{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T05:21:46Z","timestamp":1743139306654,"version":"3.40.3"},"publisher-location":"Cham","reference-count":17,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319109749"},{"type":"electronic","value":"9783319109756"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-10975-6_18","type":"book-chapter","created":{"date-parts":[[2014,9,3]],"date-time":"2014-09-03T08:26:14Z","timestamp":1409732774000},"page":"239-249","source":"Crossref","is-referenced-by-count":2,"title":["Risk Reduction Overview"],"prefix":"10.1007","author":[{"given":"Hellen Nanda Janine","family":"Havinga","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Olivier Diederik Theobald","family":"Sessink","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"18_CR1","unstructured":"Acquisti, A., Friedman, A., Telang, R. Is there a cost to privacy breaches? An event study. In: Fifth Workshop on the Economics of Information Security. Cambridge (2006)"},{"key":"18_CR2","doi-asserted-by":"crossref","unstructured":"Arora, A., Hall, D., Pinto, C., Ramsey, D., Telang, R.: An ounce of prevention vs. a pound of cure: How can we measure the value of IT security solutions? Lawrence Berkeley National Laboratory, University of California (2004)","DOI":"10.1109\/MITP.2004.89"},{"key":"18_CR3","unstructured":"Berinato, S.: Finally, a real return on security spending. CIO Magazine, 43\u201352 (2002)"},{"key":"18_CR4","unstructured":"Bornman, G., Labuschagne, L.: A comparative framework for evaluating information security risk management methods. In: Proceedings of the Information Security South Africa Conference, ISSA (2004)"},{"issue":"2","key":"18_CR5","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1108\/09685220310468646","volume":"11","author":"A. Garg","year":"2003","unstructured":"Garg, A., Curtis, J., Halper, H.: Quantifying the financial impact of IT security breaches. Information Management and Computer Security\u00a011(2), 74\u201383 (2003)","journal-title":"Information Management and Computer Security"},{"issue":"4","key":"18_CR6","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"L. Gordon","year":"2002","unstructured":"Gordon, L., Loeb, M.: The economics of information security investment. ACM Transaction on Information and System Security\u00a05(4), 438\u2013457 (2002)","journal-title":"ACM Transaction on Information and System Security"},{"key":"18_CR7","unstructured":"Hoo, K.J.S.: How much is enough? A risk management approach to computer security. Doctoral Thesis, Stanford University (2000)"},{"key":"18_CR8","unstructured":"NIST Special Publication 800-37 Revision 1, \n                    \n                      http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-37-rev1\/sp800-37-rev1-final.pdf"},{"key":"18_CR9","unstructured":"Joint Task Force Transformation Initiative: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. NIST Special Publication 800-37, Revision 1. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (2010)"},{"key":"18_CR10","unstructured":"Joint Technical Committee ISO\/IEC JTC\u00a01\/SC\u00a027: ISO\/IEC 27005:2011 Information technology \u2014 Security techniques \u2014 Information security risk management. International Organization for Standardization, Geneva (2011)"},{"issue":"12","key":"18_CR11","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1109\/2.889092","volume":"33","author":"T. Longstaff","year":"2000","unstructured":"Longstaff, T., Chittister, C., Pethia, R., Haimes, Y.: Are we forgetting the risk of information technology? Computer\u00a033(12), 43\u201351 (2000)","journal-title":"Computer"},{"issue":"11","key":"18_CR12","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/2.963441","volume":"34","author":"R.A. Martin","year":"2001","unstructured":"Martin, R.A.: Managing Vulnerabilities in Networked Systems. Computer\u00a034(11), 32\u201338 (2001)","journal-title":"Computer"},{"key":"18_CR13","first-page":"1","volume-title":"Proceedings of the 7th International Workshop on Economics-Driven Software Engineering Research, ICSE","author":"T. Neubauer","year":"2005","unstructured":"Neubauer, T., Klemen, M., Biffl, S.: Business process-based valuation of IT-security. In: Sullivan, K. (ed.) Proceedings of the 7th International Workshop on Economics-Driven Software Engineering Research, ICSE, pp. 1\u20135. ACM, New York (2005)"},{"key":"18_CR14","unstructured":"Risk Reduction Overview example, \n                    \n                      http:\/\/rro.sourceforge.net\/examples.html"},{"key":"18_CR15","unstructured":"Risk Reduction Overview website, \n                    \n                      http:\/\/rro.sourceforge.net\/"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): Towards unifying the constructs of attack and defense trees. In: Security and Communication Networks, pp. 929\u2013943 (2012)","DOI":"10.1002\/sec.299"},{"issue":"12","key":"18_CR17","first-page":"21","volume":"24","author":"B. Schneier","year":"1999","unstructured":"Schneier, B.: Attack Trees. Dr. Dobb\u2019s Journal of Software Tools\u00a024(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s Journal of Software Tools"}],"container-title":["Lecture Notes in Computer Science","Availability, Reliability, and Security in Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-10975-6_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,27]],"date-time":"2019-05-27T15:23:00Z","timestamp":1558970580000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-10975-6_18"}},"subtitle":["A Visualization Method for Risk Management"],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319109749","9783319109756"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-10975-6_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}