{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T16:49:20Z","timestamp":1761324560141,"version":"build-2065373602"},"reference-count":84,"publisher":"Informa UK Limited","issue":"6","license":[{"start":{"date-parts":[[2025,5,6]],"date-time":"2025-05-06T00:00:00Z","timestamp":1746489600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100013276","name":"Interreg","doi-asserted-by":"publisher","award":["20357977"],"award-info":[{"award-number":["20357977"]}],"id":[{"id":"10.13039\/100013276","id-type":"DOI","asserted-by":"publisher"}]},{"name":"The Swedish Civil Contingencies Agency","award":["MSB 2021\u201314650"],"award-info":[{"award-number":["MSB 2021\u201314650"]}]},{"DOI":"10.13039\/100022892","name":"SESAR Joint Undertaking","doi-asserted-by":"publisher","award":["731765"],"award-info":[{"award-number":["731765"]}],"id":[{"id":"10.13039\/100022892","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["www.tandfonline.com"],"crossmark-restriction":true},"short-container-title":["Information Security Journal: A Global Perspective"],"published-print":{"date-parts":[[2025,11,2]]},"DOI":"10.1080\/19393555.2025.2498472","type":"journal-article","created":{"date-parts":[[2025,5,6]],"date-time":"2025-05-06T06:48:42Z","timestamp":1746514122000},"page":"561-578","update-policy":"https:\/\/doi.org\/10.1080\/tandf_crossmark_01","source":"Crossref","is-referenced-by-count":0,"title":["Information security risk management tools in the air traffic management domain: what are practitioners\u2019 needs?"],"prefix":"10.1080","volume":"34","author":[{"given":"Simon","family":"Andersson","sequence":"first","affiliation":[{"name":"Lule\u00e5 University of Technology","place":["Sweden"]}]},{"given":"Erik","family":"Bergstr\u00f6m","sequence":"additional","affiliation":[{"name":"J\u00f6nk\u00f6ping University","place":["Sweden"]}]},{"given":"Martin","family":"Lundgren","sequence":"additional","affiliation":[{"name":"University of Sk\u00f6vde","place":["Sweden"]}]},{"given":"Karin","family":"Bernsmed","sequence":"additional","affiliation":[{"name":"SINTEF Digital","place":["Trondheim, Norway"]}]},{"given":"Guillaume","family":"Bour","sequence":"additional","affiliation":[{"name":"SINTEF Digital","place":["Trondheim, Norway"]}]}],"member":"301","published-online":{"date-parts":[[2025,5,6]]},"reference":[{"key":"e_1_3_3_2_1","doi-asserted-by":"publisher","DOI":"10.1002\/9781119171386.ch19"},{"key":"e_1_3_3_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSCloud.2017.13"},{"key":"e_1_3_3_4_1","first-page":"4241","volume-title":"Proceedings of the 48th Hawaii International Conference on System Sciences (HICSS)","author":"Alaskar M.","year":"2015","unstructured":"Alaskar, M., Vodanovich, S., & Shen, K. N. (2015). Evolvement of information security research on employees\u2019 behavior: A systematic review and future direction. In Proceedings of the 48th Hawaii International Conference on System Sciences (HICSS) (pp. 4241\u20134250. ISBN 147997367X. Kauai, Hawaii."},{"key":"e_1_3_3_5_1","doi-asserted-by":"publisher","DOI":"10.3390\/electronics12173629"},{"key":"e_1_3_3_6_1","doi-asserted-by":"publisher","DOI":"10.3390\/info15060353"},{"key":"e_1_3_3_7_1","volume-title":"Ministry of finance and public administration","author":"Amutio M.","year":"2014","unstructured":"Amutio, M., Candau, J., & Ma\u00f1as, J. A. (2014). Magerit-methodology for information systems risk analysis and management. Ministry of finance and public administration. Spain."},{"key":"e_1_3_3_8_1","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-10-2022-0163"},{"key":"e_1_3_3_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24707-4_60"},{"key":"e_1_3_3_10_1","first-page":"33","volume-title":"Proceedings of the 13th European Conference on Cyber Warfare and Security","author":"Barto\u0161 J.","year":"2014","unstructured":"Barto\u0161, J., Walek, B., Klime\u0161, C., & Farana, R. (2014). Fuzzy application with expert system for conducting information security risk analysis. In Proceedings of the 13th European Conference on Cyber Warfare and Security (pp. 33\u201341). Piraeus, Greece."},{"key":"e_1_3_3_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3184444.3184448"},{"key":"e_1_3_3_12_1","doi-asserted-by":"crossref","unstructured":"Bergstr\u00f6m E. (2020). Supporting information security management: Developing a method for information classification [PhD thesis]. University of Sk\u00f6vde","DOI":"10.1108\/ICS-07-2020-0110"},{"key":"e_1_3_3_13_1","first-page":"107","volume-title":"International symposium on human aspects of information security and assurance","author":"Bergstr\u00f6m E.","year":"2024","unstructured":"Bergstr\u00f6m, E., Andersson, S., & Lundgren, M. (2024). To risk analyse, or not to risk analyse: That\u2019s the question. In Nathan Clarke, Steven Furnell (Eds.), International symposium on human aspects of information security and assurance (pp. 107\u2013119). Springer."},{"key":"e_1_3_3_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-38530-8_15"},{"key":"e_1_3_3_15_1","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-09-2018-0106"},{"key":"e_1_3_3_16_1","first-page":"146","volume-title":"9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS","volume":"3598","author":"Bergstr\u00f6m E.","year":"2023","unstructured":"Bergstr\u00f6m, E., Welch, C., Nolte, A., Rajanen, M., Islind, A. S., Hult, H. V., & Ravarini, A. (2023). Tools supporting information security risk management in practice. In P. Bednar, F. Zaghloul, & A. M. Braccini (Eds.), 9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS (Vol. 3598. pp. 146\u2013159). CEUR-WS. Portsmouth, United Kingdom."},{"key":"e_1_3_3_17_1","doi-asserted-by":"publisher","DOI":"10.1051\/shsconf\/202112002013"},{"key":"e_1_3_3_18_1","article-title":"Tool","author":"Cambridge University Press","unstructured":"Cambridge University Press. (n.d). Tool. Cambridge Dictionary. Retrieved August 25. https:\/\/dictionary.cambridge.org\/dictionary\/english\/tool?q=Tool","journal-title":"Cambridge Dictionary. Retrieved August 25"},{"key":"e_1_3_3_19_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA470450"},{"key":"e_1_3_3_20_1","doi-asserted-by":"publisher","DOI":"10.2514\/1.I010233"},{"key":"e_1_3_3_21_1","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2018.090858"},{"key":"e_1_3_3_22_1","first-page":"1","article-title":"Ghost in the air (traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices","volume":"1","author":"Costin A.","year":"2012","unstructured":"Costin, A., & Francillon, A. (2012). Ghost in the air (traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices. Black Hat USA, 1, 1\u201312.","journal-title":"Black Hat USA"},{"key":"e_1_3_3_23_1","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2019\/15117"},{"key":"e_1_3_3_24_1","first-page":"98","volume-title":"Requirements Engineering: Foundation for Software Quality: 21st International Working Conference, REFSQ 2015","volume":"21","author":"De Gramatica M.","unstructured":"De Gramatica, M., Labunets, K., Massacci, F., Paci, F., & Tedeschi, A. The role of catalogues of threats and security controls in security risk assessment: An empirical study with atm professionals. In Requirements Engineering: Foundation for Software Quality: 21st International Working Conference, REFSQ 2015. 21. (pp. 98\u2013114). Springer, Essen, Germany. March 23\u201326, 2015"},{"key":"e_1_3_3_25_1","doi-asserted-by":"publisher","DOI":"10.1515\/9783111172408-013"},{"key":"e_1_3_3_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3664476.3670881"},{"key":"e_1_3_3_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2007.478"},{"key":"e_1_3_3_28_1","doi-asserted-by":"publisher","DOI":"10.5220\/0011137100003266"},{"key":"e_1_3_3_29_1","unstructured":"European Union Agency for Cybersecurity. (2023). RM\/RA Tools. https:\/\/www.enisa.europa.eu\/topics\/threat-risk-management\/risk-management\/current-risk\/risk-management-inventory\/rm-ra-tools"},{"key":"e_1_3_3_30_1","doi-asserted-by":"publisher","DOI":"10.4304\/jcp.7.12.3103-3109"},{"key":"e_1_3_3_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.117"},{"key":"e_1_3_3_32_1","doi-asserted-by":"publisher","DOI":"10.1108\/IMCS-07-2013-0053"},{"key":"e_1_3_3_33_1","doi-asserted-by":"publisher","DOI":"10.5120\/ijais2017451711"},{"key":"e_1_3_3_34_1","doi-asserted-by":"publisher","DOI":"10.5120\/18097-9155"},{"key":"e_1_3_3_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3145905"},{"key":"e_1_3_3_36_1","doi-asserted-by":"publisher","DOI":"10.5539\/cis.v16n4p1"},{"key":"e_1_3_3_37_1","unstructured":"Ionita D. Hartel P. Pieters W. & Wieringa R. (2014). Current established risk assessment method-ologies and tools. Technical report 02."},{"key":"e_1_3_3_38_1","unstructured":"ISO\/IEC 27001. (2022). Information technology - cybersecurity and privacy protection - information security management systems - requirements. Standard ISO\/IEC 27001: 2022. International Organization for Standardization. https:\/\/www.iso.org\/standard\/27001"},{"key":"e_1_3_3_39_1","volume-title":"ISO\/IEC 27005: Information technology-security techniques -information security risk management","author":"ISO\/IEC 27005","year":"2018","unstructured":"ISO\/IEC 27005. (2018). ISO\/IEC 27005: Information technology-security techniques -information security risk management. ISO."},{"key":"e_1_3_3_40_1","doi-asserted-by":"publisher","DOI":"10.1049\/cp.2015.0276"},{"key":"e_1_3_3_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-79915-16"},{"key":"e_1_3_3_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.paerosci.2016.10.001"},{"key":"e_1_3_3_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2003.08.001"},{"key":"e_1_3_3_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/EmpiRE.2015.7431304"},{"key":"e_1_3_3_45_1","volume-title":"Proc. of SIDs","author":"Labunets K.","year":"2014","unstructured":"Labunets, K., Paci, F., Massacci, F., Ragosta, M., & Solhaug, B. (2014). A first empirical evaluation framework for security risk assessment methods in the ATM domain. Proc. of SIDs. Madrid, Spain."},{"key":"e_1_3_3_46_1","unstructured":"Lundgren M. (2020). Making the dead alive: Dynamic routines in risk management [PhD thesis]. Lule\u00e5 University of Technology."},{"key":"e_1_3_3_47_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJRAM.2019.101287"},{"key":"e_1_3_3_48_1","volume-title":"Team-based codebook development: Structure, process, and agreement","author":"MacQueen K. M.","year":"2008","unstructured":"MacQueen, K. M., McLellan-Lemal, E., Bartholow, K., & Milstein, B. (2008). Team-based codebook development: Structure, process, and agreement. AltaMira Press."},{"key":"e_1_3_3_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICRIIS.2017.8002513"},{"key":"e_1_3_3_50_1","volume-title":"Qualitative researching","author":"Mason J.","year":"2002","unstructured":"Mason, J. (2002). Qualitative researching (second ed.). SAGE Publications Inc."},{"key":"e_1_3_3_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3652037.3663896"},{"key":"e_1_3_3_52_1","volume-title":"Australian Information Security Management Conference","author":"Murray G.","year":"2017","unstructured":"Murray, G., Johnstone, M. N., & Valli, C. (2017). The convergence of it and ot in critical infrastructure. Australian Information Security Management Conference. Perth, Western Australia."},{"key":"e_1_3_3_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMTMA.2009.129"},{"key":"e_1_3_3_54_1","doi-asserted-by":"publisher","DOI":"10.1057\/s41303-016-0025-y"},{"key":"e_1_3_3_55_1","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2012.3"},{"key":"e_1_3_3_56_1","volume-title":"Researching information systems and computing","author":"Oates B. J.","year":"2006","unstructured":"Oates, B. J. (2006). Researching information systems and computing. SAGE Publications Inc."},{"key":"e_1_3_3_57_1","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxx093"},{"key":"e_1_3_3_58_1","doi-asserted-by":"publisher","DOI":"10.1108\/WHATT-12-2024-0296"},{"key":"e_1_3_3_59_1","doi-asserted-by":"publisher","DOI":"10.1080\/00218499.1988.12467766"},{"key":"e_1_3_3_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2024.103829"},{"key":"e_1_3_3_61_1","first-page":"1215","article-title":"Multi-criteria model for evaluation of information security risk assessment methods and tools","author":"Sajko M.","year":"2010","unstructured":"Sajko, M., Hadjina, N., & Pe\u0161ut, D. (2010). Multi-criteria model for evaluation of information security risk assessment methods and tools. The 33rd International Convention MIPRO, 1215\u20131220.","journal-title":"The 33rd International Convention MIPRO"},{"issue":"2","key":"e_1_3_3_62_1","first-page":"263","article-title":"How to calculate information value for effective security risk assessment","volume":"30","author":"Sajko M.","year":"2006","unstructured":"Sajko, M., Rabuzin, K., & Ba\u010da, M. (2006). How to calculate information value for effective security risk assessment. Journal of Information and Organizational Sciences, 30(2), 263\u2013278.","journal-title":"Journal of Information and Organizational Sciences"},{"key":"e_1_3_3_63_1","volume-title":"The coding manual for qualitative researchers","author":"Salda\u00f1a J.","year":"2021","unstructured":"Salda\u00f1a, J. (2021). The coding manual for qualitative researchers (4th ed.). SAGE Publications Inc.","edition":"4"},{"key":"e_1_3_3_64_1","doi-asserted-by":"publisher","DOI":"10.3390\/jcp3030028"},{"key":"e_1_3_3_65_1","doi-asserted-by":"publisher","DOI":"10.3390\/app13010395"},{"key":"e_1_3_3_66_1","unstructured":"SESAR 3 Joint Undertaking. (2020). Sesar joint undertaking - content integration. https:\/\/www.sesarju.eu\/projects\/ci"},{"key":"e_1_3_3_67_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.11.001"},{"issue":"1","key":"e_1_3_3_68_1","first-page":"25","article-title":"Enhancing the factor analysis of information risk methodology for assessing cyberresilience in critical infrastructure information systems","volume":"4","author":"Shypovskyi U.","year":"2023","unstructured":"Shypovskyi, U. (2023). Enhancing the factor analysis of information risk methodology for assessing cyberresilience in critical infrastructure information systems. Political Science and Security Studies Journal, 4(1), 25\u201333.","journal-title":"Political Science and Security Studies Journal"},{"key":"e_1_3_3_69_1","volume-title":"Interpreting qualitative data","author":"Silverman D.","year":"2015","unstructured":"Silverman, D. (2015). Interpreting qualitative data (5th ed.). Sage.","edition":"5"},{"key":"e_1_3_3_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2017.8102082"},{"key":"e_1_3_3_71_1","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-4666-7381-6.ch011"},{"key":"e_1_3_3_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/TITS.2016.2612584"},{"key":"e_1_3_3_73_1","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2015.1092620"},{"key":"e_1_3_3_74_1","volume-title":"Introduktion till risk och riskhantering","author":"Tehler H.","year":"2023","unstructured":"Tehler, H. (2023). Introduktion till risk och riskhantering (first ed.). Lunds University."},{"key":"e_1_3_3_75_1","volume-title":"Research methods for business students","author":"Thornhill A.","year":"2016","unstructured":"Thornhill, A., Saunders, M., & Lewis, P. (2016). Research methods for business students (seventh ed.). Prentice Hall."},{"key":"e_1_3_3_76_1","doi-asserted-by":"publisher","DOI":"10.15405\/epsbs.2017.07.3"},{"issue":"4","key":"e_1_3_3_77_1","first-page":"90","article-title":"Artificial intelligence and its application in information security management","volume":"3","author":"Toxirjonovich O. N.","year":"2022","unstructured":"Toxirjonovich, O. N., & Fozilovich, Y. O. (2022, April). Artificial intelligence and its application in information security management. Central Asian Journal of Theoretical and Applied Science, 3(4), 90\u201397.","journal-title":"Central Asian Journal of Theoretical and Applied Science"},{"key":"e_1_3_3_78_1","unstructured":"Vashistha A. (2021). The future of risk management is automated. https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2021\/02\/25\/the-future-of-risk-management-is-automated\/"},{"key":"e_1_3_3_79_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.04.004"},{"key":"e_1_3_3_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.107"},{"key":"e_1_3_3_81_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-017-0382-0"},{"key":"e_1_3_3_82_1","volume-title":"Proceeding of Norwegian Information Security Conference\/Norsk informasjonssikkerhetskonferanse-NISK 2013-Stavanger","author":"Wangen G.","year":"2013","unstructured":"Wangen, G., & Snekkenes, E. (2013). A taxonomy of challenges in information security risk management. In Proceeding of Norwegian Information Security Conference\/Norsk informasjonssikkerhetskonferanse-NISK 2013-Stavanger, 18th-20th November 2013. Akademika Forlag. Stavanger, Norway."},{"key":"e_1_3_3_83_1","volume-title":"Principles of information security","author":"Whitman M. E.","year":"2014","unstructured":"Whitman, M. E., & Mattord, H. J. (2014). Principles of information security (fifth ed.). Cengage Learning."},{"key":"e_1_3_3_84_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICoSEIT55604.2022.10029988"},{"key":"e_1_3_3_85_1","doi-asserted-by":"publisher","DOI":"10.1080\/13669877.2014.940593"}],"container-title":["Information Security Journal: A Global Perspective"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.1080\/19393555.2025.2498472","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T16:45:49Z","timestamp":1761324349000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/19393555.2025.2498472"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,6]]},"references-count":84,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,11,2]]}},"alternative-id":["10.1080\/19393555.2025.2498472"],"URL":"https:\/\/doi.org\/10.1080\/19393555.2025.2498472","relation":{},"ISSN":["1939-3555","1939-3547"],"issn-type":[{"type":"print","value":"1939-3555"},{"type":"electronic","value":"1939-3547"}],"subject":[],"published":{"date-parts":[[2025,5,6]]},"assertion":[{"value":"The publishing and review policy for this title is described in its Aims & Scope.","order":1,"name":"peerreview_statement","label":"Peer Review Statement"},{"value":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uiss20","URL":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uiss20","order":2,"name":"aims_and_scope_url","label":"Aim & Scope"},{"value":"2025-05-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}