{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,15]],"date-time":"2025-08-15T01:22:17Z","timestamp":1755220937177,"version":"3.43.0"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032006462","type":"print"},{"value":"9783032006448","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-00644-8_12","type":"book-chapter","created":{"date-parts":[[2025,8,8]],"date-time":"2025-08-08T04:06:15Z","timestamp":1754625975000},"page":"196-212","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["SAM-CyFra: A\u00a0System for\u00a0the\u00a0Automated Management of\u00a0Cybersecurity Frameworks"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-1325-7094","authenticated-orcid":false,"given":"Raffaele","family":"Elia","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6776-9485","authenticated-orcid":false,"given":"Daniele","family":"Granata","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6708-4032","authenticated-orcid":false,"given":"Massimiliano","family":"Rak","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,8,9]]},"reference":[{"key":"12_CR1","unstructured":"ISO\/IEC 27001:2013 information technology \u2013 security techniques \u2013 information security management systems \u2013 requirements. Tech. Rep. 27001:2013 (2013)"},{"key":"12_CR2","unstructured":"ISO\/IEC 27005:2022 information security, cybersecurity and privacy protection guidance on managing information security risks. Tech. rep. (2022), https:\/\/www.iso.org\/standard\/80585.html, adopted in Europe as EN ISO\/IEC 27005:2024"},{"key":"12_CR3","unstructured":"CIS Benchmarks. https:\/\/www.cisecurity.org\/cis-benchmarks, April 2024, [online]"},{"key":"12_CR4","unstructured":"Center for Internet Security: CIS Controls, Version 7.1 (2019). http:\/\/www.cis.org"},{"key":"12_CR5","doi-asserted-by":"publisher","unstructured":"Coppolino, L., D\u2019Antonio, S., Mazzeo, G., Nardone, R., Romano, L., Schmitt, M.: Wasmbox: a lightweight wasm-based runtime for trustworthy multi-tenant embedded systems. IEEE Trans. Emerging Top. Comput., 1\u201314 (2024). https:\/\/doi.org\/10.1109\/TETC.2024.3409817","DOI":"10.1109\/TETC.2024.3409817"},{"key":"12_CR6","doi-asserted-by":"publisher","unstructured":"Coppolino, L., D Antonio, S., Mazzeo, G., Romano, L., Sgaglione, L.: Prisiem: enabling privacy-preserving managed security services. J. Network Comput. Appl. 203, 103397 (2022). https:\/\/doi.org\/10.1016\/j.jnca.2022.103397, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S108480452200056X","DOI":"10.1016\/j.jnca.2022.103397"},{"key":"12_CR7","unstructured":"DI\u00a0MASSIMO, D.: Misure minime di sicurezza ict per le pubbliche amministrazioni (2019)"},{"key":"12_CR8","unstructured":"Elia, R., Granata, D., Rak, M.: Threat analysis and security assessment of an HPC system. In: Gang, L., Joaquim, F., Zhiwei, X. (eds.) Communications in Computer and Information Science. Springer International Publishing (2025). forthcoming"},{"key":"12_CR9","doi-asserted-by":"publisher","unstructured":"Elia, R., Rak, M., Pascarella, D.: A First Step Towards an Automated Methodology for the Security Risk Assessment of U-Space Solutions. In: 2024 IEEE 21st International Conference on Mobile Ad-Hoc and Smart Systems (MASS), pp. 676\u2013681 (2024)https:\/\/doi.org\/10.1109\/MASS62177.2024.00108","DOI":"10.1109\/MASS62177.2024.00108"},{"key":"12_CR10","unstructured":"EUROCONTROL: U-space ConOps and architecture (edition 4). CORUS-XUAM Project Deliverable D4.2, 01.00.02, July 2023. https:\/\/www.sesarju.eu\/sites\/default\/files\/documents\/reports\/U-space%20CONOPS%204th%20edition.pdf"},{"key":"12_CR11","unstructured":"European Parliament and Council of the European Union: General Data Protection Regulation (GDPR) Regulation (EU) 2016\/679. Tech. Rep. L 119, European Union, May 2016. https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj, official Journal of the European Union, pp. 1\u201388"},{"key":"12_CR12","doi-asserted-by":"publisher","unstructured":"Karlos, V., Larcher, M.: Protection against Unmanned Aircraft Systems. Handbook on UAS risk assessment and principles for physical hardening of buildings and sites. Tech. rep., Joint Research Centre (European Commission) (2023). https:\/\/doi.org\/10.2760\/969680, https:\/\/op.europa.eu\/en\/publication-detail\/-\/publication\/21cb95e2-6bca-11ee-9220-01aa75ed71a1\/language-en","DOI":"10.2760\/969680"},{"key":"12_CR13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102376","volume":"108","author":"R Leszczyna","year":"2021","unstructured":"Leszczyna, R.: Review of cybersecurity assessment methods: applicability perspective. Comput. Secur. 108, 102376 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102376","journal-title":"Comput. Secur."},{"key":"12_CR14","volume-title":"Framework Nazionale per la Cybersecurity e la Data Protection","author":"M Angelini","year":"2019","unstructured":"Angelini, M., Ciccotelli, C., Franchina, L., Spaccamela, A.M., Querzoni, L.: Framework Nazionale per la Cybersecurity e la Data Protection. White Paper, CIS-Sapienza, CINI Cybersecurity National Lab (Feb (2019)"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Mell, P.: The nist definition of cloud computing. NIST Special Publication, pp. 800\u2013145 (2011)","DOI":"10.6028\/NIST.SP.800-145"},{"key":"12_CR16","unstructured":"National Institute of Standards and Technology: Framework for improving critical infrastructure cybersecurity. NIST Cybersecurity Framework Version 1.1 NIST CSWP 04162018, National Institute of Standards and Technology (2018). https:\/\/nvlpubs.nist.gov\/nistpubs\/CSWP\/NIST.CSWP.04162018.pdf"},{"key":"12_CR17","doi-asserted-by":"publisher","unstructured":"National Institute of Standards and Technology: Security and Privacy Controls for Federal Information Systems and Organizations. Tech. Rep. SP 800-53 Revision 5, National Institute of Standards and Technology (2020). https:\/\/doi.org\/10.6028\/NIST.SP.800-53r5","DOI":"10.6028\/NIST.SP.800-53r5"},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Paulk, M.C., Curtis, B., Chrissis, M.B., Weber, C.V.: Capability maturity model, version 1.1. IEEE Softw. 10(4), 18\u201327 (1993)","DOI":"10.1109\/52.219617"},{"key":"12_CR19","doi-asserted-by":"publisher","unstructured":"Quinn, S., Waltermire, D., Johnson, C., Scarfone, K., Banghart, J.: The technical specification for the security content automation protocol (scap): Scap version 1.0. Tech. Rep. 800-126, National Institute of Standards and Technology (NIST), Gaithersburg, MD (2009). https:\/\/doi.org\/10.6028\/NIST.SP.800-126, https:\/\/doi.org\/10.6028\/NIST.SP.800-126","DOI":"10.6028\/NIST.SP.800-126"},{"key":"12_CR20","doi-asserted-by":"publisher","unstructured":"Ross, R., Pillitteri, V., Graubart, R., Bodeau, D., Mcquaid, R.: Developing cyber-resilient systems: a systems security engineering approach. Tech. Rep. 800-160, Volume 2 Revision 1, National Institute of Standards and Technology (2021). https:\/\/doi.org\/10.6028\/NIST.SP.800-160v2r1","DOI":"10.6028\/NIST.SP.800-160v2r1"},{"key":"12_CR21","doi-asserted-by":"publisher","unstructured":"Saritac, U., Liu, X., Wang, R.: Assessment of cybersecurity framework in critical infrastructures. In: 2022 IEEE Delhi Section Conference (DELCON), pp.\u00a01\u20134 (2022). https:\/\/doi.org\/10.1109\/DELCON54057.2022.9753250","DOI":"10.1109\/DELCON54057.2022.9753250"},{"key":"12_CR22","doi-asserted-by":"publisher","unstructured":"SESAR JU: European ATM Master Plan. Digitalising Europe\u2019s Aviation Infrastructure. Executive view. 2020 Edition (2020). https:\/\/doi.org\/10.2829\/695700, https:\/\/www.sesarju.eu\/sites\/default\/files\/documents\/reports\/European%20ATM%20Master%20Plan%202020%20Exec%20View.pdf","DOI":"10.2829\/695700"},{"key":"12_CR23","doi-asserted-by":"publisher","unstructured":"SESAR JU: U?space. Supporting safe and secure drone operations in Europe. Consolidated report on SESAR U?space research and innovation results (2020). https:\/\/doi.org\/10.2829\/55322, https:\/\/www.sesarju.eu\/sites\/default\/files\/documents\/reports\/U-space%20research%20innovation%20results.pdf","DOI":"10.2829\/55322"},{"issue":"3","key":"12_CR24","first-page":"417","volume":"12","author":"M Syafrizal","year":"2020","unstructured":"Syafrizal, M., Selamat, S.R., Zakaria, N.A.: Analysis of cybersecurity standard and framework components. Int. J. Commun. Networks Inf. Secur. 12(3), 417\u2013432 (2020)","journal-title":"Int. J. Commun. Networks Inf. Secur."},{"key":"12_CR25","doi-asserted-by":"publisher","unstructured":"Varela-Vaca, A.J., Gasca, R.M., Ceballos, R., G mez-L pez, M.T., Torres, P.B.: Cyberspl: a framework for the verification of cybersecurity policy compliance of system configurations using software product lines. Appl. Sci. 9(24) (2019). https:\/\/doi.org\/10.3390\/app9245364, https:\/\/www.mdpi.com\/2076-3417\/9\/24\/5364","DOI":"10.3390\/app9245364"},{"key":"12_CR26","doi-asserted-by":"publisher","unstructured":"Wolden, M., Valverde, R., Talla, M.: The effectiveness of cobit 5 information security framework for reducing cyber attacks on supply chain management system. IFAC-PapersOnLine 48(3), 1846\u20131852 (2015). https:\/\/doi.org\/10.1016\/j.ifacol.2015.06.355. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2405896315005947,15th IFAC Symposium onInformation Control Problems in Manufacturing","DOI":"10.1016\/j.ifacol.2015.06.355"}],"container-title":["Lecture Notes in Computer Science","Availability, Reliability and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-00644-8_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,8]],"date-time":"2025-08-08T04:06:21Z","timestamp":1754625981000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-00644-8_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032006462","9783032006448"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-00644-8_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"9 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"ARES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Availability, Reliability and Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Ghent","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Belgium","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ares-12025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2025.ares-conference.eu","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}