{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,27]],"date-time":"2025-02-27T05:30:49Z","timestamp":1740634249668,"version":"3.38.0"},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2010,10,16]],"date-time":"2010-10-16T00:00:00Z","timestamp":1287187200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Netw Syst Manage"],"published-print":{"date-parts":[[2011,9]]},"DOI":"10.1007\/s10922-010-9180-y","type":"journal-article","created":{"date-parts":[[2010,10,15]],"date-time":"2010-10-15T13:26:28Z","timestamp":1287149188000},"page":"319-342","source":"Crossref","is-referenced-by-count":10,"title":["A Formal Methodology for Detecting Managerial Vulnerabilities and Threats in an Enterprise Information System"],"prefix":"10.1007","volume":"19","author":[{"given":"Anirban","family":"Sengupta","sequence":"first","affiliation":[]},{"given":"Chandan","family":"Mazumdar","sequence":"additional","affiliation":[]},{"given":"Aditya","family":"Bagchi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2010,10,16]]},"reference":[{"key":"9180_CR1","first-page":"475","volume-title":"Concise Oxford English Dictionary","year":"2006","unstructured":"Soanes, C., Stevenson, A. (eds.): Concise Oxford English Dictionary, 11th edn, p. 475. Oxford University Press, New York (2006)","edition":"11"},{"key":"9180_CR2","unstructured":"The International Organization for Standardization, The International Electrotechnical Commission (ISO\/IEC): ISO\/IEC 27002:2005, Information technology\u2013Security techniques\u2014Code of practice for information security management. Edition 1. Germany (2005)"},{"key":"9180_CR3","unstructured":"Federal office for information security: IT baseline protection manual. Germany (2007)"},{"key":"9180_CR4","doi-asserted-by":"crossref","unstructured":"Sengupta, A., Mazumdar, C., Bagchi, A.: A formal methodology for detection of vulnerabilities in an enterprise information system. In: Proceedings of the Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 74\u201381. Toulouse, France (2009)","DOI":"10.1109\/CRISIS.2009.5411976"},{"key":"9180_CR5","volume-title":"Information security policies, procedures, and standards: guidelines for effective security management","author":"TR Peltier","year":"2002","unstructured":"Peltier, T.R.: Information security policies, procedures, and standards: guidelines for effective security management. Auerbach Publications, Florida (2002)"},{"key":"9180_CR6","unstructured":"National Institute of Standards and Technology (NIST): National vulnerability database (NVD). Version 2.2. http:\/\/nvd.nist.gov (2009). Accessed 31 August 2009"},{"key":"9180_CR7","unstructured":"Top 10 Vulnerability Scanners. SECTOOLS.ORG. http:\/\/sectools.org\/vuln-scanners.html (2009). Accessed 31 August 2009"},{"key":"9180_CR8","unstructured":"New Survey Shows Damaging Attacks Against Internal Corporate Networks Continue Unabated; Companies\u2019 Security Investment Shifting Inward. Business Wire. http:\/\/findarticles.com\/p\/articles\/mi_m0EIN\/is_2005_Feb_7\/ai_n9494538 (2005). Accessed 28 August 2009"},{"key":"9180_CR9","doi-asserted-by":"crossref","unstructured":"Zhang, Xiao-Song, Shao, L., Zheng, J.: A novel method of software vulnerability detection based on fuzzing technique. In: Proceedings of the International Conference on Apperceiving Computing and Intelligence Analysis (ICACIA), pp. 270\u2013273. Chengdu, China (2008)","DOI":"10.1109\/ICACIA.2008.4770021"},{"key":"9180_CR10","doi-asserted-by":"crossref","unstructured":"Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 156\u2013165. Oakland, California, USA (2000)","DOI":"10.1109\/SECPRI.2000.848453"},{"key":"9180_CR11","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 273\u2013284. Oakland, California, USA (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"9180_CR12","unstructured":"Michalek, P., Thornton, R. (eds.): Enterprise vulnerability description language v0.1. OASIS Draft. http:\/\/www.oasis-open.org\/committees\/download.php\/11497\/EVDL-0.1-draft.doc (2005). Accessed 28 August 2009"},{"key":"9180_CR13","doi-asserted-by":"crossref","unstructured":"Aib, I., Alsubhi, K., Francois, J., Boutaba, R.: Policy-based security configuration management application to intrusion detection and prevention. In: Proceedings of IEEE International Conference on Communications (ICC), pp. 1\u20136. Dresden, Germany (2009)","DOI":"10.1109\/ICC.2009.5199341"},{"key":"9180_CR14","doi-asserted-by":"crossref","unstructured":"Onwubiko, C., Lenaghan, A.P.: An Evolutionary approach in threats detection for distributed security defence systems. In: Proceedings of IEEE International Conference on Intelligence and Security Informatics (ISI), LNCS 3975, pp. 696\u2013698. San Diego, California, USA (2006)","DOI":"10.1007\/11760146_95"},{"key":"9180_CR15","doi-asserted-by":"crossref","unstructured":"Myers, J., Grimaila, M.R., Mills, R.F.: Towards insider threat detection using web server logs. In: Proceedings of the 5th annual workshop on cyber security and information intelligence research: cyber security and information intelligence challenges and strategies (CSIIRW). Oak Ridge, Tennessee, USA (2009)","DOI":"10.1145\/1558607.1558670"},{"key":"9180_CR16","volume-title":"Extrusion Detection: Security Monitoring for Internal Intrusions","author":"R Bejtlich","year":"2005","unstructured":"Bejtlich, R.: Extrusion Detection: Security Monitoring for Internal Intrusions, 1st edn. Addison-Wesley Professional, Boston, Massachusetts (2005)","edition":"1"},{"key":"9180_CR17","unstructured":"Clayton, R.: Stopping spam by extrusion detection. In: Proceedings of the 1st conference on Email and anti-spam (CEAS). Mountain view, California, USA. http:\/\/ceas.cc\/2004\/172.pdf (2004). Accessed 31 August 2009"},{"key":"9180_CR18","doi-asserted-by":"crossref","unstructured":"Ammann, P., Sandhu, R.S.: Safety analysis for the extended schematic protection model. In: Proceedings of the IEEE symposium on security and privacy, pp. 87\u201397. Oakland, California, USA (1991)","DOI":"10.1109\/RISP.1991.130777"},{"key":"9180_CR19","unstructured":"Li, N., Mitchell, John C., Winsborough, W. H.: Beyond proof-of-compliance: Security analysis in trust management. JACM. 52(3), 474\u2013514 (2005). (Preliminary version appeared in: Proceedings of IEEE Symposium on Security and Privacy, pp. 123\u2013139. Berkeley, California, USA (2003))"},{"issue":"1","key":"9180_CR20","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1016\/0022-0000(92)90008-7","volume":"44","author":"RS Sandhu","year":"1992","unstructured":"Sandhu, R.S.: Undecidability of the safety problem for the schematic protection model with cyclic creates. J. Comput. System Sci. 44(1), 141\u2013159 (1992)","journal-title":"J. Comput. System Sci."},{"key":"9180_CR21","unstructured":"Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: On protection in operating systems. Operating Syst Rev (ACM S1GOPS Newsletter). 9, 5, 14\u201324 (1975)"},{"issue":"3","key":"9180_CR22","doi-asserted-by":"crossref","first-page":"455","DOI":"10.1145\/322017.322025","volume":"24","author":"RJ Lipton","year":"1977","unstructured":"Lipton, R.J., Snyder, L.: A linear time algorithm for deciding subject security. JACM. 24(3), 455\u2013464 (1977)","journal-title":"JACM."},{"key":"9180_CR23","doi-asserted-by":"crossref","unstructured":"Koch, M., Mancini, Luigi V., Parisi-Presicce, F.: Decidability of safety in graph-based models for access control. In: Proceedings of 7th European symposium on research in computer security (ESORICS), LNCS 2502, pp. 229\u2013243. Zurich, Switzerland (2002)","DOI":"10.1007\/3-540-45853-0_14"},{"key":"9180_CR24","doi-asserted-by":"crossref","unstructured":"Roditty L., Zwick, U.: A fully dynamic reachability algorithm for directed graphs with an almost linear update time. In: Proceedings of 36th Annual ACM Symposium on Theory of Computing (STOC), pp. 184\u2013191. Chicago, Illinois, USA (2004)","DOI":"10.1145\/1007352.1007387"},{"key":"9180_CR25","doi-asserted-by":"crossref","unstructured":"Wang, H., He, H., Yang, J., Yu, P.S., Yu, J.X.: Dual labeling: answering graph reachability queries in constant time. In: Proceedings of 22nd International Conference on Data Engineering (ICDE), pp. 75\u201386. Atlanta, Georgia, USA (2006)","DOI":"10.1109\/ICDE.2006.53"},{"key":"9180_CR26","doi-asserted-by":"crossref","unstructured":"Gligor, V.D., Gavrila, S.I., Ferraiolo, D.: On the formal definition of separation-of-duty policies and their composition. In: Proceedings of IEEE symposium on security and privacy, pp. 172\u2013183. Oakland, California, USA (1998)","DOI":"10.1109\/SECPRI.1998.674833"}],"container-title":["Journal of Network and Systems Management"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10922-010-9180-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10922-010-9180-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10922-010-9180-y","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,26]],"date-time":"2025-02-26T20:24:08Z","timestamp":1740601448000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10922-010-9180-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,10,16]]},"references-count":26,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2011,9]]}},"alternative-id":["9180"],"URL":"https:\/\/doi.org\/10.1007\/s10922-010-9180-y","relation":{},"ISSN":["1064-7570","1573-7705"],"issn-type":[{"type":"print","value":"1064-7570"},{"type":"electronic","value":"1573-7705"}],"subject":[],"published":{"date-parts":[[2010,10,16]]}}}