{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T01:06:49Z","timestamp":1769821609279,"version":"3.49.0"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030773915","type":"print"},{"value":"9783030773922","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-77392-2_10","type":"book-chapter","created":{"date-parts":[[2021,7,2]],"date-time":"2021-07-02T23:06:05Z","timestamp":1625267165000},"page":"139-157","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["A Human Factor Approach to Threat Modeling"],"prefix":"10.1007","author":[{"given":"Lauren S.","family":"Ferro","sequence":"first","affiliation":[]},{"given":"Andrea","family":"Marrella","sequence":"additional","affiliation":[]},{"given":"Tiziana","family":"Catarci","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,3]]},"reference":[{"key":"10_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/978-3-030-22351-9_15","volume-title":"HCI for Cybersecurity, Privacy and Trust","author":"AI Al-Darwish","year":"2019","unstructured":"Al-Darwish, A.I., Choe, P.: A framework of information security integrated with human factors. In: Moallem, A. (ed.) HCII 2019. LNCS, vol. 11594, pp. 217\u2013229. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-22351-9_15"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Alberts, C.J., Behrens, S.G., Pethia, R.D., Wilson, W.R.: Operationally critical threat, asset, and vulnerability evaluation (octave) framework, version 1.0. Technical report, Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst (1999)","DOI":"10.21236\/ADA367718"},{"key":"10_CR3","doi-asserted-by":"crossref","unstructured":"Andrade, R.O., Ortiz-Garc\u00e9s, I., Cazares, M.: Cybersecurity attacks on smart home during covid-19 pandemic. In: 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4), pp. 398\u2013404. IEEE (2020)","DOI":"10.1109\/WorldS450073.2020.9210363"},{"issue":"9","key":"10_CR4","first-page":"9331","volume":"2","author":"N Badie","year":"2012","unstructured":"Badie, N., Lashkari, A.H.: A new evaluation criteria for effective security awareness in computer risk management based on AHP. J. Basic Appl. Sci. Res. 2(9), 9331\u20139347 (2012)","journal-title":"J. Basic Appl. Sci. Res."},{"key":"10_CR5","unstructured":"Baquero, A.O., Kornecki, A.J., Janusz, Z.: Threat modeling for aviation computer security. crosstalk 21 (2015)"},{"issue":"9","key":"10_CR6","doi-asserted-by":"publisher","first-page":"1013","DOI":"10.1002\/spe.2133","volume":"43","author":"P Bedi","year":"2013","unstructured":"Bedi, P., Gandotra, V., Singhal, A., Narang, H., Sharma, S.: Threat-oriented security framework in risk management using multiagent system. Softw. Pract. Exp. 43(9), 1013\u20131038 (2013)","journal-title":"Softw. Pract. Exp."},{"issue":"5","key":"10_CR7","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1136\/emj.2010.107698","volume":"29","author":"A Bleetman","year":"2012","unstructured":"Bleetman, A., Sanusi, S., Dale, T., Brace, S.: Human factors and error prevention in emergency medicine. Emerg. Med. J. 29(5), 389\u2013393 (2012)","journal-title":"Emerg. Med. J."},{"key":"10_CR8","unstructured":"Chen, X., Liu, Y., Yi, J.: A security evaluation framework based on stride model for software in networks. Int. J. Adv. Comput. Tech. (2012)"},{"issue":"1","key":"10_CR9","doi-asserted-by":"publisher","first-page":"205","DOI":"10.25300\/MISQ\/2016\/40.1.09","volume":"40","author":"Y Chen","year":"2016","unstructured":"Chen, Y., Zahedi, F.M.: Individuals\u2019 internet security perceptions and behaviors: polycontextual contrasts between the United States and China. MIS Q. 40(1), 205\u2013222 (2016)","journal-title":"MIS Q."},{"key":"10_CR10","doi-asserted-by":"crossref","unstructured":"Da Veiga, A.: A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument. In: 2016 SAI Computing Conference (SAI), pp. 1006\u20131015. IEEE (2016)","DOI":"10.1109\/SAI.2016.7556102"},{"issue":"2","key":"10_CR11","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1016\/j.clsr.2015.01.005","volume":"31","author":"A Da Veiga","year":"2015","unstructured":"Da Veiga, A., Martins, N.: Information security culture and information protection culture: a validated assessment instrument. Comput. Law Secur. Rev. 31(2), 243\u2013256 (2015)","journal-title":"Comput. Law Secur. Rev."},{"key":"10_CR12","doi-asserted-by":"publisher","first-page":"012057","DOI":"10.1088\/1742-6596\/801\/1\/012057","volume":"801","author":"R Dahbul","year":"2017","unstructured":"Dahbul, R., Lim, C., Purnama, J.: Enhancing honeypot deception capability through network service fingerprinting. J. Phys. Conf. Ser. 801, 012057 (2017). IOP Publishing","journal-title":"J. Phys. Conf. Ser."},{"key":"10_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-030-22351-9_9","volume-title":"HCI for Cybersecurity, Privacy and Trust","author":"G Desolda","year":"2019","unstructured":"Desolda, G., Di Nocera, F., Ferro, L., Lanzilotti, R., Maggi, P., Marrella, A.: Alerting users about phishing attacks. In: Moallem, A. (ed.) HCII 2019. LNCS, vol. 11594, pp. 134\u2013148. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-22351-9_9"},{"issue":"4","key":"10_CR14","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/MSP.2011.47","volume":"9","author":"D Dhillon","year":"2011","unstructured":"Dhillon, D.: Developer-driven threat modeling: lessons learned in the trenches. IEEE Secur. Priv. 9(4), 41\u201347 (2011)","journal-title":"IEEE Secur. Priv."},{"key":"10_CR15","unstructured":"Dupont, G.: The dirty dozen errors in maintenance. In: The 11th Symposium on Human Factors in Maintenance and Inspection: Human Error in Aviation Maintenance (1997)"},{"key":"10_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-030-50309-3_9","volume-title":"HCI for Cybersecurity, Privacy and Trust","author":"LS Ferro","year":"2020","unstructured":"Ferro, L.S., Sapio, F.: Another week at the office (AWATO) \u2013 an interactive serious game for threat modeling human factors. In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 123\u2013142. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-50309-3_9"},{"key":"10_CR17","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1007\/978-3-319-60585-2_25","volume-title":"Advances in Human Factors in Cybersecurity","author":"HW Glaspie","year":"2018","unstructured":"Glaspie, H.W., Karwowski, W.: Human factors in information security culture: a literature review. In: Nicholson, D. (ed.) AHFE 2017. AISC, vol. 593, pp. 269\u2013280. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-60585-2_25"},{"key":"10_CR18","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1016\/j.cose.2012.10.003","volume":"32","author":"KH Guo","year":"2013","unstructured":"Guo, K.H.: Security-related behavior in using information systems in the workplace: a review and synthesis. Comput. Secur. 32, 242\u2013251 (2013)","journal-title":"Comput. Secur."},{"key":"10_CR19","doi-asserted-by":"publisher","unstructured":"Henshel, D., Sample, C., Cains, M., Hoffman, B.: Integrating cultural factors into human factors framework and ontology for cyber attackers. In: Nicholson, D. (ed.) Advances in Human Factors in Cybersecurity, vol. 501, pp. 123\u2013137. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-41932-9_11","DOI":"10.1007\/978-3-319-41932-9_11"},{"key":"10_CR20","volume-title":"Writing Secure Code","author":"M Howard","year":"2003","unstructured":"Howard, M., LeBlanc, D.: Writing Secure Code. Pearson Education, London (2003)"},{"issue":"4","key":"10_CR21","first-page":"1607","volume":"26","author":"S Hussain","year":"2014","unstructured":"Hussain, S., Kamal, A., Ahmad, S., Rasool, G., Iqbal, S.: Threat modelling methodologies: a survey. Sci. Int. (Lahore) 26(4), 1607\u20131609 (2014)","journal-title":"Sci. Int. (Lahore)"},{"issue":"1","key":"10_CR22","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1016\/j.im.2013.10.001","volume":"51","author":"P Ifinedo","year":"2014","unstructured":"Ifinedo, P.: Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition. Inf. Manag. 51(1), 69\u201379 (2014)","journal-title":"Inf. Manag."},{"issue":"8","key":"10_CR23","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/S1361-3723(19)30085-5","volume":"2019","author":"G Kemper","year":"2019","unstructured":"Kemper, G.: Improving employees\u2019 cyber security awareness. Comput. Fraud Secur. 2019(8), 11\u201314 (2019)","journal-title":"Comput. Fraud Secur."},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Khan, R., McLaughlin, K., Laverty, D., Sezer, S.: Stride-based threat modeling for cyber-physical systems. In: 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), pp. 1\u20136. IEEE (2017)","DOI":"10.1109\/ISGTEurope.2017.8260283"},{"issue":"7","key":"10_CR25","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1016\/j.cose.2009.04.006","volume":"28","author":"S Kraemer","year":"2009","unstructured":"Kraemer, S., Carayon, P., Clem, J.: Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput. Secur. 28(7), 509\u2013520 (2009)","journal-title":"Comput. Secur."},{"key":"10_CR26","unstructured":"Lundy, O., Cowling, A.: Strategic human resource management. Cengage Learning EMEA (1996)"},{"key":"10_CR27","doi-asserted-by":"crossref","unstructured":"Mancuso, V.F., Strang, A.J., Funke, G.J., Finomore, V.S.: Human factors of cyber attacks: a framework for human-centered research. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 58, pp. 437\u2013441. SAGE Publications Sage CA, Los Angeles (2014)","DOI":"10.1177\/1541931214581091"},{"issue":"2","key":"10_CR28","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1002\/spe.2111","volume":"43","author":"A Marback","year":"2013","unstructured":"Marback, A., Do, H., He, K., Kondamarri, S., Xu, D.: A threat model-based approach to security testing. Softw. Pract. Exp. 43(2), 241\u2013258 (2013)","journal-title":"Softw. Pract. Exp."},{"key":"10_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/978-3-030-35343-8_34","volume-title":"Innovative Technologies and Learning","author":"T Mashiane","year":"2019","unstructured":"Mashiane, T., Kritzinger, E.: Theoretical domain framework to identify cybersecurity behaviour constructs. In: R\u00f8nningsbakk, L., Wu, T.-T., Sandnes, F.E., Huang, Y.-M. (eds.) ICITL 2019. LNCS, vol. 11937, pp. 320\u2013329. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-35343-8_34"},{"key":"10_CR30","volume-title":"Understanding and Evaluating Research: A Critical Guide","author":"SL McGregor","year":"2017","unstructured":"McGregor, S.L.: Understanding and Evaluating Research: A Critical Guide. Sage Publications, Thousand Oaks (2017)"},{"key":"10_CR31","volume-title":"The Art of Deception: Controlling the Human Element of Security","author":"KD Mitnick","year":"2003","unstructured":"Mitnick, K.D., Simon, W.L.: The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons, Hoboken (2003)"},{"key":"10_CR32","doi-asserted-by":"crossref","unstructured":"Mortazavi-Alavi, R.: A risk-driven investment model for analysing human factors in information security. Ph.D. thesis, University of East London (2016)","DOI":"10.1108\/ICS-01-2016-0006"},{"key":"10_CR33","unstructured":"Myagmar, S., Lee, A.J., Yurcik, W.: Threat modeling as a basis for security requirements. In: Symposium on Requirements Engineering for Information Security (SREIS), vol. 2005, pp. 1\u20138. Citeseer (2005)"},{"key":"10_CR34","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.cose.2015.10.002","volume":"56","author":"G \u00d6\u011f\u00fct\u00e7\u00fc","year":"2016","unstructured":"\u00d6\u011f\u00fct\u00e7\u00fc, G., Testik, \u00d6.M., Chouseinoglou, O.: Analysis of personal information security behavior and awareness. Comput. Secur. 56, 83\u201393 (2016)","journal-title":"Comput. Secur."},{"key":"10_CR35","unstructured":"Parsons, K., McCormac, A., Butavicius, M., Ferguson, L.: Human factors and information security: individual, culture and security environment. Technical report, Defence Science and Technology Organisation Edinburgh (Australia) Command (2010)"},{"key":"10_CR36","first-page":"107","volume":"2016","author":"F Ruffy","year":"2016","unstructured":"Ruffy, F., Hommel, W., von Eye, F.: A stride-based security architecture for software-defined networking. ICN 2016, 107 (2016)","journal-title":"ICN"},{"key":"10_CR37","unstructured":"Saitta, P., Larcom, B., Eddington, M.: Trike v1 methodology document. Draft, work in progress (2005)"},{"key":"10_CR38","doi-asserted-by":"crossref","unstructured":"Salas, E., Maurino, D., Curtis, M.: Human factors in aviation: an overview. Hum. Fact. Aviat. 3\u201319 (2010)","DOI":"10.1016\/B978-0-12-374518-7.00001-8"},{"key":"10_CR39","volume-title":"Research Methods for Business Students","author":"M Saunders","year":"2009","unstructured":"Saunders, M., Lewis, P., Thornhill, A.: Research Methods for Business Students. Pearson Education, London (2009)"},{"issue":"2","key":"10_CR40","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/s00766-013-0195-2","volume":"20","author":"R Scandariato","year":"2015","unstructured":"Scandariato, R., Wuyts, K., Joosen, W.: A descriptive study of Microsoft\u2019s threat modeling technique. Requirements Eng. 20(2), 163\u2013180 (2015)","journal-title":"Requirements Eng."},{"key":"10_CR41","volume-title":"Threat Modeling: Designing for Security","author":"A Shostack","year":"2014","unstructured":"Shostack, A.: Threat Modeling: Designing for Security. John Wiley & Sons, Hoboken (2014)"},{"key":"10_CR42","doi-asserted-by":"publisher","DOI":"10.1002\/9781118988374","volume-title":"Risk Centric Threat Modeling","author":"T UcedaVelez","year":"2015","unstructured":"UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling. Wiley Online Library, Hoboken (2015)"},{"issue":"4","key":"10_CR43","doi-asserted-by":"publisher","first-page":"734","DOI":"10.1016\/j.csi.2013.12.008","volume":"36","author":"AV Uzunov","year":"2014","unstructured":"Uzunov, A.V., Fernandez, E.B.: An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput. Stan. Interfaces 36(4), 734\u2013747 (2014)","journal-title":"Comput. Stan. Interfaces"},{"key":"10_CR44","doi-asserted-by":"crossref","unstructured":"Vieane, A., Funke, G., Gutzwiller, R., Mancuso, V., Sawyer, B., Wickens, C.: Addressing human factors gaps in cyber defense. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 60, pp. 770\u2013773. SAGE Publications Sage CA, Los Angeles (2016)","DOI":"10.1177\/1541931213601176"},{"key":"10_CR45","doi-asserted-by":"crossref","unstructured":"Widdowson, A.J., Goodliff, P.B.: CHEAT, an approach to incorporating human factors in cyber security assessments. In: 10th IET System Safety and Cyber-Security Conference 2015, pp. 1\u20135 (2015)","DOI":"10.1049\/cp.2015.0298"},{"key":"10_CR46","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.cose.2019.03.010","volume":"84","author":"W Xiong","year":"2019","unstructured":"Xiong, W., Lagerstr\u00f6m, R.: Threat modeling-a systematic literature review. Comput. Secur. 84, 53\u201369 (2019)","journal-title":"Comput. Secur."},{"key":"10_CR47","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1007\/978-3-319-22915-7_40","volume-title":"Security in Computing and Communications","author":"T Yadav","year":"2015","unstructured":"Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Mart\u00ednez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438\u2013452. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-22915-7_40"},{"key":"10_CR48","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-319-60585-2_23","volume-title":"Advances in Human Factors in Cybersecurity","author":"H Young","year":"2018","unstructured":"Young, H., van Vliet, T., van de Ven, J., Jol, S., Broekman, C.: Understanding human factors in cyber security as a dynamic system. In: Nicholson, D. (ed.) AHFE 2017. AISC, vol. 593, pp. 244\u2013254. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-60585-2_23"},{"key":"10_CR49","doi-asserted-by":"crossref","unstructured":"Zwilling, M., Klien, G., Lesjak, D., Wiechetek, \u0141., Cetin, F., Basim, H.N.: Cyber security awareness, knowledge and behavior: a comparative study. J. Comput. Inf. Syst. 1\u201316 (2020)","DOI":"10.1080\/08874417.2020.1712269"}],"container-title":["Lecture Notes in Computer Science","HCI for Cybersecurity, Privacy and Trust"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-77392-2_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,2]],"date-time":"2025-07-02T22:33:08Z","timestamp":1751495588000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-77392-2_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030773915","9783030773922"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-77392-2_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"3 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HCII","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Human-Computer Interaction","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"hcii2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/2021.hci.international\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}