{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T23:54:38Z","timestamp":1767138878885,"version":"build-2238731810"},"publisher-location":"Cham","reference-count":18,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319070759","type":"print"},{"value":"9783319070766","type":"electronic"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-07076-6_4","type":"book-chapter","created":{"date-parts":[[2014,7,9]],"date-time":"2014-07-09T01:42:43Z","timestamp":1404870163000},"page":"51-67","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Utilizing Security Risk Analysis and Security Testing in the Legal Domain"],"prefix":"10.1007","author":[{"given":"Samson Yoseph","family":"Esayas","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,7,10]]},"reference":[{"key":"4_CR1","volume-title":"CODE 2.0","author":"L Lessing","year":"2006","unstructured":"Lessing, L.: CODE 2.0. Basic Books, New York (2006)"},{"key":"4_CR2","first-page":"553","volume":"76","author":"J Reidenberg","year":"1998","unstructured":"Reidenberg, J.: Lex informatica: the formulation of information policy rules through technology. Texas Law Rev. 76, 553\u2013593 (1998)","journal-title":"Texas Law Rev."},{"key":"4_CR3","first-page":"340","volume":"49","author":"T Mahler","year":"2006","unstructured":"Mahler, T., Bing, J.: Contractual risk management in an ICT context \u2013 searching for a possible interface between legal methods and risk analysis. Scand. Stud. Law 49, 340\u2013357 (2006)","journal-title":"Scand. Stud. Law"},{"key":"4_CR4","first-page":"21","volume":"49","author":"H Haapio","year":"2006","unstructured":"Haapio, H.: Introduction to proactive law: a business lawyer\u2019s view. Scand. Stud. Law 49, 21\u201334 (2006)","journal-title":"Scand. Stud. Law"},{"key":"4_CR5","unstructured":"A Report by Harvard Business Review Analytic Services: Meeting the cyber risk challenge (2012). http:\/\/www.computerweekly.com\/blogs\/public-sector\/Meeting%20the%20Cyber%20Risk%20Challenge%20-%20Harvard%20Business%20Review%20-%20Zurich%20Insurance%20group.pdf"},{"key":"4_CR6","unstructured":"Article 29 Data Protection Working Party: Opinion 05\/2012 on Cloud Computing (WP196) (2012)"},{"key":"4_CR7","unstructured":"Mahler, T.: Legal risk management: developing and evaluating elements of a method for proactive legal analyses, with a particular focus on contracts. Ph.D. thesis, University of Oslo (2010)"},{"key":"4_CR8","unstructured":"Practical Law Company: Benchmarking survey: legal risk and compliance (2009). http:\/\/www.bakermckenzie.com\/files\/Publication\/a2a678d5-cefd-490e-832f-336bac345d92\/Presentation\/PublicationAttachment\/fa757c2b-e9d0-447d-b65d-3b75101f8d92\/london_rmc_importance_rms_survey_2009.pdf"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/11429760_4","volume-title":"Trust Management","author":"F Vraalsen","year":"2005","unstructured":"Vraalsen, F., Lund, M.S., Mahler, T., Parent, X., St\u00f8len, K.: Specifying legal risk scenarios using the CORAS threat modelling language. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 45\u201360. Springer, Heidelberg (2005)"},{"key":"4_CR10","unstructured":"Mahler, T.: Defining legal risk. Paper Presented at the Conference \u201cCommercial Contracting for Strategic Advantage \u2013 Potentials and Prospects\u201d, Turku University of Applied Sciences 2007, Conference Proceedings, pp. 10\u201331 (2007)"},{"key":"4_CR11","unstructured":"Breach Watch website. http:\/\/breachwatch.com\/ico-fines\/"},{"key":"4_CR12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8","volume-title":"Model-Driven Risk Analysis: The CORAS Approach","author":"MS Lund","year":"2011","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2011)"},{"key":"4_CR13","unstructured":"European Network and Information Security Agency (ENISA). Data protection notification in the EU. (2011) http:\/\/www.google.no\/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&cad=rja&ved=0CFQQFjAF&url=http%3A%2F%2Fwww.enisa.europa.eu%2Fact%2Fit%2Flibrary%2Fdeliverables%2Fdbn%2Fat_download%2FfullReport&ei=jGZ7UszFGcLWswa6_IHQDg&usg=AFQjCNF-xhsOCTKZgUBhhPkcPv4PQc1o4w&sig2=1m6OK7FfXnz952Cr_XVvow&bvm=bv.56146854,d.Yms"},{"key":"4_CR14","unstructured":"National Conference of State Legislatures. http:\/\/www.ncsl.org\/research\/telecommunications-and-information-technology\/security-breach-notification-laws.aspx"},{"key":"4_CR15","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/978-3-642-00328-8_2","volume-title":"Business Process Management Workshops","author":"G Governatori","year":"2009","unstructured":"Governatori, G., Hoffmann, J., Sadiq, S., Weber, I.: Detecting regulatory compliance for business process models through semantic annotations. In: Ardagna, D., Mecella, M., Yang, J. (eds.) Business Process Management Workshops. LNBIP, vol. 17, pp. 5\u201317. Springer, Heidelberg (2009)"},{"issue":"3\/4","key":"4_CR16","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1147\/rd.513.0295","volume":"51","author":"S M\u00fcller","year":"2007","unstructured":"M\u00fcller, S., Supatgiat, C.: A quantitative optimization model for dynamic risk-based compliance management. IBM J. Res. Dev. 51(3\/4), 295\u2013308 (2007)","journal-title":"IBM J. Res. Dev."},{"key":"4_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-642-32885-5_7","volume-title":"Business Process Management","author":"JME van der Werf","year":"2012","unstructured":"van der Werf, J.M.E., Verbeek, H.M.W., van der Aalst, W.M.: Context-aware compliance checking. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 98\u2013113. Springer, Heidelberg (2012)"},{"key":"4_CR18","unstructured":"Common Criteria: Common Criteria for Information Technology Security Evaluation: Part 3: Security Assurance Components. Version 3.1, Revision 4, September 2012. CCMB-2012-09-003 (2012)"}],"container-title":["Lecture Notes in Computer Science","Risk Assessment and Risk-Driven Testing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-07076-6_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,12,21]],"date-time":"2023-12-21T22:46:44Z","timestamp":1703198804000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-07076-6_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319070759","9783319070766"],"references-count":18,"aliases":["10.1007\/978-3-319-14114-5_4"],"URL":"https:\/\/doi.org\/10.1007\/978-3-319-07076-6_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]},"assertion":[{"value":"10 July 2014","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}