999","unstructured":"Anne Adams and Martina Angela Sasse: Users are not the enemy. Commun. ACM 42(12), 40\u201346 (1999)","journal-title":"Commun. ACM"},{"issue":"2","key":"6_CR6","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1037\/0003-066X.37.2.122","volume":"37","author":"A Bandura","year":"1982","unstructured":"Bandura, A.: Self-efficacy mechanism in human agency. Am. Psychol. 37(2), 122 (1982)","journal-title":"Am. Psychol."},{"key":"6_CR7","unstructured":"Barber, B.: The Logic and Limits of Trust. Rutgers University Press (1983)"},{"key":"6_CR8","unstructured":"Blythe, J.M., Coventry, L., Little, L.: Unpacking security policy compliance: the motivators and barriers of employees\u2019 security behaviors. In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 103\u2013122 (2015)"},{"key":"6_CR9","unstructured":"Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings 1996 IEEE Symposium on Security and Privacy, pp. 164\u2013173. IEEE (1996)"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Breier, J., Hudec, L.: Risk analysis supported by information security metrics. In: Proceedings of the 12th International Conference on Computer Systems and Technologies, pp. 393\u2013398. ACM (2011)","DOI":"10.1145\/2023607.2023673"},{"key":"6_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BFb0055716","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201998","author":"D Bleichenbacher","year":"1998","unstructured":"Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1\u201312. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0055716"},{"issue":"1","key":"6_CR12","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1016\/j.joep.2009.10.001","volume":"31","author":"A Ben-Ner","year":"2010","unstructured":"Ben-Ner, A., Halldorsson, F.: Trusting and trustworthiness: what are they, how to measure them, and what affects them. J. Econ. Psychol. 31(1), 64\u201379 (2010)","journal-title":"J. Econ. Psychol."},{"issue":"1","key":"6_CR13","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1287\/orsc.1040.0103","volume":"16","author":"M-C Boudreau","year":"2005","unstructured":"Boudreau, M.-C., Robey, D.: Enacting integrated information technology: a human agency perspective. Organ. Sci. 16(1), 3\u201318 (2005)","journal-title":"Organ. Sci."},{"issue":"10","key":"6_CR14","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1016\/S1353-4858(14)70100-X","volume":"2014","author":"J Brazil","year":"2014","unstructured":"Brazil, J.: Security metrics to manage change. Netw. Secur. 2014(10), 5\u20137 (2014)","journal-title":"Netw. Secur."},{"issue":"1","key":"6_CR15","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1515\/auk-2004-0103","volume":"26","author":"H-W Bierhoff","year":"2004","unstructured":"Bierhoff, H.-W., Vornefeld, B.: The social psychology of trust with applications in the internet. Analyse Kritik 26(1), 48\u201362 (2004)","journal-title":"Analyse Kritik"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Buzan, B., W\u00e6ver, O., De Wilde, J.: Security: A New Framework for Analysis. Lynne Rienner Publishers (1998)","DOI":"10.1515\/9781685853808"},{"key":"6_CR17","unstructured":"Campbell, G.: Measures and Metrics in Corporate Security. Elsevier (2014)"},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Corral, G., Cadenas, X., Zaballos, A., Teres Cadenas, M.: A distributed vulnerability detection system for WLANs. In: Imre, S., Crowcroft, J. (eds.) 1st International ICST Conference on Wireless Internet, WICON, pp. 86\u201393. IEEE (2005)","DOI":"10.1109\/WICON.2005.3"},{"key":"6_CR19","unstructured":"Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32, 90\u2013101 (2013)"},{"key":"6_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1007\/978-3-319-31664-2_34","volume-title":"Critical Information Infrastructures Security","author":"M Caselli","year":"2016","unstructured":"Caselli, M., Kargl, F.: A security assessment methodology for critical infrastructures. In: Panayiotou, C.G.G., Ellinas, G., Kyriakides, E., Polycarpou, M.M.M. (eds.) CRITIS 2014. LNCS, vol. 8985, pp. 332\u2013343. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-31664-2_34"},{"key":"6_CR21","unstructured":"Cook, K.S., Levi, M., Hardin, R.: Whom Can We Trust? How Groups, Networks, and Institutions Make Trust Possible. Russell Sage Foundation (2009)"},{"key":"6_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/3-540-46088-8_10","volume-title":"Financial Cryptography","author":"LJ Camp","year":"2002","unstructured":"Camp, L.J., Nissenbaum, H., McGrath, C.: Trust: a collision of paradigms. In: Syverson, P. (ed.) FC 2001. LNCS, vol. 2339, pp. 91\u2013105. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46088-8_10"},{"issue":"4","key":"6_CR23","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1016\/j.istr.2010.04.004","volume":"14","author":"C Colwill","year":"2009","unstructured":"Colwill, C.: Human factors in information security: the insider threat-who can you trust these days? Inf. Secur. Tech. Rep. 14(4), 186\u2013196 (2009)","journal-title":"Inf. Secur. Tech. Rep."},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Cook, K.S.: Networks, norms, and trust: the social psychology of social capital 2004 cooley mead award address. Soc. Psychol. Q., 4\u201314 (2005)","DOI":"10.1177\/019027250506800102"},{"key":"6_CR25","unstructured":"Penetration Test Guidance Special Interest Group PCI Security Standards Council. PCI Penetration Testing Guidance, March 2015. https:\/\/www.pcisecuritystandards.org\/documents\/Penetration_Testing_Guidance_March_2015.pdf"},{"key":"6_CR26","unstructured":"Creasey, J.: A guide for running an effective penetration testing programme. Technical report, CREST (2017)"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Corral, G., Zaballos, A., Cadenas, X., Grane, A.: A distributed vulnerability detection system for an intranet. In: Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology. IEEE (2005)","DOI":"10.1109\/CCST.2005.1594863"},{"key":"6_CR28","unstructured":"Dunning, D., and Detlef Fetchenhauer: Understanding the psychology of trust. Psychology Press (2011)"},{"key":"6_CR29","unstructured":"Danezis, G., G\u00fcrses, S.: A critical review of 10 years of privacy technology. In: Proceedings of Surveillance Cultures: A Global Surveillance Society, pp. 1\u201316 (2010)"},{"issue":"5","key":"6_CR30","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1108\/IMCS-08-2013-0057","volume":"22","author":"J D\u2019Arcy","year":"2014","unstructured":"D\u2019Arcy, J., Greene, G.: Security culture and the employment relationship as drivers of employees\u2019 security compliance. Inf. Manag. Comput. Secur. 22(5), 474\u2013489 (2014)","journal-title":"Inf. Manag. Comput. Secur."},{"key":"6_CR31","unstructured":"de Jim\u00e9nez, R.E.L.: Pentesting on web applications using ethical hacking. In: 2016 IEEE 36th Central American and Panama Convention, pp. 1\u20136, November 2016"},{"key":"6_CR32","unstructured":"Duffy, C.: Learning Penetration Testing with Python. Packt Publishing Ltd. (2015)"},{"key":"6_CR33","unstructured":"Furnell, S., Clarke, N.: Power to the people? The evolving recognition of human aspects of security. Comput. Secur. 31(8), 983\u2013988 (2012)"},{"key":"6_CR34","unstructured":"Fiaschetti, A.: Control architecture to provide E2E security in interconnected systems: the (new) SHIELD approach. In: Advances in Information Science and Applications - Volume II (2014)"},{"key":"6_CR35","unstructured":"Fiaschetti, A., Morgagni, A., Panfili, M., Lanna, A., Mignanti, S.: Attack-surface metrics, OSSTMM and common criteria based approach to \u201ccomposable security\u201d in complex systems. WSEAS Trans. Syst. 14 (2015)"},{"key":"6_CR36","unstructured":"Feldman, M.S., Pentland, B.T.: Reconceptualizing organizational routines as a source of flexibility and change. Adm. Sci. Q. 48(1), 94\u2013118 (2003)"},{"key":"6_CR37","doi-asserted-by":"crossref","unstructured":"Goldreich, O.: The Foundations of Cryptography, vol. 2. Cambridge University Press, Basic Applications (2004)","DOI":"10.1017\/CBO9780511721656"},{"key":"6_CR38","doi-asserted-by":"crossref","unstructured":"Greig, A., Renaud, K., Flowerday, S.: An ethnographic study to assess the enactment of information security culture in a retail store. In: 2015 World Congress on Internet Security (WorldCIS), pp. 61\u201366. IEEE (2015)","DOI":"10.1109\/WorldCIS.2015.7359415"},{"key":"6_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/978-3-642-25867-1_22","volume-title":"Security Protocols XIX","author":"V Gligor","year":"2011","unstructured":"Gligor, V., Wing, J.M.: Towards a theory of trust in networks of humans and computers. In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 223\u2013242. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25867-1_22"},{"key":"6_CR40","unstructured":"Hardin, R.: Trust & Trustworthiness. Russell Sage Foundation (2004)"},{"issue":"1","key":"6_CR41","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1080\/21515581.2013.771502","volume":"3","author":"R Hardin","year":"2013","unstructured":"Hardin, R.: Government without trust. J. Trust Res. 3(1), 32\u201352 (2013)","journal-title":"J. Trust Res."},{"key":"6_CR42","unstructured":"Hayden, L.: IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data. McGraw-Hill Education Group (2010)"},{"key":"6_CR43","unstructured":"Herzog, P.: The Open Source Security Testing Methodology Manual, vol. 3 (2010)"},{"key":"6_CR44","doi-asserted-by":"crossref","unstructured":"Holik, F., Horalek, J., Marik, O., Neradova, S., Zitta, S.: Effective penetration testing with Metasploit framework and methodologies. In: 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), November 2014","DOI":"10.1109\/CINTI.2014.7028682"},{"key":"6_CR45","unstructured":"Hirschberg, L.: Der Grundsatz der Verh\u00e4ltnism\u00e4\u00dfigkeit, Schwarz (1981)"},{"key":"6_CR46","unstructured":"ISECOM: Hacking Exposed Linux: Linux Security Secrets & Solutions. McGraw-Hill (2008)"},{"key":"6_CR47","unstructured":"Johansen, G., Allen, L., Heriyanto, T., Ali, S.: Kali Linux 2 - Assuring Security by Penetration Testing. Packt Publishing Ltd. (2016)"},{"key":"6_CR48","unstructured":"Jaquith, A.: Security Metrics: Replacing Fear, Uncertainty, and Doubt. Pearson Education (2007)"},{"key":"6_CR49","unstructured":"Kay, J.: Do Not Discount What You Cannot Measure. Financial Times, 22 September 2009"},{"key":"6_CR50","unstructured":"Kay, J.: Obliquity: Why Our Goals Are Best Achieved Indirectly. Profile Books (2011)"},{"key":"6_CR51","unstructured":"Knowles, W., Baron, A., McGarr, T.: Analysis and recommendations for standardisation in penetration testing and vulnerability assessment: penetration testing market survey. Technical report, BSI (2015)"},{"key":"6_CR52","doi-asserted-by":"publisher","first-page":"34","DOI":"10.14257\/astl.2015.87.08","volume":"87","author":"Y-S Kang","year":"2015","unstructured":"Kang, Y.-S., Cho, H.-H., Shin, Y., Kim, J.-B.: Comparative study of penetration test methods. Adv. Sci. Technol. Lett. 87, 34\u201337 (2015)","journal-title":"Adv. Sci. Technol. Lett."},{"key":"6_CR53","unstructured":"Kovacich, G.L., Halibozek, E.P.: Security Metrics Management: How to Measure the Costs and Benefits of Security. Butterworth-Heinemann (2006)"},{"key":"6_CR54","unstructured":"Kaur, M., Jones, A.: Security metrics-a critical analysis of current methods. In: Australian Information Warfare and Security Conference. School of Computer and Information Science, Edith Cowan University, Perth, Western Australia (2008)"},{"key":"6_CR55","doi-asserted-by":"crossref","unstructured":"Kindberg, T., O\u2019Neill, E., Bevan, C., Kostakos, V., Fraser, D.S., Jay, T.: Measuring trust in WI-FI hotspots. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 173\u2013182 (2008)","DOI":"10.1145\/1357054.1357084"},{"key":"6_CR56","doi-asserted-by":"crossref","unstructured":"Kramer, R.M.: Trust and distrust in organizations: emerging perspectives, enduring questions. Ann. Rev. Psychol. 50(1), 569\u2013598 (1999)","DOI":"10.1146\/annurev.psych.50.1.569"},{"key":"6_CR57","unstructured":"Kirlappos, I., Sasse, M.A.: Security education against phishing: a modest proposal for a major rethink. IEEE Secur. Priv. Mag. 10(2), 24\u201332 (2012)"},{"key":"6_CR58","unstructured":"Kuzon, W., Urbanchek, M., McCabe, S.: The seven deadly sins of statistical analysis. Ann. Plast. Surg. 37, 265\u2013272 (1996)"},{"issue":"1","key":"6_CR59","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1023\/A:1009985720365","volume":"4","author":"S Lindenberg","year":"2000","unstructured":"Lindenberg, S.: It takes both trust and lack of mistrust: the workings of cooperation and relational signaling in contractual relationships. J. Manage. Governance 4(1), 11\u201333 (2000)","journal-title":"J. Manage. Governance"},{"key":"6_CR60","doi-asserted-by":"crossref","unstructured":"Lee, J.-E.R., Nass, C.I.: Trust in computers: the computers-are-social-actors (CASA) paradigm and trustworthiness perception in human-computer communication. In: Trust and Technology in a Ubiquitous Modern Environment: Theoretical and Methodological Perspectives, pp. 1\u201315. IGI Global (2010)","DOI":"10.4018\/978-1-61520-901-9.ch001"},{"key":"6_CR61","unstructured":"Luhmann, N.: Trust and Power. Wiley (1979)"},{"key":"6_CR62","doi-asserted-by":"crossref","unstructured":"David Lewis, J., Weigert, A.: Trust as a social reality. Soc. Forces 63(4), 967\u2013985 (1985)","DOI":"10.2307\/2578601"},{"key":"6_CR63","unstructured":"McPhee, M.: Mastering Kali Linux for Web Penetration Testing. Packt Publishing (2017)"},{"key":"6_CR64","unstructured":"Meucci, M., Muller, A.: OWASP testing guide v4.0 (2014). https:\/\/www.owasp.org\/index.php\/OWASP_Testing_Project"},{"key":"6_CR65","unstructured":"MOD: Allied joint doctrine for psychological operations (jp-3.10.1) (2015)"},{"key":"6_CR66","unstructured":"Mollering, G.: Trust: Reason, Routine, Reflexivity. Emerald Group Publishing (2006)"},{"key":"6_CR67","unstructured":"Nickerson, C.: The Penetration Testing Execution Standard (2012). http:\/\/www.pentest-standard.org\/index.php. Accessed 8 June 2019"},{"key":"6_CR68","unstructured":"Department of Defense: Joint Publication 3\u201313: Information Operations (2014)"},{"key":"6_CR69","unstructured":"Offensive Security Ltd.: Penetration testing with Kali Linux, v1.0.1. Course Material (2014)"},{"key":"6_CR70","unstructured":"Payne, S.C.: A guide to security metrics. SANS security essentials: GSEC practical assignment (2006)"},{"key":"6_CR71","unstructured":"Pfleeger, S.L., Caputo, D.D.: Leveraging behavioral science to mitigate cyber security risk. Comput. Secur. 31(4), 597\u2013611 (2012)"},{"key":"6_CR72","doi-asserted-by":"crossref","unstructured":"Prandini, M., Ramilli, M.: Towards a practical and effective security testing methodology. In: Proceedings of the 15th IEEE Symposium on Computers and Communications, pp. 320\u2013325. IEEE Computer Society (2010)","DOI":"10.1109\/ISCC.2010.5546813"},{"key":"6_CR73","unstructured":"Pornel, J.B., Salda\u00f1a., G.A.: Four common misuses of the likert scale. Philippine J. Soc. Sci. Hum. Univ. Philippines Visayas 18(2), 12\u201319 (2013)"},{"key":"6_CR74","unstructured":"Pfleeger, S.L., Angela Sasse, M., Furnham, A.: From weakest link to security hero: transforming staff security behavior. J. Homel. Secur. Emerg. Manag. 11(4), 489\u2013510 (2014)"},{"key":"6_CR75","unstructured":"Rathore, B., et al.: Information Systems Security Assessment Framework (ISSAF) (2006)"},{"issue":"4","key":"6_CR76","doi-asserted-by":"publisher","first-page":"441","DOI":"10.5129\/001041508X12911362383354","volume":"40","author":"B Rothstein","year":"2008","unstructured":"Rothstein, B., Stolle, D.: The state and social capital: an institutional theory of generalized trust. Comp. Polit. 40(4), 441\u2013459 (2008)","journal-title":"Comp. Polit."},{"key":"6_CR77","unstructured":"Riegelsberger, J., Angela Sasse, M., McCarthy, J.D.: The researcher\u2019s dilemma: evaluating trust in computer-mediated communication. Int. J. Hum. Comput. Stud. 58(6), 759\u2013781 (2003)"},{"key":"6_CR78","unstructured":"Riegelsberger, J., Angela Sasse, M., McCarthy, J.D.: The mechanics of trust: a framework for research and design. Int. J. Hum. Comput. Stud. 62(3), 381\u2013422 (2005)"},{"key":"6_CR79","unstructured":"Riegelsberger, J., Angela Sasse, M., McCarthy, J.D.: Trust in mediated interactions. In: The Oxford Handbook of Internet Psychology, pp. 53\u201370 (2007)"},{"key":"6_CR80","unstructured":"Schulte, J.: Real time services information assurance test plan. Technical report, Defense Information Systems Agency (2009)"},{"key":"6_CR81","unstructured":"Sasse, A.M., Flechais, I.: Usable security: why do we need it? how do we get it? In: Garfinkel, S., Cranor, L. (eds) Security and Usability. O\u2019Reilly (2005)"},{"key":"6_CR82","unstructured":"Shackleford, D.: A penetration testing maturity and scoring model. Talk at RSA Conference 2014 (2014)"},{"key":"6_CR83","unstructured":"Spring, J.M., Hatleback, E., Householder, A., Manion, A., Shick, D.: Towards improving CVSS. Technical report, Software Engineering Institute, Carnegie Mellon University (2018). https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetid=538368"},{"key":"6_CR84","unstructured":"Shanley, A., Johnstone, M.: Selection of penetration testing methodologies: a comparison and evaluation. In: 13th Australian Information Security Management Conference (2015)"},{"key":"6_CR85","doi-asserted-by":"crossref","unstructured":"Schultze, U., Orlikowski, W.J.: A practice perspective on technology-mediated network relations: the use of internet-based self-serve technologies. Inf. Syst. Res. 15(1), 87\u2013106 (2004)","DOI":"10.1287\/isre.1030.0016"},{"key":"6_CR86","unstructured":"Stuttard, D., Pinto, M.: The Web Application Hacker\u2019s Handbook: Discovering and Exploiting Security Flaws, 2nd edn. Wiley (2011)"},{"key":"6_CR87","doi-asserted-by":"crossref","unstructured":"Scarfone, K., Souppaya, M., Cody, A., Orebaugh, A.: Technical guide to information security testing and assessment. Technical report, National Institute of Standards and Technology (2008)","DOI":"10.6028\/NIST.SP.800-115"},{"issue":"3\u20134","key":"6_CR88","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1007\/s12130-010-9113-9","volume":"23","author":"M Taddeo","year":"2010","unstructured":"Taddeo, M.: Trust in technology: a distinctive and a problematic relation. Knowl. Technol. Policy 23(3\u20134), 283\u2013286 (2010)","journal-title":"Knowl. Technol. Policy"},{"key":"6_CR89","unstructured":"Tugnarelli, M.D., Fornaroli, M.F., Santana, S.R., Jacobo, E., D\u00edaz, J.: Analysis of methodologies of digital data collection in web servers. Comput. Sci. CACIC 2017, 265\u2013271 (2018)"},{"issue":"5","key":"6_CR90","doi-asserted-by":"publisher","first-page":"2059","DOI":"10.1016\/j.socec.2007.10.004","volume":"37","author":"J Tullberg","year":"2008","unstructured":"Tullberg, J.: Trust\u2013the importance of trustfulness versus trustworthiness. J. Soc. Econ. 37(5), 2059\u20132071 (2008)","journal-title":"J. Soc. Econ."},{"key":"6_CR91","unstructured":"Bank Mellat v Her Majesty\u2019s Treasury (No. 2) [2013] UKSC 39, 19 June 2013"},{"issue":"4","key":"6_CR92","doi-asserted-by":"publisher","first-page":"476","DOI":"10.1016\/j.cose.2009.10.005","volume":"29","author":"JF Van Niekerk and Rossouw Von Solms","year":"2010","unstructured":"JF Van Niekerk and Rossouw Von Solms: Information security culture: a management perspective. Comput. Secur. 29(4), 476\u2013486 (2010)","journal-title":"Comput. Secur."},{"key":"6_CR93","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4615-0779-6","volume-title":"The Social Construction of Trust","author":"LR Weber","year":"2003","unstructured":"Weber, L.R., Carter, A.I.: The Social Construction of Trust. Springer, Boston (2003). https:\/\/doi.org\/10.1007\/978-1-4615-0779-6"},{"key":"6_CR94","unstructured":"Wilhelm, T.: Professional Penetration Testing. Syngress, 2nd edn. (2013)"},{"key":"6_CR95","doi-asserted-by":"crossref","unstructured":"Woltjer, R.: Workarounds and trade-offs in information security-an exploratory study. Inf. Comput. Secur. (2017)","DOI":"10.1108\/ICS-02-2016-0017"}],"container-title":["Lecture Notes in Computer Science","Security Standardisation Research"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-64357-7_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,11,29]],"date-time":"2022-11-29T13:52:17Z","timestamp":1669729937000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-64357-7_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030643560","9783030643577"],"references-count":95,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-64357-7_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"24 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SSR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Research in Security Standardisation","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"London","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ssr2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ssr2020.mozilla.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}