{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:49:01Z","timestamp":1767340141190,"version":"3.37.3"},"reference-count":102,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2020,4,23]],"date-time":"2020-04-23T00:00:00Z","timestamp":1587600000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,4,23]],"date-time":"2020-04-23T00:00:00Z","timestamp":1587600000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100005916","name":"Universidad de La Frontera","doi-asserted-by":"publisher","award":["DIUFRO #DI13-0047"],"award-info":[{"award-number":["DIUFRO #DI13-0047"]}],"id":[{"id":"10.13039\/501100005916","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst E-Bus Manage"],"published-print":{"date-parts":[[2020,6]]},"DOI":"10.1007\/s10257-020-00470-8","type":"journal-article","created":{"date-parts":[[2020,4,23]],"date-time":"2020-04-23T12:02:39Z","timestamp":1587643359000},"page":"157-186","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Mapping the variations for implementing information security controls to their operational research solutions"],"prefix":"10.1007","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8728-7101","authenticated-orcid":false,"given":"Mauricio","family":"Di\u00e9guez","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jaime","family":"Bustos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Carlos","family":"Cares","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,4,23]]},"reference":[{"key":"470_CR1","doi-asserted-by":"publisher","first-page":"19","DOI":"10.5120\/15482-4222","volume":"89","author":"N Al-Safwani","year":"2014","unstructured":"Al-Safwani N, Hassan S, Katuk N (2014) A multiple attribute decision making for improving information security control assessment. Int J Comput App 89:19\u201324. https:\/\/doi.org\/10.5120\/15482-4222","journal-title":"Int J Comput App"},{"key":"470_CR2","doi-asserted-by":"publisher","first-page":"985","DOI":"10.1016\/j.ejor.2006.06.060","volume":"187","author":"A Allahverdi","year":"2008","unstructured":"Allahverdi A, Ng C, Cheng T, Kovalyov M (2008) A survey of scheduling problems with setup times or costs. Eur J Oper Res 187:985\u20131032","journal-title":"Eur J Oper Res"},{"key":"470_CR3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/12460125.2018.1468177","volume":"0125","author":"L Almeida","year":"2018","unstructured":"Almeida L, Resp\u00edcio A (2018) Decision support for selecting information security controls. J Decis Syst 0125:1\u20138. https:\/\/doi.org\/10.1080\/12460125.2018.1468177","journal-title":"J Decis Syst"},{"key":"470_CR4","unstructured":"Association of European Operational Research Societies (2018) What is operational research?\u00a0https:\/\/www.euro-online.org\/web\/pages\/301\/or-and-euro. Accessed 14 Apr 2020"},{"key":"470_CR5","doi-asserted-by":"crossref","unstructured":"Bistarelli S, Fioravanti F, Peretti P (2007) Using CP-nets as a guide for countermeasure selection. In: Proceedings of the 2007 ACM symposium on applied computing","DOI":"10.1145\/1244002.1244073"},{"key":"470_CR6","doi-asserted-by":"publisher","first-page":"372","DOI":"10.1016\/j.csi.2010.12.002","volume":"33","author":"C Blanco","year":"2011","unstructured":"Blanco C, Lasheras J, Fern\u00e1ndez-Medina E et al (2011) Basis for an integrated security ontology according to a systematic review of existing proposals. Comput Stand Interfaces 33:372\u2013388","journal-title":"Comput Stand Interfaces"},{"key":"470_CR7","doi-asserted-by":"publisher","unstructured":"Bonazzi R, Hussami L, Pigneur Y (2009) Compliance management is becoming a major issue in IS design. In: D'Atri A, Sacc\u00e0 D (eds) Information systems: people, organizations, institutions, and technologies. Physica-Verlag HD, pp 391\u2013398.\u00a0https:\/\/doi.org\/10.1007\/978-3-7908-2148-2_45","DOI":"10.1007\/978-3-7908-2148-2_45"},{"key":"470_CR8","first-page":"19","volume":"6","author":"J Breier","year":"2014","unstructured":"Breier J (2014) Security evaluation model based on the score of security mechanisms. Inf Sci Technol Bull ACM 6:19\u201327","journal-title":"Inf Sci Technol Bull ACM"},{"key":"470_CR9","doi-asserted-by":"crossref","unstructured":"Breier J, Hudec L (2012) New approach in information system security evaluation. In: IEEE First AESS European conference on satellite telecommunications (ESTEL). IEEE, pp 1\u20136","DOI":"10.1109\/ESTEL.2012.6400145"},{"key":"470_CR10","doi-asserted-by":"crossref","unstructured":"Breier J, Hudec L (2013b) On selecting critical security controls. In: International conference on availability, reliability and security. pp 582\u2013588","DOI":"10.1109\/ARES.2013.77"},{"key":"470_CR11","doi-asserted-by":"publisher","unstructured":"Breier J, Hudec L (2013a) On identifying proper security mechanisms. In: Mustofa K, Neuhold EJ, Tjoa AM, Weippl E, You I (eds) Information and communication technology. ICT-EurAsia 2013. Lecture notes in computer science, vol 7804. Springer, Berlin, Heidelberg.\u00a0https:\/\/doi.org\/10.1007\/978-3-642-36818-9_29","DOI":"10.1007\/978-3-642-36818-9_29"},{"key":"470_CR12","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/SPW.2013.26","volume":"2013","author":"D Butin","year":"2013","unstructured":"Butin D, Chicote M, Le M\u00e9tayer D (2013) Log design for accountability. Proc IEEE CS Secur Priv Work SPW 2013:1\u20137. https:\/\/doi.org\/10.1109\/SPW.2013.26","journal-title":"Proc IEEE CS Secur Priv Work SPW"},{"key":"470_CR13","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/s10796-009-9197-5","volume":"14","author":"T Butler","year":"2009","unstructured":"Butler T, McGovern D (2009) A conceptual model and IS framework for the design and adoption of environmental compliance management systems. Inf Syst Front 14:221\u2013235. https:\/\/doi.org\/10.1007\/s10796-009-9197-5","journal-title":"Inf Syst Front"},{"key":"470_CR14","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1007\/978-3-642-30982-3_3","volume-title":"Formal methods for model-driven engineering","author":"J Cabot","year":"2012","unstructured":"Cabot J, Gogolla M (2012) Object constraint language (OCL): a definitive guide. Formal methods for model-driven engineering. Springer, Berlin, pp 58\u201390"},{"key":"470_CR15","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1016\/j.ejor.2007.10.040","volume":"193","author":"J Chen","year":"2009","unstructured":"Chen J, Askin R (2009) Project selection, scheduling and resource allocation with time dependent returns. Eur J Oper Res 193:23\u201334","journal-title":"Eur J Oper Res"},{"key":"470_CR16","doi-asserted-by":"crossref","unstructured":"Chen L, Li L, Hu Y, Lian K (2009) Information security solution decision-making based on entropy weight and gray situation decision. In: 2009 fifth international conference on information assurance and security. IEEE, pp 7\u201310","DOI":"10.1109\/IAS.2009.9"},{"key":"470_CR17","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1016\/j.ejor.2004.04.013","volume":"165","author":"T Cheng","year":"2005","unstructured":"Cheng T, Ng C, Yuan J, Liu Z (2005) Single machine scheduling to minimize total weighted tardiness. Eur J Oper Res 165:423\u2013443","journal-title":"Eur J Oper Res"},{"key":"470_CR18","unstructured":"Choo KK, Mubarak S, Mani D et al (2014) Selection of information security controls based on AHP and GRA. In: Proceedings of the 18th Pacific Asia conference on information systems, pp 1\u201312"},{"key":"470_CR19","doi-asserted-by":"publisher","unstructured":"Cuihua X, Jiajun L (2009) An information system security evaluation model based on AHP and GRAP. In: 2009 international conference on web information systems and mining, pp\u00a0493\u2013496.\u00a0https:\/\/doi.org\/10.1109\/wism.2009.105","DOI":"10.1109\/wism.2009.105"},{"key":"470_CR20","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1016\/j.ejor.2013.02.042","volume":"230","author":"E Edis","year":"2013","unstructured":"Edis E, Oguz C, Ozkarahan I (2013) Parallel machine scheduling with additional resources: notation, classification, models and solution methods. Eur J Oper Res 230:449\u2013463","journal-title":"Eur J Oper Res"},{"key":"470_CR21","doi-asserted-by":"publisher","first-page":"1026","DOI":"10.1016\/j.cor.2007.12.004","volume":"36","author":"J Egeblad","year":"2009","unstructured":"Egeblad J, Pisinger D (2009) Heuristic approaches for the two and three dimensional knapsack packing problem. Comput Oper Res 36:1026\u20131049","journal-title":"Comput Oper Res"},{"key":"470_CR22","unstructured":"Ejnioui A, Otero A, Tejay G, et al (2012) A multi-attribute evaluation of information security controls in organizations using grey systems theory. In: Proceedings of the international conference on security and management (SAM). p 1"},{"key":"470_CR23","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1016\/j.dam.2015.05.020","volume":"194","author":"D Espinoza","year":"2015","unstructured":"Espinoza D, Goycoolea M, Moreno E (2015) The precedence constrained knapsack problem: separating maximally violated inequalities. Discrete Appl Math 194:65\u201380. https:\/\/doi.org\/10.1016\/j.dam.2015.05.020","journal-title":"Discrete Appl Math"},{"key":"470_CR24","doi-asserted-by":"crossref","unstructured":"Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Proc 4th int symp information, comput commun secur - ASIACCS \u201909","DOI":"10.1145\/1533057.1533084"},{"key":"470_CR25","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.dss.2016.02.012","volume":"86","author":"A Fielder","year":"2016","unstructured":"Fielder A, Panaousis E, Malacaria P et al (2016) Decision support approaches for cyber security investment. Decis Support Syst 86:13\u201323","journal-title":"Decis Support Syst"},{"key":"470_CR26","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.ejor.2009.06.024","volume":"203","author":"K Florios","year":"2010","unstructured":"Florios K, Mavrotas G, Diakoulaki D (2010) Solving multiobjective, multiconstraint knapsack problems using mathematical programming and evolutionary algorithms. Eur J Oper Res 203:14\u201321","journal-title":"Eur J Oper Res"},{"key":"470_CR27","unstructured":"GAMS (2018) General algebraic modeling system. https:\/\/www.gams.com\/. Accessed 20 Apr 2020"},{"key":"470_CR28","doi-asserted-by":"crossref","unstructured":"Gao C, Li Z, Song H (2009) Security evaluation method based on host resource availability. In: Multimedia and ubiquitous engineering, 2009. MUE\u201909. Third international conference on. pp 499\u2013504","DOI":"10.1109\/MUE.2009.88"},{"key":"470_CR29","doi-asserted-by":"publisher","DOI":"10.1201\/9781420011395","volume-title":"Analytical methods for risk management","author":"P Garvey","year":"2009","unstructured":"Garvey P (2009) Analytical methods for risk management. Chapman and Hall\/CRC, New York. https:\/\/doi.org\/10.1201\/9781420011395"},{"key":"470_CR30","first-page":"395","volume":"3","author":"S Gass","year":"1955","unstructured":"Gass S, Saaty T (1955) Parametric objective function (part 2)-generalization. J Oper Res Soc Am 3:395\u2013401","journal-title":"J Oper Res Soc Am"},{"key":"470_CR31","doi-asserted-by":"publisher","DOI":"10.1002\/9780470400531.eorms0786","author":"N Geismar","year":"2010","unstructured":"Geismar N (2010) Single machine scheduling. Wiley Encycl Oper Res Manag Sci. https:\/\/doi.org\/10.1002\/9780470400531.eorms0786","journal-title":"Wiley Encycl Oper Res Manag Sci"},{"key":"470_CR32","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1016\/j.cie.2010.12.001","volume":"60","author":"T Ghasemi","year":"2011","unstructured":"Ghasemi T, Razzazi M (2011) Development of core to solve the multidimensional multiple-choice knapsack problem. Comput Ind Eng 60:349\u2013360","journal-title":"Comput Ind Eng"},{"key":"470_CR33","first-page":"2582","volume":"2","author":"S Gilaninia","year":"2012","unstructured":"Gilaninia S, Mousavian S, Taheri O et al (2012) Information security management on performance of information systems management. J Basic Appl Sci Res 2:2582\u20132588","journal-title":"J Basic Appl Sci Res"},{"key":"470_CR34","unstructured":"Gobierno de Chile (2005) Decreto 83: norma t\u00e9cnica para los \u00f3rganos de la administraci\u00f3n del estado sobre seguridad y confidencialidad de los documentos electr\u00f3nicos.\u00a0http:\/\/bcn.cl\/1uw52.\u00a0Accessed 14 Apr 2020"},{"key":"470_CR35","unstructured":"Gobierno de Chile (2015) Programa de mejoramiento de la gesti\u00f3n sistema de seguridad de la informaci\u00f3n: versi\u00f3n 2015.\u00a0http:\/\/www.dipres.gob.cl\/598\/articles-51683_intro_Guia_Metodologica04_2015.pdf. Accessed 14 Apr 2020."},{"key":"470_CR36","doi-asserted-by":"publisher","unstructured":"Guizzardi G, Herre H, Wagner G (2002) Towards ontological foundations for UML conceptual models. In: Meersman R, Tari Z (eds) On the move to meaningful internet systems 2002: CoopIS, DOA, and ODBASE. OTM 2002. Lecture notes in computer science, vol 2519. Springer, Berlin, Heidelberg, pp 1100\u20131117.\u00a0https:\/\/doi.org\/10.1007\/3-540-36124-3_70","DOI":"10.1007\/3-540-36124-3_70"},{"key":"470_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.ejor.2009.11.005","volume":"207","author":"S Hartmann","year":"2010","unstructured":"Hartmann S, Briskorn D (2010) A survey of variants and extensions of the resource-constrained project scheduling problem. Eur J Oper Res 207:1\u201314","journal-title":"Eur J Oper Res"},{"key":"470_CR38","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1057\/ejis.2009.6","volume":"18","author":"T Herath","year":"2009","unstructured":"Herath T, Rao HR (2009) Protection motivation and deterrence: a framework for security policy compliance in organisations. Eur J Inf Syst 18:106\u2013125. https:\/\/doi.org\/10.1057\/ejis.2009.6","journal-title":"Eur J Inf Syst"},{"key":"470_CR39","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1016\/j.ejor.2004.04.002","volume":"165","author":"W Herroelen","year":"2005","unstructured":"Herroelen W, Leus R (2005) Project scheduling under uncertainty: Survey and research potentials. Eur J Oper Res 165:289\u2013306","journal-title":"Eur J Oper Res"},{"key":"470_CR40","doi-asserted-by":"publisher","first-page":"592","DOI":"10.1016\/j.ejor.2004.07.011","volume":"167","author":"H Hoogeveen","year":"2005","unstructured":"Hoogeveen H (2005) Multicriteria scheduling. Eur J Oper Res 167:592\u2013623","journal-title":"Eur J Oper Res"},{"key":"470_CR41","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1007\/s11623-011-0004-3","volume":"35","author":"E Humphreys","year":"2011","unstructured":"Humphreys E (2011) Information security management system standards. Datenschutz und Datensicherheit DuD 35:7\u201311. https:\/\/doi.org\/10.1007\/s11623-011-0004-3","journal-title":"Datenschutz und Datensicherheit DuD"},{"key":"470_CR42","unstructured":"International Organization for Standardization (2018) ISO 19011:2018\u2014Guidelines for auditing management systems. https:\/\/www.iso.org\/standard\/70017.html. Accessed 14 April 2020"},{"key":"470_CR43","doi-asserted-by":"publisher","first-page":"1051","DOI":"10.1016\/S1570-7946(05)80017-3","volume":"20","author":"S Janak","year":"2005","unstructured":"Janak S, Floudas C (2005) Advances in robust optimization approaches for scheduling under uncertainty. Comput Aided Chem Eng 20:1051\u20131056.\u00a0https:\/\/doi.org\/10.1016\/S1570-7946(05)80017-3","journal-title":"Comput Aided Chem Eng"},{"key":"470_CR44","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1016\/j.compchemeng.2006.05.035","volume":"31","author":"S Janak","year":"2007","unstructured":"Janak S, Lin X, Floudas C (2007) A new robust optimization approach for scheduling under uncertainty. Comput Chem Eng 31:171\u2013195","journal-title":"Comput Chem Eng"},{"key":"470_CR45","first-page":"583","volume":"8","author":"R Kawasaki","year":"2014","unstructured":"Kawasaki R, Hiromatsu T (2014) Proposal of a model supporting decision-making on information security risk treatment. Int J Comput Electr Autom Control Inf Eng 8:583\u2013589","journal-title":"Int J Comput Electr Autom Control Inf Eng"},{"key":"470_CR46","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10257-016-0306-y","volume":"15","author":"H Khajouei","year":"2017","unstructured":"Khajouei H, Kazemi M, Moosavirad SH (2017) Ranking information security controls by using fuzzy analytic hierarchy process. Inf Syst E-bus Manag 15:1\u201319. https:\/\/doi.org\/10.1007\/s10257-016-0306-y","journal-title":"Inf Syst E-bus Manag"},{"key":"470_CR47","unstructured":"Kiesling E, Ekelhart A, Grill B, et al (2013a) Simulation-based optimization of IT security controls: initial experiences with meta-heuristic solution procedures. In: Fink A, Geiger M (eds) Proceedings of the workshop of the EURO working group on metaheuristics, pp 18\u201320"},{"key":"470_CR48","doi-asserted-by":"publisher","unstructured":"Kiesling E, Strauss C, Ekelhart A, et al (2013b) Simulation-based optimization of information security controls: an adversary-centric approach. In: Pasupathy R, Kim SH, Tolk A, Hill R, Kuhl ME (eds) Proceedings of the winter simulation conference. IEEE, pp 2054\u20132065. https:\/\/doi.org\/10.1109\/wsc.2013.6721583","DOI":"10.1109\/wsc.2013.6721583"},{"key":"470_CR49","doi-asserted-by":"publisher","unstructured":"Kiesling E, Strausss C, Stummer C (2012) A multi-objective decision support framework for simulation-based security control selection. In: Proceedings seventh international conference on availability, reliability and security, pp 454\u2013462. https:\/\/doi.org\/10.1109\/ares.2012.70","DOI":"10.1109\/ares.2012.70"},{"key":"470_CR50","first-page":"321","volume":"92","author":"R Kolisch","year":"2006","unstructured":"Kolisch R, Meyer K (2006) Selection and scheduling of pharmaceutical research projects. Int Ser Oper Res Manag Sci 92:321\u2013344","journal-title":"Int Ser Oper Res Manag Sci"},{"key":"470_CR51","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.cose.2012.07.001","volume":"33","author":"E Kolkowska","year":"2013","unstructured":"Kolkowska E, Dhillon G (2013) Organizational power and information security rule compliance. Comput Secur 33:3\u201311. https:\/\/doi.org\/10.1016\/j.cose.2012.07.001","journal-title":"Comput Secur"},{"key":"470_CR52","doi-asserted-by":"publisher","first-page":"889","DOI":"10.1016\/j.dam.2006.08.006","volume":"155","author":"S Kolliopoulos","year":"2007","unstructured":"Kolliopoulos S, Steiner G (2007) Partially ordered knapsack and applications to scheduling. Discret Appl Math 155:889\u2013897","journal-title":"Discret Appl Math"},{"key":"470_CR53","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.ejor.2009.04.007","volume":"202","author":"C Koulamas","year":"2010","unstructured":"Koulamas C (2010) The single-machine total tardiness scheduling problem: Review and extensions. Eur J Oper Res 202:1\u20137","journal-title":"Eur J Oper Res"},{"key":"470_CR54","first-page":"79","volume":"13","author":"F Liu","year":"2010","unstructured":"Liu F, Lee W (2010) Constructing enterprise information network security risk management mechanism by ontology. Tamkang J Sci Eng 13:79\u201387","journal-title":"Tamkang J Sci Eng"},{"key":"470_CR55","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1016\/j.petrol.2014.12.012","volume":"126","author":"YG Lopes","year":"2015","unstructured":"Lopes YG, Teixeira A (2015) Assessment of synergies for selecting a project portfolio in the petroleum industry based on a multi-attribute utility function. J Pet Sci Eng 126:131\u2013140. https:\/\/doi.org\/10.1016\/j.petrol.2014.12.012","journal-title":"J Pet Sci Eng"},{"key":"470_CR56","unstructured":"Lv J-J, Wang Y-Z (2010) A ranking method for information security risk management based on ahp and promethee. In: Management and service science (MASS), 2010 international conference on. pp 1\u20134"},{"key":"470_CR57","doi-asserted-by":"publisher","unstructured":"Lv J, Zhou Y, Wang Y (2011) A Multi-criteria evaluation method of information security controls. In: Proceedings fourth International joint conference on computational sciences and optimization, pp 190\u2013194. https:\/\/doi.org\/10.1109\/cso.2011.43","DOI":"10.1109\/cso.2011.43"},{"key":"470_CR58","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1108\/09685220810893207","volume":"16","author":"Q Ma","year":"2008","unstructured":"Ma Q, Johnston A, Pearson J (2008) Information security management objectives and practices: a parsimonious framework. Inf Manag Comput Secur 16:251\u2013270. https:\/\/doi.org\/10.1108\/09685220810893207","journal-title":"Inf Manag Comput Secur"},{"key":"470_CR59","doi-asserted-by":"publisher","unstructured":"Mauergauz, Y. (2016) Multi-criteria models and decision-making. \u00a0In: Advanced planning and scheduling in manufacturing and supply chains, pp 127\u2013162. https:\/\/doi.org\/10.1007\/978-3-319-27523-9_4","DOI":"10.1007\/978-3-319-27523-9_4"},{"key":"470_CR60","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1016\/j.engappai.2012.07.012","volume":"26","author":"M Masmoudi","year":"2013","unstructured":"Masmoudi M, Ha\u00eft A (2013) Project scheduling under uncertainty using fuzzy modelling and solving techniques. Eng Appl Artif Intell 26:135\u2013149","journal-title":"Eng Appl Artif Intell"},{"key":"470_CR61","doi-asserted-by":"publisher","first-page":"201","DOI":"10.12720\/jait.6.4.201-206","volume":"6","author":"M Meng","year":"2015","unstructured":"Meng M, Liu E (2015) The application research of information security risk assessment model based on AHP method. J Adv Inf Technol 6:201\u2013206.\nhttps:\/\/doi.org\/10.12720\/jait.6.4.201-206","journal-title":"J Adv Inf Technol"},{"key":"470_CR62","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1016\/j.cose.2012.11.007","volume":"33","author":"M Montanari","year":"2013","unstructured":"Montanari M, Chan E, Larson K et al (2013) Distributed security policy conformance. Comput Secur 33:28\u201340. https:\/\/doi.org\/10.1016\/j.cose.2012.11.007","journal-title":"Comput Secur"},{"key":"470_CR63","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1504\/IJESDF.2007.013590","volume":"1","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis H (2007) Secure information systems engineering: a manifesto. Int J Electron Secur Digit Forensics 1:27\u201341","journal-title":"Int J Electron Secur Digit Forensics"},{"key":"470_CR64","doi-asserted-by":"crossref","unstructured":"Nagata K, Amagasa M, Kigawa Y, Cui D (2009) Method to select effective risk mitigation controls using fuzzy outranking. In: 2009 ninth international conference on intelligent systems design and applications","DOI":"10.1109\/ISDA.2009.186"},{"key":"470_CR65","unstructured":"NEOS (2018) NEOS server web portal. https:\/\/neos-server.org\/neos\/. Accessed 20 Apr 2020"},{"key":"470_CR66","doi-asserted-by":"publisher","first-page":"476","DOI":"10.1016\/j.cose.2009.10.005","volume":"29","author":"NJ Van Niekerk","year":"2010","unstructured":"Van Niekerk J, Von Solms R (2010) Information security culture: a management perspective. Comput Secur 29:476\u2013486. https:\/\/doi.org\/10.1016\/j.cose.2009.10.005","journal-title":"Comput Secur"},{"key":"470_CR67","doi-asserted-by":"crossref","unstructured":"Ojamaa A, Tyugu E, Kivimaa J (2008) Pareto-optimal situaton analysis for selection of security measures. In: MILCOM 2008\u20142008 IEEE military communications conference. IEEE","DOI":"10.1109\/MILCOM.2008.4753520"},{"key":"470_CR68","doi-asserted-by":"publisher","first-page":"36","DOI":"10.4018\/jdtis.2011070103","volume":"2","author":"A Otero","year":"2011","unstructured":"Otero A, Ejnioui A, Otero C, Tejay G (2011) Evaluation of information security controls in organizations by grey relational analysis. Int J Dependable Trust Inf Syst 2:36\u201354","journal-title":"Int J Dependable Trust Inf Syst"},{"key":"470_CR69","doi-asserted-by":"publisher","first-page":"1","DOI":"10.5121\/ijnsa.2010.2401","volume":"2","author":"A Otero","year":"2010","unstructured":"Otero A, Otero C, Qureshi A (2010) A multi-criteria evaluation of information security controls using boolean features. Int J Netw Secur Its Appl 2:1\u201311. https:\/\/doi.org\/10.5121\/ijnsa.2010.2401","journal-title":"Int J Netw Secur Its Appl"},{"key":"470_CR70","doi-asserted-by":"crossref","unstructured":"Otero A, Tejay G, Otero D, Ruiz-Torres A (2012) A fuzzy logic-based information security control assessment for organizations. In: Open systems (ICOS), 2012 IEEE conference, pp 1\u20136","DOI":"10.1109\/ICOS.2012.6417640"},{"key":"470_CR71","doi-asserted-by":"crossref","unstructured":"Parkin S, van Moorsel A, Coles R (2009) An information security ontology incorporating human-behavioural implications. In:\u00a0Proceedings of the 2nd international conference on Security of information and networks, pp 46\u201355","DOI":"10.1145\/1626195.1626209"},{"key":"470_CR72","unstructured":"Pereira T, Santos H (2014) Challenges in information security protection. In: Proceedings 13th European conference on cyber warfare and security, pp 160\u2013166"},{"key":"470_CR73","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.infsof.2015.03.007","volume":"64","author":"K Petersen","year":"2015","unstructured":"Petersen K, Vakkalanka S, Kuzniarz L (2015) Guidelines for conducting systematic mapping studies in software engineering: an update. Inf Softw Technol 64:1\u201318. https:\/\/doi.org\/10.1016\/j.infsof.2015.03.007","journal-title":"Inf Softw Technol"},{"key":"470_CR74","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1016\/j.dss.2011.02.013","volume":"51","author":"LP Rees","year":"2011","unstructured":"Rees LP, Deane JK, Rakes TR, Baker WH (2011) Decision support for cybersecurity risk planning. Decis Support Syst 51:493\u2013505. https:\/\/doi.org\/10.1016\/j.dss.2011.02.013","journal-title":"Decis Support Syst"},{"key":"470_CR75","first-page":"316","volume":"5","author":"M Saleh","year":"2011","unstructured":"Saleh M (2011) Information security maturity model. Int J Comput Sci Secur 5:316\u2013337","journal-title":"Int J Comput Sci Secur"},{"key":"470_CR76","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1016\/j.ijpe.2017.06.025","volume":"193","author":"M Samavati","year":"2017","unstructured":"Samavati M, Essam D, Nehring M, Sarker R (2017) A methodology for the large-scale multi-period precedence-constrained knapsack problem: an application in the mining industry. Int J Prod Econ 193:12\u201320. https:\/\/doi.org\/10.1016\/j.ijpe.2017.06.025","journal-title":"Int J Prod Econ"},{"key":"470_CR77","doi-asserted-by":"publisher","first-page":"659","DOI":"10.1023\/A:1004649425222","volume":"105","author":"N Samphaiboon","year":"2002","unstructured":"Samphaiboon N, Yamada T (2002) Heuristic and exact algorithms for the precedence-constrained knapsack problem. J Optim Theory Appl 105:659\u2013676","journal-title":"J Optim Theory Appl"},{"key":"470_CR78","unstructured":"S\u00e1nchez L, Villafranca D, Fernandez-Medina E, Piattini M (2009) MGSM-PYME: Metodolog\u00eda para la gesti\u00f3n de la seguridad y su madurez en las PYMES. In: Proceedings V Congreso Iberoamericano de Seguridad Inform\u00e1tica, pp 452\u2013466"},{"key":"470_CR79","unstructured":"Sarala R, Zayaraz G, Vijayalakshmi V (2015) Optimal selection of security countermeasures for effective information security. In: Proceedings of the international conference on soft computing systems. Springer, pp 345\u2013353"},{"key":"470_CR80","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1016\/j.dss.2013.01.001","volume":"55","author":"T Sawik","year":"2013","unstructured":"Sawik T (2013) Selection of optimal countermeasure portfolio in IT security planning. Decis Support Syst 55:156\u2013164. https:\/\/doi.org\/10.1016\/j.dss.2013.01.001","journal-title":"Decis Support Syst"},{"key":"470_CR81","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1108\/ics-12-2013-0090","volume":"23","author":"M Shahpasand","year":"2015","unstructured":"Shahpasand M, Shajari M, Golpaygani SAH, Ghavamipoor H (2015) A comprehensive security control selection model for inter-dependent organizational assets structure. Inf Comput Secur 23:218\u2013242. https:\/\/doi.org\/10.1108\/ics-12-2013-0090","journal-title":"Inf Comput Secur"},{"key":"470_CR82","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1016\/j.im.2008.12.007","volume":"46","author":"M Siponen","year":"2009","unstructured":"Siponen M, Willison (2009) Information security management standards: problems and solutions. Inf Manag 46:267\u2013270. https:\/\/doi.org\/10.1016\/j.im.2008.12.007","journal-title":"Inf Manag"},{"key":"470_CR83","doi-asserted-by":"crossref","unstructured":"Staab S, Studer R (2009) Handbook on ontologies, Springer Sci Bus Media","DOI":"10.1007\/978-3-540-92673-3"},{"key":"470_CR84","first-page":"67","volume":"2","author":"H Susanto","year":"2012","unstructured":"Susanto H, Almunawar M, Tuan Y (2012) Information security challenge and breaches: novelty approach on measuring ISO 27001 readiness level. Int J Eng Technol 2:67\u201375","journal-title":"Int J Eng Technol"},{"key":"470_CR85","first-page":"23","volume":"11","author":"H Susanto","year":"2011","unstructured":"Susanto H, Almunawar MN, Tuan YC (2011) Information security management system standards: a comparative study of the big five. Int J Electr Comput Sci IJECSIJENS 11:23\u201329","journal-title":"Int J Electr Comput Sci IJECSIJENS"},{"key":"470_CR86","first-page":"6","volume":"65","author":"S Tasan","year":"2013","unstructured":"Tasan S, Gen M (2013) An integrated selection and scheduling for disjunctive network problems. Comput Ind Eng 65:6\u201376","journal-title":"Comput Ind Eng"},{"key":"470_CR87","doi-asserted-by":"publisher","first-page":"301","DOI":"10.1590\/S0101-74382011000200006","volume":"31","author":"A Teixeira","year":"2011","unstructured":"Teixeira A, Duarte MDO (2011) A multi-criteria decision model for selecting project portfolio with consideration being given to a new concept for synergies. Pesqui Operacional 31:301\u2013318. https:\/\/doi.org\/10.1590\/S0101-74382011000200006","journal-title":"Pesqui Operacional"},{"key":"470_CR88","first-page":"128","volume":"3","author":"D Tofan","year":"2011","unstructured":"Tofan D (2011) Information security standards. J Mobile Embed Distrib Syst 3:128\u2013135","journal-title":"J Mobile Embed Distrib Syst"},{"key":"470_CR89","doi-asserted-by":"publisher","first-page":"958","DOI":"10.1109\/TSC.2014.2341236","volume":"8","author":"SC Tosatto","year":"2015","unstructured":"Tosatto SC, Governatori G, Kelsen P (2015) Business process regulatory compliance is hard. IEEE Trans Serv Comput 8:958\u2013970. https:\/\/doi.org\/10.1109\/TSC.2014.2341236","journal-title":"IEEE Trans Serv Comput"},{"key":"470_CR90","doi-asserted-by":"publisher","first-page":"599","DOI":"10.1016\/j.dss.2012.04.001","volume":"53","author":"V Viduto","year":"2012","unstructured":"Viduto V, Maple C, Huang W, L\u00f3pez-Per\u00e9z D (2012) A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem. Decis Support Syst 53:599\u2013610. https:\/\/doi.org\/10.1016\/j.dss.2012.04.001","journal-title":"Decis Support Syst"},{"key":"470_CR91","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1016\/j.cose.2005.07.003","volume":"24","author":"SH Von Solms","year":"2005","unstructured":"Von Solms SH (2005) Information security governance\u2014compliance management vs operational management. Comput Secur 24:443\u2013447. https:\/\/doi.org\/10.1016\/j.cose.2005.07.003","journal-title":"Comput Secur"},{"key":"470_CR92","doi-asserted-by":"publisher","first-page":"5593","DOI":"10.1016\/j.eswa.2011.11.058","volume":"39","author":"L Wang","year":"2012","unstructured":"Wang L, Wang S, Xu Y (2012) An effective hybrid EDA-based algorithm for solving multidimensional knapsack problem. Expert Syst Appl 39:5593\u20135599","journal-title":"Expert Syst Appl"},{"key":"470_CR93","doi-asserted-by":"publisher","first-page":"1109","DOI":"10.1016\/j.ejor.2005.12.047","volume":"183","author":"G W\u00e4scher","year":"2007","unstructured":"W\u00e4scher G, Haubner H, Schumann H (2007) An improved typology of cutting and packing problems. Eur J Oper Res 183:1109\u20131130","journal-title":"Eur J Oper Res"},{"key":"470_CR94","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1016\/j.ejor.2010.03.037","volume":"208","author":"J Weglarz","year":"2011","unstructured":"Weglarz J, J\u00f3zefowska J, Mika M, Walig\u00f3ra G (2011) Project scheduling with finite or infinite number of activity processing modes\u2014a survey. Eur J Oper Res 208:177\u2013205","journal-title":"Eur J Oper Res"},{"key":"470_CR95","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1145\/1349026.1349043","volume":"51","author":"DJ Weitzner","year":"2008","unstructured":"Weitzner DJ, Abelson H, Berners-Lee T et al (2008) Information accountability. Commun ACM 51:82\u201387. https:\/\/doi.org\/10.1145\/1349026.1349043","journal-title":"Commun ACM"},{"key":"470_CR96","doi-asserted-by":"publisher","unstructured":"Wierzbicki AP (1980) The use of reference objectives in multiobjective optimization. In: Fandel G, Gal T (eds) Multiple criteria decision making theory and application. Lecture notes in economics and mathematical systems, vol 177. Springer, Berlin, Heidelberg, pp\u00a0468\u2013486.\u00a0https:\/\/doi.org\/10.1007\/978-3-642-48782-8_32","DOI":"10.1007\/978-3-642-48782-8_32"},{"key":"470_CR97","doi-asserted-by":"publisher","unstructured":"Yameng C, Yulong S, Jianfeng M, et al (2011) AHP-GRAP based security evaluation method for MILS System within CC framework. In: Proceedings seventh international conference on computational intelligence and security, pp 635\u2013639.\u00a0https:\/\/doi.org\/10.1109\/cis.2011.145","DOI":"10.1109\/cis.2011.145"},{"key":"470_CR98","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1142\/S0219622009003375","volume":"8","author":"Y Yang","year":"2009","unstructured":"Yang Y, Shieh H, Leu J, Tzeng G (2009) A VIKOR-based multiple criteria decision method for improving information security risk. Int J Inf Technol Decis Mak 8:267\u2013287","journal-title":"Int J Inf Technol Decis Mak"},{"key":"470_CR99","doi-asserted-by":"publisher","first-page":"482","DOI":"10.1016\/j.ins.2011.09.012","volume":"232","author":"Y Yang","year":"2013","unstructured":"Yang Y, Shieh H, Tzeng G (2013) A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Inf Sci (Ny) 232:482\u2013500","journal-title":"Inf Sci (Ny)"},{"key":"470_CR100","doi-asserted-by":"publisher","first-page":"e118","DOI":"10.4172\/2168-9695.1000e118","volume":"3","author":"H Yau","year":"2014","unstructured":"Yau H (2014) Information security controls. Adv Robot Autom 3:e118. https:\/\/doi.org\/10.4172\/2168-9695.1000e118","journal-title":"Adv Robot Autom"},{"key":"470_CR101","doi-asserted-by":"publisher","first-page":"1035","DOI":"10.1016\/j.procs.2015.08.625","volume":"64","author":"I Yevseyeva","year":"2015","unstructured":"Yevseyeva I, Basto-Fernandes V, Emmerich M, van Moorsel A (2015) Selecting optimal subset of security controls. Procedia Comput Sci 64:1035\u20131042. https:\/\/doi.org\/10.1016\/j.procs.2015.08.625","journal-title":"Procedia Comput Sci"},{"key":"470_CR102","doi-asserted-by":"publisher","first-page":"618","DOI":"10.1016\/j.ejor.2006.10.031","volume":"183","author":"B You","year":"2007","unstructured":"You B, Yamada T (2007) ). A pegging approach to the precedence-constrained knapsack problem. Eur J Oper Res 183:618\u2013632","journal-title":"Eur J Oper Res"}],"container-title":["Information Systems and e-Business Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-020-00470-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10257-020-00470-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-020-00470-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,23]],"date-time":"2021-04-23T00:18:07Z","timestamp":1619137087000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10257-020-00470-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,23]]},"references-count":102,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,6]]}},"alternative-id":["470"],"URL":"https:\/\/doi.org\/10.1007\/s10257-020-00470-8","relation":{},"ISSN":["1617-9846","1617-9854"],"issn-type":[{"type":"print","value":"1617-9846"},{"type":"electronic","value":"1617-9854"}],"subject":[],"published":{"date-parts":[[2020,4,23]]},"assertion":[{"value":"1 June 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 March 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 April 2020","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 April 2020","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}