{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T16:43:15Z","timestamp":1725813795004},"publisher-location":"Cham","reference-count":21,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319138404"},{"type":"electronic","value":"9783319138411"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-13841-1_9","type":"book-chapter","created":{"date-parts":[[2014,12,3]],"date-time":"2014-12-03T08:02:35Z","timestamp":1417593755000},"page":"149-166","source":"Crossref","is-referenced-by-count":0,"title":["A Formal Methodology for Modeling Threats to Enterprise Assets"],"prefix":"10.1007","author":[{"given":"Jaya","family":"Bhattacharjee","sequence":"first","affiliation":[]},{"given":"Anirban","family":"Sengupta","sequence":"additional","affiliation":[]},{"given":"Chandan","family":"Mazumdar","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"9_CR1","unstructured":"ISO\/IEC: ISO\/IEC 27005:2011 Information technology - Security techniques - Information security risk management. 2 edn., Switzerland (2011)"},{"key":"9_CR2","unstructured":"Deloitte: Irish information security and cybercrime survey (2014), \n                      \n                        https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/ie\/Documents\/Risk\/cybercrime_survey_risk_2013_deloitte_ireland.pdf"},{"key":"9_CR3","unstructured":"Government, U.K.: 2013 information security breaches survey (2013), \n                      \n                        https:\/\/www.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/191671\/bis-13-p184es-2013-information-security-breaches-survey-executive-summary.pdf"},{"key":"9_CR4","unstructured":"ISO\/IEC: ISO\/IEC 27002:2013, Information technology - Security techniques - Code of practice for information security management. 2 edn., Switzerland (2013)"},{"key":"9_CR5","unstructured":"BSI: Threats Catalogue - Elementary Threats (2008), \n                      \n                        www.bsi.bund.de\/grundschutz"},{"issue":"4","key":"9_CR6","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1109\/TDSC.2012.24","volume":"9","author":"M. Tu","year":"2012","unstructured":"Tu, M., Sanford, M., Thomas, L., Woodraska, D., Xu, W.: Automated security test generation with formal threat model. IEEE Transactions on Dependable and Secure Computing\u00a09(4), 526\u2013540 (2012)","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"9_CR7","unstructured":"Swiderski, F., Snyder, W.: Threat modeling. Microsoft Press, US (2004)"},{"key":"9_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-54069-1_1","volume-title":"Privacy Technologies and Policy","author":"K. Beckers","year":"2014","unstructured":"Beckers, K., Fa\u00dfbender, S., Heisel, M., Meis, R.: A problem-based approach for computer-aided privacy threat identification. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol.\u00a08319, pp. 1\u201316. Springer, Heidelberg (2014)"},{"key":"9_CR9","doi-asserted-by":"publisher","first-page":"1103","DOI":"10.1145\/2245276.2231950","volume-title":"Proc. 27th Annual ACM Symposium on Applied Computing","author":"A. Schaad","year":"2012","unstructured":"Schaad, A., Borozdin, M.: TAM:automated threat analysis. In: Proc. 27th Annual ACM Symposium on Applied Computing, pp. 1103\u20131108. ACM, New York (2012)"},{"key":"9_CR10","first-page":"1","volume-title":"Proc. 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)","author":"J. Luna","year":"2012","unstructured":"Luna, J., Suri, N., Krontiris, I.: Privacy-by-design based on quantitative threat modeling. In: Proc. 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1\u20138. IEEE Press, New York (2012)"},{"key":"9_CR11","first-page":"1","volume-title":"Proc. 5th International Conference on Risks and Security of Internet and Systems (CRiSIS)","author":"H. Pardue","year":"2010","unstructured":"Pardue, H., Yasinsac, A., Landry, J.: Towards internet voting security: A threat tree for risk assessment. In: Proc. 5th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1\u20137. IEEE Press, New York (2010)"},{"key":"9_CR12","first-page":"1","volume-title":"Proc. 8th International Conference on Risks and Security of Internet and Systems (CRiSIS)","author":"D. Ayed","year":"2013","unstructured":"Ayed, D., Asim, M., Jones, D.L.: An event processing approach for threats monitoring of service compositions. In: Proc. 8th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1\u201310. IEEE Press, New York (2013)"},{"key":"9_CR13","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1016\/j.ijepes.2013.02.008","volume":"50","author":"E. Bompard","year":"2013","unstructured":"Bompard, E., Huang, T., Wub, Y., Cremenescu, M.: Classification and trend analysis of threats origins to the security of power systems. International Journal of Electrical Power and Energy Systems\u00a050, 50\u201364 (2013)","journal-title":"International Journal of Electrical Power and Energy Systems"},{"issue":"5","key":"9_CR14","doi-asserted-by":"publisher","first-page":"480","DOI":"10.1016\/j.im.2007.05.003","volume":"44","author":"Q.J. Yeh","year":"2007","unstructured":"Yeh, Q.J., Chang, J.T.: Threats and countermeasures for information system security. Information and Management\u00a044(5), 480\u2013491 (2007)","journal-title":"Information and Management"},{"key":"9_CR15","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1109\/WAINA.2010.39","volume-title":"Proc. IEEE 24th International Conference on Advanced Information Networking and Applications Workshops","author":"M. Alhabeeb","year":"2010","unstructured":"Alhabeeb, M., Almuhaideb, A., Le, P.D., Srinivasan, B.: Information security threats classification pyramid. In: Proc. IEEE 24th International Conference on Advanced Information Networking and Applications Workshops, pp. 208\u2013213. IEEE Press, New York (2010)"},{"issue":"2","key":"9_CR16","doi-asserted-by":"publisher","first-page":"833","DOI":"10.12785\/amis\/080245","volume":"8","author":"K. Wu","year":"2014","unstructured":"Wu, K., Ye, S.: An information security threat assessment model based on bayesian network and owa operator. Appl. Math. Inf. Sci\u00a08(2), 833\u2013838 (2014)","journal-title":"Appl. Math. Inf. Sci"},{"key":"9_CR17","first-page":"1","volume-title":"Proc. 8th International Conference on Risks and Security of Internet and Systems (CRiSIS)","author":"J. Bhattacharjee","year":"2013","unstructured":"Bhattacharjee, J., Sengupta, A., Mazumdar, C.: A formal methodology for enterprise information security risk assessment. In: Proc. 8th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1\u20139. IEEE Press, New York (2013)"},{"key":"9_CR18","first-page":"74","volume-title":"Proc. 4th International Conference on Risks and Security of Internet and Systems (CRiSIS)","author":"A. Sengupta","year":"2009","unstructured":"Sengupta, A., Mazumdar, C., Bagchi, A.: Formal methodology for detection of vulnerabilities in an enterprise information system. In: Proc. 4th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 74\u201381. IEEE Press, New York (2009)"},{"key":"9_CR19","unstructured":"Ross, R., Katzke, S., Johnson, A., Swanson, M., Stoneburner, G., Rogers, G.: Recommended Security Controls for Federal Information Systems, NIST Special Publication 800-53. 3 edn., Maryland (2009)"},{"key":"9_CR20","unstructured":"ISACA: COBIT5 A Business Framework for the Governance and Management of Enterprise IT, Illinois (2012)"},{"key":"9_CR21","unstructured":"ISO\/IEC: ISO\/IEC 27001:2013, Information technology - Security techniques - Information security management systems - Requirements. 2 edn., Switzerland (2013)"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-13841-1_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,28]],"date-time":"2019-05-28T18:59:34Z","timestamp":1559069974000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-13841-1_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319138404","9783319138411"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-13841-1_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}