{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T11:03:15Z","timestamp":1768561395750,"version":"3.49.0"},"reference-count":102,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2020,4,1]],"date-time":"2020-04-01T00:00:00Z","timestamp":1585699200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2020,4,1]],"date-time":"2020-04-01T00:00:00Z","timestamp":1585699200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Future Generation Computer Systems"],"published-print":{"date-parts":[[2020,4]]},"DOI":"10.1016\/j.future.2019.12.018","type":"journal-article","created":{"date-parts":[[2019,12,17]],"date-time":"2019-12-17T19:27:08Z","timestamp":1576610828000},"page":"410-431","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":35,"special_numbering":"C","title":["Cybersecurity vulnerability mitigation framework through empirical paradigm: Enhanced prioritized gap analysis"],"prefix":"10.1016","volume":"105","author":[{"given":"Sri Nikhil Gupta","family":"Gourisetti","sequence":"first","affiliation":[]},{"given":"Michael","family":"Mylrea","sequence":"additional","affiliation":[]},{"given":"Hirak","family":"Patangia","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"7","key":"10.1016\/j.future.2019.12.018_b1","doi-asserted-by":"crossref","first-page":"1645","DOI":"10.1016\/j.future.2013.01.010","article-title":"Internet of things (IoT): A vision, architectural elements, and future directions","volume":"29","author":"Gubbi","year":"2013","journal-title":"Elsevier J. Future Gener. Comput. Syst."},{"issue":"15","key":"10.1016\/j.future.2019.12.018_b2","doi-asserted-by":"crossref","first-page":"2787","DOI":"10.1016\/j.comnet.2010.05.010","article-title":"The internet of things: A survey","volume":"54","author":"Atzori","year":"2010","journal-title":"Elsevier J. Comput. Netw."},{"key":"10.1016\/j.future.2019.12.018_b3","article-title":"Internet of things (iot) connected devices installed base worldwide from 2015 to 2025 (in billions)","author":"Statista","year":"2019","journal-title":"Statista"},{"key":"10.1016\/j.future.2019.12.018_b4","series-title":"Smart home devices expected to experience double-digit growth through 2022","author":"Actiontec","year":"2018"},{"key":"10.1016\/j.future.2019.12.018_b5","series-title":"Building automation and control systems market size, share, report, analysis, trends & forecast to 2026","author":"MarketWatch","year":"2019"},{"issue":"1","key":"10.1016\/j.future.2019.12.018_b6","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1016\/j.clsr.2009.11.008","article-title":"Internet of things - new security and privacy challenges","volume":"26","author":"Weber","year":"2010","journal-title":"Elsevier J. Comput. Law Secur. Rev."},{"issue":"4","key":"10.1016\/j.future.2019.12.018_b7","doi-asserted-by":"crossref","first-page":"853","DOI":"10.1109\/TSMCA.2010.2048028","article-title":"Cybersecurity for critical infrastructures: Attack and defense modeling","volume":"40","author":"Ten","year":"2010","journal-title":"IEEE Trans. Syst. Man Cybern.: Part A"},{"key":"10.1016\/j.future.2019.12.018_b8","doi-asserted-by":"crossref","unstructured":"C. Ten, C. Liu, M. Govindarasu, Vulnerability assessment of cybersecurity for SCADA systems using attack trees, in: IEEE Power Engineering Society General Meeting, USA, 2007.","DOI":"10.1109\/PES.2007.385876"},{"issue":"4","key":"10.1016\/j.future.2019.12.018_b9","doi-asserted-by":"crossref","first-page":"1836","DOI":"10.1109\/TPWRS.2008.2002298","article-title":"Vulnerability assessment of cybersecurity for SCADA systems","volume":"23","author":"Ten","year":"2008","journal-title":"IEEE Trans. Power Syst."},{"key":"10.1016\/j.future.2019.12.018_b10","doi-asserted-by":"crossref","unstructured":"M. Mylrea, S. Gourisetti, C. Larimer, C. Noonan, Insider threat cybersecurity framework webtool & methodology: defending against complex cyber-physical threats, in: WRIT, USA, 2018.","DOI":"10.1109\/SPW.2018.00036"},{"key":"10.1016\/j.future.2019.12.018_b11","doi-asserted-by":"crossref","unstructured":"S.N.G. Gourisetti, M. Mylrea, E. Gervais, S. Bhadra, Multi-scenario use case based demonstration of buildings cybersecurity framework webtool, in: IEEE Symposium on Computational Intelligence Applications in Smart Grid, USA, 2017.","DOI":"10.1109\/SSCI.2017.8285240"},{"key":"10.1016\/j.future.2019.12.018_b12","doi-asserted-by":"crossref","unstructured":"M. Mylrea, S.N. Gourisetti, A. Nicholls, An introduction to buildings cybersecurity framework (BCF), in: IEEE Symposium on Computational Intelligence Applications in Smart Grid, USA, 2017.","DOI":"10.1109\/SSCI.2017.8285228"},{"key":"10.1016\/j.future.2019.12.018_b13","series-title":"Evaluating the Maturity of Cybersecurity Programs for Building Control Systems","author":"Glantz","year":"2016"},{"key":"10.1016\/j.future.2019.12.018_b14","series-title":"Framework for Improving Critical Infrastructure Cybersecurity V1.1","author":"NIST","year":"2018"},{"key":"10.1016\/j.future.2019.12.018_b15","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1016\/0030-5073(81)90015-5","article-title":"A comparison of weight approximation techniques in multiattribute utility decision making","author":"Stillwell","year":"1981","journal-title":"Organ. Behav. Hum. Perform."},{"key":"10.1016\/j.future.2019.12.018_b16","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1016\/j.asoc.2018.03.050","article-title":"Ranking generalized fuzzy numbers based on centroid and rank index","volume":"68","author":"Chi","year":"2018","journal-title":"Elsevier J. Appl. Soft Comput."},{"issue":"5","key":"10.1016\/j.future.2019.12.018_b17","doi-asserted-by":"crossref","first-page":"326","DOI":"10.1109\/TSMC.1977.4309720","article-title":"How to use multiattribute utility measurement for social decisionmaking","volume":"7","author":"Edwards","year":"1977","journal-title":"IEEE Trans. Syst. Man Cybern."},{"key":"10.1016\/j.future.2019.12.018_b18","series-title":"Multi-Criteria Decision Analysis for Use in Transport Decision Making","author":"Barfod","year":"2014"},{"key":"10.1016\/j.future.2019.12.018_b19","series-title":"Cybersecurity Capability Maturity Model","author":"Department\u00a0of Homeland\u00a0Security","year":"2014"},{"key":"10.1016\/j.future.2019.12.018_b20","unstructured":"M. Hathaway, C. Demchak, J. Kerben, J. McArdle, F. Spidalieri, Cyber Readiness Index 2.0, Arlington, VA, 2015."},{"key":"10.1016\/j.future.2019.12.018_b21","article-title":"Cyber power index: Findings and methodology","author":"Hamilton","year":"2011","journal-title":"Econ.: Econ. Intell. Unit"},{"key":"10.1016\/j.future.2019.12.018_b22","series-title":"Information Security Management Maturity Model","author":"ISM3\u00a0Consortium","year":"2009"},{"key":"10.1016\/j.future.2019.12.018_b23","series-title":"Program Review for Information Security Assistance","author":"NIST","year":"2017"},{"key":"10.1016\/j.future.2019.12.018_b24","doi-asserted-by":"crossref","first-page":"291","DOI":"10.1002\/mcda.320","article-title":"Weight approximations in multi-attribute decision models","volume":"11","author":"Roberts","year":"2002","journal-title":"J. Multi-Criteria Decis. Anal."},{"key":"10.1016\/j.future.2019.12.018_b25","series-title":"Geographical information technology training alliance","author":"GITTA","year":"2013"},{"key":"10.1016\/j.future.2019.12.018_b26","doi-asserted-by":"crossref","DOI":"10.15290\/ose.2013.05.65.02","article-title":"Rank ordering criteria weighting methods - a comparative overview","author":"Roszkowska","year":"2013","journal-title":"Optimum Stud. Ekon."},{"key":"10.1016\/j.future.2019.12.018_b27","article-title":"Multicriteria decision framework for cybersecurity risk assessment and management","author":"Ganin","year":"2017","journal-title":"Wiley J. Risk Anal."},{"key":"10.1016\/j.future.2019.12.018_b28","series-title":"An Enhanced Risk-Assessment Methodology for Smart Grids","author":"Rossebo","year":"2017"},{"key":"10.1016\/j.future.2019.12.018_b29","series-title":"Adapting NIST Cybersecurity Framework for Risk Assessment","author":"Mesker","year":"2014"},{"key":"10.1016\/j.future.2019.12.018_b30","series-title":"Introduction and Implementation OWSAP Risk Rating Management","author":"Ramadlan","year":"2017"},{"key":"10.1016\/j.future.2019.12.018_b31","series-title":"SRI Enhancement NERC Performance Analysis Subcommittee","author":"NERC","year":"2014"},{"key":"10.1016\/j.future.2019.12.018_b32","series-title":"Integrating Electricity Subsector Failure Scenarios into a Risk Assessment Methodology","author":"DOE","year":"2013"},{"key":"10.1016\/j.future.2019.12.018_b33","series-title":"Security for smart electricity grids: Including threat actor Capability and motivation in risk assessment for smart grids","author":"Rossebo","year":"2016"},{"key":"10.1016\/j.future.2019.12.018_b34","doi-asserted-by":"crossref","unstructured":"O. Gadyatskaya, R. Jhawar, P. Kordy, K. Lounis, S. Mauw, R. Trujillo-Rasua, Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0, in: International Conference on Quantitative Evaluation of Systems, Glasgow, UK, 2016.","DOI":"10.1007\/978-3-319-43425-4_10"},{"issue":"1","key":"10.1016\/j.future.2019.12.018_b35","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1515\/jhsem-2015-0065","article-title":"Deliberative risk ranking to inform homeland security strategic planning","volume":"13","author":"Lundberg","year":"2016","journal-title":"J. Homel. Secur. Emerg. Manag."},{"issue":"6","key":"10.1016\/j.future.2019.12.018_b36","first-page":"551","article-title":"Judged frequency of lethal events","volume":"4","author":"Lichtenstein","year":"1978","journal-title":"J. Exp. Psychol.: Hum. Learn. Memory"},{"issue":"2","key":"10.1016\/j.future.2019.12.018_b37","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/0010-0277(82)90022-1","article-title":"On the study of statistical intuitions","volume":"11","author":"Kahneman","year":"1982","journal-title":"Cognition"},{"issue":"4799","key":"10.1016\/j.future.2019.12.018_b38","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1126\/science.3563507","article-title":"Perception of risk","volume":"236","author":"Slovic","year":"1987","journal-title":"Science"},{"issue":"2","key":"10.1016\/j.future.2019.12.018_b39","doi-asserted-by":"crossref","first-page":"311","DOI":"10.1111\/j.0272-4332.2004.00433.x","article-title":"Risk as analysis and risk as feelings: Some thoughts about affect, reason, risk, and rationality","volume":"24","author":"Slovic","year":"2004","journal-title":"Risk Anal."},{"key":"10.1016\/j.future.2019.12.018_b40","series-title":"Recollection Bias and Its Underpinnings: Lessons from Terrorism-Risk Assessments","first-page":"15","author":"Viscusi","year":"2015"},{"issue":"6","key":"10.1016\/j.future.2019.12.018_b41","first-page":"1749","article-title":"Some limitations of risk=threat\u00d7vulnerability\u00d7consequence","volume":"28","author":"Cox\u00a0Jr","year":"2008","journal-title":"Risk Anal."},{"issue":"3","key":"10.1016\/j.future.2019.12.018_b42","doi-asserted-by":"crossref","first-page":"336","DOI":"10.1111\/j.1539-6924.2009.01206.x","article-title":"Improving risk-based decision making for terrorism applications","volume":"29","author":"Cox\u00a0Jr","year":"2009","journal-title":"Risk Anal."},{"issue":"4","key":"10.1016\/j.future.2019.12.018_b43","doi-asserted-by":"crossref","first-page":"575","DOI":"10.1111\/j.1539-6924.2010.01401.x","article-title":"Probabilistic risk analysis and terrorism risk","volume":"30","author":"Ezell","year":"2010","journal-title":"Risk Anal."},{"issue":"2","key":"10.1016\/j.future.2019.12.018_b44","doi-asserted-by":"crossref","first-page":"196","DOI":"10.1111\/j.1539-6924.2010.01492.x","article-title":"How probabilistic risk assessment Can mislead terrorism risk analysts","volume":"31","author":"Brown","year":"2011","journal-title":"Risk Anal."},{"key":"10.1016\/j.future.2019.12.018_b45","series-title":"Development and Evaluation of a Method for Risk Ranking","author":"Morgan","year":"1999"},{"key":"10.1016\/j.future.2019.12.018_b46","series-title":"Comparing Environmental Risks: Tools for Setting Government Priorities","article-title":"A proposal for ranking risk within federal agencies","author":"Morgan","year":"1996"},{"issue":"1","key":"10.1016\/j.future.2019.12.018_b47","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1111\/0272-4332.00005","article-title":"Categorizing risks for risk ranking","volume":"20","author":"Morgan","year":"2000","journal-title":"Risk Anal."},{"issue":"5","key":"10.1016\/j.future.2019.12.018_b48","doi-asserted-by":"crossref","first-page":"923","DOI":"10.1111\/0272-4332.215162","article-title":"A deliberative method for ranking risks (II): Evaluation of validity and agreement among risk managers","volume":"21","author":"Morgan","year":"2001","journal-title":"Risk Anal."},{"key":"10.1016\/j.future.2019.12.018_b49","series-title":"Attributes for Risk Evaluation","author":"Jenni","year":"1997"},{"issue":"5","key":"10.1016\/j.future.2019.12.018_b50","doi-asserted-by":"crossref","first-page":"913","DOI":"10.1111\/0272-4332.215161","article-title":"A deliberative method for ranking risks (I): Overview and test bed development","volume":"21","author":"Florig","year":"2001","journal-title":"Risk Anal."},{"issue":"12","key":"10.1016\/j.future.2019.12.018_b51","doi-asserted-by":"crossref","first-page":"1842","DOI":"10.1111\/j.1539-6924.2010.01463.x","article-title":"Prioritizing environmental health risks in the UAE","volume":"30","author":"Willis","year":"2010","journal-title":"Risk Anal."},{"key":"10.1016\/j.future.2019.12.018_b52","series-title":"International Symposium on Emperical Software Engineering and Measurement","article-title":"An analysis of CVSS version 2 vulnerability scoring","author":"Scarfone","year":"2009"},{"key":"10.1016\/j.future.2019.12.018_b53","doi-asserted-by":"crossref","unstructured":"J. Wang, H. Wang, M. Guo, L. Zhou, Ranking Attacks Based on Vulnerability Analysis, in: Hawaii International Conference on System Sciences, Hawaii, 2010.","DOI":"10.1109\/HICSS.2010.313"},{"key":"10.1016\/j.future.2019.12.018_b54","series-title":"IEEE\/IFIP International Conference on Dependable Systems and Networks","article-title":"What vulnerability do we need to patch first?","author":"Hong","year":"2014"},{"key":"10.1016\/j.future.2019.12.018_b55","series-title":"International Conference on Risks and Security of Internet and Systems","article-title":"Quantitative assessment of software vulnerabilities based on economic-driven security metrics","author":"Ghani","year":"2013"},{"key":"10.1016\/j.future.2019.12.018_b56","series-title":"International Symposium on Telecommunications","article-title":"New vulnerability scoring system for dynamic security evaluation","author":"Keramati","year":"2016"},{"key":"10.1016\/j.future.2019.12.018_b57","series-title":"A Complete Guide To the Common Vulnerability Scoring System Version 2.0","author":"Mell","year":"2007"},{"key":"10.1016\/j.future.2019.12.018_b58","unstructured":"M.\u00a0and Corporation, Common Vulnerabilities and Exposures (CVE), [Online]. Available: http:\/\/cve.mitre.org\/."},{"key":"10.1016\/j.future.2019.12.018_b59","series-title":"The Analytic Hierarchy Process","author":"Saaty","year":"1980"},{"key":"10.1016\/j.future.2019.12.018_b60","series-title":"Fundamentals of Decision Making and Priority Theory with the Analytic Hierarchy Process","author":"Saaty","year":"1994"},{"key":"10.1016\/j.future.2019.12.018_b61","series-title":"Encyclopedia britannica: set theory","author":"Stoll","year":"2017"},{"key":"10.1016\/j.future.2019.12.018_b62","series-title":"Discrete structures recitation","author":"Xiao","year":"2017"},{"key":"10.1016\/j.future.2019.12.018_b63","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1016\/0001-6918(96)00010-8","article-title":"The efficacy of SMARTER - simple multi-attribute rating technique extended to ranking","volume":"93","author":"Barron","year":"1996","journal-title":"Elsevier Acta Psychol."},{"issue":"2","key":"10.1016\/j.future.2019.12.018_b64","doi-asserted-by":"crossref","first-page":"453","DOI":"10.1016\/j.ejor.2017.08.006","article-title":"Preference modeling experiments with surrogate weighting procedures for the PROMETHEE method","volume":"264","author":"Filho","year":"2018","journal-title":"Eur. Hournal Oper. Res."},{"key":"10.1016\/j.future.2019.12.018_b65","unstructured":"S. Gourisetti, M. Mylrea, H. Patangia, Application of Rank-Weight Methods to Blockchain Cybersecurity Vulnerability Assessment Framework, in: IEEE Annual Computing and Communication Workshop and Conference, Las Vegas, NV, 2019."},{"issue":"1\u20133","key":"10.1016\/j.future.2019.12.018_b66","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1016\/0001-6918(92)90042-C","article-title":"Selecting a best multiattribute alternative with partial information about attribute weights","volume":"80","author":"Barron","year":"1992","journal-title":"Acta Psychol."},{"issue":"65","key":"10.1016\/j.future.2019.12.018_b67","doi-asserted-by":"crossref","first-page":"14","DOI":"10.15290\/ose.2013.05.65.02","article-title":"Rank ordering criteria weighting methods \u2013 a comparative overview","volume":"5","author":"E.\u00a0ROSZKOWSKA","year":"2013","journal-title":"Optimum. Stud. Ekon."},{"issue":"3","key":"10.1016\/j.future.2019.12.018_b68","doi-asserted-by":"crossref","first-page":"552","DOI":"10.1016\/j.ejor.2011.02.017","article-title":"Compatible weighting method with rank order centroid: Maximum entropy ordered weighted averaging approach","volume":"212","author":"Ahn","year":"2011","journal-title":"Elsevier Eur. J. Oper. Res."},{"key":"10.1016\/j.future.2019.12.018_b69","doi-asserted-by":"crossref","unstructured":"M. Mylrea, S. Gourisetti, C. Larimer, C. Noonan, Insider Threat Cybersecurity Framework Webtool & Methodology: Defending Against Complex Cyber-Physical Threats, in: WRIT, USA, 2018.","DOI":"10.1109\/SPW.2018.00036"},{"key":"10.1016\/j.future.2019.12.018_b70","series-title":"Annual Computer Security Applications Conference","article-title":"Malicious control system cyber security attack Case study - maroochy water services, Australia","author":"Abrams","year":"2008"},{"key":"10.1016\/j.future.2019.12.018_b71","series-title":"ICS Cybersecurity: Water, water everywhere","author":"Blask","year":"2011"},{"key":"10.1016\/j.future.2019.12.018_b72","series-title":"Water\/Wastewater Infrastructure Security: Threats and Vulnerabilities","author":"Van\u00a0Leuven","year":"2011"},{"key":"10.1016\/j.future.2019.12.018_b73","series-title":"NIST 800-53 Security and Privacy Controls for Information Systems and Organizations","author":"NIST","year":"2017"},{"key":"10.1016\/j.future.2019.12.018_b74","first-page":"1","article-title":"Cybersecurity vulnerability mitigation framework through empirical paradigm: Prioritized gap analysis","author":"Gourisetti","year":"2019","journal-title":"IEEE Syst. J."},{"key":"10.1016\/j.future.2019.12.018_b75","series-title":"CERT SEI CERT Resilience Management Model Version 1.2","author":"SEI","year":"2016"},{"key":"10.1016\/j.future.2019.12.018_b76","series-title":"ISO\/IEC 15408-1:2009: Information Technology \u2013 Security Techniques \u2013 Evaluation Criteria for IT Security \u2013 Part 1: Introduction and General Model","author":"ISO","year":"2009"},{"key":"10.1016\/j.future.2019.12.018_b77","unstructured":". ISO, ISO\/IEC 27000 family - Information security management systems, International Organization for Standardization, [Online]. Available: https:\/\/www.iso.org\/isoiec-27001-information-security.html."},{"key":"10.1016\/j.future.2019.12.018_b78","unstructured":". ISO, ISO\/IEC 21827:2008: Information technology \u2013 Security techniques \u2013 Systems Security Engineering \u2013 Capability Maturity Model\u00ae (SSE-CMM\u00ae), International Organization for Standardization, [Online]. Available: https:\/\/www.iso.org\/standard\/44716.html."},{"key":"10.1016\/j.future.2019.12.018_b79","series-title":"IEEE International Conference on Technologies for Homeland Security","article-title":"The community cyber security maturity model","author":"White","year":"2011"},{"key":"10.1016\/j.future.2019.12.018_b80","series-title":"European Conference on Conference on E-Government","article-title":"Ncsecmm: A national cyber security maturity model for an interoperable national cyber security framework","author":"El\u00a0Kettani","year":"2009"},{"key":"10.1016\/j.future.2019.12.018_b81","series-title":"ABI Research Global Cybersecurity Index: Conceptual Framework","author":"ABI\u00a0Research","year":"2014"},{"key":"10.1016\/j.future.2019.12.018_b82","series-title":"Cyber Maturity in the Asia-Pacific Region","author":"Feakin","year":"2014"},{"key":"10.1016\/j.future.2019.12.018_b83","unstructured":"N.T. Le, D.B. Hoang, Can maturity models support cyber security?, in: IEEE 35th International Performance Computing and Communications Conference, Las Vegas, NV, 2016."},{"key":"10.1016\/j.future.2019.12.018_b84","series-title":"Systems security engineering - Capability maturity model","author":"SSE-CMM","year":"2007"},{"key":"10.1016\/j.future.2019.12.018_b85","unstructured":". IBM, IBM Information Security Framework."},{"key":"10.1016\/j.future.2019.12.018_b86","unstructured":". Simplilearn, What is COBIT? - Significance and Framework, [Online]. Available: https:\/\/www.simplilearn.com\/what-is-cobit-significance-and-framework-rar309-article."},{"key":"10.1016\/j.future.2019.12.018_b87","series-title":"Health information privacy: The security rule","author":"U.S.\u00a0HHS","year":"2017"},{"key":"10.1016\/j.future.2019.12.018_b88","series-title":"PCI Dss quick reference guide: Understanding the payment Card industry data security standard version 2.0","author":"PCI Security Standards\u00a0Council","year":"2010"},{"key":"10.1016\/j.future.2019.12.018_b89","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.ijcip.2016.10.001","article-title":"A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness","volume":"15","author":"Karabacak","year":"2016","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"issue":"3","key":"10.1016\/j.future.2019.12.018_b90","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1108\/IMCS-02-2013-0014","article-title":"A holistic cyber security implementation framework","volume":"22","author":"Atoum","year":"2014","journal-title":"Inf. Manag. Comput. Secur. J."},{"key":"10.1016\/j.future.2019.12.018_b91","unstructured":". CSIS, Cyber security gap analysis, twww.csis.dk."},{"key":"10.1016\/j.future.2019.12.018_b92","unstructured":". Cylance\u00a0Consulting, NIST Cybersecurity Framework Gap Analysis: Identify Security Weaknesses in your Critical Infrastructure, Cylance, Irvine, CA."},{"key":"10.1016\/j.future.2019.12.018_b93","series-title":"A Framework and Methodology for Information Security Management","author":"Nnolim","year":"2007"},{"issue":"3","key":"10.1016\/j.future.2019.12.018_b94","doi-asserted-by":"crossref","first-page":"256","DOI":"10.1016\/j.cose.2006.11.003","article-title":"Holistic security management framework applied in electronic commerce","volume":"26","author":"Zuccato","year":"2007","journal-title":"Elsevier Comput. Secur. J."},{"key":"10.1016\/j.future.2019.12.018_b95","doi-asserted-by":"crossref","unstructured":"M. Janssen, K. Hjort-Madsen, Analyzing Enterprise Architecture in National Governments: The Cases of Denmark and the Netherlands, in: 40th Annual Hawaii International Conference on System Sciences, Waikoloa, HI, 2007.","DOI":"10.1109\/HICSS.2007.79"},{"key":"10.1016\/j.future.2019.12.018_b96","series-title":"Information Security for South Africa","article-title":"Information security governance control through comprehensive policy architectures","author":"Von\u00a0Solms","year":"2011"},{"issue":"7","key":"10.1016\/j.future.2019.12.018_b97","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1016\/j.telpol.2009.03.002","article-title":"National information security policy and its implementation: A case study in Taiwan","volume":"33","author":"Ku","year":"2009","journal-title":"Elsevier Telecommun. Policy J."},{"issue":"6","key":"10.1016\/j.future.2019.12.018_b98","first-page":"1192","article-title":"Advanced information security management evaluation system","volume":"5","author":"Jo","year":"2011","journal-title":"KSII Trans. Internet Inf. Syst."},{"issue":"4","key":"10.1016\/j.future.2019.12.018_b99","article-title":"An implementation framework (IF) for the national information assurance and cyber security strategy (NIACSS) of Jordan","volume":"10","author":"Otoom","year":"2013","journal-title":"Int. Arab J. Inf. Technol."},{"key":"10.1016\/j.future.2019.12.018_b100","unstructured":". Oracle, Information Security:AConceptual Architecture Approach [White Paper], Oracle, 2011."},{"key":"10.1016\/j.future.2019.12.018_b101","doi-asserted-by":"crossref","DOI":"10.22215\/timreview\/837","article-title":"Cybersecurity Capability maturity models for providers of critical infrastructure","author":"Miron","year":"2014","journal-title":"Technol. Innov. Manag. Rev."},{"key":"10.1016\/j.future.2019.12.018_b102","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1016\/j.proeng.2011.11.2652","article-title":"An information security maturity evaluation mode","volume":"24","author":"Xiao-yan","year":"2011","journal-title":"Elsevier Procedia Eng."}],"container-title":["Future Generation Computer Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167739X19307344?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167739X19307344?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,8,12]],"date-time":"2025-08-12T20:24:52Z","timestamp":1755030292000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167739X19307344"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4]]},"references-count":102,"alternative-id":["S0167739X19307344"],"URL":"https:\/\/doi.org\/10.1016\/j.future.2019.12.018","relation":{},"ISSN":["0167-739X"],"issn-type":[{"value":"0167-739X","type":"print"}],"subject":[],"published":{"date-parts":[[2020,4]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Cybersecurity vulnerability mitigation framework through empirical paradigm: Enhanced prioritized gap analysis","name":"articletitle","label":"Article Title"},{"value":"Future Generation Computer Systems","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.future.2019.12.018","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2019 Elsevier B.V. All rights reserved.","name":"copyright","label":"Copyright"}]}}