{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T10:16:53Z","timestamp":1768472213722,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642332593","type":"print"},{"value":"9783642332609","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-33260-9_37","type":"book-chapter","created":{"date-parts":[[2012,9,20]],"date-time":"2012-09-20T04:27:01Z","timestamp":1348115221000},"page":"428-442","source":"Crossref","is-referenced-by-count":7,"title":["A Comparative Study of Risk Assessment Methods, MEHARI &amp; CRAMM with a New Formal Model of Risk Assessment (FoMRA) in Information Systems"],"prefix":"10.1007","author":[{"given":"Imed","family":"El Fray","sequence":"first","affiliation":[]}],"member":"297","reference":[{"key":"37_CR1","doi-asserted-by":"publisher","first-page":"9","DOI":"10.4018\/jsita.2011070102","volume":"2","author":"A. Datta","year":"2011","unstructured":"Datta, A.: Information Technology Capability, Knowledge Assets and Firm Innovation: A Theoretical Framework for Conceptualizing the Role of Information Technology in Firm Innovation. International Journal of Strategic Information Technology and Applications\u00a02, 9\u201326 (2011)","journal-title":"International Journal of Strategic Information Technology and Applications"},{"key":"37_CR2","first-page":"45","volume":"12","author":"C.R. Raduan","year":"2009","unstructured":"Raduan, C.R., Jegak, U., Haslinda, A., Alimin, I.I.: A Conceptual Framework of the Relationship Between Organizational Resources, Capabilities, Systems, Competitive Advantage and Performance. Research Journal of International Studies\u00a012, 45\u201358 (2009)","journal-title":"Research Journal of International Studies"},{"key":"37_CR3","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1016\/j.jclepro.2005.06.002","volume":"15","author":"J.A.G. Kleef Van","year":"2007","unstructured":"Van Kleef, J.A.G., Roome, N.J.: Developing capabilities and competence for sustainable business management as innovation: a research agenda. Journal of Cleaner Production\u00a015, 38\u201351 (2007)","journal-title":"Journal of Cleaner Production"},{"key":"37_CR4","doi-asserted-by":"publisher","first-page":"1352","DOI":"10.1016\/S0148-2963(03)00067-5","volume":"57","author":"A. Bhatnagar","year":"2004","unstructured":"Bhatnagar, A., Ghose, S.: Segmenting consumers based on the benefits and risks of Internet shopping. Journal of Business Research\u00a057, 1352\u20131360 (2004)","journal-title":"Journal of Business Research"},{"key":"37_CR5","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1504\/IJIMA.2004.003692","volume":"1","author":"M. Byeong-Joon","year":"2004","unstructured":"Byeong-Joon, M.: Consumer adoption of the internet as an information search and product purchase channel: some research hypotheses. Int. J. Internet Marketing and Advertising\u00a01, 104\u2013118 (2004)","journal-title":"Int. J. Internet Marketing and Advertising"},{"key":"37_CR6","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1016\/S0378-7206(01)00071-4","volume":"38","author":"J. Bumsuk","year":"2001","unstructured":"Bumsuk, J., Ingoo, H., Sangjae, L.: Security threats to Internet: a Korean multi-industry investigation. Information & Management\u00a038, 487\u2013498 (2001)","journal-title":"Information & Management"},{"key":"37_CR7","doi-asserted-by":"publisher","first-page":"638","DOI":"10.1016\/j.cose.2004.10.006","volume":"23","author":"S. Posthumus","year":"2004","unstructured":"Posthumus, S., Solms, R.: A framework for the governance of information security. Computers & Security\u00a023, 638\u2013646 (2004)","journal-title":"Computers & Security"},{"key":"37_CR8","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1109\/MSP.2007.11","volume":"5","author":"W.H. Baker","year":"2007","unstructured":"Baker, W.H., Wallace, L.: Is Information Security Under Control?: Investigating Quality in Information Security Management. IEEE Security & Privacy\u00a05, 36\u201344 (2007)","journal-title":"IEEE Security & Privacy"},{"key":"37_CR9","doi-asserted-by":"publisher","first-page":"480","DOI":"10.1016\/j.im.2007.05.003","volume":"44","author":"Q.-J. Yeh","year":"2007","unstructured":"Yeh, Q.-J., Chang, A.J.-T.: Threats and countermeasures for information system security: A cross-industry study. Information & Management\u00a044, 480\u2013491 (2007)","journal-title":"Information & Management"},{"key":"37_CR10","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1177\/030630700703200404","volume":"32","author":"J.N. Ezingeard","year":"2007","unstructured":"Ezingeard, J.N., Bowen, S.M.: Triggers of change in information security management practices. Journal of General Management\u00a032, 53\u201372 (2007)","journal-title":"Journal of General Management"},{"key":"37_CR11","volume-title":"Principles of Information Security","author":"M.E. Whitman","year":"2009","unstructured":"Whitman, M.E., Mattord, H.: Principles of Information Security, 3rd edn. Course technology, Boston (2009)","edition":"3"},{"key":"37_CR12","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/j.csi.2010.01.006","volume":"32","author":"D. Mellado","year":"2010","unstructured":"Mellado, D., Blanco, C., S\u00e1nchez, L.E., Medina, E.F.: A systematic review of security requirements engineering. Computer Standards & Interfaces\u00a032, 153\u2013165 (2010)","journal-title":"Computer Standards & Interfaces"},{"key":"37_CR13","first-page":"1","volume":"41","author":"I. Fray El","year":"2012","unstructured":"El Fray, I., Kurkowski, M., Pejas, J., Mackow, W.: A New Mathematical Model for Analytical Risk Assessment and Prediction in IT Systems. Control and Cybernetics\u00a041, 1\u201328 (2012)","journal-title":"Control and Cybernetics"},{"key":"37_CR14","first-page":"1","volume":"24","author":"N. Mayer","year":"2006","unstructured":"Mayer, N., Humbert, J.P.: La gestion des risques pour les syst\u00e8mes d\u2019information. MISC-\u00c9ditions Diamond\u00a024, 1\u20137 (2006)","journal-title":"MISC-\u00c9ditions Diamond"},{"key":"37_CR15","unstructured":"Consultative Objective and Bi-functional Risk Analysis (COBRA): C&A Security Risk Analysis Group, UK (1991)"},{"key":"37_CR16","unstructured":"Control Objectives for Information and related Technology (COBIT). Information Systems Audit and Control Association, US (2007)"},{"key":"37_CR17","unstructured":"Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE): Carnegie Mellon University, US (2006)"},{"key":"37_CR18","unstructured":"Risk Analysis and Management Method (CRAMM): Central Computing and Telecommunications Agency, United Kingdom (1987)"},{"key":"37_CR19","unstructured":"M\u00e9thode Harmonis\u00e9e d\u2019Analyse de Risques (MEHARI): Club de la S\u00e9curit\u00e9 de l\u2019Information Fran\u00e7ais, France (2010)"},{"key":"37_CR20","doi-asserted-by":"publisher","DOI":"10.1002\/9781118269138","volume-title":"IT Audit, Control, and Security","author":"R. Moeller","year":"2010","unstructured":"Moeller, R.: IT Audit, Control, and Security. John Wiley & Sons, Inc., Hoboken (2010)"},{"key":"37_CR21","unstructured":"Guideline for Automatic Data Processing Risk Analysis: Federal Information Processing Standard - FIPS 65. National Bureau of Standard, US (1997)"},{"key":"37_CR22","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1108\/eb022662","volume":"4","author":"J. Dray","year":"1988","unstructured":"Dray, J.: Computer Security and Crime: Implications for Policy and Action. Information Technology & People\u00a04, 297\u2013313 (1988)","journal-title":"Information Technology & People"},{"key":"37_CR23","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1057\/dbm.2009.16","volume":"16","author":"T. Fisher","year":"2009","unstructured":"Fisher, T.: ROI in social media: A look at the arguments. Journal of Database Marketing & Customer Strategy Management\u00a016, 189\u2013195 (2009)","journal-title":"Journal of Database Marketing & Customer Strategy Management"},{"key":"37_CR24","volume-title":"Computer Security Management","author":"D.B. Parker","year":"1991","unstructured":"Parker, D.B.: Computer Security Management. Reston Publishing Co., Reston (1991)"},{"key":"37_CR25","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1080\/07421222.1991.11517914","volume":"8","author":"R.K. Rainer","year":"1991","unstructured":"Rainer, R.K., Snyder, C.A., Carr, H.H.: Risk Analysis for Information Technology. Journal of Management Information Systems Archive\u00a08, 129\u2013147 (1991)","journal-title":"Journal of Management Information Systems Archive"},{"key":"37_CR26","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1205\/psep06002","volume":"85","author":"R. Ferdous","year":"2007","unstructured":"Ferdous, R., Khan, F.I., Veitch, B., Amyotte, P.R.: Methodology for Computer-Aided Fault Tree Analysis. Process Safety and Environmental Protection\u00a085, 70\u201380 (2007)","journal-title":"Process Safety and Environmental Protection"},{"key":"37_CR27","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1016\/S0951-8320(01)00113-2","volume":"75","author":"J.D. Andrews","year":"2002","unstructured":"Andrews, J.D., Ridley, L.M.: Application of the cause-consequence diagram method to static systems. Reliability Engineering & System Safety\u00a075, 47\u201358 (2002)","journal-title":"Reliability Engineering & System Safety"},{"key":"37_CR28","doi-asserted-by":"publisher","first-page":"1107","DOI":"10.1016\/j.ress.2008.12.005","volume":"94","author":"M. Bartlett","year":"2009","unstructured":"Bartlett, M., Hurdle, E.E., Kelly, E.M.: Integrated system fault diagnostics utilising digraph and fault tree-based approaches. Reliability Engineering & System Safety\u00a094, 1107\u20131115 (2009)","journal-title":"Reliability Engineering & System Safety"},{"key":"37_CR29","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1109\/TSE.2002.1010058","volume":"28","author":"S.M. Jacoub","year":"2002","unstructured":"Jacoub, S.M., Ammar, H.H.: A methodology for architectural-level reliability risk analysis. IEEE Transaction on Software Engineering\u00a028, 529\u2013547 (2002)","journal-title":"IEEE Transaction on Software Engineering"},{"key":"37_CR30","unstructured":"Technical manual - Reliability\/availability of electrical & mechanical systems for command, control, communications, computer, intelligence, surveillance and reconnaissance . Department of the U.S. Army, US (2007)"},{"key":"37_CR31","unstructured":"Information technology \u2013 Security techniques \u2013 Code of practice for information security management. ISO\/IEC 27002 (2007)"},{"key":"37_CR32","unstructured":"Inventory of Risk Management\/Risk Assessment Methods. European Network and information Security Agency (March 2012), \n                    \n                      http:\/\/rm-inv.enisa.europa.eu\/methods_tools"},{"key":"37_CR33","unstructured":"Braun, G.: Information Security Risk Analysis and Decision Modelling. BWI-paper Vrije Universiteit De Boelelaan HV Amsterdam, pp. 1\u201327 (2002)"},{"key":"37_CR34","unstructured":"Expression des Besoins et Identification des Objectifs de S\u00e9curit\u00e9 (EBIOS): Direction Centrale de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information, France (2010)"}],"container-title":["Lecture Notes in Computer Science","Computer Information Systems and Industrial Management"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-33260-9_37","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,10,10]],"date-time":"2018-10-10T21:13:09Z","timestamp":1539205989000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-33260-9_37"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642332593","9783642332609"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-33260-9_37","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012]]}}}