{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:24:48Z","timestamp":1767338688294,"version":"3.40.5"},"reference-count":50,"publisher":"Informa UK Limited","issue":"2","content-domain":{"domain":["www.tandfonline.com"],"crossmark-restriction":true},"short-container-title":["Information Security Journal: A Global Perspective"],"published-print":{"date-parts":[[2023,3,4]]},"DOI":"10.1080\/19393555.2022.2104766","type":"journal-article","created":{"date-parts":[[2022,7,29]],"date-time":"2022-07-29T10:24:16Z","timestamp":1659090256000},"page":"134-161","update-policy":"https:\/\/doi.org\/10.1080\/tandf_crossmark_01","source":"Crossref","is-referenced-by-count":3,"title":["Cyber threat modeling for protecting the crown jewels in the Financial Services Sector (FSS)"],"prefix":"10.1080","volume":"32","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5891-1718","authenticated-orcid":false,"given":"Lampis","family":"Alevizos","sequence":"first","affiliation":[{"name":"Applied Cyber Security Research Laboratory, University of Central Lancashire Cyprus, Larnaka, Cyprus"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4040-4942","authenticated-orcid":false,"given":"Eliana","family":"Stavrou","sequence":"additional","affiliation":[{"name":"School of Sciences, University of Central Lancashire - Cyprus Campus, Pyla, Cyprus"}]}],"member":"301","published-online":{"date-parts":[[2022,7,29]]},"reference":[{"key":"cit0001","unstructured":"Agrawal, G . (2019). mrcissp.com. Retrieved from mrcissp.com: https:\/\/mrcissp.com\/2019\/01\/18\/threat-modeling-a-step-by-step-guide\/"},{"key":"cit0002","unstructured":"Bhat, V. (2014). https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/global\/Documents\/Financial-Services\/dttl-fsi-TransformingCybersecurity-2014-02.pdf"},{"key":"cit0003","unstructured":"Brook, C. (2018). digitalguardian.com. Retrieved from digitalguardian.com: https:\/\/digitalguardian.com\/blog\/what-user-and-entity-behavior-analytics-definition-ueba-benefits-how-it-works-and-more"},{"key":"cit0004","unstructured":"BRUNSCHWILER, C. (2013). compass-security.com. Retrieved October 12, 2019, from https:\/\/blog.compass-security.com\/2013\/04\/lean-risk-assessment-based-on-octave-allegro\/"},{"key":"cit0005","unstructured":"Casey, T. (2007). https:\/\/www.sbs.ox.ac.uk\/cybersecurity-capacity\/system\/files\/Intel%20-%20Threat%20Agent%20Library%20Helps%20Identify%20Information%20Security%20Risks.pdf."},{"key":"cit0006","unstructured":"CyberEdu, F. (2019). ForcePoint. Retrieved from ForcePoint: https:\/\/www.forcepoint.com\/cyber-edu\/ot-operational-technology-security"},{"key":"cit0007","unstructured":"David, G. (2017). assist-software.net. Retrieved from assist-software.net: https:\/\/assist-software.net\/blog\/scrum-framework-roles-activities-and-artifacts"},{"key":"cit0008","unstructured":"David, B. & Fox, E. I. (2018), MITRE. Retrieved October 24, 2019, from https:\/\/www.mitre.org\/sites\/default\/files\/publications\/pr_18-1613-ngci-enterprise-threat-model-technical-report.pdf"},{"key":"cit0009","unstructured":"Deborah, J. & Bodeau, C. D. (2018). MITRE. Retrieved from mitre.org: https:\/\/www.mitre.org\/sites\/default\/files\/publications\/pr_18-1174-ngci-cyber-threat-modeling.pdf"},{"key":"cit0010","unstructured":"Delzer, C. (2018). SBS CyberSecurity LLC. Retrieved from SBS CyberSecurity LLC: https:\/\/sbscyber.com\/resources\/data-flow-diagrams-101"},{"key":"cit0011","unstructured":"Doerr, C. (2018). Enisa. Retrieved 10 19, 2019, from https:\/\/www.enisa.europa.eu\/events\/2018-cti-eu-event\/cti-eu-2018-presentations\/cyber-threat-intelligence-standardization.pdf"},{"volume-title":"The reality and future of cyberwar","year":"2010","author":"Dunn Cavelty M.","key":"cit0012"},{"key":"cit0013","unstructured":"Edge, K. R. (2007). semanticscholar. Retrieved October 24, 2019, from https:\/\/www.semanticscholar.org\/paper\/The-Use-of-Attack-and-Protection-Trees-to-Analyze-Edge-Raines\/eaf9e4bc88ce24f85dae46aa45d918171445ce49"},{"key":"cit0014","unstructured":"Eric Lachapelle, F. R. (2015). PECB. Retrieved October 12, 2019, from Professional Evaluation and Certification Board: https:\/\/pecb.com\/whitepaper\/risk-assessment-with-octave"},{"key":"cit0015","unstructured":"FireEye. (2013). FireEye. Retrieved October 20, 2019, from https:\/\/www.fireeye.com\/blog\/threat-research\/2013\/10\/openioc-basics.html"},{"key":"cit0016","unstructured":"Gartner. (2019). Gartner. Retrieved October 24, 2019, from https:\/\/www.gartner.com\/en\/information-technology\/glossary\/bia-business-impact-analysis"},{"key":"cit0017","unstructured":"Holt, M. (2016). How to secure mission-critical. Retrieved October 21, 2019, from http:\/\/www.securityforum.org"},{"key":"cit0018","unstructured":"HSSEDI. (2019). U.S. Department of Homeland Security (DHS). Retrieved October 20, 2019, from https:\/\/www.dhs.gov\/science-and-technology\/apex-ngci"},{"key":"cit0019","unstructured":"IBM. (2017). IBM. Retrieved October 24, 2019, from https:\/\/www.ibm.com\/downloads\/cas\/8MGOLOB7"},{"key":"cit0020","unstructured":"ISF. (2019). ISF - SecurityForum. Retrieved October 18, 2019, from https:\/\/www.securityforum.org\/"},{"key":"cit0021","unstructured":"Kohnfelder, P. G. (1999). The threats to our products."},{"key":"cit0022","unstructured":"Launius, S. (2018). sans.org. Retrieved October 19, 2019, from https:\/\/www.sans.org\/reading-room\/whitepapers\/threatintelligence\/evaluation-comprehensive-taxonomies-information-technology-threats-38360"},{"volume-title":"Writing secure code","year":"2002","author":"LeBlanc M. H","key":"cit0023"},{"key":"cit0024","unstructured":"Lefkowitz, J. (2019). SecurityWeek.com. Retrieved from SecurityWeek.com: https:\/\/www.securityweek.com\/risk-based-vulnerability-management-must-security-compliance"},{"key":"cit0025","unstructured":"LogicManager. (2019). LogicManager. Retrieved October 18, 2019, from https:\/\/www.logicmanager.com\/erm-software\/knowledge-center\/best-practice-articles\/risk-appetite-risk-tolerance-residual-risk\/"},{"key":"cit0026","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2017.20"},{"key":"cit0027","unstructured":"McCollum, D. J. (2018). https:\/\/www.mitre.org\/https:\/\/www.mitre.org\/sites\/default\/files\/publications\/pr_18-1631-ngci-system-of-systems-threat-model.pdf. Retrieved January 1, 2020, from https:\/\/www.mitre.org\/sites\/default\/files\/publications\/pr_18-1631-ngci-system-of-systems-threat-model.pdf"},{"key":"cit0028","unstructured":"Michael Muckin, S. C. (2019). Lockheed Martin. Retrieved from Lockheed Martin: https:\/\/www.lockheedmartin.com\/content\/dam\/lockheed-martin\/rms\/documents\/cyber\/LM-White-Paper-Threat-Driven-Approach.pdf"},{"key":"cit0029","unstructured":"Michlin, I. (2016). NCCgroup. https:\/\/www.nccgroup.trust\/uk\/about-us\/newsroom-and-events\/blogs\/2016\/march\/threat-prioritisation-dread-is-dead-baby\/"},{"key":"cit0030","unstructured":"MITRE. (2018). STIXproject. Retrieved October 20, 2019, from https:\/\/stixproject.github.io\/about\/"},{"key":"cit0031","unstructured":"MITRE. (2019b). MITRE ATT&CK. Retrieved October 20, 2019, from https:\/\/attack.mitre.org\/"},{"key":"cit0032","unstructured":"MITRE. (2019d). MITRE CVE. Retrieved October 20, 2019, from https:\/\/cve.mitre.org\/"},{"key":"cit0033","unstructured":"MITRE. (2019e). MAECproject. Retrieved October 20, 2019, from https:\/\/maecproject.github.io\/"},{"key":"cit0034","unstructured":"Optiv. (2011). Optiv. Retrieved October 15, 2019, from https:\/\/www.optiv.com\/blog\/inherent-and-residual-risk-how-both-scores-drive-enterprise-risk-decisions"},{"key":"cit0035","unstructured":"OWASP. (2016). WIkimedia Commons. Retrieved October 24, 2019, from https:\/\/commons.wikimedia.org\/wiki\/File:Data_Flow_Diagram_-_Online_Banking_Application.jpg"},{"key":"cit0036","unstructured":"Petters, J. (2018). Varonis. Retrieved from Varonis: https:\/\/www.varonis.com\/blog\/ids-vs-ips\/"},{"key":"cit0037","unstructured":"Richard, A. & Caralli, J. F. (2007). Carnegie Mellon. Retrieved October 12, 2019, from https:\/\/resources.sei.cmu.edu\/asset_files\/TechnicalReport\/2007_005_001_14885.pdf"},{"key":"cit0038","unstructured":"Scarfone, M. S. (2016). National Institute of Standards and Technology. Retrieved October 14, 2019, from https:\/\/csrc.nist.gov\/CSRC\/media\/Publications\/sp\/800-154\/draft\/documents\/sp800_154_draft.pdf"},{"volume-title":"Evaluation of threat modeling methodologies","year":"2019","author":"Selin J","key":"cit0039"},{"key":"cit0040","unstructured":"Seller, D. (2006). Microsoft Blogs. https:\/\/blogs.msdn.microsoft.com\/dansellers\/"},{"key":"cit0041","unstructured":"Shevchenko, N. (2018). insights.sei.cmu.edu. Retrieved from Carnegie Mellon University: https:\/\/insights.sei.cmu.edu\/sei_blog\/2018\/12\/threat-modeling-12-available-methods.html"},{"key":"cit0042","unstructured":"Shuttleworth, M. (2017). Project Risk Manager. Retrieved October 14, 2019, from https:\/\/www.project-risk-manager.com\/blog\/qualitative-and-quantitative-risk-analysis\/"},{"key":"cit0043","unstructured":"ThreatModeler. (2016). https:\/\/threatmodeler.com"},{"key":"cit0044","unstructured":"UcedaVelez, T. (2015). GSA.gov. Retrieved from GSA.gov: https:\/\/interact.gsa.gov\/sites\/default\/files\/Mon%20AM2-SW%20Assurance%20Fall%20SSCA%20Forum-Sept%202015.pdf"},{"key":"cit0045","doi-asserted-by":"publisher","DOI":"10.1002\/9781118988374"},{"key":"cit0046","unstructured":"Veltsos, C. (2017). SecurityIntelligence.com. Retrieved from SecurityIntelligence: https:\/\/securityintelligence.com\/take-a-load-off-delegate-cyber-risk-management-using-the-three-lines-of-defense-model\/"},{"key":"cit0047","unstructured":"Visual-Paradigm.com. (2019). Visual-Paradigm.com. Retrieved from Visual-Paradigm.com: https:\/\/www.visual-paradigm.com\/guide\/data-flow-diagram\/what-is-data-flow-diagram\/"},{"key":"cit0048","unstructured":"Wilson, T. (2012). pluralsight.com. Retrieved from pluralsight.com: https:\/\/www.pluralsight.com\/blog\/it-ops\/access-control-list-concepts"},{"key":"cit0049","unstructured":"Zareen Syed, A. P. (2016 UCO: A Unified Cybersecurity Ontology). https:\/\/pdfs.semanticscholar.org\/67b3\/c0893013cbdcc9f35ec9359fa4466df7360e.pdf?_ga=2.108917250.125639893.1571524259-1103033312.1571166544."},{"key":"cit0050","unstructured":"Zalewski, A. H. (2012). semanticscholar.org. Retrieved October 15, 2019, from https:\/\/pdfs.semanticscholar.org\/d3a8\/8f79f3baf7c1f3ad75fada8ec2b71b27ca99.pdf?_ga=2.167142267.456045756.1571166544-1103033312.1571166544"}],"container-title":["Information Security Journal: A Global Perspective"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.1080\/19393555.2022.2104766","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,31]],"date-time":"2023-01-31T12:30:05Z","timestamp":1675168205000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/19393555.2022.2104766"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,29]]},"references-count":50,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2023,3,4]]}},"alternative-id":["10.1080\/19393555.2022.2104766"],"URL":"https:\/\/doi.org\/10.1080\/19393555.2022.2104766","relation":{},"ISSN":["1939-3555","1939-3547"],"issn-type":[{"type":"print","value":"1939-3555"},{"type":"electronic","value":"1939-3547"}],"subject":[],"published":{"date-parts":[[2022,7,29]]},"assertion":[{"value":"The publishing and review policy for this title is described in its Aims & Scope.","order":1,"name":"peerreview_statement","label":"Peer Review Statement"},{"value":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uiss20","URL":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uiss20","order":2,"name":"aims_and_scope_url","label":"Aim & Scope"},{"value":"2022-07-29","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}