{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:04:51Z","timestamp":1755839091072,"version":"3.40.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030697808"},{"type":"electronic","value":"9783030697815"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-69781-5_12","type":"book-chapter","created":{"date-parts":[[2021,2,19]],"date-time":"2021-02-19T11:12:22Z","timestamp":1613733142000},"page":"171-187","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Toward a Context-Aware Methodology for Information Security Governance Assessment Validation"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9051-6972","authenticated-orcid":false,"given":"Marco","family":"Angelini","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9928-5357","authenticated-orcid":false,"given":"Silvia","family":"Bonomi","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4687-8241","authenticated-orcid":false,"given":"Claudio","family":"Ciccotelli","sequence":"additional","affiliation":[]},{"given":"Alessandro","family":"Palma","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,2,18]]},"reference":[{"issue":"1","key":"12_CR1","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1109\/TVCG.2018.2865028","volume":"25","author":"M Angelini","year":"2019","unstructured":"Angelini, M., Blasilli, G., Catarci, T., Lenti, S., Santucci, G.: VULNUS: visual vulnerability analysis for network security. IEEE Trans. Visual Comput. Graphics 25(1), 183\u2013192 (2019)","journal-title":"IEEE Trans. Visual Comput. Graphics"},{"doi-asserted-by":"crossref","unstructured":"Angelini, M., Bonomi, S., Borzi, E., Pozzo, A.D., Lenti, S., Santucci, G.: An attack graph-based on-line multi-step attack detector. In: Proceedings of the 19th International Conference on Distributed Computing and Networking. ICDCN 2018, Association for Computing Machinery, New York (2018). https:\/\/doi.org\/10.1145\/3154273.3154311","key":"12_CR2","DOI":"10.1145\/3154273.3154311"},{"unstructured":"ANSSI: EBIOS Risk Manager. https:\/\/www.ssi.gouv.fr\/en\/guide\/ebios-risk-manager-the-method\/. Accessed 12 July 2020","key":"12_CR3"},{"key":"12_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1007\/978-3-319-10329-7_3","volume-title":"Smart Grid Security","author":"K Beckers","year":"2014","unstructured":"Beckers, K., Heisel, M., Krautsevich, L., Martinelli, F., Meis, R., Yautsiukhin, A.: Determining the probability of smart grid attacks by combining attack tree and attack graph analysis. In: Cuellar, J. (ed.) SmartGridSec 2014. LNCS, vol. 8448, pp. 30\u201347. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-10329-7_3"},{"unstructured":"Bonomi, S., et al.: Understanding human impact on cyber security trough multilayer attack graphs. Technical report, Department of Computer, Control and Management Engineering, Sapienza University of Rome (2020). https:\/\/bonomi.diag.uniroma1.it\/research\/publications","key":"12_CR5"},{"unstructured":"CLUSIF: MEHARI (MEthod for Harmonized Analysis of RIsk). http:\/\/meharipedia.x10host.com\/wp\/. Accessed 12 July 2020","key":"12_CR6"},{"key":"12_CR7","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1016\/j.future.2017.05.043","volume":"83","author":"G Gonzalez Granadillo","year":"2018","unstructured":"Gonzalez Granadillo, G., et al.: Dynamic risk management response system to handle cyber threats. Future Gener. Comput. Syst. 83, 535\u2013552 (2018). https:\/\/doi.org\/10.1016\/j.future.2017.05.043","journal-title":"Future Gener. Comput. Syst."},{"doi-asserted-by":"crossref","unstructured":"Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC 2006, USA, pp. 121\u2013130. IEEE Computer Society (2006). https:\/\/doi.org\/10.1109\/ACSAC.2006.39","key":"12_CR8","DOI":"10.1109\/ACSAC.2006.39"},{"key":"12_CR9","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/978-1-4419-0140-8_7","volume-title":"Cyber Situational Awareness. Advances in Information Security","author":"S Jajodia","year":"2010","unstructured":"Jajodia, S., Noel, S.: Topological vulnerability analysis. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.) Cyber Situational Awareness. Advances in Information Security, pp. 139\u2013154. Springer, Boston (2010). https:\/\/doi.org\/10.1007\/978-1-4419-0140-8_7"},{"unstructured":"Williams, J.: OWASP Risk Rating Methodology. https:\/\/owasp.org\/www-community\/OWASP_Risk_Rating_Methodology. Accessed 12 July 2020","key":"12_CR10"},{"unstructured":"Coventry, L., et al.: D2.2 - Human Factors, Threat Models Analysis and Risk Quantification. PANACEA Project https:\/\/www.panacearesearch.eu","key":"12_CR11"},{"doi-asserted-by":"crossref","unstructured":"LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (advise). In: 2011 Eighth International Conference on Quantitative Evaluation of SysTems, pp. 191\u2013200 (2011)","key":"12_CR12","DOI":"10.1109\/QEST.2011.34"},{"unstructured":"Nist, Aroms, E.: NIST SP 800-100 Information Security Handbook: A Guide for Managers. CreateSpace, Scotts Valley (2012)","key":"12_CR13"},{"doi-asserted-by":"crossref","unstructured":"Noel, S., Elder, M., Jajodia, S., Kalapa, P., O\u2019Hare, S., Prole, K.: Advances in topological vulnerability analysis. In: 2009 Cybersecurity Applications Technology Conference for Homeland Security, pp. 124\u2013129 (2009)","key":"12_CR14","DOI":"10.1109\/CATCH.2009.19"},{"issue":"1","key":"12_CR15","first-page":"135","volume":"1","author":"S Noel","year":"2010","unstructured":"Noel, S., Wang, L., Singhal, A., Jajodia, S.: Measuring security risk of networks using attack graphs. IJNGC 1(1), 135\u2013147 (2010)","journal-title":"IJNGC"},{"doi-asserted-by":"crossref","unstructured":"Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, p. 336\u2013345. Association for Computing Machinery, New York (2006). https:\/\/doi.org\/10.1145\/1180405.1180446","key":"12_CR16","DOI":"10.1145\/1180405.1180446"},{"unstructured":"Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: Proceedings of the 14th Conference on USENIX Security Symposium, SSYM 2005, vol. 14, p. 8. USENIX Association, Berkeley (2005)","key":"12_CR17"},{"doi-asserted-by":"crossref","unstructured":"Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: Proceedings of the 2nd ACM Workshop on Quality of Protection, QoP 2006, p. 31\u201338. Association for Computing Machinery, New York (2006). https:\/\/doi.org\/10.1145\/1179494.1179502","key":"12_CR18","DOI":"10.1145\/1179494.1179502"},{"key":"12_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1007\/978-3-540-30101-1_17","volume-title":"Formal Methods for Components and Objects","author":"O Sheyner","year":"2004","unstructured":"Sheyner, O., Wing, J.: Tools for generating and analyzing attack graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 344\u2013371. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30101-1_17"},{"key":"12_CR20","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-79984-1","volume-title":"Information Security Governance","author":"SV Solms","year":"2009","unstructured":"Solms, S.V., Solms, R.V.: Information Security Governance. Springer, Boston (2009). https:\/\/doi.org\/10.1007\/978-0-387-79984-1"},{"issue":"1","key":"12_CR21","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1109\/TDSC.2013.24","volume":"11","author":"L Wang","year":"2014","unstructured":"Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30\u201344 (2014)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"12_CR22","series-title":"SpringerBriefs in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04612-9","volume-title":"Network Hardening","author":"L Wang","year":"2014","unstructured":"Wang, L., Albanese, M., Jajodia, S.: Network Hardening. SCS. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-04612-9"}],"container-title":["Lecture Notes in Computer Science","Cyber-Physical Security for Critical Infrastructures Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-69781-5_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,23]],"date-time":"2021-04-23T16:42:08Z","timestamp":1619196128000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-69781-5_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030697808","9783030697815"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-69781-5_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"18 February 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CPS4CIP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Cyber-Physical Security for Critical Infrastructures Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guildford","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cps4cip2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sites.google.com\/fbk.eu\/cps4cip20","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held online due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}