{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T18:18:51Z","timestamp":1770747531535,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642303814","type":"print"},{"value":"9783642303821","type":"electronic"}],"license":[{"start":{"date-parts":[[2012,1,1]],"date-time":"2012-01-01T00:00:00Z","timestamp":1325376000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-30382-1_28","type":"book-chapter","created":{"date-parts":[[2012,4,26]],"date-time":"2012-04-26T08:11:17Z","timestamp":1335427877000},"page":"229-239","source":"Crossref","is-referenced-by-count":1,"title":["Towards Quantitative Risk Management for Next Generation Networks"],"prefix":"10.1007","author":[{"given":"Iztok","family":"Starc","sequence":"first","affiliation":[]},{"given":"Denis","family":"Tr\u010dek","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"4","key":"28_CR1","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1109\/MSP.2006.101","volume":"4","author":"S.M. Bellovin","year":"2006","unstructured":"Bellovin, S.M.: On the Brittleness of Software and the Infeasibility of Security Metrics. IEEE Security & Privacy Magazine\u00a04(4), 96\u201396 (2006)","journal-title":"IEEE Security & Privacy Magazine"},{"key":"28_CR2","unstructured":"Centre for Secure Information Technologies: The World Cyber Security Technology Research Summit Report. Belfast (2011)"},{"issue":"3","key":"28_CR3","doi-asserted-by":"publisher","first-page":"651","DOI":"10.1111\/j.1539-6924.2005.00615.x","volume":"25","author":"L.A.T. Cox","year":"2005","unstructured":"Cox, L.A.T., Babayev, D., Huber, W.: Some limitations of qualitative risk rating systems. Risk Analysis: An Official Publication of the Society for Risk Analysis\u00a025(3), 651\u2013662 (2005)","journal-title":"Risk Analysis: An Official Publication of the Society for Risk Analysis"},{"issue":"1","key":"28_CR4","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.cose.2004.11.002","volume":"24","author":"M. Gerber","year":"2005","unstructured":"Gerber, M., von Solms, R.: Management of risk in the information age. Computers & Security\u00a024(1), 16\u201330 (2005)","journal-title":"Computers & Security"},{"issue":"5","key":"28_CR5","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MSECP.2003.1236235","volume":"1","author":"S. Hariri","year":"2003","unstructured":"Hariri, S., Dharmagadda, T., Ramkishore, M., Raghavendra, C.S.: Impact analysis of faults and attacks in large-scale networks. IEEE Security & Privacy Magazine\u00a01(5), 49\u201354 (2003)","journal-title":"IEEE Security & Privacy Magazine"},{"key":"28_CR6","unstructured":"HIPAA, Basics of Risk Analysis and Risk Management. Washington, USA (2005)"},{"key":"28_CR7","unstructured":"ISO\/IEC 15408-1:2009, Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model. ISO\/IEC (2009)"},{"key":"28_CR8","unstructured":"ISO\/IEC 21827:2008, Information technology - Security techniques - Systems Security Engineering - Capability Maturity Model (SSE-CMM). ISO\/IEC (2008)"},{"key":"28_CR9","unstructured":"ISO\/IEC 27000:2009, Information technology - Security techniques - Information security management systems - Overview and vocabulary. ISO\/IEC (2009)"},{"key":"28_CR10","unstructured":"ISO\/IEC 27001:2005, Information technology - Security techniques - Information security management systems - Requirements. ISO\/IEC (2005)"},{"key":"28_CR11","unstructured":"ISO\/IEC 27002:2005, Information technology - Security techniques - Code of practice for information security management. ISO\/IEC (2005)"},{"key":"28_CR12","unstructured":"ISO\/IEC 27005:2008, Information technology - Security techniques - Information security risk management. ISO\/IEC (2008)"},{"key":"28_CR13","unstructured":"ISO\/IEC TR 15443-2:2005, Information technology - Security techniques - A framework for IT security assurance - Part 2: Assurance methods (2005)"},{"issue":"4","key":"28_CR14","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1109\/MSP.2007.81","volume":"5","author":"J.R. Jones","year":"2007","unstructured":"Jones, J.R.: Estimating Software Vulnerabilities. IEEE Security & Privacy Magazine\u00a05(4), 28\u201332 (2007)","journal-title":"IEEE Security & Privacy Magazine"},{"key":"28_CR15","doi-asserted-by":"crossref","unstructured":"Martin, R.A.: Making security measurable and manageable. In: MILCOM 2008 - 2008 IEEE Military Communications Conference, pp. 1\u20139 (2008)","DOI":"10.1109\/MILCOM.2008.4753203"},{"issue":"12","key":"28_CR16","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1109\/2.889093","volume":"33","author":"J. McHugh","year":"2000","unstructured":"McHugh, J., Fithen, W.L., Arbaugh, W.A.: Windows of vulnerability: a case study analysis. Computer\u00a033(12), 52\u201359 (2000)","journal-title":"Computer"},{"issue":"6","key":"28_CR17","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1109\/MSP.2006.145","volume":"4","author":"P. Mell","year":"2006","unstructured":"Mell, P., Scarfone, K., Romanosky, S.: Common Vulnerability Scoring System. IEEE Security & Privacy Magazine\u00a04(6), 85\u201389 (2006)","journal-title":"IEEE Security & Privacy Magazine"},{"key":"28_CR18","unstructured":"MITRE Corp., Common Vulnerabilities and Exposures: The Standard for Information Security Vulnerabilities Names, \n                    \n                      http:\/\/cve.mitre.org\/\n                    \n                    \n                   (accessed: November 19, 2011)"},{"key":"28_CR19","unstructured":"NIST, National Vulnerability Database: automating vulnerability management, security measurement, and complience checking, \n                    \n                      http:\/\/nvd.nist.gov\/\n                    \n                    \n                   (accessed: November 19, 2011)"},{"key":"28_CR20","unstructured":"NIST, Security Content Automation Protocol Validated Products (2011), \n                    \n                      http:\/\/nvd.nist.gov\/scapproducts.cfm\n                    \n                    \n                   (accessed: November 27, 2011)"},{"key":"28_CR21","unstructured":"NIST SP 800-126, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 (DRAFT), NIST (2010)"},{"key":"28_CR22","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s Journal\u00a0(12), 21\u201329 (1999)"},{"issue":"2684","key":"28_CR23","doi-asserted-by":"publisher","first-page":"677","DOI":"10.1126\/science.103.2684.677","volume":"103","author":"S.S. Stevens","year":"1946","unstructured":"Stevens, S.S.: On the Theory of Scales of Measurement. Science\u00a0103(2684), 677\u2013680 (1946)","journal-title":"Science"},{"issue":"7","key":"28_CR24","doi-asserted-by":"publisher","first-page":"1106","DOI":"10.1093\/comjnl\/bxp094","volume":"53","author":"D. Tr\u010dek","year":"2009","unstructured":"Tr\u010dek, D.: Security Metrics Foundations for Computer Security. The Computer Journal\u00a053(7), 1106\u20131112 (2009)","journal-title":"The Computer Journal"},{"key":"28_CR25","doi-asserted-by":"crossref","unstructured":"Tr\u010dek, D.: Computationally Supported Quantitative Risk Management for Information Systems. In: G\u00fclpnar, N., Harrison, P., R\u00fcstem, B. (eds.) Performance Models and Risk Management in Communications Systems (Springer Optimization and Its Applications), p. 258. Springer (2010)","DOI":"10.1007\/978-1-4419-0534-5_3"}],"container-title":["Lecture Notes in Computer Science","Telecommunication Economics"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-30382-1_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,1]],"date-time":"2019-05-01T17:51:52Z","timestamp":1556733112000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-30382-1_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642303814","9783642303821"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-30382-1_28","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012]]}}}