{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,13]],"date-time":"2025-02-13T05:26:12Z","timestamp":1739424372430,"version":"3.37.0"},"publisher-location":"Berlin, Heidelberg","reference-count":50,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642041402"},{"type":"electronic","value":"9783642041419"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-04141-9_11","type":"book-chapter","created":{"date-parts":[[2009,10,15]],"date-time":"2009-10-15T14:42:03Z","timestamp":1255617723000},"page":"227-249","source":"Crossref","is-referenced-by-count":1,"title":["Ontology Guided Risk Analysis: From Informal Specifications to Formal Metrics"],"prefix":"10.1007","author":[{"given":"Robin","family":"Gandhi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Seok-Won","family":"Lee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Aagedal, J.O., den Braber, F., Dimitrakos, T., Gran, B.A., Raptis, D., Stolen, K.: Model-based risk assessment to improve enterprise security. In: Proceedings of the 6th International Enterprise Distributed Object Computing Conference, pp. 51\u201362 (2002)","DOI":"10.1109\/EDOC.2002.1137696"},{"issue":"6","key":"11_CR2","doi-asserted-by":"publisher","first-page":"758","DOI":"10.1109\/32.6156","volume":"14","author":"V.R. Basili","year":"1988","unstructured":"Basili, V.R., Rombach, H.D.: The TAME project: Towards improvement-oriented software environments. IEEE Transactions on Software Engineering\u00a014(6), 758\u2013773 (1988)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Breaux, T.D., Vail, M.W., Ant\u00f3n, A.I.: Towards Regulatory Compliance: Extracting Rights & Obligations to Align Requirements with Regulations. In: Proc. 14th Int\u2019l Conf. on RE 2006, pp. 49\u201358 (2006)","DOI":"10.1109\/RE.2006.68"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"Butler, S.A.: Security Attribute Evaluation Method: A Cost Benefit Approach. In: Proceedings of the 24th International Conference on Software Engineering, May 2002, pp. 232\u2013240 (2002)","DOI":"10.1145\/581339.581370"},{"key":"11_CR5","unstructured":"Butler, S.A., Shaw, M.: Incorporating Nontechnical Attributes in Multi-Attribute Analysis for Security. In: Proceedings of the Workshop on Economics-Driven Software Engineering Research (2002), http:\/\/www-2.cs.cmu.edu\/~shawnb\/EDSERIV.pdf"},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Carr, M.J., et al.: Taxonomy-Based Risk Identification. Tech. Report CMU\/SEI-93-TR-6 ESC-TR-93-183 (1993)","DOI":"10.21236\/ADA266992"},{"key":"11_CR7","first-page":"600","volume-title":"Proceedings of the 15th National\/10th Conference on Artificial intelligence\/innovative Applications of Artificial intelligence","author":"V.K. Chaudhri","year":"1998","unstructured":"Chaudhri, V.K., Farquhar, A., Fikes, R., Karp, P.D., Rice, J.P.: OKBC: a programmatic foundation for knowledge base interoperability. In: Proceedings of the 15th National\/10th Conference on Artificial intelligence\/innovative Applications of Artificial intelligence, pp. 600\u2013607. AAAI, Menlo Park (1998)"},{"key":"11_CR8","volume-title":"Managing Information Security Risks: The OCTAVE(SM) Approach","author":"C. Alberts","year":"2002","unstructured":"Alberts, C., Dorofee, A.: Managing Information Security Risks: The OCTAVE(SM) Approach. Addison-Wesley Professional, Reading (2002)"},{"key":"11_CR9","unstructured":"Common Criteria, Part 1: Introduction and General Model, v2.3, ISO\/IEC 15408 (August 2005)"},{"key":"11_CR10","unstructured":"Common Weakness Enumeration, http:\/\/cve.mitre.org\/cwe\/"},{"key":"11_CR11","unstructured":"Davis, T.: Federal Computer Security Report Card Grades. Press Release (2004)"},{"key":"11_CR12","unstructured":"DoD 8510.1-M: DITSCAP Application Manual (2000)"},{"key":"11_CR13","unstructured":"DoD Instruction 5200.40: DITSCAP (1997)"},{"key":"11_CR14","unstructured":"DoDI 8500.2: IA Implementation (February 2003)"},{"issue":"4","key":"11_CR15","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1007\/s00766-002-0160-y","volume":"8","author":"M.S. Feather","year":"2003","unstructured":"Feather, M.S., Cornford, S.L.: Quantitative risk-based requirements reasoning. Requirements Engineering Journal\u00a08(4), 248\u2013265 (2003)","journal-title":"Requirements Engineering Journal"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Gandhi, R.A., Lee, S.W.: Discovering and Understanding Multi-dimensional Correlations among Certification Requirements with application to Risk Assessment. In: Proceedings of the 15th IEEE International Requirements Engineering Conference (RE 07), Delhi, India, October 15-19, (2007)","DOI":"10.1109\/RE.2007.46"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Gandhi, R.A., Lee, S.W.: Visual Analytics for Requirements-driven Risk Assessment. In: The Proceedings of 2nd International Workshop on Requirements Engineering Visualization (REV 2007) at the 15th IEEE International Requirements Engineering Conference (RE 2007), Delhi, India, October 15-19 (2007)","DOI":"10.1109\/REV.2007.6"},{"key":"11_CR18","volume-title":"Formal Concept Analysis","author":"B. Ganter","year":"1996","unstructured":"Ganter, B., Wille, R.: Formal Concept Analysis. Springer, Heidelberg (1996)"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Jackson, M.: The Meaning of Requirements, in Annals of Software Engineering, vol.\u00a03, pp. 5\u201321. Baltzer Science Publication (1997)","DOI":"10.1023\/A:1018990005598"},{"key":"11_CR20","volume-title":"Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS 2005) in conjunction with the 13th IEEE International Requirements Engineering Conference (RE 2005)","author":"E. Johansson","year":"2005","unstructured":"Johansson, E., Johnson, P.: Assessment of Enterprise Information Security - Estimating the Credibility of the Results. In: Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS 2005) in conjunction with the 13th IEEE International Requirements Engineering Conference (RE 2005), Paris, France, 8\/29 \u2013 9\/2. IEEE Press, Los Alamitos (2005)"},{"issue":"2","key":"11_CR21","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1016\/S0169-023X(99)00047-6","volume":"33","author":"N. Juristo","year":"2000","unstructured":"Juristo, N., Moreno, A.M.: Introductory paper: Reflections on Conceptual Modeling. Data & Knowledge Engineering\u00a033(2), 103\u2013117 (2000)","journal-title":"Data & Knowledge Engineering"},{"key":"11_CR22","volume-title":"The Balanced Scorecard: Translating Strategy into Action","author":"R.S. Kaplan","year":"1996","unstructured":"Kaplan, R.S., Norton, D.P.: The Balanced Scorecard: Translating Strategy into Action. Harvard Business School Press, Boston (1996)"},{"key":"11_CR23","unstructured":"Kimbell, J., Walrath, M.: Life Cycle Security and DITSCAP. IANewsletter\u00a04(2) (Spring 2001), http:\/\/iac.dtic.mil\/iatac"},{"issue":"1","key":"11_CR24","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1049\/sej.1996.0002","volume":"11","author":"G. Kotonya","year":"1996","unstructured":"Kotonya, G., Sommerville, I.: Requirements engineering with viewpoints. Software Engineering Journal\u00a011(1), 5\u201318 (1996)","journal-title":"Software Engineering Journal"},{"issue":"2","key":"11_CR25","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1002\/spip.313","volume":"12","author":"S.W. Lee","year":"2007","unstructured":"Lee, S.W., Gandhi, R.A., Ahn, G.: Certification Process Artifacts Defined as Measurable Units for Software-intensive Systems Lifecycle. International Journal on Software Process: Improvement and Practice\u00a012(2), 165\u2013189 (2007)","journal-title":"International Journal on Software Process: Improvement and Practice"},{"key":"11_CR26","doi-asserted-by":"crossref","unstructured":"Lee, S.W., Gandhi, R.A., Wagle, S.J., Murty, A.B.: r-AnalytiCA Workbench: Requirements Analytics for Certification & Accreditation. In: Proceedings of the IEEE 15th International Requirements Engineering Conference (RE 2007), Posters, Demos and Exhibits Session, Delhi, India, October 15-19 (2007)","DOI":"10.1109\/RE.2007.34"},{"issue":"6","key":"11_CR27","doi-asserted-by":"publisher","first-page":"851","DOI":"10.1142\/S0218194006003051","volume":"16","author":"S.W. Lee","year":"2006","unstructured":"Lee, S.W., Muthurajan, D., Gandhi, R.A., Yavagal, D., Ahn, G.: Building Decision Support Problem Domain Ontology from Security Requirements to Engineer Software-intensive Systems. International Journal on Software Engineering and Knowledge Engineering\u00a016(6), 851\u2013884 (2006)","journal-title":"International Journal on Software Engineering and Knowledge Engineering"},{"key":"11_CR28","first-page":"481","volume-title":"Proceedings of the 12th Asia-Pacific Software Engineering Conference (APSEC 2005)","author":"S.W. Lee","year":"2005","unstructured":"Lee, S.W., Gandhi, R.A.: Ontology-based Active Requirements Engineering Framework. In: Proceedings of the 12th Asia-Pacific Software Engineering Conference (APSEC 2005), Taipei, Taiwan, December 15-17, 2005, pp. 481\u2013490. IEEE Computer Society Press, Los Alamitos (2005)"},{"issue":"12","key":"11_CR29","first-page":"20","volume":"19","author":"S.W. Lee","year":"2006","unstructured":"Lee, S.W., Gandhi, R.A.: Requirements as Enablers for Software Assurance. CrossTalk: The Journal of Defense Software Engineering\u00a019(12), 20\u201324 (2006)","journal-title":"CrossTalk: The Journal of Defense Software Engineering"},{"key":"11_CR30","unstructured":"Lee, S.W., Gandhi, R.A., Wagle, S.J.: Ontology-guided Service-oriented Architecture Composition to Support Complex and Evolving Process Definitions. To appear in the International Journal of Software Engineering and Knowledge Engineering(March 2008) (accepted July 14, 2008)"},{"issue":"3","key":"11_CR31","first-page":"315","volume":"3","author":"S.W. Lee","year":"2004","unstructured":"Lee, S.W., Rine, D.C.: Missing Requirements and Relationship Discovery through Proxy Viewpoints Model. Studia Informatica Universalis: International Journal on Informatics\u00a03(3), 315\u2013342 (2004)","journal-title":"Studia Informatica Universalis: International Journal on Informatics"},{"key":"11_CR32","unstructured":"Lee, S.W., Wagle, S., Gandhi, R.A.: GenOM\/GenOM-DB Programmer\u2019s Guide. Version 3, Technical Report TR-NISE-07-04, Knowledge Intensive Software Engineering Research Group, Dept. of Software and Information Systems, UNC Charlotte (2007)"},{"issue":"4","key":"11_CR33","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2005.98","volume":"3","author":"D. Lekkas","year":"2005","unstructured":"Lekkas, D., Spinellis, D.: Handling and Reporting Security Advisories: A Scorecard Approach. IEEE Security and Privacy Magazine\u00a03(4), 32\u201341 (2005)","journal-title":"IEEE Security and Privacy Magazine"},{"key":"11_CR34","volume-title":"Security Quality Requirements Engineering (SQUARE) Methodology. Technical Report (CMU\/SEI-2005-TR-009)","author":"N.R. Mead","year":"2005","unstructured":"Mead, N.R., Hough, E., Stehney, T.: Security Quality Requirements Engineering (SQUARE) Methodology. Technical Report (CMU\/SEI-2005-TR-009). Software Engineering Institute, Carnegie Mellon University, Pittsburgh (2005)"},{"key":"11_CR35","unstructured":"Moffett, J.D., Haley, C.B., Nuseibeh, B.A.: Core Security Requirements Artefacts. Technical Report 2004\/23. Department of Computing, The Open University, Milton Keynes (June 2004)"},{"key":"11_CR36","unstructured":"Black, P.E.: SAMATE\u2019s contribution to Information Assurance. IAnewsletter\u00a09(2) (Fall 2006), http:\/\/iac.dtic.mil\/iatac"},{"key":"11_CR37","doi-asserted-by":"crossref","unstructured":"Robinson, W.N., Pawlowski, S.: Surfacing Root Requirements Interactions from Inquiry Cycle Requirements. In: Proc. 6th Int\u2019l Conf. on RE, pp. 82\u201389 (1998)","DOI":"10.1109\/ICRE.1998.667812"},{"key":"11_CR38","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1023\/A:1018939700514","volume":"10","author":"C. Rolland","year":"2000","unstructured":"Rolland, C., Prakash, N.: From conceptual modeling to requirements engineering. Annals of Software Engineering\u00a010, 151\u2013176 (2000)","journal-title":"Annals of Software Engineering"},{"key":"11_CR39","unstructured":"SAMATE Reference Dataset, http:\/\/samate.nist.gov\/SRD\/"},{"issue":"1","key":"11_CR40","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1007\/BF02802920","volume":"3","author":"A. Sutcliffe","year":"1998","unstructured":"Sutcliffe, A.: Scenario-based requirements analysis. Requirements Engineering Journal\u00a03(1), 48\u201365 (1998)","journal-title":"Requirements Engineering Journal"},{"key":"11_CR41","doi-asserted-by":"crossref","unstructured":"Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: Security Metrics Guide for Information Technology Systems. NIST Special Publication #800-55, Gaithersburg, MD, USA (2003)","DOI":"10.6028\/NIST.SP.800-55"},{"key":"11_CR42","unstructured":"Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: Security Metrics Guide for Information Technology Systems. In: NIST Special Publication #800-55, Revised as Performance Measurement Guide for Information Security, Gaithersburg, MD, USA (July 2008)"},{"issue":"1","key":"11_CR43","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/MIS.1999.747901","volume":"14","author":"W. Swartout","year":"1999","unstructured":"Swartout, W., Tate, A.: Ontologies. IEEE Intelligent Systems\u00a014(1), 18\u201319 (1999)","journal-title":"IEEE Intelligent Systems"},{"issue":"6","key":"11_CR44","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1109\/MSP.2005.159","volume":"3","author":"K. Tsipenyuk","year":"2005","unstructured":"Tsipenyuk, K., Chess, B., McGraw, G.: Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors. IEEE Security & Privacy Magazine\u00a03(6), 81\u201384 (2005)","journal-title":"IEEE Security & Privacy Magazine"},{"key":"11_CR45","doi-asserted-by":"crossref","unstructured":"van Lamsweerde, A.: Goal-oriented requirements engineering: a guided tour. In: Proceedings of the fifth IEEE International Symposium on Requirements Engineering, August 2001, pp. 249\u2013262 (2001)","DOI":"10.1109\/ISRE.2001.948567"},{"key":"11_CR46","doi-asserted-by":"crossref","unstructured":"Vaughn, R.B., Henning, R., Siraj, A.: Information Assurance Measures and Metrics \u2013 State of Practice and Proposed Taxonomy. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences, pp. 331\u2013340 (2003)","DOI":"10.1109\/HICSS.2003.1174904"},{"issue":"4","key":"11_CR47","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1109\/MSP.2004.55","volume":"2","author":"D. Verdon","year":"2004","unstructured":"Verdon, D., McGraw, G.: Risk Analysis in Software Design. IEEE Security & Privacy Magazine\u00a02(4), 79\u201384 (2004)","journal-title":"IEEE Security & Privacy Magazine"},{"issue":"6","key":"11_CR48","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1145\/777313.777315","volume":"46","author":"H. Wang","year":"2003","unstructured":"Wang, H., Wang, C.: Taxonomy of Security Considerations and Software Quality. Communications of the ACM\u00a046(6), 75\u201378 (2003)","journal-title":"Communications of the ACM"},{"key":"11_CR49","doi-asserted-by":"crossref","unstructured":"Wasson, K.S.: A Case Study in Systematic Improvement of Language for Requirements. In: 14th Int\u2019l RE Conf., pp. 6\u201315 (2006)","DOI":"10.1109\/RE.2006.5"},{"issue":"5","key":"11_CR50","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/MCG.2004.39","volume":"24","author":"P.C. Wong","year":"2004","unstructured":"Wong, P.C., Thomas, J.: Visual Analytics. IEEE Computer Graphics and Applications\u00a024(5), 20\u201321 (2004)","journal-title":"IEEE Computer Graphics and Applications"}],"container-title":["Studies in Computational Intelligence","Advances in Information and Intelligent Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04141-9_11.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T19:49:30Z","timestamp":1739389770000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04141-9_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642041402","9783642041419"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04141-9_11","relation":{},"ISSN":["1860-949X","1860-9503"],"issn-type":[{"type":"print","value":"1860-949X"},{"type":"electronic","value":"1860-9503"}],"subject":[],"published":{"date-parts":[[2009]]}}}