{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,27]],"date-time":"2025-09-27T13:46:54Z","timestamp":1758980814559},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642230813"},{"type":"electronic","value":"9783642230820"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23082-0_9","type":"book-chapter","created":{"date-parts":[[2011,8,9]],"date-time":"2011-08-09T04:24:32Z","timestamp":1312863872000},"page":"231-274","source":"Crossref","is-referenced-by-count":23,"title":["Risk Analysis of Changing and Evolving Systems Using CORAS"],"prefix":"10.1007","author":[{"given":"Mass Soldal","family":"Lund","sequence":"first","affiliation":[]},{"given":"Bj\u00f8rnar","family":"Solhaug","sequence":"additional","affiliation":[]},{"given":"Ketil","family":"St\u00f8len","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"unstructured":"Alberts, C.J., Davey, J.: OCTAVE criteria version 2.0. Technical report CMU\/SEI-2001-TR-016. Carnegie Mellon University (2004)","key":"9_CR1"},{"key":"9_CR2","volume-title":"Encyclopedia of Statistics in Quality and Reliability","author":"I. Ben-Gal","year":"2007","unstructured":"Ben-Gal, I.: Bayesian networks. In: Ruggeri, F., Kenett, R.S., Faltin, F.W. (eds.) Encyclopedia of Statistics in Quality and Reliability. John Wiley & Sons, Chichester (2007)"},{"issue":"10","key":"9_CR3","doi-asserted-by":"publisher","first-page":"1995","DOI":"10.1016\/j.jss.2010.05.069","volume":"83","author":"G. Br\u00e6ndeland","year":"2010","unstructured":"Br\u00e6ndeland, G., Refsdal, A., St\u00f8len, K.: Modular analysis and modelling of risk scenarios with dependencies. J. Syst. Softw.\u00a083(10), 1995\u20132013 (2010)","journal-title":"J. Syst. Softw."},{"doi-asserted-by":"crossref","unstructured":"Dudely, R.M.: Real analysis and probability. Cambridge Studies in Advanced Mathematics, Cambridge (2002)","key":"9_CR4","DOI":"10.1017\/CBO9780511755347"},{"unstructured":"EUROCONTROL: EUROCONTROL safety regulatory requirements (ESARR) 4 \u2013 Risk assessment and mitigation (2001)","key":"9_CR5"},{"unstructured":"EUROCONTROL: Air Traffic Management Strategy for the years 2000+. vol. 1,2 (2003)","key":"9_CR6"},{"unstructured":"EUROCONTROL: ESARR advisory material\/Guidance document (EAM 2\/ GUI 5) \u2013 Harmonisation of safety occurrences severity and risk assessment (2005)","key":"9_CR7"},{"unstructured":"Fenton, N., Neil, M.: Combining evidence in risk analysis using Bayesian networks. Agena White Paper W0704\/01, Agena (2004)","key":"9_CR8"},{"issue":"1","key":"9_CR9","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1016\/j.ijpe.2008.05.002","volume":"115","author":"S. Goel","year":"2008","unstructured":"Goel, S., Chen, V.: Can business process reengineering lead to security vulnerabilities: Analyzing the reengineered process. Int. J. Prod. Econ.\u00a0115(1), 104\u2013112 (2008)","journal-title":"Int. J. Prod. Econ."},{"issue":"4","key":"9_CR10","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/s10270-005-0087-0","volume":"4","author":"\u00d8. Haugen","year":"2005","unstructured":"Haugen, \u00d8., Husa, K.E., Runde, R.K., St\u00f8len, K.: STAIRS towards formal design with sequence diagrams. Softw. Syst. Modeling\u00a04(4), 355\u2013367 (2005)","journal-title":"Softw. Syst. Modeling"},{"key":"9_CR11","series-title":"Markov Models","volume-title":"Dynamic Probabilistic Systems","author":"R.A. Howard","year":"1971","unstructured":"Howard, R.A.: Dynamic Probabilistic Systems. Markov Models, vol.\u00a0I. John Wiley & Sons, Chichester (1971)"},{"unstructured":"Innerhofer-Oberperfler, F., Breu, R.: Using an enterprise architecture for IT risk management. In: Information Security South Africa Conference, ISSA 2006 (2006)","key":"9_CR12"},{"unstructured":"International Electrotechnical Commission: IEC 61025 Fault Tree Analysis (FTA) (1990)","key":"9_CR13"},{"unstructured":"International Electrotechnical Commission: IEC 60300-9 Dependability management - Part 3: Application guide - Section 9: Risk analysis of technological systems - Event Tree Analysis (ETA) (1995)","key":"9_CR14"},{"unstructured":"International Organization for Standardization: ISO 31000 Risk management \u2013 Principles and guidelines (2009)","key":"9_CR15"},{"issue":"3","key":"9_CR16","doi-asserted-by":"publisher","first-page":"5880","DOI":"10.1016\/j.eswa.2008.07.057","volume":"36","author":"E. Lee","year":"2009","unstructured":"Lee, E., Park, Y., Shin, J.G.: Large engineering project risk management using a Bayesian belief network. Expert Syst. Appl.\u00a036(3), 5880\u20135887 (2009)","journal-title":"Expert Syst. Appl."},{"unstructured":"Lund, M.S., et al.: SecureChange Deliverable D5.3 Assessment method (2011), http:\/\/www.securechange.eu\/sites\/default\/files\/deliverables\/D5.3.Assessment~Methods.pdf","key":"9_CR17"},{"key":"9_CR18","first-page":"341","volume-title":"7th European Conference on Software Maintenance and Reengineering (CSMR 2003)","author":"M.S. Lund","year":"2003","unstructured":"Lund, M.S., den Braber, F., St\u00f8len, K.: Maintaining results from security assessments. In: 7th European Conference on Software Maintenance and Reengineering (CSMR 2003), pp. 341\u2013350. IEEE Computer Society, Los Alamitos (2003)"},{"issue":"5","key":"9_CR19","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MC.2010.134","volume":"43","author":"M.S. Lund","year":"2010","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: Evolution in relation to risk and trust management. Comput.\u00a043(5), 49\u201355 (2010)","journal-title":"Comput."},{"key":"9_CR20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8","volume-title":"Model-Driven Risk Analysis \u2013 The CORAS Approach","author":"M.S. Lund","year":"2011","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: Model-Driven Risk Analysis \u2013 The CORAS Approach. Springer, Heidelberg (2011)"},{"unstructured":"Nielsen, D.S.: The cause\/consequence diagram method as basis for quantitative accident analysis. Technical report RISO-M-1374, Danish Atomic Energy Commission (1971)","key":"9_CR21"},{"unstructured":"Object Management Group: Unified Modeling Language: Superstructure, version 2.1.1 (non-change bar). OMG Document: formal\/2007-02-05 (2005)","key":"9_CR22"},{"key":"9_CR23","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1007\/978-3-642-02056-8_14","volume-title":"Trust Management III","author":"A. Refsdal","year":"2009","unstructured":"Refsdal, A., St\u00f8len, K.: Employing key indicators to provide a dynamic risk picture with a notion of confidence. In: Ferrari, E., Li, N., Bertino, E., Karabulut, Y. (eds.) IFIPTM 2009. IFIP Advances in Information and Communication Technology, vol.\u00a0300, pp. 215\u2013233. Springer, Heidelberg (2009)"},{"unstructured":"Robinson, R.M., Anderson, K., Browning, B., Francis, G., Kanga, M., Millen, T., Tillman, C.: Risk and Reliability \u2013 An Introductory Text. R2A, 5th edn (2001)","key":"9_CR24"},{"key":"9_CR25","first-page":"21","volume":"24","author":"S. Schneider","year":"1999","unstructured":"Schneider, S.: Attack trees: Modeling security threats. Dr. Dobb\u2019s J.\u00a024, 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s J."},{"doi-asserted-by":"crossref","unstructured":"SESAR Consortium: The ATM Target Concept. SESAR Definition Phase - Deliverable 3 (2007)","key":"9_CR26","DOI":"10.15291\/magistra.871"},{"issue":"6","key":"9_CR27","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1002\/(SICI)1096-908X(199711\/12)9:6<345::AID-SMR159>3.0.CO;2-W","volume":"9","author":"S.A. Sherer","year":"1997","unstructured":"Sherer, S.A.: Using risk analysis to manage software maintenance. J. Softw. Maint.: Res. Pract.\u00a09(6), 345\u2013364 (1997)","journal-title":"J. Softw. Maint.: Res. Pract."},{"key":"9_CR28","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1109\/TOOLS.2000.891363","volume-title":"37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS Pacific 2000)","author":"G. Sindre","year":"2000","unstructured":"Sindre, G., Opdahl, A.L.: Eliciting security requirements by misuse cases. In: 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS Pacific 2000), pp. 120\u2013131. IEEE Computer Society, Los Alamitos (2000)"}],"container-title":["Lecture Notes in Computer Science","Foundations of Security Analysis and Design VI"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23082-0_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,13]],"date-time":"2019-06-13T18:47:51Z","timestamp":1560451671000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23082-0_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642230813","9783642230820"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23082-0_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}