{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,18]],"date-time":"2026-02-18T03:39:01Z","timestamp":1771385941096,"version":"3.50.1"},"reference-count":19,"publisher":"Elsevier BV","issue":"7","license":[{"start":{"date-parts":[[2001,10,1]],"date-time":"2001-10-01T00:00:00Z","timestamp":1001894400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers & Security"],"published-print":{"date-parts":[[2001,10]]},"DOI":"10.1016\/s0167-4048(01)00706-4","type":"journal-article","created":{"date-parts":[[2002,7,25]],"date-time":"2002-07-25T05:46:56Z","timestamp":1027576016000},"page":"577-584","source":"Crossref","is-referenced-by-count":41,"title":["From Risk Analysis to Security Requirements"],"prefix":"10.1016","volume":"20","author":[{"given":"Mariana","family":"Gerber","sequence":"first","affiliation":[]},{"given":"Rossouw","family":"von Solms","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/S0167-4048(01)00706-4_BIB1","unstructured":"Bruce, G & Dempsey, R (1997). Security in Distributed Computing \u2014 Did you lock the door? New Jersey, Hewlett-Packard Company."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB2","unstructured":"BS 7799-1, (1999). Information Security management \u2014 Part 1: Code of practice for information security management. London, British Standards Institution."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB3","unstructured":"BS 7799-2. (1999). Information Security management \u2014 Part 2: Specification for information security management systems. London, British Standards Institution."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB4","unstructured":"Checkley, J (1992). Building Secure Systems. In Jackson, KM & Hruska, J (Eds.). Computer Security Reference Book. Oxford, Butterworth-Heinemann Ltd."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB5","unstructured":"Cowcher, R (1992). Physical Security. In Jackson, KM & Hruska, J (Eds.). Computer Security Reference Book. Oxford, Butterworth-Heinemann Ltd."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB6","unstructured":"GISA (German Information Security Agency), (1995). IT Baseline Protection Manual. Bonn, British Standards Institution."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB7","unstructured":"Humphreys, EJ, Moses, RH & Plate, AE (1998). Guide to Risk Assessment and Risk Management. London, British Standards Institution."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB8","unstructured":"ISO\/IEC TR 13335-1 (1996). Information technology \u2014 Guidelines for the management of IT Security \u2014 Part 1: Concepts and models for IT Security (First Edition), Switzerland."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB9","unstructured":"ISO\/IEC TR 13335-2 (1997). Information technology \u2014 Guidelines for the management of IT Security \u2014 Part 2: Managing and planning IT Security (First Edition), Switzerland."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB10","unstructured":"ISO\/IEC TR 13335-3 (1998). Information technology \u2014 Guidelines for the management of IT Security \u2014 Part 3: Techniques for the management of IT Security, Switzerland."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB11","unstructured":"Jacobson, RV (1996). CORA. Cost-of-Risk Analysis. Painless Risk Management for Small Systems. International Security Technology, Inc."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB12","unstructured":"Moses, RH (1992). Risk Analysis and Management. In Jackson, KM & Hruska, J (Eds.). Computer Security Reference Book. Oxford, Butterworth-Heinemann Ltd."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB13","unstructured":"Owens, S (1998). Information Security Management: An Introduction. London, British Standards Institution."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB14","unstructured":"Pfleeger, CP (1997). Security in Computing (Second Edition), Prentice Hall Inc."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB15","unstructured":"URN 96\/702 (1996). The Business Manager\u2019s Guide to Information Security, Department of Trade and Industry."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB16","unstructured":"URN 99\/699 (NEW) (1999). Protecting Business Information \u2014 Overview, Department of Trade and Industry."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB17","unstructured":"URN 99\/703 (NEW) (1999). BS 7799 and the Data Protection Act 1998, Department of Trade and Industry."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB18","unstructured":"URN 99\/704 (NEW) (1999). Information your most valuable asset. Protect it, Department of Trade and Industry."},{"key":"10.1016\/S0167-4048(01)00706-4_BIB19","unstructured":"Wills, M, Personal Communication, (1999). In URN 99\/699 (New) Protecting Business Information \u2014 Overview, Department of Trade and Industry."}],"container-title":["Computers & Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404801007064?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404801007064?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2019,5,3]],"date-time":"2019-05-03T15:21:10Z","timestamp":1556896870000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404801007064"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2001,10]]},"references-count":19,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2001,10]]}},"alternative-id":["S0167404801007064"],"URL":"https:\/\/doi.org\/10.1016\/s0167-4048(01)00706-4","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2001,10]]}}}