{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T05:24:40Z","timestamp":1754112280735,"version":"3.38.0"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642214233"},{"type":"electronic","value":"9783642214240"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-21424-0_21","type":"book-chapter","created":{"date-parts":[[2011,6,15]],"date-time":"2011-06-15T11:52:47Z","timestamp":1308138767000},"page":"259-270","source":"Crossref","is-referenced-by-count":9,"title":["Problem Analysis of Traditional IT-Security Risk Assessment Methods \u2013 An Experience Report from the Insurance and Auditing Domain"],"prefix":"10.1007","author":[{"given":"Stefan","family":"Taubenberger","sequence":"first","affiliation":[]},{"given":"Jan","family":"J\u00fcrjens","sequence":"additional","affiliation":[]},{"given":"Yijun","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Bashar","family":"Nuseibeh","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"21_CR1","unstructured":"ENISA 2007-2008 ad hoc Working Group on Risk Assessment\/Risk Management. Determining your organization\u2019s information risk assessment and management requirements and selecting appropriate methodologies (2008)"},{"key":"21_CR2","doi-asserted-by":"crossref","DOI":"10.21236\/ADA634134","volume-title":"Introduction to the OCTAVE Approach","author":"C. Alberts","year":"2003","unstructured":"Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the OCTAVE Approach. Carnegie Mellon Software Engineering Institute, Pittsburgh, USA (August 2003)"},{"key":"21_CR3","first-page":"1","volume":"14","author":"S. Alter","year":"2004","unstructured":"Alter, S., Sherer, S.: A general, but readily adaptable model of information system risk. Communications of the Association for Information Systems\u00a014, 1\u201328 (2004)","journal-title":"Communications of the Association for Information Systems"},{"key":"21_CR4","volume-title":"Empirical and statistical analysis of risk analysis-driven techniques for threat management","author":"K. Buyens","year":"2007","unstructured":"Buyens, K., DeWin, B., Joosen, W.: Empirical and statistical analysis of risk analysis-driven techniques for threat management. IEEE Computer Society, Los Alamitos (2007)"},{"key":"21_CR5","unstructured":"Campbell, P., Stamp, J.: A classification scheme for risk assessment methods. Sandia Report, Sand2004-4233 (2004)"},{"key":"21_CR6","first-page":"1999","volume":"4360","author":"Australian\/New Zealand Standards Comittee","year":"1999","unstructured":"Australian\/New Zealand Standards Comittee. Risk management ASNZ 4360:1999 (1999)","journal-title":"Risk management ASNZ"},{"key":"21_CR7","unstructured":"ENISA. Inventory of risk assessment and risk management methods, ENISA ad hoc working group on risk assessment and risk management (March 2006)"},{"key":"21_CR8","doi-asserted-by":"crossref","unstructured":"Feather, M., Cornford, S.: Relating risk and reliability predictions to design and development choices. In: Proceedings of the Annual Reliability and Maintainability Symposium (RAMS), Newport Beach, CA, January 23-26 (2006)","DOI":"10.1109\/RAMS.2006.1677422"},{"key":"21_CR9","unstructured":"Frachot, A., Roncalli, T.: Mixing internal and external data for managing operational risk (2002)"},{"key":"21_CR10","doi-asserted-by":"publisher","first-page":"577","DOI":"10.1016\/S0167-4048(01)00706-4","volume":"20","author":"M. Gerber","year":"2002","unstructured":"Gerber, M., von Solms, R.: From risk analysis to security requirements. Computers & Security\u00a020, 577\u2013584 (2002)","journal-title":"Computers & Security"},{"issue":"1","key":"21_CR11","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1108\/09685220110366768","volume":"9","author":"M. Gerber","year":"2001","unstructured":"Gerber, M., von Solms, R., Overbeek, P.: Formalizing information security requirements. Information Management & Computer Security\u00a09(1), 32\u201337 (2001)","journal-title":"Information Management & Computer Security"},{"issue":"1","key":"21_CR12","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1108\/09685229610114178","volume":"4","author":"S. Halliday","year":"1996","unstructured":"Halliday, S., Badenhorst, K., von Solms, R.: A business approach to effective information technology risk analysis and management. Information Management &Computer Security\u00a04(1), 19\u201331 (1996)","journal-title":"Information Management &Computer Security"},{"key":"21_CR13","unstructured":"Houmb, S., J\u00fcrjens, J.: Developing secure networked web-based systems using model-based risk assessment and UMLsec. In: 10th Asia-Pacific Software Engineering Conference (APSEC 2003), Chiangmai, Thailand, December 10-12 (2003)"},{"key":"21_CR14","unstructured":"Jackson, M.: NII-OU Security Workshop @ The Open University (November 2007)"},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Kaplan, S.: The words of risk analysis. Risk Analysis\u00a017(4) (1997)","DOI":"10.1111\/j.1539-6924.1997.tb00881.x"},{"key":"21_CR16","unstructured":"Kinney, W.: Research opportunities in internal auditing - chapter 5 auditing risk assessment and risk management process. The Institute of Internal Auditors Research Foundation (2003)"},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Jiang, S., Cui, Y., Zhang, B., Xia, H.: A qualitative and quantitative risk assessment method in software security. In: 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), vol.\u00a01, pp. V1-534\u2013V1-539 (2010)","DOI":"10.1109\/ICACTE.2010.5578960"},{"key":"21_CR18","first-page":"541","volume-title":"Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development","author":"R. Matulevius","year":"2008","unstructured":"Matulevius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P., Genon, N.: Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development, pp. 541\u2013555. Springer Publishing, Heidelberg (2008)"},{"key":"21_CR19","unstructured":"International Organization of Standardization (ISO). ISO 27005 Information technology - Security techniques - Information security risk management, International Organization of Standardization (ISO) (2008)"},{"key":"21_CR20","unstructured":"P\u00f6ttinger, J.: Self assessed risk management. Master\u2019s thesis, Fachhochschul-Masterstudiengang Sichere Informationssysteme (2009)"},{"key":"21_CR21","unstructured":"Information Security Management References, Corporate Information Security Working Group, Chairman: A. Putnam, Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Government Reform Committee, United States House of Representatives, Mapping of Existing Work on Infosec (Best Practices) Subgroup: C. Kreitner, M. Rasmussen, Coordinators (2004)"},{"issue":"1","key":"21_CR22","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1080\/07421222.1991.11517914","volume":"8","author":"R. Rainer","year":"1991","unstructured":"Rainer, R., Snyder, C., Carr, H.: Risk analysis for information technology. Journal of Management Information Systems\u00a08(1), 129\u2013147 (1991)","journal-title":"Journal of Management Information Systems"},{"key":"21_CR23","unstructured":"Ralston, P., Graham, J., Patel, S.: Literature review of security and risk assessment of SCADA and DCS systems, Technical Report TR-ISRL-06-01 (July 2006)"},{"key":"21_CR24","volume-title":"System Reliability Theory","author":"M. Rausand","year":"2004","unstructured":"Rausand, M.: Risk Analysis An Introduction. In: System Reliability Theory, 2nd edn. Wiley, Chichester (2004)","edition":"2"},{"issue":"2","key":"21_CR25","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1049\/em:20020206","volume":"12","author":"F. Redmill","year":"2002","unstructured":"Redmill, F.: Risk analysis - a subjective process. Engineering Management Journal\u00a012(2), 91\u201396 (2002)","journal-title":"Engineering Management Journal"},{"key":"21_CR26","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1057\/palgrave.ejis.3000537","volume":"14","author":"M. Siponen","year":"2005","unstructured":"Siponen, M.: An analysis of the traditional is security approaches: implications for research and practice. European Journal of Information Systems\u00a014, 303\u2013315 (2005)","journal-title":"European Journal of Information Systems"},{"key":"21_CR27","doi-asserted-by":"publisher","first-page":"362","DOI":"10.1016\/j.cose.2004.05.003","volume":"23","author":"A. Stewart","year":"2004","unstructured":"Stewart, A.: On risk: perception and direction. Computers & Security\u00a023, 362\u2013370 (2004)","journal-title":"Computers & Security"},{"key":"21_CR28","unstructured":"Stiglitz, J.: Making globalization work: Global financial markets in an era of turbulence. Frankfurt (February 2008)"},{"key":"21_CR29","unstructured":"St\u00f8len, K., den Braber, F., Dimitrakos, T., Fredriksen, R., Gran, B.A., Houmb, S., Lund, M., Stamatiou, Y., Aagedal, J.: Model-based risk assessment \u2013 the CORAS approach. In: NIK Informatics Conference 2002, Kongsberg (2002)"},{"key":"21_CR30","doi-asserted-by":"crossref","unstructured":"Stoneburner, G., Goguen, A., Feringa, A.: NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems. National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899-8930 (July 2002)","DOI":"10.6028\/NIST.SP.800-30"},{"key":"21_CR31","unstructured":"Vidalis, S.: A critical discussion of risk and threat analysis methods and methodologies. Technical Report CS-04-03, University of Glamorgan, Pontypridd (2004)"}],"container-title":["IFIP Advances in Information and Communication Technology","Future Challenges in Security and Privacy for Academia and Industry"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-21424-0_21.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,6]],"date-time":"2025-03-06T06:10:45Z","timestamp":1741241445000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-21424-0_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642214233","9783642214240"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-21424-0_21","relation":{},"ISSN":["1868-4238","1861-2288"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1861-2288"}],"subject":[],"published":{"date-parts":[[2011]]}}}