{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T11:16:38Z","timestamp":1743074198749,"version":"3.40.3"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031311079"},{"type":"electronic","value":"9783031311086"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-31108-6_13","type":"book-chapter","created":{"date-parts":[[2023,5,15]],"date-time":"2023-05-15T12:19:23Z","timestamp":1684153163000},"page":"169-184","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["How IT Infrastructures Break: Better Modeling for\u00a0Better Risk Management"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0359-0902","authenticated-orcid":false,"given":"Benjamin","family":"Somers","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2419-7587","authenticated-orcid":false,"given":"Fabien","family":"Dagnat","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6986-1093","authenticated-orcid":false,"given":"Jean-Christophe","family":"Bach","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,5,14]]},"reference":[{"key":"13_CR1","unstructured":"Reference Model of Open Distributed Processing (RM-ODP). http:\/\/rm-odp.net\/"},{"key":"13_CR2","doi-asserted-by":"publisher","unstructured":"Abbass, W., Baina, A., Bellafkih, M.: Using EBIOS for risk management in critical information infrastructure. In: 5$$^{\\rm th}$$ World Congress on Information and Communication Technologies, pp. 107\u2013112 (2015). https:\/\/doi.org\/10.1109\/WICT.2015.7489654","DOI":"10.1109\/WICT.2015.7489654"},{"key":"13_CR3","unstructured":"Agence Nationale de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information: EBIOS Risk Manager (2019). https:\/\/www.ssi.gouv.fr\/uploads\/2019\/11\/anssi-guide-ebios_risk_manager-en-v1.0.pdf"},{"key":"13_CR4","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1007\/978-3-319-05951-8_42","volume-title":"New Perspectives in Information Systems and Technologies, Volume 1","author":"FM Alturkistani","year":"2014","unstructured":"Alturkistani, F.M., Emam, A.Z.: A review of security risk assessment methods in cloud computing. In: Rocha, \u00c1., Correia, A.M., Tan, F.B., Stroetmann, K.A. (eds.) New Perspectives in Information Systems and Technologies, Volume 1. AISC, vol. 275, pp. 443\u2013453. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-05951-8_42"},{"key":"13_CR5","doi-asserted-by":"publisher","unstructured":"Anthes, G.: Open source software no longer optional. Commun. ACM 59(8), 2949684 (2016) https:\/\/doi.org\/10.1145\/2949684","DOI":"10.1145\/2949684"},{"key":"13_CR6","doi-asserted-by":"publisher","unstructured":"Baybutt, P.: A critique of the Hazard and Operability (HAZOP) study. J. Loss Preven. Process Indust. 33, 52\u201358 (2015). https:\/\/doi.org\/10.1016\/j.jlp.2014.11.010","DOI":"10.1016\/j.jlp.2014.11.010"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Bradner, S.O.: Key words for use in RFCs to Indicate Requirement Levels. RFC 2119 (1997). https:\/\/www.rfc-editor.org\/info\/rfc2119","DOI":"10.17487\/rfc2119"},{"key":"13_CR8","doi-asserted-by":"publisher","unstructured":"Cristea, G., Constantinescu, D.: A comparative critical study between FMEA and FTA risk analysis methods. IOP Conf. Ser. Mater. Sci. Eng. 252, 012046 (2017). https:\/\/doi.org\/10.1088\/1757-899x\/252\/1\/012046","DOI":"10.1088\/1757-899x\/252\/1\/012046"},{"key":"13_CR9","doi-asserted-by":"publisher","unstructured":"van Deursen, A., Klint, P., Visser, J.: Domain-specific languages: an annotated bibliography. SIGPLAN Notices 35(6), 352035 (2000). https:\/\/doi.org\/10.1145\/352029.352035","DOI":"10.1145\/352029.352035"},{"key":"13_CR10","unstructured":"European parliament and council of the European union: general data protection regulation (2016). https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32016R0679"},{"key":"13_CR11","doi-asserted-by":"publisher","unstructured":"Golra, F.R., Beugnard, A., Dagnat, F., Gu\u00e9rin, S., Guychard, C.: addressing modularity for heterogeneous multi-model systems using model federation. In: Companion Proceedings of the 15th International Conference on Modularity (MoMo2016). ACM (2016). https:\/\/doi.org\/10.1145\/2892664.2892701","DOI":"10.1145\/2892664.2892701"},{"key":"13_CR12","doi-asserted-by":"publisher","unstructured":"Hannousse, A., Yahiouche, S.: Securing microservices and microservice architectures: a systematic mapping study. Comput. Sci. Rev. 41, 100415 (2021). https:\/\/doi.org\/10.1016\/j.cosrev.2021.100415","DOI":"10.1016\/j.cosrev.2021.100415"},{"key":"13_CR13","doi-asserted-by":"publisher","unstructured":"He, J., Sun, L.: A Review on SLA-Related Applications in Cloud Computing. In: 2018 1st International Cognitive Cities Conference (IC3) (2018). https:\/\/doi.org\/10.1109\/IC3.2018.00027","DOI":"10.1109\/IC3.2018.00027"},{"key":"13_CR14","unstructured":"International Electrotechnical Commission: IEC 61882:2016 \u2013 Hazard and operability studies (HAZOP studies) - Application guide (2016). https:\/\/webstore.iec.ch\/publication\/24321"},{"key":"13_CR15","unstructured":"International Organization for Standardization: ISO 27005:2018 \u2013 Information technology - Security techniques - Information security risk management (2018). https:\/\/www.iso.org\/standard\/75281.html"},{"key":"13_CR16","unstructured":"International Organization for Standardization: ISO 31000:2018 \u2013 Risk management - Guidelines (2018). https:\/\/www.iso.org\/standard\/65694.html"},{"key":"13_CR17","unstructured":"Jackson, D.: Software abstractions: logic, language, and analysis. The MIT Press, second edn. (2011)"},{"key":"13_CR18","doi-asserted-by":"publisher","unstructured":"Leveson, N.G., Fleming, C.H., Spencer, M., Thomas, J., Wilkinson, C.: Safety assessment of complex, software-intensive systems. SAE Int. J. Aerospace 5(1), 233\u2013244 (2012). https:\/\/doi.org\/10.4271\/2012-01-2134","DOI":"10.4271\/2012-01-2134"},{"key":"13_CR19","doi-asserted-by":"publisher","unstructured":"Lv, J., Rong, J.: Virtualisation security risk assessment for enterprise cloud services based on stochastic game nets model. IET Inf. Secur. 12(1), 0038 (2018). https:\/\/doi.org\/10.1049\/iet-ifs.2017.0038","DOI":"10.1049\/iet-ifs.2017.0038"},{"key":"13_CR20","doi-asserted-by":"publisher","unstructured":"Masoudi, R., Ghaffari, A.: Software defined networks: a survey. J. Netw. Comput. Appli. 67, 016 (2016). https:\/\/doi.org\/10.1016\/j.jnca.2016.03.016","DOI":"10.1016\/j.jnca.2016.03.016"},{"key":"13_CR21","unstructured":"Mastercard: transaction processing rules (2021). https:\/\/www.mastercard.us\/content\/dam\/public\/mastercardcom\/na\/global-site\/documents\/transaction-processing-rules.pdf"},{"key":"13_CR22","doi-asserted-by":"publisher","unstructured":"Merabti, M., Kennedy, M., Hurst, W.: Critical infrastructure protection: a 21st century challenge. In: 2011 International Conference on Communications and Information Technology (ICCIT) (2011). https:\/\/doi.org\/10.1109\/ICCITECHNOL.2011.5762681","DOI":"10.1109\/ICCITECHNOL.2011.5762681"},{"key":"13_CR23","doi-asserted-by":"publisher","unstructured":"Murata, T.: Petri nets: Properties, analysis and applications. Proceed. IEEE 77(4), 24143 (1989). https:\/\/doi.org\/10.1109\/5.24143","DOI":"10.1109\/5.24143"},{"key":"13_CR24","doi-asserted-by":"publisher","unstructured":"Neville-Neil, G.: I Unplugged what? Commun. ACM 65(2), 3506579 (2022). https:\/\/doi.org\/10.1145\/3506579","DOI":"10.1145\/3506579"},{"key":"13_CR25","unstructured":"OMG: Unified Modeling Language (UML), Version 2.5.1 (2017). https:\/\/www.omg.org\/spec\/UML\/2.5.1"},{"key":"13_CR26","unstructured":"Payment card industry security standards council: payment card industry data security standard (2022). https:\/\/www.pcisecuritystandards.org\/documents\/PCI-DSS-v40.pdf"},{"key":"13_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"352","DOI":"10.1007\/978-3-540-45064-1_16","volume-title":"Component-Based Software Quality","author":"LC Rose","year":"2003","unstructured":"Rose, L.C.: Risk management of COTS based systems development. In: Cechich, A., Piattini, M., Vallecillo, A. (eds.) Component-Based Software Quality. LNCS, vol. 2693, pp. 352\u2013373. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45064-1_16"},{"key":"13_CR28","unstructured":"SAE International: ARP4761 \u2013 Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment (1996). https:\/\/www.sae.org\/standards\/content\/arp4761\/"},{"key":"13_CR29","unstructured":"SAE International: AS9100D \u2013 Quality management systems - requirements for aviation, space, and defense organizations (2016). https:\/\/www.sae.org\/standards\/content\/as9100d\/"},{"issue":"1","key":"13_CR30","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1007\/s11219-017-9396-0","volume":"27","author":"SM Sulaman","year":"2017","unstructured":"Sulaman, S.M., Beer, A., Felderer, M., H\u00f6st, M.: Comparison of the FMEA and STPA safety analysis methods\u2013a case study. Software Qual. J. 27(1), 349\u2013387 (2017). https:\/\/doi.org\/10.1007\/s11219-017-9396-0","journal-title":"Software Qual. J."},{"key":"13_CR31","unstructured":"The Open Group: ArchiMate \u00ae 3.1 Specification. https:\/\/publications.opengroup.org\/c197"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Varga, A., Hornig, R.: An overview of the OMNeT++ simulation environment. In: Proceedings of the 1st International Conference on Simulation Tools and Techniques for Communications, Networks and Systems & Workshops. Simutools 2008, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2008)","DOI":"10.4108\/ICST.SIMUTOOLS2008.3027"},{"key":"13_CR33","unstructured":"Visa: Visa core rules and visa product and service rules (2022). https:\/\/bb.visa.com\/content\/dam\/VCOM\/download\/about-visa\/visa-rules-public.pdf"},{"key":"13_CR34","doi-asserted-by":"publisher","unstructured":"Yates, A.: A framework for studying mortality arising from critical infrastructure loss. Int. J. Crit. Infrastruct. Protect. 7(2), 100\u2013111 (2014). https:\/\/doi.org\/10.1016\/j.ijcip.2014.04.002","DOI":"10.1016\/j.ijcip.2014.04.002"}],"container-title":["Lecture Notes in Computer Science","Risks and Security of Internet and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-31108-6_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,15]],"date-time":"2023-05-15T12:20:49Z","timestamp":1684153249000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-31108-6_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031311079","9783031311086"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-31108-6_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"14 May 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRiSIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Risks and Security of Internet and Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sousse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tunisia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 December 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 December 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crisis2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"14","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}