{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T06:22:48Z","timestamp":1742970168891,"version":"3.40.3"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319728162"},{"type":"electronic","value":"9783319728179"}],"license":[{"start":{"date-parts":[[2017,12,22]],"date-time":"2017-12-22T00:00:00Z","timestamp":1513900800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-72817-9_17","type":"book-chapter","created":{"date-parts":[[2017,12,21]],"date-time":"2017-12-21T11:44:29Z","timestamp":1513856669000},"page":"262-280","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Decision-Making in Security Requirements Engineering with Constrained Goal Models"],"prefix":"10.1007","author":[{"given":"Nikolaos","family":"Argyropoulos","sequence":"first","affiliation":[]},{"given":"Konstantinos","family":"Angelopoulos","sequence":"additional","affiliation":[]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[]},{"given":"Andrew","family":"Fish","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,12,22]]},"reference":[{"key":"17_CR1","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/978-3-319-25897-3_7","volume-title":"The Practice of Enterprise Modeling","author":"N Argyropoulos","year":"2015","unstructured":"Argyropoulos, N., M\u00e1rquez Alca\u00f1iz, L., Mouratidis, H., Fish, A., Rosado, D.G., de Guzm\u00e1n, I.G.-R., Fern\u00e1ndez-Medina, E.: Eliciting security requirements for business processes of legacy systems. In: Ralyt\u00e9, J., Espa\u00f1a, S., Pastor, \u00d3. (eds.) PoEM 2015. LNBIP, vol. 235, pp. 91\u2013107. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-25897-3_7"},{"key":"17_CR2","doi-asserted-by":"crossref","unstructured":"Aydemir, F.B., Giorgini, P., Mylopoulos, J.: Multi-objective risk analysis with goal models. In: 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS), pp. 1\u201310. IEEE (2016)","DOI":"10.1109\/RCIS.2016.7549302"},{"key":"17_CR3","doi-asserted-by":"crossref","unstructured":"Blakley, B., McDermott, E., Geer, D.: Information security is information risk management. In: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 97\u2013104. ACM (2001)","DOI":"10.1145\/508171.508187"},{"issue":"3","key":"17_CR4","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1023\/B:AGNT.0000018806.20944.ef","volume":"8","author":"P Bresciani","year":"2004","unstructured":"Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agent. Multi-Agent Syst. 8(3), 203\u2013236 (2004)","journal-title":"Auton. Agent. Multi-Agent Syst."},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"Cailliau, A., Van Lamsweerde, A.: A probabilistic framework for goal-oriented risk analysis. In: 2012 20th IEEE International Requirements Engineering Conference (RE), pp. 201\u2013210. IEEE (2012)","DOI":"10.1109\/RE.2012.6345805"},{"key":"17_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"625","DOI":"10.1007\/978-3-319-07881-6_42","volume-title":"Advanced Information Systems Engineering","author":"G Chatzikonstantinou","year":"2014","unstructured":"Chatzikonstantinou, G., Athanasopoulos, M., Kontogiannis, K.: Task specification and reasoning in dynamically altered contexts. In: Jarke, M., Mylopoulos, J., Quix, C., Rolland, C., Manolopoulos, Y., Mouratidis, H., Horkoff, J. (eds.) CAiSE 2014. LNCS, vol. 8484, pp. 625\u2013639. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-07881-6_42"},{"key":"17_CR7","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4615-5269-7","volume-title":"Non-functional Requirements in Software Engineering","author":"L Chung","year":"2000","unstructured":"Chung, L., Nixon, B., Yu, E., Mylopoulos, J.: Non-functional Requirements in Software Engineering. Springer, Boston (2000). https:\/\/doi.org\/10.1007\/978-1-4615-5269-7"},{"issue":"1\u20132","key":"17_CR8","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/0167-6423(93)90021-G","volume":"20","author":"A Dardenne","year":"1993","unstructured":"Dardenne, A., Van Lamsweerde, A., Fickas, S.: Goal-directed requirements acquisition. Sci. Comput. Program. 20(1\u20132), 3\u201350 (1993)","journal-title":"Sci. Comput. Program."},{"key":"17_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/978-3-540-78800-3_24","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"L Moura de","year":"2008","unstructured":"de Moura, L., Bj\u00f8rner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337\u2013340. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78800-3_24"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Elahi, G., Eric, S.: A semi-automated tool for requirements trade-off analysis. In: CAiSE Forum, pp. 9\u201316 (2011)","DOI":"10.1109\/COMPSAC.2011.67"},{"key":"17_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"375","DOI":"10.1007\/978-3-540-75563-0_26","volume-title":"Conceptual Modeling - ER 2007","author":"G Elahi","year":"2007","unstructured":"Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 375\u2013390. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-75563-0_26"},{"issue":"1","key":"17_CR12","first-page":"1","volume":"1","author":"P Giorgini","year":"2003","unstructured":"Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Formal reasoning techniques for goal models. J. Data Semant. 1(1), 1\u201320 (2003)","journal-title":"J. Data Semant."},{"issue":"2","key":"17_CR13","doi-asserted-by":"crossref","first-page":"10","DOI":"10.3390\/jrfm10020010","volume":"10","author":"S Islam","year":"2017","unstructured":"Islam, S., Fenz, S., Weippl, E., Mouratidis, H.: A risk management framework for cloud migration decision support. J. Risk Financ. Manage. 10(2), 10 (2017)","journal-title":"J. Risk Financ. Manage."},{"key":"17_CR14","unstructured":"ISO\/IEC: 27005:2008 - Information technology - Security techniques - Information security risk management. Technical report, ISO\/IEC (2008)"},{"key":"17_CR15","unstructured":"ISO\/IEC: 27000:2014 - Information technology - Security techniques - Information security management systems - Overview and vocabulary. Technical report, ISO\/IEC (2014)"},{"issue":"5","key":"17_CR16","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1109\/52.605933","volume":"14","author":"J Karlsson","year":"1997","unstructured":"Karlsson, J., Ryan, K.: A cost-value approach for prioritizing requirements. IEEE Softw. 14(5), 67\u201374 (1997)","journal-title":"IEEE Softw."},{"key":"17_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1007\/978-3-540-69534-9_40","volume-title":"Advanced Information Systems Engineering","author":"R Matulevi\u010dius","year":"2008","unstructured":"Matulevi\u010dius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P., Genon, N.: Adapting secure tropos for security risk management in the early phases of information systems development. In: Bellahs\u00e8ne, Z., L\u00e9onard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 541\u2013555. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-69534-9_40"},{"key":"17_CR18","unstructured":"Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: FIRST-Forum of Incident Response and Security Teams, pp. 1\u201323 (2007)"},{"key":"17_CR19","unstructured":"MITRE: Common attack pattern enumeration and classification, (CAPEC). https:\/\/capec.mitre.org\/"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., Argyropoulos, N., Shei, S.: Security requirements engineering for cloud computing: The secure tropos approach. In: Domain-Specific Conceptual Modeling, Concepts, Methods and Tools, pp. 357\u2013380. Springer (2016)","DOI":"10.1007\/978-3-319-39417-6_16"},{"issue":"2","key":"17_CR21","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285\u2013309 (2007)","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"key":"17_CR22","doi-asserted-by":"publisher","unstructured":"Nguyen, C.M., Sebastiani, R., Giorgini, P., Mylopoulos, J.: Multi-objective reasoning with constrained goal models. Requirements Eng. (2016). https:\/\/doi.org\/10.1007\/s00766-016-0263-5","DOI":"10.1007\/s00766-016-0263-5"},{"key":"17_CR23","unstructured":"Open Web Application Security Project: Application threat modeling. Technical report, OWASP (2015)"},{"key":"17_CR24","doi-asserted-by":"crossref","first-page":"481","DOI":"10.1007\/s00766-015-0229-z","volume":"21","author":"L Pasquale","year":"2015","unstructured":"Pasquale, L., Spoletini, P., Salehie, M., Cavallaro, L., Nuseibeh, B.: Automating trade-off analysis of security requirements. Requirements Eng. 21, 481\u2013504 (2015)","journal-title":"Requirements Eng."},{"key":"17_CR25","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-642-83555-1_5","volume-title":"Mathematical Models for Decision Support","author":"TL Saaty","year":"1988","unstructured":"Saaty, T.L.: What is the analytic hierarchy process? In: Mitra, G., Greenberg, H.J., Lootsma, F.A., Rijkaert, M.J., Zimmermann, H.J. (eds.) Mathematical Models for Decision Support, pp. 109\u2013121. Springer, Heidelberg (1988). https:\/\/doi.org\/10.1007\/978-3-642-83555-1_5"},{"key":"17_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"447","DOI":"10.1007\/978-3-319-21690-4_27","volume-title":"Computer Aided Verification","author":"R Sebastiani","year":"2015","unstructured":"Sebastiani, R., Trentin, P.: OptiMathSAT: a tool for optimization modulo theories. In: Kroening, D., P\u0103s\u0103reanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 447\u2013454. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-21690-4_27"},{"key":"17_CR27","doi-asserted-by":"crossref","unstructured":"Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems (NIST special publication 800\u201330). Tech. rep. (2002)","DOI":"10.6028\/NIST.SP.800-30"},{"issue":"1","key":"17_CR28","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ejor.2004.04.028","volume":"169","author":"OS Vaidya","year":"2006","unstructured":"Vaidya, O.S., Kumar, S.: Analytic hierarchy process: an overview of applications. Eur. J. Oper. Res. 169(1), 1\u201329 (2006)","journal-title":"Eur. J. Oper. Res."},{"key":"17_CR29","doi-asserted-by":"crossref","unstructured":"Viduto, V., Maple, C., Huang, W., Bochenkov, A.: A multi-objective genetic algorithm for minimising network security risk and cost. In: 2012 International Conference on High Performance Computing and Simulation (HPCS), pp. 462\u2013467. IEEE (2012)","DOI":"10.1109\/HPCSim.2012.6266959"},{"key":"17_CR30","doi-asserted-by":"crossref","unstructured":"Yuan, E., Malek, S., Schmerl, B., Garlan, D., Gennari, J.: Architecture-based self-protecting software systems. In: Proceedings of the 9th International ACM SIGSOFT Conference on Quality of Software Architectures, pp. 33\u201342. ACM (2013)","DOI":"10.1145\/2465478.2465479"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-72817-9_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,8]],"date-time":"2019-10-08T07:46:01Z","timestamp":1570520761000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-72817-9_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12,22]]},"ISBN":["9783319728162","9783319728179"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-72817-9_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017,12,22]]}}}