{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T11:45:18Z","timestamp":1743075918516,"version":"3.40.3"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319748597"},{"type":"electronic","value":"9783319748603"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-74860-3_10","type":"book-chapter","created":{"date-parts":[[2018,1,18]],"date-time":"2018-01-18T09:34:39Z","timestamp":1516268079000},"page":"127-146","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Employing Graphical Risk Models to Facilitate Cyber-Risk Monitoring - the WISER Approach"],"prefix":"10.1007","author":[{"given":"Ale\u0161","family":"\u010cernivec","sequence":"first","affiliation":[]},{"given":"Gencer","family":"Erdogan","sequence":"additional","affiliation":[]},{"given":"Alejandra","family":"Gonzalez","sequence":"additional","affiliation":[]},{"given":"Atle","family":"Refsdal","sequence":"additional","affiliation":[]},{"given":"Antonio Alvarez","family":"Romero","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,1,19]]},"reference":[{"key":"10_CR1","unstructured":"The ACM Computing Classification System (CCS). https:\/\/dl.acm.org\/ccs\/ccs.cfm . Accessed 3 Nov 2017"},{"key":"10_CR2","volume-title":"An Introduction to Numerical Analysis","author":"KA Atkinson","year":"1989","unstructured":"Atkinson, K.A.: An Introduction to Numerical Analysis. Wiley, New York (1989)"},{"issue":"1","key":"10_CR3","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1057\/gpp.2014.19","volume":"40","author":"C Biener","year":"2015","unstructured":"Biener, C., Eling, M., Wirfs, J.H.: Insurability of cyber risk an empirical analysis. Geneva Pap. Risk Insurance Issues Pract. 40(1), 131\u2013158 (2015)","journal-title":"Geneva Pap. Risk Insurance Issues Pract."},{"key":"10_CR4","volume-title":"Software Engineering Economics","author":"BW Boehm","year":"1981","unstructured":"Boehm, B.W.: Software Engineering Economics. Prentice Hall, Upper Saddle River (1981)"},{"key":"10_CR5","volume-title":"Software Cost Estimation with COCOMO II","author":"BW Boehm","year":"2000","unstructured":"Boehm, B.W., Abts, C., Brown, A.W., Chulani, S., Clark, B.K., Horowitz, E., Madachy, R., Reifer, D.J., Steece, B.: Software Cost Estimation with COCOMO II. Prentice Hall, Upper Saddle River (2000)"},{"key":"10_CR6","unstructured":"Bohanec, M.: DEXi: program for multi-attribute decision making. User\u2019s Manual v 5.00 IJS DP-11897, DEXi (2015)"},{"key":"10_CR7","unstructured":"Bohanec, M., Aprile, G., Costante, M., Foti, M., Trdin, N.: A hierarchical multi-attribute model for bank reputational risk assessment. In: DSS 2.0 - Supporting Decision Making with New Technologies, pp. 92\u2013103. IOS Press (2014)"},{"key":"10_CR8","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1007\/978-3-319-18533-0_5","volume-title":"Decision Support Systems V \u2013 Big Data Analytics for Decision Making","author":"M Bohanec","year":"2015","unstructured":"Bohanec, M., Deliba\u0161i\u0107, B.: Data-mining and expert models for predicting injury risk in ski resorts. In: Deliba\u0161i\u0107, B., et al. (eds.) ICDSST 2015. LNBIP, vol. 216, pp. 46\u201360. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-18533-0_5"},{"issue":"1","key":"10_CR9","first-page":"49","volume":"37","author":"M Bohanec","year":"2013","unstructured":"Bohanec, M., \u017dnidar\u0161i\u010d, M., Rajkovi\u010d, V., Bratko, I., Zupan, B.: DEX methodology: three decades of qualitative multi-attribute modeling. Informatica (Slovenia) 37(1), 49\u201354 (2013)","journal-title":"Informatica (Slovenia)"},{"issue":"3","key":"10_CR10","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1007\/BF01396177","volume":"27","author":"JCP Bus","year":"1976","unstructured":"Bus, J.C.P.: Convergence of Newton-like methods for solving systems of nonlinear equations. Numerische Mathematik 27(3), 271\u2013281 (1976)","journal-title":"Numerische Mathematik"},{"key":"10_CR11","volume-title":"Operational Risk: A Guide to Basel II Capital Requirements, Models, and Analysis","author":"AS Chernobai","year":"2007","unstructured":"Chernobai, A.S., Rachev, S.T., Fabozzi, F.J.: Operational Risk: A Guide to Basel II Capital Requirements, Models, and Analysis. Wiley, Hoboken (2007)"},{"key":"10_CR12","unstructured":"DEXi: A program for multi-attribute decision making. http:\/\/kt.ijs.si\/MarkoBohanec\/dexi.html . Accessed 19 Oct 2017"},{"key":"10_CR13","doi-asserted-by":"crossref","unstructured":"Erdogan, G., Gonzalez, A., Refsdal, A., Seehusen, F.: A method for developing algorithms for assessing cyber-risk cost. In: Proceedings of the 2017 IEEE International Conference on Software Quality, Reliability, & Security (QRS 2017), pp. 192\u2013199. IEEE (2017)","DOI":"10.1109\/QRS.2017.29"},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Erdogan, G., Refsdal, A.: A method for developing qualitative security risk assessment algorithms. In: Proceedings of 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017). Springer (2017, to appear)","DOI":"10.1007\/978-3-319-76687-4_17"},{"key":"10_CR15","unstructured":"International Organization for Standardization: ISO\/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements (2005)"},{"key":"10_CR16","unstructured":"International Organization for Standardization: ISO\/IEC 27032 - Information technology - Security techniques - Guidelines for cybersecurity (2005)"},{"key":"10_CR17","unstructured":"International Organization for Standardization: ISO 31000:2009(E), Risk management - Principles and guidelines (2009)"},{"key":"10_CR18","unstructured":"International Organization for Standardization: ISO\/IEC 27005:2011(E), Information technology - Security techniques - Information security risk management (2011)"},{"key":"10_CR19","volume-title":"Loss Models: From Data to Decisions","author":"SA Klugman","year":"2012","unstructured":"Klugman, S.A., Panjer, H.H., Willmot, G.E.: Loss Models: From Data to Decisions. Wiley, New York (2012)"},{"key":"10_CR20","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-3-319-47729-9_5","volume-title":"Smart Grid Inspired Future Technologies","author":"A Le","year":"2017","unstructured":"Le, A., Chen, Y., Chai, K.K., Vasenev, A., Montoya, L.: Assessing loss event frequencies of smart grid cyber threats: encoding flexibility into FAIR using Bayesian network approach. In: Hu, J., Leung, V.C.M., Yang, K., Zhang, Y., Gao, J., Yang, S. (eds.) Smart Grid Inspired Future Technologies. LNICST, vol. 175, pp. 43\u201351. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-47729-9_5"},{"key":"10_CR21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8","volume-title":"Model-Driven Risk Analysis: The CORAS Approach","author":"MS Lund","year":"2011","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-12323-8"},{"key":"10_CR22","volume-title":"Quantitative Risk Management: Concepts, Techniques and Tools","author":"AJ McNeil","year":"2015","unstructured":"McNeil, A.J., Frey, R., Embrechts, P.: Quantitative Risk Management: Concepts, Techniques and Tools. Princeton University Press, Princeton (2015)"},{"key":"10_CR23","unstructured":"Common Attack Pattern Enumeration and Classification (CAPEC). https:\/\/capec.mitre.org\/ . Accessed 18 Oct 2017"},{"issue":"3","key":"10_CR24","doi-asserted-by":"crossref","first-page":"379","DOI":"10.1007\/s11009-007-9066-y","volume":"12","author":"S Mittnik","year":"2010","unstructured":"Mittnik, S., Starobinskaya, I.: Modeling dependencies in operational risk with hybrid Bayesian networks. Methodol. Comput. Appl. Probab. 12(3), 379\u2013390 (2010)","journal-title":"Methodol. Comput. Appl. Probab."},{"issue":"4","key":"10_CR25","doi-asserted-by":"crossref","first-page":"963","DOI":"10.1111\/j.1539-6924.2005.00641.x","volume":"25","author":"M Neil","year":"2005","unstructured":"Neil, M., Fenton, N., Tailor, M.: Using Bayesian networks to model expected and unexpected operational losses. Risk Anal. 25(4), 963\u2013972 (2005)","journal-title":"Risk Anal."},{"key":"10_CR26","unstructured":"Solve Systems of Nonlinear Equations. https:\/\/cran.r-project.org\/web\/packages\/nleqslv\/nleqslv.pdf . Accessed 19 Oct 2017"},{"key":"10_CR27","unstructured":"Omer\u010devi\u0107, D., Zupan\u010di\u010d, M., Bohanec, M., Kastelic, T.: Intelligent response to highway traffic situations and road incidents. In: Proceedings of the Transport Research Arena Europe 2008 (TRA 2008), pp. 21\u201324 (2008)"},{"key":"10_CR28","unstructured":"The Open Web Application Security Project. www.owasp.org . Accessed 18 Oct 2017"},{"key":"10_CR29","unstructured":"OWASP Zed Attack Proxy Project. https:\/\/www.owasp.org\/index.php\/OWASP_Zed_Attack_Proxy_Project . Accessed 2 Nov 2017"},{"issue":"1","key":"10_CR30","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/TDSC.2011.34","volume":"9","author":"N Poolsappasit","year":"2012","unstructured":"Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61\u201374 (2012)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10_CR31","unstructured":"Refsdal, A., Erdogan, G., Aprile, G., Poidomani, S., Colgiago, R., Gonzalez, A., Alvarez, A., Gonz\u00e1lez, S., Arce, C.H., Lombardi, P., Mannella, R.: D3.4 - cyber risk modelling language and guidelines, final version. Technical report D3.4, WISER (2017)"},{"key":"10_CR32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-23570-7","volume-title":"Cyber-Risk Management","author":"A Refsdal","year":"2015","unstructured":"Refsdal, A., Solhaug, B., St\u00f8len, K.: Cyber-Risk Management. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-23570-7"},{"key":"10_CR33","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1007\/978-3-642-02056-8_14","volume-title":"Trust Management III","author":"A Refsdal","year":"2009","unstructured":"Refsdal, A., St\u00f8len, K.: Employing key indicators to provide a dynamic risk picture with a notion of confidence. In: Ferrari, E., Li, N., Bertino, E., Karabulut, Y. (eds.) IFIPTM 2009. IAICT, vol. 300, pp. 215\u2013233. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-02056-8_14"},{"key":"10_CR34","unstructured":"The R Project for Statistical Computing. https:\/\/www.r-project.org . Accessed 19 Oct 2017"},{"key":"10_CR35","doi-asserted-by":"crossref","unstructured":"Solhaug, B., St\u00f8len, K.: The CORAS language - why it is designed the way it is. In: Proceedings of the 11th International Conference on Structural Safety & Reliability (ICOSSAR 2013), pp. 3155\u20133162. Taylor and Francis (2013)","DOI":"10.1201\/b16387-456"},{"key":"10_CR36","unstructured":"\u010cernivec, A., Alvarez, A., Gonz\u00e1lez, S., Arce, C.H., \u017ditnik, A., Plestenjak, R., Biasibetti, A.L.: D4.2 - WISER Monitoring Infrastructure. Technical report D4.2, WISER (2016)"},{"issue":"2","key":"10_CR37","first-page":"56","volume":"10","author":"M Velasquez","year":"2013","unstructured":"Velasquez, M., Hester, P.T.: An analysis of multi-criteria decision making methods. Int. J. Oper. Res. 10(2), 56\u201366 (2013)","journal-title":"Int. J. Oper. Res."},{"key":"10_CR38","unstructured":"Web Application Attack and Audit Framework. http:\/\/w3af.org\/ . Accessed 2 Nov 2017"},{"key":"10_CR39","unstructured":"Wide-Impact cyber SEcurity Risk framework (WISER). https:\/\/www.cyberwiser.eu\/ . Accessed 16 Oct 2017"}],"container-title":["Lecture Notes in Computer Science","Graphical Models for Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-74860-3_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,12]],"date-time":"2022-08-12T20:29:27Z","timestamp":1660336167000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-74860-3_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319748597","9783319748603"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-74860-3_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}