{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T13:39:12Z","timestamp":1777901952902,"version":"3.51.4"},"reference-count":38,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2020,9]]},"DOI":"10.1007\/s10586-019-03034-9","type":"journal-article","created":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T09:02:37Z","timestamp":1577869357000},"page":"1827-1843","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["AVARCIBER: a framework for assessing cybersecurity risks"],"prefix":"10.1007","volume":"23","author":[{"given":"Angel Marcelo","family":"Rea-Guaman","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0292-9318","authenticated-orcid":false,"given":"Jezreel","family":"Mej\u00eda","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tomas","family":"San Feliu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jose A.","family":"Calvo-Manzano","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,1,1]]},"reference":[{"key":"3034_CR1","unstructured":"Mendoza, M.A.: \u00bfCiberseguridad o seguridad de la informaci\u00f3n? Aclarando la diferencia. https:\/\/www.welivesecurity.com\/la-es\/2015\/06\/16\/ciberseguridad-seguridad-informacion-diferencia\/ (2015)"},{"key":"3034_CR2","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1007\/978-1-4302-6083-7","volume-title":"Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats","author":"SE Donaldson","year":"2015","unstructured":"Donaldson, S.E., Siegel, S.G., Williams, C.K., Aslam, A.: Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats, pp. 24\u201325. Apress, New York (2015)"},{"key":"3034_CR3","unstructured":"ESET: TENDENCIAS 2019: Privacidad e intrusi\u00f3n en la aldea global. www.eset.com (2019)"},{"key":"3034_CR4","unstructured":"OEA: Ciberseguridad marco nist. http:\/\/www.oas.org\/es\/ (2019)"},{"key":"3034_CR5","unstructured":"Truta, F.: The top five cybersecurity incidents of 2018. https:\/\/businessinsights.bitdefender.com\/the-five-key-security-incidents-of-2018 (2018)"},{"key":"3034_CR6","doi-asserted-by":"crossref","unstructured":"Rea-Guaman, A.M., S\u00e1nchez-Garc\u00eda, I.D., San Feliu, T., Calvo-Manzano, J.A.: Maturity Models in Cybersecurity: a systematic review. In: 12th Conferencia Ib\u00e9rica de Sistemas y Tecnolog\u00edas de Informaci\u00f3n (CISTI\u201917). Lisbon (2017)","DOI":"10.23919\/CISTI.2017.7975865"},{"key":"3034_CR7","unstructured":"Department of Energy: Cybersecurity Capability Maturity Model (C2M2): Version 1.1. Technical report, Department of Homeland Security (2014)"},{"key":"3034_CR8","unstructured":"US Department of Homeland Security: Cybersecurity Capability Maturity Model: Version 1.0. White paper, Department of Homeland Security (2014)"},{"key":"3034_CR9","unstructured":"SSE Project Team: System Security Engineering Capability Maturity Model (SSE-CMM): Model Description Document Version 3.0. Technical report, SSE-CMM (2003)"},{"key":"3034_CR10","doi-asserted-by":"crossref","unstructured":"White, G.B.: The community cyber security maturity model. In: IEEE International Conference on Technologies for Homeland Security, pp. 173\u2013178. IEEE Press, Wakefield (2011)","DOI":"10.1109\/THS.2011.6107866"},{"key":"3034_CR11","unstructured":"ISO 38500: Corporate Governance of Information Technology. http:\/\/www.iso.org (2015)"},{"key":"3034_CR12","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1016\/j.cose.2015.11.00","volume":"57","author":"MSK Awan","year":"2016","unstructured":"Awan, M.S.K., Burnap, P., Rana, O.: Identifying cyber risk hotspots: a framework for measuring temporal variance in computer network risk. Comput. Secur. 57, 31\u201346 (2016). https:\/\/doi.org\/10.1016\/j.cose.2015.11.00","journal-title":"Comput. Secur."},{"key":"3034_CR13","volume-title":"The Structure of a Cyber Risk a Scenario Based Approach in Cyber Risk","author":"F Delmee","year":"2016","unstructured":"Delmee, F.: The Structure of a Cyber Risk a Scenario Based Approach in Cyber Risk. Utrecht University Repository, Utrecht (2016)"},{"key":"3034_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-1-4419-7133-3","volume-title":"A Taxonomy of Operational Cyber Security Risks","author":"JJ Cebula","year":"2010","unstructured":"Cebula, J.J., Young, L.R.: A Taxonomy of Operational Cyber Security Risks, pp. 1\u201347. Software Engineering Institute, Carnegie-Mellon University, Pittsburgh (2010). https:\/\/doi.org\/10.1007\/978-1-4419-7133-3"},{"key":"3034_CR15","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-30r1","volume-title":"Guide for conducting risk assessments","author":"NIST","year":"2012","unstructured":"NIST: Guide for conducting risk assessments. NIST Special Publication, Gaithersburg (2012). https:\/\/doi.org\/10.6028\/NIST.SP.800-30r1"},{"key":"3034_CR16","unstructured":"Standard, I.: INTERNATIONAL STANDARD ISO\/IEC 27005 Information security risk management (2011)"},{"key":"3034_CR17","unstructured":"Dobson, I., Hietala, J.: Risk Management: The Open Group Guide. 118. http:\/\/books.google.com\/books?id=p4f8jUT2wgUC&pgis=1 (2011)"},{"key":"3034_CR18","doi-asserted-by":"publisher","DOI":"10.1007\/s10845-012-0683-0","volume-title":"Managing Information Security Risk","author":"JTFT Initiative","year":"2011","unstructured":"Initiative, J.T.F.T.: Managing Information Security Risk. Nist Special Publication, Gaithersburg (2011). https:\/\/doi.org\/10.1007\/s10845-012-0683-0"},{"key":"3034_CR19","doi-asserted-by":"crossref","unstructured":"Caralli, R., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE allegro: improving the information security risk assessment process. Young (May), pp. 1\u2013113 (2007)","DOI":"10.21236\/ADA470450"},{"issue":"6","key":"3034_CR20","first-page":"150","volume":"11","author":"V Singh","year":"2014","unstructured":"Singh, V.: Revisiting security ontologies. Int. J. Comput. Sci. Issues 11(6), 150\u2013159 (2014)","journal-title":"Int. J. Comput. Sci. Issues"},{"key":"3034_CR21","doi-asserted-by":"publisher","unstructured":"Singhal, A., Wijesekera, D.: Ontologies for modeling enterprise level security metrics. In: Proceedings of the sixth annual workshop on cyber security and information intelligence research\u2014CSIIRW \u201910, 1. https:\/\/doi.org\/10.1145\/1852666.1852731 (2010)","DOI":"10.1145\/1852666.1852731"},{"key":"3034_CR22","volume-title":"Security Ontologies for Modeling Enterprise Level Risk Assessment","author":"A Singhal","year":"2012","unstructured":"Singhal, A., Singapogu, S.: Security Ontologies for Modeling Enterprise Level Risk Assessment. NIST Special Publication, Gaithersburg (2012)"},{"key":"3034_CR23","unstructured":"Goodwin, C., Nicholas, J.P., Bryant, J., Ciglic, K., Kleiner, A., Kutterer, C., Sullivan, K., et al.: A framework for cybersecurity information sharing and risk reduction, pp. 1\u201324. http:\/\/download.microsoft.com\/download\/8\/0\/1\/801358EC-2A0A-4675-A2E7-96C2E7B93E73\/Framework_for_Cybersecurity_Info_Sharing.pdf (2015)"},{"key":"3034_CR24","volume-title":"Trends and Applications in Software Engineering. CIMPS 2017. Advances in Intelligent Systems and Computing","author":"AM Rea-Guaman","year":"2018","unstructured":"Rea-Guaman, A.M., San, Feliu T., Calvo-Manzano, J.A., Sanchez-Garcia, I.D.: Systematic review: cybersecurity risk taxonomy. In: Mejia, J., Mu\u00f1oz, M., Rocha, \u00c1., Qui\u00f1onez, Y., Calvo-Manzano, J. (eds.) Trends and Applications in Software Engineering. CIMPS 2017. Advances in Intelligent Systems and Computing, vol. 688. Springer, Cham (2018)"},{"issue":"1","key":"3034_CR25","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1108\/10662241211199960","volume":"22","author":"F Baltar","year":"2012","unstructured":"Baltar, F., Brunet, I.: Social research 2.0: virtual snowball sampling method using Facebook. Internet Res. 22(1), 57\u201374 (2012)","journal-title":"Internet Res."},{"key":"3034_CR26","doi-asserted-by":"publisher","unstructured":"Buchanan, L., Larkin, M., D\u2019Amico, A.: Mission assurance proof-of-concept: mapping dependencies among cyber assets, missions, and users. In: 2012 IEEE International Conference on Technologies for Homeland Security, HST 2012, pp. 298\u2013304. https:\/\/doi.org\/10.1109\/THS.2012.6459865 (2012)","DOI":"10.1109\/THS.2012.6459865"},{"key":"3034_CR27","doi-asserted-by":"publisher","unstructured":"Shamala, P., Ahmad, R.: A proposed taxonomy of assets for information security risk assessment (ISRA). In: 2014 4th World Congress on Information and Communication Technologies, WICT 2014, pp. 29\u201333. https:\/\/doi.org\/10.1109\/WICT.2014.7077297 (2014)","DOI":"10.1109\/WICT.2014.7077297"},{"key":"3034_CR28","doi-asserted-by":"publisher","DOI":"10.1109\/DEXA.2006.8","volume-title":"A Framework of the Impact of Cyberspace on Contemporary Organizations","author":"J Wielki","year":"2006","unstructured":"Wielki, J.: A Framework of the Impact of Cyberspace on Contemporary Organizations. IEEE, Piscataway (2006)"},{"key":"3034_CR29","doi-asserted-by":"publisher","unstructured":"Yazid, A.I.S., Faizal, M.A., Rabiah, A., Shahrin, S., Solahuddin, S.: Enhancement of asset value classification for mobile devices. In: Proceedings 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic, CyberSec 2012, pp. 106\u2013110. https:\/\/doi.org\/10.1109\/CyberSec.2012.6246097 (2012)","DOI":"10.1109\/CyberSec.2012.6246097"},{"key":"3034_CR30","doi-asserted-by":"crossref","unstructured":"Farooq, A., Kakakhel, S.R.U., Virtanen, S., Isoaho, J.: A taxonomy of perceived information security and privacy threats among IT security students. In: 2015 10th International Conference for Internet Technology and Secured Transactions, ICITST 2015, pp. 280\u2013286. https:\/\/doi.org\/10.1109\/ICITST.2015.7412106 (2016)","DOI":"10.1109\/ICITST.2015.7412106"},{"key":"3034_CR31","doi-asserted-by":"publisher","unstructured":"Yu, Z., Thomborson, C., Wang, C., Fu, J., Wang, J.: A security model for VoIP steganography. In: 1st International Conference on Multimedia Information Networking and Security, MINES 2009, vol. 1, pp. 35\u201340. https:\/\/doi.org\/10.1109\/MINES.2009.227 (2009)","DOI":"10.1109\/MINES.2009.227"},{"key":"3034_CR32","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1016\/j.cose.2014.05.005","volume":"45","author":"A Razzaq","year":"2014","unstructured":"Razzaq, A., Anwar, Z., Ahmad, H.F., Latif, K., Munir, F.: Ontology for attack detection: an intelligent approach to web application security. Comput. Secur. 45, 124\u2013146 (2014). https:\/\/doi.org\/10.1016\/j.cose.2014.05.005","journal-title":"Comput. Secur."},{"key":"3034_CR33","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.cose.2015.11.001","volume":"57","author":"A Shameli-Sendi","year":"2016","unstructured":"Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14\u201330 (2016). https:\/\/doi.org\/10.1016\/j.cose.2015.11.001","journal-title":"Comput. Secur."},{"key":"3034_CR34","doi-asserted-by":"publisher","unstructured":"Bazaz, A., Arthur, J.D.: Towards a taxonomy of vulnerabilities. In: Proceedings of the Annual Hawaii International Conference on System Sciences, (c), pp. 1\u201310. https:\/\/doi.org\/10.1109\/HICSS.2007.566 (2007)","DOI":"10.1109\/HICSS.2007.566"},{"key":"3034_CR35","doi-asserted-by":"publisher","unstructured":"Zhao, Z., Dai, Y.:. A new method of vulnerability taxonomy based on information security attributes. In: 2012 IEEE 12th International Conference on Computer and Information Technology, pp. 739\u2013741. https:\/\/doi.org\/10.1109\/CIT.2012.152 (2012)","DOI":"10.1109\/CIT.2012.152"},{"key":"3034_CR36","doi-asserted-by":"publisher","unstructured":"Ahmad, N.H., Aljunid, S.A., & Manan, J.L.A.: Understanding vulnerabilities by refining taxonomy. In: Proceedings of the 2011 7th International Conference on Information Assurance and Security, IAS 2011, pp. 25\u201329. https:\/\/doi.org\/10.1109\/ISIAS.2011.6122789 (2011)","DOI":"10.1109\/ISIAS.2011.6122789"},{"issue":"1","key":"3034_CR37","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1109\/COMST.2008.4483667","volume":"10","author":"VM Igure","year":"2008","unstructured":"Igure, V.M., Williams, R.D.: Taxonomies of attacks and vulnerabilities in computer systems. IEEE Commun. Surv. Tutor. 10(1), 6\u201319 (2008). https:\/\/doi.org\/10.1109\/COMST.2008.4483667","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"3034_CR38","unstructured":"Marinos, L.: Threat taxonomy: a tool for structuring threat information. Initial report. (January), pp. 1\u201324. https:\/\/www.enisa.europa.eu\/topics\/threat-risk-management\/threats-and-trends\/enisa-threat-landscape\/etl2015\/enisa-threat-taxonomy-a-tool-for-structuring-threat-information (2016)"}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-019-03034-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10586-019-03034-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-019-03034-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,31]],"date-time":"2020-12-31T00:45:50Z","timestamp":1609375550000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10586-019-03034-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,1]]},"references-count":38,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2020,9]]}},"alternative-id":["3034"],"URL":"https:\/\/doi.org\/10.1007\/s10586-019-03034-9","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,1,1]]},"assertion":[{"value":"24 September 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 November 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 December 2019","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 January 2020","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}