{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:25Z","timestamp":1783965865071,"version":"3.55.0"},"reference-count":29,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/100000161","name":"National Institute of Standards and Technology","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000161","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105038","type":"journal-article","created":{"date-parts":[[2026,6,22]],"date-time":"2026-06-22T23:20:50Z","timestamp":1782170450000},"page":"105038","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Governing the human-machine identity continuum: An integrated framework for cybersecurity risk management in financial services"],"prefix":"10.1016","volume":"170","author":[{"given":"Muez","family":"Osman","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.105038_bib0007","article-title":"FIDO2: webAuthn and CTAP specifications","author":"Alliance","year":"2023","journal-title":"FIDO Alliance"},{"key":"10.1016\/j.cose.2026.105038_bib0022","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1016\/j.inffus.2019.12.012","article-title":"Explainable artificial intelligence (XAI): concepts, taxonomies, opportunities and challenges toward responsible AI","volume":"58","author":"Arrieta","year":"2020","journal-title":"Inf. Fusion"},{"issue":"3","key":"10.1016\/j.cose.2026.105038_bib0001","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1109\/MCC.2014.51","article-title":"Containers and cloud: from LXC to Docker to Kubernetes","volume":"1","author":"Bernstein","year":"2014","journal-title":"IEEE Cloud Comput."},{"issue":"2","key":"10.1016\/j.cose.2026.105038_bib0023","first-page":"76","article-title":"Botnets and Internet of Things Security","volume":"50","author":"Bertino","year":"2017","journal-title":"Comput. (Long Beach Calif)"},{"key":"10.1016\/j.cose.2026.105038_bib0002","author":"Doshi-Velez","year":"2017","journal-title":"Towards Rigorous Sci. Interpret. Mach. Learn."},{"key":"10.1016\/j.cose.2026.105038_bib0003","series-title":"Guidelines On ICT and Security Risk Management","year":"2020"},{"issue":"4","key":"10.1016\/j.cose.2026.105038_bib0004","doi-asserted-by":"crossref","first-page":"532","DOI":"10.2307\/258557","article-title":"Building theories from case study research","volume":"14","author":"Eisenhardt","year":"1989","journal-title":"Acad. Manag. Rev."},{"key":"10.1016\/j.cose.2026.105038_bib0005","article-title":"Recommendation 16 - Wire transfers (revised)","year":"2022","journal-title":"Financ. Action Task Force"},{"issue":"3","key":"10.1016\/j.cose.2026.105038_bib0006","doi-asserted-by":"crossref","first-page":"224","DOI":"10.1145\/501978.501980","article-title":"Proposed NIST standard for role-based access control","volume":"4","author":"Ferraiolo","year":"2001","journal-title":"ACM Trans. Inf. Syst. Secur."},{"issue":"4","key":"10.1016\/j.cose.2026.105038_bib0008","doi-asserted-by":"crossref","first-page":"689","DOI":"10.1007\/s11023-018-9482-5","article-title":"AI4People - an ethical framework for a good AI society: opportunities, risks, principles, and recommendations","volume":"28","author":"Floridi","year":"2018","journal-title":"Minds Mach."},{"key":"10.1016\/j.cose.2026.105038_bib0009","series-title":"Supervisory and Regulatory Approaches to Climate-Related Risks: Final Report","year":"2022"},{"key":"10.1016\/j.cose.2026.105038_bib0010","series-title":"Digital Identity Guidelines (NIST Special Publication 800-63)","author":"Grassi","year":"2017"},{"issue":"3","key":"10.1016\/j.cose.2026.105038_bib0011","doi-asserted-by":"crossref","first-page":"611","DOI":"10.2307\/25148742","article-title":"The nature of theory in information systems","volume":"30","author":"Gregor","year":"2006","journal-title":"MIS Q."},{"issue":"1","key":"10.1016\/j.cose.2026.105038_bib0012","doi-asserted-by":"crossref","DOI":"10.1186\/1869-0238-4-5","article-title":"An analysis of security issues for cloud computing","volume":"4","author":"Hashizume","year":"2013","journal-title":"J. Internet Serv. Appl."},{"key":"10.1016\/j.cose.2026.105038_bib0013","series-title":"ISO\/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection","year":"2022"},{"key":"10.1016\/j.cose.2026.105038_bib0024","series-title":"ISO\/IEC 42001:2023 Information Technology - Artificial Intelligence - Management System","year":"2023"},{"issue":"2","key":"10.1016\/j.cose.2026.105038_bib0014","doi-asserted-by":"crossref","first-page":"618","DOI":"10.1016\/j.dss.2005.05.019","article-title":"A survey of trust and reputation systems for online service provision","volume":"43","author":"J\u00f8sang","year":"2005","journal-title":"Decis. Support Syst."},{"issue":"9","key":"10.1016\/j.cose.2026.105038_bib0025","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1038\/s42256-019-0088-2","article-title":"The global landscape of AI ethics guidelines","volume":"1","author":"Jobin","year":"2019","journal-title":"Nat. Mach. Intell."},{"key":"10.1016\/j.cose.2026.105038_bib0015","series-title":"The NIST Definition of Cloud Computing (NIST Special Publication 800-145)","author":"Mell","year":"2011"},{"issue":"2","key":"10.1016\/j.cose.2026.105038_bib0026","doi-asserted-by":"crossref","DOI":"10.1177\/2053951716679679","article-title":"The ethics of algorithms: mapping the debate","volume":"3","author":"Mittelstadt","year":"2016","journal-title":"Big Data Soc"},{"key":"10.1016\/j.cose.2026.105038_bib0027","series-title":"Artificial Intelligence Risk Management Framework (AI RMF 1.0)","year":"2023"},{"key":"10.1016\/j.cose.2026.105038_bib0016","series-title":"Zero Trust Architecture (NIST Special Publication 800-207)","author":"Rose","year":"2020"},{"key":"10.1016\/j.cose.2026.105038_bib0028","series-title":"Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST SP 800-171)","author":"Ross","year":"2020"},{"key":"10.1016\/j.cose.2026.105038_bib0017","series-title":"SAMA Cybersecurity Framework (Updated Edition)","year":"2023"},{"issue":"9","key":"10.1016\/j.cose.2026.105038_bib0018","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/35.312842","article-title":"Access control: principle and practice","volume":"32","author":"Sandhu","year":"1994","journal-title":"IEEE Commun. Mag."},{"issue":"1","key":"10.1016\/j.cose.2026.105038_bib0029","first-page":"1","article-title":"Developing a legal framework for online identity management","volume":"30","author":"Smedinghoff","year":"2012","journal-title":"John Marshall J. Comput. Inf. Law"},{"key":"10.1016\/j.cose.2026.105038_bib0030","series-title":"The password life cycle: user behaviour in managing passwords. Symposium on Usable Privacy and Security (SOUPS)","author":"Stobert","year":"2014"},{"issue":"2","key":"10.1016\/j.cose.2026.105038_bib0020","first-page":"841","article-title":"Counterfactual explanations without opening the black box: automated decisions and the GDPR","volume":"31","author":"Wachter","year":"2017","journal-title":"Harv. J. Law Technol."},{"key":"10.1016\/j.cose.2026.105038_bib0021","series-title":"Case Study Research and Applications: Design and Methods","author":"Yin","year":"2018"}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002142?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002142?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:12:12Z","timestamp":1783962732000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826002142"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":29,"alternative-id":["S0167404826002142"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105038","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Governing the human-machine identity continuum: An integrated framework for cybersecurity risk management in financial services","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105038","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"105038"}}