{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T03:36:14Z","timestamp":1764905774501,"version":"3.37.3"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2018,4,23]],"date-time":"2018-04-23T00:00:00Z","timestamp":1524441600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"published-print":{"date-parts":[[2020,3]]},"DOI":"10.1007\/s11227-018-2371-0","type":"journal-article","created":{"date-parts":[[2018,4,23]],"date-time":"2018-04-23T07:10:03Z","timestamp":1524467403000},"page":"1468-1481","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["pISRA: privacy considered information security risk assessment model"],"prefix":"10.1007","volume":"76","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9467-3879","authenticated-orcid":false,"given":"Yu-Chih","family":"Wei","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei-Chen","family":"Wu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gu-Hsin","family":"Lai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ya-Chi","family":"Chu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,4,23]]},"reference":[{"key":"2371_CR1","unstructured":"Data breach reports\u2014identity theft resource center. http:\/\/www.idtheftcenter.org\/images\/breach\/DataBreachReport_2016.pdf"},{"key":"2371_CR2","unstructured":"Guide to protecting the confidentiality of personally identifiable information (pii) (2010) NIST SP800-122. http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-122\/sp800-122.pdf"},{"key":"2371_CR3","unstructured":"Information technology\u2014security techniques\u2014information security risk management (2011) ISO\/IEC 27005:2011, pp 1\u201368"},{"key":"2371_CR4","unstructured":"Information technology\u2014security techniques\u2014privacy framework (2011) ISO\/IEC 29100:2011, pp 1\u201321"},{"key":"2371_CR5","unstructured":"Information technology\u2014security techniques\u2014information security management systems\u2014requirements (2013) ISO\/IEC 27001:2013, pp 1\u201323"},{"key":"2371_CR6","unstructured":"Information technology\u2014security techniques\u2014code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (2014) ISO\/IEC 27018:2014, pp 1\u201323"},{"key":"2371_CR7","unstructured":"Societal security\u2014Business continuity management systems\u2014guidelines for business impact analysis (BIA) (2015) ISO\/TS 22317:2015, pp 1\u201327"},{"key":"2371_CR8","unstructured":"Data protection specification for a personal information management system (2017) BS10012:2017. http:\/\/www.bsigroup.com\/en-GB\/BS-10012-Personal-information-management\/"},{"key":"2371_CR9","unstructured":"Information technology\u2014security techniques\u2014code of practice for personally identifiable information protection (2017) ISO\/IEC 29151:2017, pp 1\u201339"},{"key":"2371_CR10","unstructured":"Information technology\u2014security techniques\u2014guidelines for privacy impact assessment (2017) ISO\/IEC 29134:2017, pp 1\u201343"},{"key":"2371_CR11","doi-asserted-by":"publisher","unstructured":"Brooks S, Garcia M, Lefkovitz N, Lightman S, Nadeau E (2017) Ir8062: an introduction to privacy engineering and risk management in federal systems, Technical report. https:\/\/doi.org\/10.6028\/nist.ir.8062","DOI":"10.6028\/nist.ir.8062"},{"key":"2371_CR12","unstructured":"Clarke R (1999) Introduction to dataveillance and information privacy, and definitions of terms. Roger Clarke\u2019s Dataveillance and Information Privacy Pages. http:\/\/www.cse.unsw.edu.au\/~cs4920\/resources\/Roger-Clarke-Intro.pdf"},{"key":"2371_CR13","unstructured":"Council of the European Union: General data protection regulation (2016). http:\/\/data.consilium.europa.eu\/doc\/document\/ST-5419-2016-INIT\/en\/pdf"},{"key":"2371_CR14","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/978-3-319-47072-6_15","volume-title":"Data privacy management and security assurance","author":"SJ De","year":"2016","unstructured":"De SJ, Le M\u00e9tayer D (2016) PRIAM: a privacy risk analysis methodology. In: Livraga G, Torra V, Aldini A, Martinelli F, Suri N (eds) Data privacy management and security assurance. Springer, Cham, pp 221\u2013229"},{"key":"2371_CR15","unstructured":"Ministry of Justice (2012) The specific purpose and the classification of personal information of the personal information protection act. http:\/\/mojlaw.moj.gov.tw\/LawContentE.aspx?id=FL010631"},{"key":"2371_CR16","unstructured":"Ministry of Justice (2015) Personal information protection act. http:\/\/law.moj.gov.tw\/Eng\/LawClass\/LawAll.aspx?PCode=I0050021"},{"key":"2371_CR17","unstructured":"Ministry of Justice (2016) Enforcement rules of the personal information protection act. http:\/\/law.moj.gov.tw\/LawClass\/LawAll.aspx?PCode=I0050022"},{"key":"2371_CR18","doi-asserted-by":"publisher","unstructured":"Mylonas A, Theoharidou M, Gritzalis D (2014) Assessing privacy risks in android: a user-centric approach. Springer International Publishing, Cham, pp 21\u201337. https:\/\/doi.org\/10.1007\/978-3-319-07076-6_2","DOI":"10.1007\/978-3-319-07076-6_2"},{"issue":"2","key":"2371_CR19","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1057\/ejis.2013.18","volume":"23","author":"MC Oetzel","year":"2014","unstructured":"Oetzel MC, Spiekermann S (2014) Systematic methodology for privacy impact assessments. Eur J Inf Syst 23(2):126\u2013150. https:\/\/doi.org\/10.1057\/ejis.2013.18","journal-title":"Eur J Inf Syst"},{"key":"2371_CR20","unstructured":"Public Law 107-347 (2002) E-government act of 2002. U.S. Government Printing Office. http:\/\/www.gpo.gov\/fdsys\/pkg\/PLAW-107publ347"},{"key":"2371_CR21","doi-asserted-by":"publisher","unstructured":"Saripalli P, Walters B (2010) Quirc: a quantitative impact and risk assessment framework for cloud security. In: 2010 IEEE 3rd International Conference on Cloud Computing, pp 280\u2013288. https:\/\/doi.org\/10.1109\/CLOUD.2010.22","DOI":"10.1109\/CLOUD.2010.22"},{"issue":"1","key":"2371_CR22","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1016\/j.jisa.2013.07.002","volume":"18","author":"P Shamala","year":"2013","unstructured":"Shamala P, Ahmad R, Yusoff M (2013) A conceptual framework of info structure for information security risk assessment (ISRA). J Inf Secur Appl 18(1):45\u201352. https:\/\/doi.org\/10.1016\/j.jisa.2013.07.002","journal-title":"J Inf Secur Appl"},{"key":"2371_CR23","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/978-1-4471-4189-1_3","volume-title":"A privacy impact assessment tool for cloud computing","author":"D Tancock","year":"2013","unstructured":"Tancock D, Pearson S, Charlesworth A (2013) A privacy impact assessment tool for cloud computing. Springer, London, pp 73\u2013123. https:\/\/doi.org\/10.1007\/978-1-4471-4189-1_3"},{"key":"2371_CR24","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1007\/978-3-642-30436-1_36","volume-title":"A risk assessment method for smartphones","author":"M Theoharidou","year":"2012","unstructured":"Theoharidou M, Mylonas A, Gritzalis D (2012) A risk assessment method for smartphones. Springer, Berlin, pp 443\u2013456. https:\/\/doi.org\/10.1007\/978-3-642-30436-1_36"},{"issue":"1\/2","key":"2371_CR25","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1504\/ijshc.2013.053268","volume":"2","author":"C Trattner","year":"2013","unstructured":"Trattner C, Kappe F (2013) Social stream marketing on Facebook: a case study. Int J Soc Humanist Comput 2(1\/2):86. https:\/\/doi.org\/10.1504\/ijshc.2013.053268","journal-title":"Int J Soc Humanist Comput"},{"key":"2371_CR26","doi-asserted-by":"crossref","unstructured":"Wei YC, Wu WC, Chu YC (2016) Performance evaluation of information security risk identification. In: The 5th International Conference on Frontier Computing, Tokyo, Japan","DOI":"10.1007\/978-981-10-3187-8_76"},{"key":"2371_CR27","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-94-007-2543-0_1","volume-title":"Introduction to privacy impact assessment","author":"D Wright","year":"2012","unstructured":"Wright D, De Hert P (2012) Introduction to privacy impact assessment. Springer, Dordrecht, pp 3\u201332. https:\/\/doi.org\/10.1007\/978-94-007-2543-0_1"},{"issue":"1","key":"2371_CR28","doi-asserted-by":"crossref","first-page":"160","DOI":"10.30950\/jcer.v9i1.513","volume":"9","author":"D Wright","year":"2013","unstructured":"Wright D, Finn R, Rodrigues R (2013) A comparative analysis of privacy impact assessment in six countries. J Contemp Eur Res 9(1):160\u2013180","journal-title":"J Contemp Eur Res"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-018-2371-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11227-018-2371-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-018-2371-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,20]],"date-time":"2022-08-20T17:44:04Z","timestamp":1661017444000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11227-018-2371-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,4,23]]},"references-count":28,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2020,3]]}},"alternative-id":["2371"],"URL":"https:\/\/doi.org\/10.1007\/s11227-018-2371-0","relation":{},"ISSN":["0920-8542","1573-0484"],"issn-type":[{"type":"print","value":"0920-8542"},{"type":"electronic","value":"1573-0484"}],"subject":[],"published":{"date-parts":[[2018,4,23]]},"assertion":[{"value":"23 April 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}