{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T04:01:05Z","timestamp":1771473665235,"version":"3.50.1"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319748597","type":"print"},{"value":"9783319748603","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-74860-3_3","type":"book-chapter","created":{"date-parts":[[2018,1,18]],"date-time":"2018-01-18T09:34:39Z","timestamp":1516268079000},"page":"38-56","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":20,"title":["Visualizing Cyber Security Risks with Bow-Tie Diagrams"],"prefix":"10.1007","author":[{"given":"Karin","family":"Bernsmed","sequence":"first","affiliation":[]},{"given":"Christian","family":"Fr\u00f8ystad","sequence":"additional","affiliation":[]},{"given":"Per H\u00e5kon","family":"Meland","sequence":"additional","affiliation":[]},{"given":"Dag Atle","family":"Nesheim","sequence":"additional","affiliation":[]},{"given":"\u00d8rnulf Jan","family":"R\u00f8dseth","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,1,19]]},"reference":[{"key":"3_CR1","unstructured":"ISO\/IEC 27005 Information technology - Security techniques - Information security risk management. Technical rep. (2008). http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=56742"},{"key":"3_CR2","unstructured":"Digitale Sarbarheter Maritim Sektor: Technical rep. (2015). https:\/\/www.regjeringen.no\/contentassets\/fe88e9ea8a354bd1b63bc0022469f644\/no\/sved\/7.pdf"},{"key":"3_CR3","volume-title":"Reliability and Risk Assessment","author":"JD Andrews","year":"2002","unstructured":"Andrews, J.D., Moss, T.R.: Reliability and Risk Assessment. Wiley-Blackwell, Hoboken (2002)"},{"issue":"1","key":"3_CR4","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1109\/JPROC.2011.2165689","volume":"100","author":"A Banerjee","year":"2012","unstructured":"Banerjee, A., Venkatasubramanian, K.K., Mukherjee, T., Gupta, S.K.S.: Ensuring safety, security, and sustainability of mission-critical cyber-physical systems. Proc. IEEE 100(1), 283\u2013299 (2012)","journal-title":"Proc. IEEE"},{"issue":"3","key":"3_CR5","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1109\/MSP.2011.2","volume":"9","author":"J Bau","year":"2011","unstructured":"Bau, J., Mitchell, J.C.: Security modeling and analysis. IEEE Secur. Priv. 9(3), 18\u201325 (2011)","journal-title":"IEEE Secur. Priv."},{"issue":"1","key":"3_CR6","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1002\/navi.183","volume":"64","author":"J Bhatti","year":"2016","unstructured":"Bhatti, J., Humphreys, T.: Hostile control of ships via false GPS signals: demonstration and detection. Navigation 64(1), 51\u201366 (2016)","journal-title":"Navigation"},{"key":"3_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1007\/978-3-319-10557-4_30","volume-title":"Computer Safety, Reliability, and Security","author":"P Bieber","year":"2014","unstructured":"Bieber, P., Brunel, J.: From safety models to security models: preliminary lessons learnt. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 269\u2013281. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-10557-4_30"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Byers, D., Ardi, S., Shahmehri, N., Duma, C.: Modeling software vulnerabilities with vulnerability cause graphs. In: Proceedings of the International Conference on Software Maintenance (ICSM 2006), pp. 411\u2013422 (2006)","DOI":"10.1109\/ICSM.2006.40"},{"key":"3_CR9","unstructured":"Casey, T.: Threat agent library helps identify information security risks (2007). https:\/\/communities.intel.com\/docs\/DOC-1151"},{"key":"3_CR10","unstructured":"CGE Risk Management Solutions: Using bowties for it security (2017). https:\/\/www.cgerisk.com\/knowledge-base\/risk-assessment\/using-bowties-for-it-security"},{"issue":"3","key":"3_CR11","doi-asserted-by":"crossref","first-page":"276","DOI":"10.1016\/j.jhazmat.2005.07.018","volume":"130","author":"FR Chevreau","year":"2006","unstructured":"Chevreau, F.R., Wybo, J.L., Cauchois, D.: Organizing learning processes on risks by using the bow-tie representation. J. Hazard. Mater. 130(3), 276\u2013283 (2006)","journal-title":"J. Hazard. Mater."},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. arXiv preprint arXiv:1707.02140 (2017)","DOI":"10.1007\/978-3-319-71368-7_5"},{"key":"3_CR13","unstructured":"Cimpean, D., Meire, J., Bouckaert, V., Vande Casteele, S., Pelle, A., Hellebooge, L.: Analysis of cyber security aspects in the maritime sector. ENISA, 19 December (2011). https:\/\/www.enisa.europa.eu\/publications\/cyber-security-aspects-in-the-maritime-sector-1"},{"issue":"4","key":"3_CR14","doi-asserted-by":"crossref","first-page":"307","DOI":"10.1205\/psep.04380","volume":"83","author":"J Cockshott","year":"2005","unstructured":"Cockshott, J.: Probability bow-ties: a transparent risk management tool. Process Saf. Environ. Prot. 83(4), 307\u2013316 (2005)","journal-title":"Process Saf. Environ. Prot."},{"issue":"3","key":"3_CR15","doi-asserted-by":"crossref","first-page":"220","DOI":"10.1016\/j.jhazmat.2005.07.010","volume":"130","author":"V Dianous De","year":"2006","unstructured":"De Dianous, V., Fi\u00e9vez, C.: Aramis project: a more explicit demonstration of risk control through the use of bow-tie diagrams and the evaluation of safety barrier performance. J. Hazard. Mater. 130(3), 220\u2013233 (2006)","journal-title":"J. Hazard. Mater."},{"key":"3_CR16","unstructured":"DNV-GL AS: Recommended practice. Cyber security resilience management for ships and mobile offshore units in operation (2016). DNVGL-RP-0496"},{"issue":"1","key":"3_CR17","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.psep.2011.08.010","volume":"91","author":"R Ferdous","year":"2013","unstructured":"Ferdous, R., Khan, F., Sadiq, R., Amyotte, P., Veitch, B.: Analyzing system safety and risks under uncertainty using a bow-tie diagram: an innovative approach. Process Saf. Environ. Prot. 91(1), 1\u201318 (2013)","journal-title":"Process Saf. Environ. Prot."},{"issue":"1","key":"3_CR18","first-page":"18","volume":"22","author":"PR Garvey","year":"1998","unstructured":"Garvey, P.R., Lansdowne, Z.F.: Risk matrix: an approach for identifying, assessing, and ranking program risks. Air Force J. Logistics 22(1), 18\u201321 (1998)","journal-title":"Air Force J. Logistics"},{"issue":"2","key":"3_CR19","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1057\/ejis.2011.54","volume":"21","author":"G Goldkuhl","year":"2012","unstructured":"Goldkuhl, G.: Pragmatism vs interpretivism in qualitative information systems research. Eur. J. Inf. Syst. 21(2), 135\u2013146 (2012)","journal-title":"Eur. J. Inf. Syst."},{"issue":"1","key":"3_CR20","first-page":"93","volume":"1","author":"P Hall","year":"2015","unstructured":"Hall, P., Heath, C., Coles-Kemp, L.: Critical visualization: a case for rethinking how we visualize risk and security. J. Cybersecurity 1(1), 93\u2013108 (2015)","journal-title":"J. Cybersecurity"},{"key":"3_CR21","doi-asserted-by":"crossref","unstructured":"Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75\u2013105 (2004). http:\/\/dl.acm.org\/citation.cfm?id=2017212.2017217","DOI":"10.2307\/25148625"},{"key":"3_CR22","unstructured":"Paul, H.: Security: Bow Tie for Cyber Security (0x01): Ho... \u2014 PI Square (2016). https:\/\/pisquare.osisoft.com\/groups\/security\/blog\/2016\/08\/02\/bow-tie-for-cyber-security-0x01-how-to-tie-a-cyber-bow-tie"},{"key":"3_CR23","unstructured":"IMO: Revised guidelines for Formal Safety Assessment (FSA) for use in the IMO rule-making process (2013)"},{"key":"3_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/3-540-45800-X_32","volume-title":"UML 2002 \u2014 The Unified Modeling Language","author":"J J\u00fcrjens","year":"2002","unstructured":"J\u00fcrjens, J.: UMLsec: extending UML for secure systems development. In: J\u00e9z\u00e9quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412\u2013425. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45800-X_32"},{"key":"3_CR25","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1016\/j.ress.2012.04.003","volume":"104","author":"N Khakzad","year":"2012","unstructured":"Khakzad, N., Khan, F., Amyotte, P.: Dynamic risk analysis using bow-tie approach. Reliab. Eng. Syst. Saf. 104, 36\u201344 (2012)","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"3_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/978-3-642-19751-2_6","volume-title":"Formal Aspects of Security and Trust","author":"B Kordy","year":"2011","unstructured":"Kordy, B., Mauw, S., Radomirovi\u0107, S., Schweitzer, P.: Foundations of attack\u2013defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80\u201395. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19751-2_6"},{"key":"3_CR27","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1016\/j.ress.2015.02.008","volume":"139","author":"S Kriaa","year":"2015","unstructured":"Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156\u2013178 (2015)","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"3_CR28","doi-asserted-by":"crossref","unstructured":"Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 25\u201332. IEEE (2017)","DOI":"10.1109\/HASE.2017.12"},{"issue":"3","key":"3_CR29","first-page":"194","volume":"34","author":"WS Lee","year":"1985","unstructured":"Lee, W.S., Grosh, D.L., Tillman, F.A., Lie, C.H.: Fault tree analysis, methods, and applications; a review. IEEE Trans. Reliab. 34(3), 194\u2013203 (1985)","journal-title":"IEEE Trans. Reliab."},{"key":"3_CR30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8","volume-title":"Model-Driven Risk Analysis: The CORAS Approach","author":"MS Lund","year":"2010","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-12323-8"},{"key":"3_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/11734727_17","volume-title":"Information Security and Cryptology - ICISC 2005","author":"S Mauw","year":"2006","unstructured":"Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186\u2013198. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11734727_17"},{"key":"3_CR32","doi-asserted-by":"crossref","unstructured":"Meland, P.H., Gj\u00e6re, E.A.: Representing threats in BPMN 2.0. In: 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 542\u2013550. IEEE (2012)","DOI":"10.1109\/ARES.2012.13"},{"key":"3_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-642-11747-3_9","volume-title":"Engineering Secure Software and Systems","author":"PH Meland","year":"2010","unstructured":"Meland, P.H., T\u00f8ndel, I.A., Jensen, J.: Idea: reusability of threat models \u2013 two approaches with an experimental evaluation. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 114\u2013122. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-11747-3_9"},{"key":"3_CR34","unstructured":"Michel, C.D., Thomas, P.F., Tucci, A.E.: Cyber Risks in the Marine Transportation System. The U.S. Coast Guard Approach"},{"key":"3_CR35","unstructured":"Mohr, R.: Evaluating cyber risk in engineering environments: a proposed framework and methodology. SANS Institute (2016). https:\/\/www.sans.org\/reading-room\/whitepapers\/ICS\/evaluating-cyber-risk-engineering-environments-proposed-framework-methodology-37017"},{"key":"3_CR36","unstructured":"Nesheim, D., R\u00f8dseth, \u00d8., Bernsmed, K., Fr\u00f8ystad, C., Meland, P.: Risk model and analysis. Technical rep., CySIMS (2017)"},{"key":"3_CR37","unstructured":"NevilleClarke: Taking-off with BowTie (2013). http:\/\/www.nevilleclarke.com\/indonesia\/articles\/topic\/52\/title\/"},{"issue":"10","key":"3_CR38","doi-asserted-by":"crossref","first-page":"1269","DOI":"10.1016\/j.ssci.2010.04.005","volume":"48","author":"H Ni","year":"2010","unstructured":"Ni, H., Chen, A., Chen, N.: Some extensions on risk matrix approach. Saf. Sci. 48(10), 1269\u20131278 (2010)","journal-title":"Saf. Sci."},{"key":"3_CR39","unstructured":"Nielsen, D.S.: The cause\/consequence diagram method as a basis for quantitative accident analysis. Technical rep., Danish Atomic Energy Commission (1971)"},{"key":"3_CR40","doi-asserted-by":"crossref","unstructured":"Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms, pp. 71\u201379. ACM (1998)","DOI":"10.1145\/310889.310919"},{"key":"3_CR41","doi-asserted-by":"crossref","first-page":"110","DOI":"10.1016\/j.ress.2012.09.011","volume":"110","author":"L Pi\u00e8tre-Cambac\u00e9d\u00e8s","year":"2013","unstructured":"Pi\u00e8tre-Cambac\u00e9d\u00e8s, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110\u2013126 (2013)","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"3_CR42","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"347","DOI":"10.1007\/978-3-642-31072-0_24","volume-title":"Enterprise, Business-Process and Information Systems Modeling","author":"C Raspotnig","year":"2012","unstructured":"Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS\/EMMSAD -2012. LNBIP, vol. 113, pp. 347\u2013361. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-31072-0_24"},{"key":"3_CR43","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1016\/j.cosrev.2015.03.001","volume":"15","author":"E Ruijters","year":"2015","unstructured":"Ruijters, E., Stoelinga, M.: Fault tree analysis: a survey of the state-of-the-art in modeling, analysis and tools. Comput. Sci. Rev. 15, 29\u201362 (2015)","journal-title":"Comput. Sci. Rev."},{"key":"3_CR44","unstructured":"Santamarta, R.: A wake-up call for satcom security. Technical White Paper (2014)"},{"issue":"12","key":"3_CR45","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobbs J. 24(12), 21\u201329 (1999)","journal-title":"Dr. Dobbs J."},{"key":"3_CR46","doi-asserted-by":"crossref","unstructured":"Sha, L., Gopalakrishnan, S., Liu, X., Wang, Q.: Cyber-physical systems: a new frontier. In: IEEE International Conference on Sensor Networks, Ubiquitous and Trustworthy Computing, SUTC 2008, pp. 1\u20139. IEEE (2008)","DOI":"10.1109\/SUTC.2008.85"},{"key":"3_CR47","unstructured":"Shostack, A.: Threat Modeling: Designing for Security. Wiley (2014)"},{"key":"3_CR48","volume-title":"The Sciences of the Artificial","author":"HA Simon","year":"1996","unstructured":"Simon, H.A.: The Sciences of the Artificial. MIT Press, Cambridge (1996)"},{"issue":"1","key":"3_CR49","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","volume":"10","author":"G Sindre","year":"2005","unstructured":"Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34\u201344 (2005)","journal-title":"Requirements Eng."},{"key":"3_CR50","doi-asserted-by":"crossref","unstructured":"Sun, M., Mohan, S., Sha, L., Gunter, C.: Addressing safety and security contradictions in cyber-physical systems. In: Proceedings of the 1st Workshop on Future Directions in Cyber-Physical Systems Security (CPSSW 2009) (2009)","DOI":"10.1145\/1558607.1558609"},{"issue":"1","key":"3_CR51","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1025598106257","volume":"27","author":"WK Viscusi","year":"2003","unstructured":"Viscusi, W.K., Aldy, J.E.: The value of a statistical life: a critical review of market estimates throughout the world. J. Risk Uncertainty 27(1), 5\u201376 (2003)","journal-title":"J. Risk Uncertainty"},{"key":"3_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1007\/3-540-45416-0_2","volume-title":"Computer Safety, Reliability and Security","author":"R Winther","year":"2001","unstructured":"Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 14\u201324. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45416-0_2"},{"key":"3_CR53","unstructured":"Zalewski, J., Drager, S., McKeever, W., Kornecki, A.J.: Towards experimental assessment of security threats in protecting the critical infrastructure. In: Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2012, Wroclaw, Poland (2012)"}],"container-title":["Lecture Notes in Computer Science","Graphical Models for Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-74860-3_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,29]],"date-time":"2025-06-29T22:26:33Z","timestamp":1751235993000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-74860-3_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319748597","9783319748603"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-74860-3_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}