{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:40:09Z","timestamp":1742913609455,"version":"3.40.3"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319590400"},{"type":"electronic","value":"9783319590417"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-59041-7_5","type":"book-chapter","created":{"date-parts":[[2017,5,4]],"date-time":"2017-05-04T02:43:06Z","timestamp":1493865786000},"page":"77-95","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Insider Threat Likelihood Assessment for Flexible Access Control"],"prefix":"10.1007","author":[{"given":"Sofiene","family":"Boulares","sequence":"first","affiliation":[]},{"given":"Kamel","family":"Adi","sequence":"additional","affiliation":[]},{"given":"Luigi","family":"Logrippo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,5]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Bartsch, S.: A calculus for the qualitative risk assessment of policy override authorization. In: Proceedings of the International Conference on Security of Information and Networks, pp. 62\u201370 (2010)","DOI":"10.1145\/1854099.1854115"},{"key":"5_CR2","doi-asserted-by":"crossref","unstructured":"Bishop, M., Gates, C.: Defining the insider threat. In: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, p. 15 (2008)","DOI":"10.1145\/1413140.1413158"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Boulares, S., Adi, K., Logrippo, L.: Insider threat likelihood assessment for access control systems: quantitative approach. In: International Symposium on Foundations and Practice of Security, pp. 135\u2013142 (2016)","DOI":"10.1007\/978-3-319-51966-1_9"},{"issue":"6","key":"5_CR4","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2009.110","volume":"7","author":"D Caputo","year":"2009","unstructured":"Caputo, D., Maloof, M., Stephens, G.: Detecting insider theft of trade secrets. IEEE Secur. Priv. 7(6), 14\u201321 (2009)","journal-title":"IEEE Secur. Priv."},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Cheng, P., Rohatgi, P., Keser, C., Karger, P., Wagner, G., Reninger, A.: Fuzzy multilevel security: an experiment on quantified risk-adaptive access control. In: Security and Privacy, pp. 222\u2013230 (2007)","DOI":"10.1109\/SP.2007.21"},{"key":"5_CR6","unstructured":"Clusif. MEHARI 2010 principes fondamentaux et sp\u00e9cification fonctionnelles (2009)"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Diep, N., Hung, L., Zhung, Y., Lee, S., Lee, Y., Lee, H.: Enforcing access control using risk assessment. In: Fourth European Conference on Universal Multiservice Networks, pp. 419\u2013424 (2007)","DOI":"10.1109\/ECUMN.2007.19"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Fagade, T., Tryfonas, T.: Security by Compliance? A study of insider threat implications for Nigerian banks. In: International Conference on Human Aspects of Information Security, Privacy, and Trust, pp. 128\u2013139 (2016)","DOI":"10.1007\/978-3-319-39381-0_12"},{"key":"5_CR9","unstructured":"International Organization for Standardization. ISO\/IEC 27001: Information technology - Security techniques - Information security management systems - Requirements (2013)"},{"key":"5_CR10","unstructured":"IT Global Corporate. Security risks (2013)"},{"key":"5_CR11","unstructured":"INFOSEC Glossary. National information systems security (infosec) glossary (2000)"},{"issue":"2","key":"5_CR12","doi-asserted-by":"publisher","first-page":"25","DOI":"10.5038\/1944-0472.4.2.2","volume":"4","author":"F Greitzer","year":"2011","unstructured":"Greitzer, F., Hohimer, R.: Modeling human behavior to anticipate insider attacks. J. Strateg. Secur. 4(2), 25 (2011)","journal-title":"J. Strateg. Secur."},{"issue":"4","key":"5_CR13","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1080\/1097198X.2013.10845648","volume":"16","author":"J Hua","year":"2013","unstructured":"Hua, J., Bapna, S.: Who can we trust? The economic impact of insider threats. J. Global Inf. Technol. Manag. 16(4), 47\u201367 (2013)","journal-title":"J. Global Inf. Technol. Manag."},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Kandala, S., Sandhu, R., Bhamidipati, V.: An attribute based framework for risk-adaptive access control models. In: Availability, Reliability and Security, pp. 236\u2013241 (2011)","DOI":"10.1109\/ARES.2011.41"},{"key":"5_CR15","doi-asserted-by":"crossref","unstructured":"Khambhammettu, H., Boulares, S., Adi, K., Logrippo, L.: A framework for threat assessment in access control systems. In: Information Security and Privacy Research, pp. 187\u2013198 (2012)","DOI":"10.1007\/978-3-642-30436-1_16"},{"key":"5_CR16","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1016\/j.cose.2013.03.010","volume":"39","author":"H Khambhammettu","year":"2013","unstructured":"Khambhammettu, H., Boulares, S., Adi, K., Logrippo, L.: A framework for risk assessment in access control systems. Comput. Secur. 39, 86\u2013103 (2013)","journal-title":"Comput. Secur."},{"key":"5_CR17","unstructured":"McGraw, R.: Risk-adaptable access control (radac). In: Privilege (Access) Management Workshop. National Institute of Standards and Technology (2009)"},{"key":"5_CR18","unstructured":"Meucci, M., Muller, A.: The OWASP testing guide 4.0. Open Web Application Security Project, p. 30 (2014)"},{"key":"5_CR19","unstructured":"NIST. Risk management guide for information technology systems (2002)"},{"issue":"11","key":"5_CR20","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1109\/2.241422","volume":"26","author":"R Sandhu","year":"1993","unstructured":"Sandhu, R.: Lattice-based access control models. Computer 26(11), 9\u201319 (1993)","journal-title":"Computer"},{"key":"5_CR21","unstructured":"Shey, H., Mak, K., Balaouras, S., Luu, B.: Understand the state of data security and privacy: Forrester Research 10 (2013)"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems (2002)","DOI":"10.6028\/NIST.SP.800-30"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Wang, Q., Jin, H.: Quantified risk-adaptive access control for patient privacy protection in health information systems. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security, pp. 406\u2013410 (2011)","DOI":"10.1145\/1966913.1966969"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Weissman, C.: Security controls in the adept-50 time-sharing system. In: Proceedings of the Fall Joint Computer Conference, pp. 119\u2013133 (1969)","DOI":"10.1145\/1478559.1478574"}],"container-title":["Lecture Notes in Business Information Processing","E-Technologies: Embracing the Internet of Things"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-59041-7_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T18:36:15Z","timestamp":1710354975000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-59041-7_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319590400","9783319590417"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-59041-7_5","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"5 May 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"MCETECH","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on E-Technologies","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Ottawa","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 May 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 May 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"mcetech2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.mcetech.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}