{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,18]],"date-time":"2025-09-18T10:31:33Z","timestamp":1758191493644,"version":"3.44.0"},"reference-count":73,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T00:00:00Z","timestamp":1730073600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T00:00:00Z","timestamp":1730073600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Bus Inf Syst Eng"],"published-print":{"date-parts":[[2025,8]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>The increased reliance of organizations on information technology inherently increases their vulnerability to cyber-security attacks. As a response, a host of cyber-security approaches exists. While\u00a0useful, these approaches exhibit shortcomings such as an inclination to be fragmented, not accounting for up-to-date organizational data, focusing on singular vulnerabilities only, and being reactive, i.e., focusing on patching up vulnerabilities in current systems. The paper presents and evaluates a modeling method aiming to address those shortcomings and to support security by design with a focus on the electricity sector. The proposed modeling method encompasses a multi-level reference model reconstructing and integrating existing initiatives and supporting top-down and bottom-up analyses. Compared to earlier work, the paper contributes (1)\u00a0a process model for cyber-security by design, which proactively considers security as a first-class citizen during the design process, (2)\u00a0a complete coverage of the multi-level model, in terms of three views complementing the introduced process model, (3)\u00a0an elaborated evaluation, in terms of reporting on an additional design science cycle.<\/jats:p>","DOI":"10.1007\/s12599-024-00899-y","type":"journal-article","created":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T10:02:42Z","timestamp":1730109762000},"page":"511-530","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Multi-level Reference Model and a Dedicated Method for Cyber-Security by Design"],"prefix":"10.1007","volume":"67","author":[{"given":"Sybren","family":"de Kinderen","sequence":"first","affiliation":[]},{"given":"Monika","family":"Kaczmarek-He\u00df","sequence":"additional","affiliation":[]},{"given":"Simon","family":"Hacks","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,28]]},"reference":[{"issue":"4","key":"899_CR1","doi-asserted-by":"publisher","first-page":"539","DOI":"10.1016\/j.bushor.2019.03.010","volume":"62","author":"C Abraham","year":"2019","unstructured":"Abraham C, Chatterjee D, Sims RR (2019) Muddling through cybersecurity: insights from the US healthcare industry. Bus Horiz 62(4):539\u2013548","journal-title":"Bus Horiz"},{"issue":"1","key":"899_CR2","doi-asserted-by":"publisher","first-page":"47","DOI":"10.4304\/jsw.2.1.47-59","volume":"2","author":"M Alam","year":"2007","unstructured":"Alam M, Breu R, Hafner M (2007) Model-driven security engineering for trust management in SECTET. J Softw 2(1):47\u201359","journal-title":"J Softw"},{"key":"899_CR3","doi-asserted-by":"crossref","unstructured":"Almorsy M, Grundy J (2014) Secdsvl: a domain-specific visual language to support enterprise security modelling. In: 23rd Australian software engineering conference (ASWEC), pp 152\u2013161","DOI":"10.1109\/ASWEC.2014.18"},{"key":"899_CR4","doi-asserted-by":"crossref","unstructured":"Aravinthan V, Namboodiri V, Sunku S, Jewell W (2011) Wireless AMI application and security for controlled home area networks. In: 2011 IEEE power and energy society general meeting. IEEE, pp 1\u20138","DOI":"10.1109\/PES.2011.6038996"},{"key":"899_CR5","doi-asserted-by":"crossref","unstructured":"Atkinson C, K\u00fchne T (2001) The essence of multilevel metamodeling. In: Proceedings of the 4th international conference on the unified modeling language, modeling languages, concepts, and tools. Springer, Heidelberg, pp 19\u201333","DOI":"10.1007\/3-540-45441-1_3"},{"issue":"3","key":"899_CR6","first-page":"345","volume":"7","author":"C Atkinson","year":"2008","unstructured":"Atkinson C, K\u00fchne T (2008) Reducing accidental complexity in domain models. SoSyM 7(3):345\u2013359","journal-title":"SoSyM"},{"issue":"1","key":"899_CR7","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/1125808.1125810","volume":"15","author":"D Basin","year":"2006","unstructured":"Basin D, Doser J, Lodderstedt T (2006) Model driven security: from UML models to access control infrastructures. ACM Transact Softw Eng Method (TOSEM) 15(1):39\u201391","journal-title":"ACM Transact Softw Eng Method (TOSEM)"},{"key":"899_CR8","doi-asserted-by":"crossref","unstructured":"Basin D, Clavel M, Egea M (2011) A decade of model-driven security. In: Proceedings of the 16th ACM symposium on Access control models and technologies, pp 1\u201310","DOI":"10.1145\/1998441.1998443"},{"key":"899_CR9","unstructured":"Brown B, Singletary B, Willke B, Bennett C, Highfill D, Houseman D, Cleveland F, Lipson H, Ivers J, Gooding J et\u00a0al (2008) AMI system security requirements. AMI-SEC TF"},{"key":"899_CR10","doi-asserted-by":"publisher","first-page":"126","DOI":"10.18261\/olr.8.3.2","volume":"3","author":"LA Bygrave","year":"2022","unstructured":"Bygrave LA (2022) Security by design: aspirations and realities in a regulatory context. Oslo Law Rev 3:126\u2013177","journal-title":"Oslo Law Rev"},{"key":"899_CR11","unstructured":"Case DU (2016) Analysis of the cyber attack on the Ukrainian power grid. In: Electricity information sharing and analysis center (E-ISAC), vol 388, pp 1\u201329"},{"issue":"1","key":"899_CR12","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1109\/MCOM.2013.6400439","volume":"51","author":"ACF Chan","year":"2013","unstructured":"Chan ACF, Zhou J (2013) On smart grid cybersecurity standardization: issues of designing with NISTIR 7628. IEEE Commun Mag 51(1):58\u201365","journal-title":"IEEE Commun Mag"},{"key":"899_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2015.09.009","volume":"56","author":"Y Cherdantseva","year":"2016","unstructured":"Cherdantseva Y, Burnap P, Blyth A, Eden P, Jones K, Soulsby H, Stoddart K (2016) A review of cyber security risk assessment methods for SCADA systems. Comput Secur 56:1\u201327. https:\/\/doi.org\/10.1016\/j.cose.2015.09.009","journal-title":"Comput Secur"},{"key":"899_CR14","unstructured":"Cozzi L, Turk D, Abergel T, Bartos J, Bellevrat E, Bennett S, Berly T, Bouckaert S, Dulac J, Alvarez CF et\u00a0al (2017) Digitalization and Energy. OECD"},{"key":"899_CR15","doi-asserted-by":"publisher","unstructured":"Darteh OF, Liu Q, Liu X, Bah I, Nakoty FM, Acakpovi A (2022) Emerging simulation frameworks for analyzing smart grid cyberattack: a literature review. In: 2022 IEEE Intl conf on dependable, autonomic and secure computing, intl conf on pervasive intelligence and computing, intl conf on cloud and big data computing, intl conf on cyber science and technology congress (DASC\/PiCom\/CBDCom\/CyberSciTech), pp 1\u20137. https:\/\/doi.org\/10.1109\/DASC\/PiCom\/CBDCom\/Cy55231.2022.9927892","DOI":"10.1109\/DASC\/PiCom\/CBDCom\/Cy55231.2022.9927892"},{"key":"899_CR40","doi-asserted-by":"crossref","unstructured":"de Kinderen S, Kaczmarek-He\u00df M (2021) Making a case for multi-level reference modeling \u2013 a comparison of conventional and multi-level language architectures for reference modeling challenges. In: Wirtschaftsinformatik 2021, aisnet","DOI":"10.1007\/978-3-030-86800-0_24"},{"key":"899_CR41","unstructured":"de\u00a0Kinderen S, Kaczmarek-He\u00df M, Hacks S (2022) Towards cybersecurity by design: a multi-level reference model for requirements-driven smart grid cybersecurity. In: 30th European conference on information systems, ECIS 2022, Timisoara"},{"key":"899_CR16","doi-asserted-by":"crossref","unstructured":"Dougherty C, Sayre K, Seacord RC, Svoboda D, Togashi K (2009) Secure design patterns. Carnergie-Mellon University Pittsburgh PA Software Engineering Institute, Technical report","DOI":"10.21236\/ADA501670"},{"key":"899_CR17","doi-asserted-by":"publisher","first-page":"701","DOI":"10.1007\/s11948-014-9551-y","volume":"20","author":"M Dunn Cavelty","year":"2014","unstructured":"Dunn Cavelty M (2014) Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities. Sci Eng Ethic 20:701\u2013715","journal-title":"Sci Eng Ethic"},{"key":"899_CR18","doi-asserted-by":"crossref","unstructured":"Ekstedt M, Johnson P, Lagerstr\u00f6m R, Gorton D, Nydr\u00e9n J, Shahzad K (2015) securiCAD by foreseeti: a CAD tool for enterprise cyber security management. In: Enterprise distributed object computing workshop. IEEE, pp 152\u2013155","DOI":"10.1109\/EDOCW.2015.40"},{"key":"899_CR19","unstructured":"ENISA (2022) Compendium of risk management frameworks with potential interoperability. Technical report, European Union Agency for Cybersecurity"},{"issue":"6","key":"899_CR20","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/s12599-014-0350-4","volume":"6","author":"U Frank","year":"2014","unstructured":"Frank U (2014) Multilevel modeling\u2014toward a new paradigm of conceptual modeling and information systems design. Bus Inf Syst Eng 6(6):319\u2013337","journal-title":"Bus Inf Syst Eng"},{"key":"899_CR21","unstructured":"Frank U (2018) The flexible multi-level modelling and execution language (FMMLx). version 2.0: Analysis of requirements and technical terminology. Technical Report\u00a066, ICB-Research Report"},{"key":"899_CR22","doi-asserted-by":"publisher","DOI":"10.1016\/C2013-0-09966-5","volume-title":"Measuring and managing information risk","author":"J Freund","year":"2015","unstructured":"Freund J, Jones J (2015) Measuring and managing information risk. Butterworth-Heinemann, Waltham. https:\/\/doi.org\/10.1016\/C2013-0-09966-5"},{"key":"899_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110697","volume":"169","author":"J Geismann","year":"2020","unstructured":"Geismann J, Bodden E (2020) A systematic literature review of model-driven security engineering for cyber-physical systems. J Syst Softw 169:110697. https:\/\/doi.org\/10.1016\/j.jss.2020.110697","journal-title":"J Syst Softw"},{"key":"899_CR24","doi-asserted-by":"crossref","unstructured":"Geismann J, Gerking C, Bodden E (2018) Towards ensuring security by design in cyber-physical systems engineering processes. In: Proceedings of the 2018 international conference on software and system process, pp 123\u2013127","DOI":"10.1145\/3202710.3203159"},{"key":"899_CR25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-49229-2","volume-title":"The use case and smart grid architecture model approach: the IEC 62559\u20132 use case template and the SGAM applied in various domains","author":"M Gottschalk","year":"2017","unstructured":"Gottschalk M, Uslar M, Delfs C (2017) The use case and smart grid architecture model approach: the IEC 62559\u20132 use case template and the SGAM applied in various domains, 1st edn. Springer, Berlin","edition":"1"},{"key":"899_CR26","unstructured":"Guizzardi G, Proper HA (2022) On understanding the value of domain modeling. EMISA"},{"key":"899_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42162-020-00134-4","volume":"3","author":"S Hacks","year":"2020","unstructured":"Hacks S, Katsikeas S, Ling E, Lagerstr\u00f6m R, Ekstedt M (2020) powerLang: a probabilistic attack simulation language for the power domain. Energy Inform 3:1\u201317","journal-title":"Energy Inform"},{"key":"899_CR28","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-3-031-17604-3_2","volume-title":"Enterprise design, operations, and computing","author":"S Hacks","year":"2022","unstructured":"Hacks S, Kaczmarek-He\u00df M, de Kinderen S, T\u00f6pel D (2022) A multi-level cyber-security reference model in support of vulnerability analysis. In: Almeida JPA, Karastoyanova D, Guizzardi G, Montali M, Maggi FM, Fonseca CM (eds) Enterprise design, operations, and computing. Springer, Cham, pp 19\u201335"},{"issue":"5","key":"899_CR29","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1108\/10662240610710978","volume":"16","author":"M Hafner","year":"2006","unstructured":"Hafner M, Breu R, Agreiter B, Nowak A (2006) SECTET: an extensible framework for the realization of secure inter-organizational workflows. Internet Res 16(5):491\u2013506","journal-title":"Internet Res"},{"key":"899_CR30","doi-asserted-by":"publisher","unstructured":"Hamlet JR, Keliiaa CM (2010) Assessment of current cybersecurity practices in the public domain: cyber indications and warnings domain. Technical report. https:\/\/doi.org\/10.2172\/992337, https:\/\/www.osti.gov\/biblio\/992337. Accessed 29 July 2024","DOI":"10.2172\/992337"},{"key":"899_CR31","doi-asserted-by":"publisher","DOI":"10.4159\/9780674985124","volume-title":"Privacy\u2019s blueprint: the battle to control the design of new technologies","author":"W Hartzog","year":"2018","unstructured":"Hartzog W (2018) Privacy\u2019s blueprint: the battle to control the design of new technologies. Harvard University Press, Cambridge"},{"key":"899_CR32","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1007\/978-3-030-29053-5_2","volume-title":"Basic concepts and models of cybersecurity","author":"D Herrmann","year":"2020","unstructured":"Herrmann D, Prid\u00f6hl H (2020) Basic concepts and models of cybersecurity. Springer, Cham, pp 11\u201344. https:\/\/doi.org\/10.1007\/978-3-030-29053-5_2"},{"issue":"1","key":"899_CR33","doi-asserted-by":"publisher","first-page":"75","DOI":"10.2307\/25148625","volume":"28","author":"AR Hevner","year":"2004","unstructured":"Hevner AR, March ST, Park J et al (2004) Design science in information systems research. MIS Q 28(1):75\u2013105","journal-title":"MIS Q"},{"key":"899_CR34","doi-asserted-by":"crossref","unstructured":"Jiang Y, Jeusfeld MA, Ding J, Sandahl E (2023) Model-based cybersecurity analysis: extending enterprise modeling to critical infrastructure cybersecurity. Bus Inf Syst Eng 1\u201334","DOI":"10.1007\/s12599-023-00811-0"},{"key":"899_CR35","doi-asserted-by":"crossref","unstructured":"Johnson P, Lagerstr\u00f6m R, Ekstedt M (2018) A meta language for threat modeling and attack simulations. In: Proceedings of the 13th international conference on availability, reliability and security, pp 1\u20138","DOI":"10.1145\/3230833.3232799"},{"key":"899_CR36","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens J (2002) UMLsec: extending UML for secure systems development. In: J\u00e9z\u00e9quel J, Hu\u00dfmann H, Cook S (eds) UML 2002-the unified modeling language, 5th international conference, Dresden, Germany, 2002, proceedings, Springer, Heidelberg, LNCS, vol 2460, pp 412\u2013425","DOI":"10.1007\/3-540-45800-X_32"},{"key":"899_CR37","volume-title":"Secure systems development with UML","author":"J J\u00fcrjens","year":"2005","unstructured":"J\u00fcrjens J (2005) Secure systems development with UML. Springer, Heidelberg"},{"key":"899_CR38","unstructured":"Kahn RE, McConnell M, Nye JS, Schwartz P, Daly NJ, Fick N, Finnemore M, Fontaine R, Geer DE, Gross DA, Healey J, Lewis JA, Lucarelli ME, Mahnken TG, McGraw G, Miksad RH, Rattray GJ, Rogers W, Schroeder CM (2011) America\u2019s cyber future: security and prosperity in the information age. Technical report, Center for a New American Security. http:\/\/www.jstor.org\/stable\/resrep06319.7. Accessed 24 May 2023"},{"key":"899_CR39","first-page":"67","volume-title":"GraMSec","author":"S Katsikeas","year":"2020","unstructured":"Katsikeas S, Hacks S, Johnson P, Ekstedt M, Lagerstr\u00f6m R, Jacobsson J, W\u00e4llstedt M, Eliasson P (2020) An attack simulation language for the IT domain. In: Eades H III, Gadyatskaya O (eds) GraMSec. Springer, Heidelberg, pp 67\u201386"},{"key":"899_CR42","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2021.102466","volume":"63","author":"S Kraus","year":"2022","unstructured":"Kraus S, Durst S, Ferreira JJ, Veiga P, Kailer N, Weinmann A (2022) Digital transformation in business and management research: an overview of the current status quo. Int J Inf Manag 63:102466. https:\/\/doi.org\/10.1016\/j.ijinfomgt.2021.102466","journal-title":"Int J Inf Manag"},{"key":"899_CR43","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1016\/j.arcontrol.2022.03.004","volume":"53","author":"S Liu","year":"2022","unstructured":"Liu S, Trivedi A, Yin X, Zamani M (2022) Secure-by-construction synthesis of cyber-physical systems. Ann Rev Control 53:30\u201350. https:\/\/doi.org\/10.1016\/j.arcontrol.2022.03.004","journal-title":"Ann Rev Control"},{"key":"899_CR44","volume-title":"Model-driven risk analysis: the CORAS approach","author":"MS Lund","year":"2010","unstructured":"Lund MS, Solhaug B, St\u00f8len K (2010) Model-driven risk analysis: the CORAS approach. Springer, Heidelberg"},{"key":"899_CR45","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-031-26845-8_1","volume-title":"Cybersecurity in digital transformation","author":"DPF M\u00f6ller","year":"2023","unstructured":"M\u00f6ller DPF (2023) Cybersecurity in digital transformation. Springer, Cham, pp 1\u201370. https:\/\/doi.org\/10.1007\/978-3-031-26845-8_1"},{"key":"899_CR46","volume-title":"Risk centric threat modeling: process for attack simulation and threat analysis","author":"MM Morana","year":"2015","unstructured":"Morana MM, Uceda V\u00e9lez T (2015) Risk centric threat modeling: process for attack simulation and threat analysis. Wiley, Hoboken"},{"key":"899_CR47","unstructured":"Mouratidis H, Giorgini P, Manson G, Philp I et\u00a0al (2002) A natural extension of tropos methodology for modelling security. In: Proceedings agent oriented methodologies workshop, annual ACM conference on object oriented programming, systems, languages (OOPSLA), Seattle"},{"key":"899_CR48","first-page":"49","volume-title":"Conceptual modelling, databases, and CASE: an integrated view of information system development","author":"J Mylopoulos","year":"1992","unstructured":"Mylopoulos J (1992) Conceptual modelling and Telos. Conceptual modelling, databases, and CASE: an integrated view of information system development. Wiley, Hoboken, pp 49\u201368"},{"key":"899_CR49","unstructured":"National Institute of Standards and Technology (2010) NISTIR 7628-guidelines for smart grid cyber security vol. 1-3. Technical Report NISTIR 7628, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA. https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2010\/NIST.IR.7628.pdf. Accessed 29 July 2024"},{"key":"899_CR50","unstructured":"National Institute of Standards and Technology (2024) The NIST cybersecurity framework 2.0"},{"key":"899_CR51","doi-asserted-by":"publisher","first-page":"629","DOI":"10.1016\/j.rser.2015.08.069","volume":"53","author":"E Niesten","year":"2016","unstructured":"Niesten E, Alkemade F (2016) How is value created and captured in smart grids? a review of the literature and an analysis of pilot projects. Renew Sustain Energy Rev 53:629\u2013638","journal-title":"Renew Sustain Energy Rev"},{"key":"899_CR52","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1016\/j.datak.2015.07.007","volume":"98","author":"E Paja","year":"2015","unstructured":"Paja E, Dalpiaz F, Giorgini P (2015) Modelling and reasoning about security requirements in socio-technical systems. Data Knowl Eng 98:123\u2013143","journal-title":"Data Knowl Eng"},{"key":"899_CR53","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/s12525-019-00381-8","volume":"31","author":"U Paukstadt","year":"2021","unstructured":"Paukstadt U, Becker J (2021) Uncovering the business value of the internet of things in the energy domain\u2014a review of smart energy business models. Electron Market 31:51\u201366","journal-title":"Electron Market"},{"key":"899_CR54","doi-asserted-by":"publisher","first-page":"26","DOI":"10.22215\/timreview\/904","volume":"5","author":"J Payette","year":"2015","unstructured":"Payette J, Anegbe E, Caceres E, Muegge S (2015) Secure by design: cybersecurity extensions to project management maturity models for critical infrastructure projects. Technol Innov Manag Rev 5:26\u201334","journal-title":"Technol Innov Manag Rev"},{"key":"899_CR55","doi-asserted-by":"publisher","DOI":"10.13140\/RG.2.2.12437.73441","author":"F Rosa","year":"2017","unstructured":"Rosa F, Bonacin R, Jino M (2017) The security assessment domain: a survey of taxonomies and ontologies. ArXiv. https:\/\/doi.org\/10.13140\/RG.2.2.12437.73441","journal-title":"ArXiv"},{"key":"899_CR56","unstructured":"Saitta P, Larcom B, Eddington M (2005) Trike v1 methodology document. https:\/\/www.octotrike.org\/papers\/Trike_v1_Methodology_Document-draft.pdf. Accessed 09 Oct 2023"},{"key":"899_CR57","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/s12599-017-0516-y","volume":"60","author":"K Sandkuhl","year":"2018","unstructured":"Sandkuhl K, Fill HG, Hoppenbrouwers S, Krogstie J, Matthes F, Opdahl A, Schwabe G, Uludag \u00d6, Winter R (2018) From expert discipline to common practice: a vision and research agenda for extending the reach of enterprise modeling. Bus Inf Syst Eng 60:69\u201380","journal-title":"Bus Inf Syst Eng"},{"key":"899_CR58","doi-asserted-by":"crossref","unstructured":"Santos JC, Tarrit K, Mirakhorli M (2017) A catalog of security architecture weaknesses. In: 2017 IEEE international conference on software architecture workshops (ICSAW). IEEE, pp 220\u2013223","DOI":"10.1109\/ICSAW.2017.25"},{"key":"899_CR59","unstructured":"SGAM (2012) Smart grid reference architecture. Technical report, CEN-CENELEC-ETSI Smart Grid Coordination Group. https:\/\/www.cencenelec.eu\/media\/CEN-CENELEC\/AreasOfWork\/CEN-CENELEC_Topics\/Smart%20Grids%20and%20Meters\/Smart%20Grids\/reference_architecture_smartgrids.pdf. Accessed 09 Oct 2023"},{"key":"899_CR60","unstructured":"Shevchenko N, Chick TA, O\u2019Riordan P, Scanlon TP, Woody C (2018) Threat modeling: a summary of available methods. Carnegie Mellon University Software Engineering Institute Pittsburgh, Technical report"},{"key":"899_CR61","doi-asserted-by":"publisher","first-page":"358","DOI":"10.1016\/j.future.2022.06.013","volume":"136","author":"M Shokry","year":"2022","unstructured":"Shokry M, Awad AI, Abd-Ellah MK, Khalaf AA (2022) Systematic survey of advanced metering infrastructure security: vulnerabilities, attacks, countermeasures, and future vision. Futur Gen Comput Syst 136:358\u2013377. https:\/\/doi.org\/10.1016\/j.future.2022.06.013","journal-title":"Futur Gen Comput Syst"},{"key":"899_CR62","unstructured":"Shostack A (2008) Experiences threat modeling at Microsoft. Technical report, Microsoft"},{"key":"899_CR63","volume-title":"Threat modeling: designing for security","author":"A Shostack","year":"2014","unstructured":"Shostack A (2014) Threat modeling: designing for security. Wiley, Hoboken"},{"issue":"4","key":"899_CR64","doi-asserted-by":"publisher","first-page":"3453","DOI":"10.1109\/COMST.2018.2855563","volume":"20","author":"I Stellios","year":"2018","unstructured":"Stellios I, Kotzanikolaou P, Psarakis M, Alcaraz C, Lopez J (2018) A survey of IoT-enabled cyberattacks: assessing attack paths to critical infrastructures and services. IEEE Commun Surv Tutor 20(4):3453\u20133495","journal-title":"IEEE Commun Surv Tutor"},{"key":"899_CR65","unstructured":"Strom BE, Applebaum A, Miller DP, Nickels KC, Pennington AG, Thomas CB (2018) Mitre ATT &CK: design and philosophy. Technical report, The MITRE Corporation"},{"key":"899_CR66","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101864","volume":"96","author":"A Tantawy","year":"2020","unstructured":"Tantawy A, Abdelwahed S, Erradi A, Shaban K (2020) Model-based risk assessment for cyber physical systems security. Comput Secur 96:101864. https:\/\/doi.org\/10.1016\/j.cose.2020.101864","journal-title":"Comput Secur"},{"key":"899_CR67","doi-asserted-by":"publisher","first-page":"543","DOI":"10.1007\/978-3-642-15865-0_17","volume-title":"Handbook of conceptual modeling: theory, practice, and research challenges","author":"B Thalheim","year":"2011","unstructured":"Thalheim B (2011) The theory of conceptual models, the theory of conceptual modelling and foundations of conceptual modelling. Handbook of conceptual modeling: theory, practice, and research challenges. Springer, Heidelberg, pp 543\u2013577"},{"issue":"2","key":"899_CR68","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1016\/j.jsis.2019.01.003","volume":"28","author":"G Vial","year":"2019","unstructured":"Vial G (2019) Understanding digital transformation: a review and a research agenda. J Strateg Inf Syst 28(2):118\u2013144. https:\/\/doi.org\/10.1016\/j.jsis.2019.01.003","journal-title":"J Strateg Inf Syst"},{"key":"899_CR69","unstructured":"Ware W (1970) Security controls for computer systems: report of defense science board task force on computer security. Technical report, Rand Corporation. https:\/\/www.rand.org\/pubs\/reports\/R609-1.html#ix-research-needed. Accessed 09 Oct 2023"},{"key":"899_CR70","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43839-8","volume-title":"Design science methodology for information systems and software engineering","author":"RJ Wieringa","year":"2014","unstructured":"Wieringa RJ (2014) Design science methodology for information systems and software engineering. Springer, Heidelberg"},{"key":"899_CR71","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1002\/9781119309741.ch23","volume-title":"Cybersecurity systems: acquisition. Development, and maintenance","author":"M Wyatt","year":"2017","unstructured":"Wyatt M (2017) Cybersecurity systems: acquisition. Development, and maintenance, vol 23. Wiley, Hoboken, pp 335\u2013346. https:\/\/doi.org\/10.1002\/9781119309741.ch23"},{"key":"899_CR72","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.cose.2019.03.010","volume":"84","author":"W Xiong","year":"2019","unstructured":"Xiong W, Lagerstr\u00f6m R (2019) Threat modeling\u2014a systematic literature review. Comput Secur 84:53\u201369","journal-title":"Comput Secur"},{"issue":"4","key":"899_CR73","doi-asserted-by":"publisher","first-page":"909","DOI":"10.3390\/s19040909","volume":"19","author":"T Zhang","year":"2019","unstructured":"Zhang T, Ji X, Zhuang Z, Xu W (2019) JamCatcher: a mobile jammer localization scheme for advanced metering infrastructure in smart grid. Sens 19(4):909","journal-title":"Sens"}],"container-title":["Business &amp; Information Systems Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12599-024-00899-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12599-024-00899-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12599-024-00899-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,17]],"date-time":"2025-09-17T07:23:55Z","timestamp":1758093835000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12599-024-00899-y"}},"subtitle":["On the Example of the Electricity Sector"],"short-title":[],"issued":{"date-parts":[[2024,10,28]]},"references-count":73,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2025,8]]}},"alternative-id":["899"],"URL":"https:\/\/doi.org\/10.1007\/s12599-024-00899-y","relation":{},"ISSN":["2363-7005","1867-0202"],"issn-type":[{"type":"print","value":"2363-7005"},{"type":"electronic","value":"1867-0202"}],"subject":[],"published":{"date-parts":[[2024,10,28]]},"assertion":[{"value":"10 October 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 May 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 October 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}