{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T05:19:14Z","timestamp":1743052754935,"version":"3.40.3"},"publisher-location":"Cham","reference-count":57,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319623856"},{"type":"electronic","value":"9783319623863"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-62386-3_20","type":"book-chapter","created":{"date-parts":[[2017,6,28]],"date-time":"2017-06-28T07:54:51Z","timestamp":1498636491000},"page":"436-459","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Towards Advanced Security Engineering for Enterprise Information Systems: Solving Security, Resilience and Usability Issues Together Within Improvement of User Experience"],"prefix":"10.1007","author":[{"given":"Wilson","family":"Goudalo","sequence":"first","affiliation":[]},{"given":"Christophe","family":"Kolski","sequence":"additional","affiliation":[]},{"given":"Fr\u00e9d\u00e9ric","family":"Vanderhaegen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,6,29]]},"reference":[{"key":"20_CR1","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1147\/sj.471.0041","volume":"47","author":"RC Larson","year":"2008","unstructured":"Larson, R.C.: Service science: at the intersection of management, social, and engineering sciences. IBM Syst. J. 47, 41\u201351 (2008)","journal-title":"IBM Syst. J."},{"key":"20_CR2","unstructured":"SBIC (Security for Business Innovation Council): The Time is Now: Making Information Security Strategic to Business Innovation. RSA Security, Bedford (2008)"},{"key":"20_CR3","unstructured":"IBM Corporation 2014: Understanding Big Data So You Can Act with Confidence. Doc. Ref. IMM14123USEN June 2014. http:\/\/www-01.ibm.com"},{"key":"20_CR4","unstructured":"KPMG International: Managing the Data Challenge in Banking. Why is It So Hard? Document published on June 2014. http:\/\/www.kpmg.com"},{"key":"20_CR5","unstructured":"Umhoefer, C., Rof\u00e9, J., Lemarchand, S.: Le big data face au d\u00e9fi de la confiance. Document published on June 2014. http:\/\/www.bcg.fr"},{"key":"20_CR6","doi-asserted-by":"crossref","unstructured":"Goudalo, W., Seret, D.: Towards the engineering of security of information systems (ESIS): UML and the IS confidentiality. In: Proceedings at 2nd International Conference on Emerging Security Information, Systems and Technologies, pp. 248\u2013256. IEEE Computer Society Washington, DC (2008)","DOI":"10.1109\/SECURWARE.2008.66"},{"key":"20_CR7","doi-asserted-by":"crossref","unstructured":"Ferrary, M.: Management des ressources humaines: March\u00e9 du travail et acteurs strat\u00e9giques. Ed. Dunod, Paris (2014)","DOI":"10.3917\/dunod.ferra.2014.01"},{"key":"20_CR8","unstructured":"Cranor, L.F., Garfinkel, S.: Security and Usability: Designing Secure Systems that People Can Use. Ed. O\u2019Reilly, Newton (2005)"},{"key":"20_CR9","unstructured":"Clarke, N., Furnell, S.: 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2014). Nathan Clarke, Plymouth (2014). (Ed. by S. Furnell)"},{"key":"20_CR10","volume-title":"Organizational Choice: Capabilities of Groups at the Coal Face under Changing Technologies. The Loss, Rediscovery & Transformation of a Work Tradition","author":"EL Trist","year":"1963","unstructured":"Trist, E.L., Higgin, G.W., Murray, H., Pollock, A.B.: Organizational Choice: Capabilities of Groups at the Coal Face under Changing Technologies. The Loss, Rediscovery & Transformation of a Work Tradition. Tavistock Publications, London (1963)"},{"key":"20_CR11","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1177\/001872676702000301","volume":"20","author":"E Emery","year":"1967","unstructured":"Emery, E.: The next thirty years: concepts, methods and anticipation. Hum. Relat. 20, 199\u2013237 (1967)","journal-title":"Hum. Relat."},{"key":"20_CR12","volume-title":"Relevance: Communication and Cognition","author":"D Sperber","year":"1995","unstructured":"Sperber, D., Wilson, D.: Relevance: Communication and Cognition, 2nd edn. Wiley, Hoboken (1995)","edition":"2"},{"key":"20_CR13","doi-asserted-by":"crossref","unstructured":"Singh, M.P.: Norms as a basis for governing sociotechnical systems. ACM Trans. Intell. Syst. Technol. (TIST) \u2013 Spec. Sect. Intell. Mob. Knowl. Discov. Manag. Syst. Spec. Issue Soc. Web Min. Arch. 5(1), 21 (2013). (New York, NY, USA)","DOI":"10.1145\/2542182.2542203"},{"issue":"9","key":"20_CR14","doi-asserted-by":"publisher","first-page":"663","DOI":"10.1080\/10447318.2014.930311","volume":"30","author":"JR Lewis","year":"2014","unstructured":"Lewis, J.R.: Usability: lessons learned\u2026 and yet to be learned. Int. J. Hum.-Comput. Interact. 30(9), 663\u2013684 (2014)","journal-title":"Int. J. Hum.-Comput. Interact."},{"key":"20_CR15","unstructured":"Cranor, L.F., Blase, U.: Usable Privacy and Security. Lecturer Materials, Courses, CyLab, Carnegie Mellon University, January 2015"},{"key":"20_CR16","unstructured":"Laprie, J.C.: From dependability to resilience. In: Proceedings of 38th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN 2008), Supplemental Volume, Anchorage, USA (2008)"},{"key":"20_CR17","unstructured":"ReSIST 2015: Resilience for Survivability in IST. A European Network of Excellence. http:\/\/www.resist-noe.org"},{"key":"20_CR18","volume-title":"Resilience Engineering. Concepts and Precepts","author":"E Hollnagel","year":"2006","unstructured":"Hollnagel, E., Woods, D.D., Leveson, N.: Resilience Engineering. Concepts and Precepts. Ashgate, Aldershot (2006)"},{"key":"20_CR19","first-page":"3","volume-title":"Complex Systems and Systems of Systems Engineering","author":"D Luzeaux","year":"2011","unstructured":"Luzeaux, D.: Engineering large-scale complex systems. In: Luzeaux, D., Ruault, J.-R., Wippler, J.-L. (eds.) Complex Systems and Systems of Systems Engineering, pp. 3\u201384. ISTE-Wiley, London (2011)"},{"key":"20_CR20","unstructured":"Palin, P.J.: Resilience: Cultivating the Virtue. http:\/\/www.hlswatch.com\/2013\/08\/29\/resilience-cultivating-the-virtue\/ . Accessed 22 July 2016"},{"key":"20_CR21","unstructured":"ANSSI: R\u00e9silience de l\u02bcInternet fran\u00e7ais. http:\/\/www.ssi.gouv.fr\/"},{"key":"20_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/978-3-540-73287-7_39","volume-title":"Usability and Internationalization. HCI and Culture","author":"M Hertzum","year":"2007","unstructured":"Hertzum, M., Clemmensen, T., Hornb\u00e6k, K., Kumar, J., Shi, Q., Yammiyavar, P.: Usability constructs: a cross-cultural study of how users and developers experience their use of information systems. In: Aykin, N. (ed.) UI-HCII 2007. LNCS, vol. 4559, pp. 317\u2013326. Springer, Heidelberg (2007). doi: 10.1007\/978-3-540-73287-7_39"},{"key":"20_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/978-3-642-02806-9_2","volume-title":"Human Centered Design","author":"N Bevan","year":"2009","unstructured":"Bevan, N.: Extending quality in use to provide a framework for usability measurement. In: Kurosu, M. (ed.) HCD 2009. LNCS, vol. 5619, pp. 13\u201322. Springer, Heidelberg (2009). doi: 10.1007\/978-3-642-02806-9_2"},{"key":"20_CR24","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/s11219-006-7600-8","volume":"14","author":"A Seffah","year":"2006","unstructured":"Seffah, A., Donyaee, M., Kline, R.B., Padda, H.K.: Usability measurement and metrics: a consolidated model. Softw. Qual. J. 14, 159\u2013178 (2006)","journal-title":"Softw. Qual. J."},{"key":"20_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-540-74800-7_9","volume-title":"Human-Computer Interaction \u2013 INTERACT 2007","author":"C Braz","year":"2007","unstructured":"Braz, C., Seffah, A., M\u2019Raihi, D.: Designing a trade-off between usability and security: a metrics based-model. In: Baranauskas, C., Palanque, P., Abascal, J., Barbosa, S.D.J. (eds.) INTERACT 2007. LNCS, vol. 4663, pp. 114\u2013126. Springer, Heidelberg (2007). doi: 10.1007\/978-3-540-74800-7_9"},{"key":"20_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1007\/978-3-540-92698-6_7","volume-title":"Engineering Interactive Systems","author":"S Winter","year":"2008","unstructured":"Winter, S., Wagner, S., Deissenboeck, F.: A comprehensive model of usability. In: Gulliksen, J., Harning, M.B., Palanque, P., Veer, Gerrit C., Wesson, J. (eds.) DSV-IS\/EHCI\/HCSE -2007. LNCS, vol. 4940, pp. 106\u2013122. Springer, Heidelberg (2008). doi: 10.1007\/978-3-540-92698-6_7"},{"key":"20_CR27","unstructured":"ISO 9241-12: Ergonomic requirements for office work with visual display terminals (VDTs). Part 12 Presentation of Information (1998)"},{"key":"20_CR28","unstructured":"ISO 9241-110: Ergonomics of human-system interaction. Part 110 Dialogue Principles (2006)"},{"key":"20_CR29","first-page":"21","volume-title":"Human Factors for Informatics Usability","author":"B Shackel","year":"2009","unstructured":"Shackel, B.: Usability - context, framework, definition, design, and evaluation. In: Shackel, B., Richardson, S. (eds.) Human Factors for Informatics Usability, pp. 21\u201337. Cambridge University Press, Cambridge (2009)"},{"key":"20_CR30","unstructured":"ISO\/IEC 2700x: Information technology Security techniques (2010)"},{"key":"20_CR31","doi-asserted-by":"crossref","unstructured":"Goudalo, W., Seret, D.: The process of engineering of security of information systems (ESIS): the formalism of business processes. In: ECURWARE 2009, 3rd International Conference on Emerging Security Information, Systems and Technologies, pp. 105\u2013113. IARIA (2009)","DOI":"10.1109\/SECURWARE.2009.24"},{"key":"20_CR32","unstructured":"Westin, A.F.: Privacy and freedom. Wash. Lee L. Rev. 25: 166 (1968) http:\/\/scholarlycommons.law.wlu.edu\/wlulr\/vol25\/iss1\/20"},{"key":"20_CR33","unstructured":"French Penal Code: De l\u2019atteinte \u00e0 la vie priv\u00e9e, article 226-1 (2015)"},{"key":"20_CR34","unstructured":"Cranor, L.: Usable Privacy and Security. Lorrie Cranor\u2019s Courses (2006). http:\/\/cups.cs.cmu.edu\/courses\/ups-sp06\/"},{"issue":"3","key":"20_CR35","doi-asserted-by":"publisher","first-page":"393","DOI":"10.5465\/AMR.1998.926617","volume":"23","author":"DM Rousseau","year":"1998","unstructured":"Rousseau, D.M., Sitkin, S.B., Burt, R.S., Camerer, C.: Not so different after all: a cross-discipline view of trust. Acad. Manag. Rev. 23(3), 393\u2013404 (1998)","journal-title":"Acad. Manag. Rev."},{"key":"20_CR36","volume-title":"Trust in Cyberspace","author":"FB Schneider","year":"1998","unstructured":"Schneider, F.B.: Trust in Cyberspace. Committee on Information Systems Trustworthiness. National Research Council, Washington, D.C. (1998)"},{"issue":"3","key":"20_CR37","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1109\/MSP.2007.69","volume":"5","author":"MA Sasse","year":"2007","unstructured":"Sasse, M.A.: Red-eye blink, bendy shuffle, and the yuck factor: a user experience of biometric airport systems. IEEE Secur. Privacy 5(3), 78\u201381 (2007)","journal-title":"IEEE Secur. Privacy"},{"key":"20_CR38","doi-asserted-by":"crossref","unstructured":"Birge, C.: Enhancing research into usable privacy and security. In: SIGDOC 2009: Proceedings of 27th ACM International Conference on Design of Communication (2009)","DOI":"10.1145\/1621995.1622039"},{"key":"20_CR39","doi-asserted-by":"crossref","unstructured":"Goudalo, W., Kolski, C.: Towards advanced enterprise information systems engineering - solving resilience, security and usability issues within the paradigms of socio-technical systems. In: Proceedings of 18th International Conference on Enterprise Information Systems (ICEIS 2016) \u2013 vol. 2, pp. 400\u2013411 (2016)","DOI":"10.5220\/0005835904000411"},{"key":"20_CR40","volume-title":"A Pattern Language: Towns, Buildings, Construction","author":"C Alexander","year":"1977","unstructured":"Alexander, C., Ishikawa, S., Silverstein, M.: A Pattern Language: Towns, Buildings, Construction. Oxford University Press, New York (1977)"},{"key":"20_CR41","volume-title":"Design patterns par la pratique","author":"A Salloway","year":"2002","unstructured":"Salloway, A., Trott, J.R.: Design patterns par la pratique. Eyrolles, Paris (2002)"},{"key":"20_CR42","series-title":"LNCS","doi-asserted-by":"crossref","DOI":"10.1007\/b11930","volume-title":"Security Engineering with Patterns: Origins, Theoretical Models, and New Applications","author":"M Schumacher","year":"2003","unstructured":"Schumacher, M.: Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. LNCS, vol. 2754. Springer, Heidelberg (2003)"},{"key":"20_CR43","unstructured":"Blakley, B., Heath, C., and members of The Open Group Security Forum 2004: Security design patterns. Technical report G031, The Open Group, April 2004. http:\/\/www.opengroup.org\/publications\/catalog\/g031.htm"},{"key":"20_CR44","unstructured":"Pi\u00e8tre-Cambac\u00e8d\u00e9s, L.: Des relations entre s\u00fbret\u00e9 et s\u00e9curit\u00e9. Ph.D in Software and Network, Paris (2010)"},{"key":"20_CR45","first-page":"105","volume-title":"Usability Inspection Methods","author":"C Wharton","year":"1994","unstructured":"Wharton, C., Rieman, J., Lewis, C., Polson, P.: The cognitive walkthrough method: a practitioner\u2019s guide. In: Nielsen, J., Mack, R.L. (eds.) Usability Inspection Methods, pp. 105\u2013140. Wiley, New York (1994)"},{"issue":"8","key":"20_CR46","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1080\/10447311003781409","volume":"26","author":"T Mahatody","year":"2010","unstructured":"Mahatody, T., Sagar, M., Kolski, C.: State of the art on the cognitive walkthrough method, its variants and evolutions. Int. J. Hum.-Comput. Interact. 26(8), 41\u2013785 (2010)","journal-title":"Int. J. Hum.-Comput. Interact."},{"key":"20_CR47","unstructured":"DCSSI: \u2018Fiche d\u2019expression rationnelle des objectifs de s\u00e9curit\u00e9 (2009). http:\/\/circulaire.legifrance.gouv.fr\/pdf\/2009\/04\/cir_1982.pdf"},{"key":"20_CR48","unstructured":"Goudalo, W.: Toward engineering of security of information systems: the security acts. In: Proceedings of 5th International Conference on Emerging Security Information, Systems and Technologies, pp. 44\u201350. IARIA (2011)"},{"key":"20_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/3-540-36159-6_24","volume-title":"Information and Communications Security","author":"K-P Yee","year":"2002","unstructured":"Yee, K.-P.: User interaction design for secure systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 278\u2013290. Springer, Heidelberg (2002). doi: 10.1007\/3-540-36159-6_24"},{"key":"20_CR50","unstructured":"Ruault, J.R, Kolski, C., Vanderhaegen, F., Luzeaux, D.: S\u00fbret\u00e9 et s\u00e9curit\u00e9: diff\u00e9rences et compl\u00e9mentarit\u00e9s. In: Conf\u00e9rence C&ESAR, R\u00e9silience des syst\u00e8mes num\u00e9riques, Rennes, France (2015)"},{"key":"20_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"525","DOI":"10.1007\/978-3-540-69534-9_39","volume-title":"Advanced Information Systems Engineering","author":"A Niknafs","year":"2008","unstructured":"Niknafs, A., Ramsin, R.: Computer-aided method engineering: an analysis of existing environments. In: Bellahs\u00e8ne, Z., L\u00e9onard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 525\u2013540. Springer, Heidelberg (2008). doi: 10.1007\/978-3-540-69534-9_39"},{"key":"20_CR52","doi-asserted-by":"publisher","DOI":"10.1002\/9780470947913","volume-title":"Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance","author":"S Jacobs","year":"2011","unstructured":"Jacobs, S.: Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance. Wiley, Hoboken (2011)"},{"key":"20_CR53","unstructured":"ISO\/IEC 27032: Information Technology \u2013 Security Techniques \u2013 Guidelines for Security (2012)"},{"key":"20_CR54","unstructured":"Ponemon Institute LLC: 2015 Cost of Data Breach Study: Global Analysis. Benchmark Research Sponsored by IBM, Independently Conducted by Ponemon Institute LLC (2016)"},{"key":"20_CR55","unstructured":"Romanosky, S.: Examining the Costs and Causes of Cyber Incidents. Working document (2016). https:\/\/www.ftc.gov\/system\/files\/documents\/public_comments\/2015\/10\/00027-97671.pdf . Accessed 22 July 2016"},{"issue":"1","key":"20_CR56","first-page":"79","volume":"2","author":"A Behnia","year":"2012","unstructured":"Behnia, A., Rashid, R., Chaudhry, J.: A survey of information security risk analysis methods. Smart Comput. Rev. 2(1), 79\u201394 (2012)","journal-title":"Smart Comput. Rev."},{"key":"20_CR57","unstructured":"Stanford Encyclopedia of Philosophy: Seneca, chapter the Vertue. http:\/\/plato.stanford.edu\/entries\/seneca\/#Vir . Accessed 22 July 2016"}],"container-title":["Lecture Notes in Business Information Processing","Enterprise Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-62386-3_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,10,11]],"date-time":"2020-10-11T01:29:38Z","timestamp":1602379778000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-62386-3_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319623856","9783319623863"],"references-count":57,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-62386-3_20","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"29 June 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICEIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Enterprise Information Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 April 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 April 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iceis2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.iceis.org\/?y=2016","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}