{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,27]],"date-time":"2025-09-27T10:53:15Z","timestamp":1758970395408,"version":"3.41.2"},"reference-count":34,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2018,10,8]],"date-time":"2018-10-08T00:00:00Z","timestamp":1538956800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2018,10,8]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to take into consideration a multitude of, often conflicting, functional and non-functional system goals. Therefore, a structured method to support crucial security decisions during a system\u2019s design that can take account of risk whilst providing feedback on the optimal decisions within specific scenarios would be valuable.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>Secure Tropos is a well-established security requirements engineering methodology, but it has no concepts of Risk, whilst Constrained Goal Models are an existing method to support relevant automated reasoning tasks. Hence we bridge these methods, by extending Secure Tropos to incorporate the concept of Risk, so that the elicitation and analysis of security requirements can be complimented by a systematic risk assessment process during a system\u2019s design time and supporting the reasoning regarding the selection of optimal security configurations with respect to multiple system objectives and constraints, via constrained goal models.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>As a means of conceptual evaluation, to give an idea of the applicability of the approach and to check if alterations may be desirable, a case study of its application to an e-government information system is presented. The proposed approach is able to generate security mechanism configurations for multiple optimisation scenarios that are provided, whilst there are limitations in terms of a natural trade-off of information levels of risk assessment that are required to be elicited.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The proposed approach adds additional value via its flexibility in permitting the consideration of different optimisation scenarios by prioritising different system goals and the automated reasoning support.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2018-0010","type":"journal-article","created":{"date-parts":[[2018,9,18]],"date-time":"2018-09-18T19:06:18Z","timestamp":1537297578000},"page":"472-490","source":"Crossref","is-referenced-by-count":2,"title":["Risk-aware decision support with constrained goal models"],"prefix":"10.1108","volume":"26","author":[{"given":"Nikolaos","family":"Argyropoulos","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Konstantinos","family":"Angelopoulos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew","family":"Fish","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022100508503359300_ref001","first-page":"262","article-title":"Decision-making in security requirements engineering with constrained goal models","volume-title":"\u2018Computer Security: ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017","year":"2017"},{"key":"key2022100508503359300_ref002","first-page":"4827","article-title":"A semi-automatic approach for eliciting cloud security and privacy requirements","volume-title":"\u2018Proceedings of the 50th hawaii international conference on system sciences\u2019","year":"2017"},{"key":"key2022100508503359300_ref003","first-page":"91","article-title":"Eliciting security requirements for business processes of legacy systems","volume-title":"\u2018IFIP Working Conference on the Practice of Enterprise Modeling","year":"2015"},{"key":"key2022100508503359300_ref004","first-page":"1","article-title":"Multi-objective risk analysis with goal models","volume-title":"\u2018Research Challenges in Information Science (RCIS), 2016 IEEE Tenth International Conference on\u2019","year":"2016"},{"first-page":"97","article-title":"Information security is information risk management","year":"2001","key":"key2022100508503359300_ref005"},{"issue":"3","key":"key2022100508503359300_ref006","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1023\/B:AGNT.0000018806.20944.ef","article-title":"Tropos: an agent-oriented software development methodology","volume":"8","year":"2004","journal-title":"Autonomous Agents and Multi-Agent Systems"},{"key":"key2022100508503359300_ref007","first-page":"201","article-title":"A probabilistic framework for goal-oriented risk analysis","volume-title":"\u20182012 20th IEEE International Requirements Engineering Conference (RE)\u2019","year":"2012"},{"key":"key2022100508503359300_ref008","first-page":"625","article-title":"Task specification and reasoning in dynamically altered contexts","volume-title":"\u2018International Conference on Advanced Information Systems Engineering\u2019","year":"2014"},{"volume-title":"Non-Functional Requirements in Software Engineering","year":"2000","key":"key2022100508503359300_ref009"},{"issue":"1\/2","key":"key2022100508503359300_ref010","first-page":"3","article-title":"Goal-directed requirements acquisition","volume":"20","year":"1993","journal-title":"Science of Computer Programming"},{"key":"key2022100508503359300_ref011","first-page":"337","article-title":"Z3: An efficient SMT solver, in \u2018proceedings of the theory and practice of software","volume-title":"14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems\u2019","year":"2008"},{"key":"key2022100508503359300_ref012","first-page":"9","article-title":"A semi-automated tool for requirements trade-off analysis","volume-title":"\u2018CAiSE Forum\u2019, Ceur","year":"2011"},{"key":"key2022100508503359300_ref013","first-page":"375","article-title":"A goal oriented approach for modeling and analyzing security trade-offs","volume-title":"\u2018International Conference on Conceptual Modeling\u2019","year":"2007"},{"issue":"1","key":"key2022100508503359300_ref014","first-page":"1","article-title":"Formal reasoning techniques for goal models","volume":"1","year":"2003","journal-title":"J. Data Semantics"},{"issue":"4","key":"key2022100508503359300_ref015","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1057\/ori.2009.10","article-title":"Analytic hierarchy process and expert choice: benefits and limitations","volume":"22","year":"2009","journal-title":"Or Insight"},{"issue":"2","key":"key2022100508503359300_ref016","doi-asserted-by":"crossref","first-page":"10","DOI":"10.3390\/jrfm10020010","article-title":"A risk management framework for cloud migration decision support","volume":"10","year":"2017","journal-title":"Journal of Risk and Financial Management"},{"key":"key2022100508503359300_ref017","unstructured":"ISO\/IEC (2008), \u201c27005:2008 \u2013 Information technology \u2013security techniques \u2013information security risk management\u201d, Technical report, ISO\/IEC."},{"key":"key2022100508503359300_ref018","unstructured":"ISO\/IEC (2014), \u201c27000:2014 \u2013 Information technology \u2013 security techniques \u2013 information security management systems \u2013 overview and vocabulary\u201d, Technical report, ISO\/IEC."},{"issue":"5","key":"key2022100508503359300_ref019","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1109\/52.605933","article-title":"A cost-value approach for prioritizing requirements","volume":"14","year":"1997","journal-title":"IEEE Software"},{"key":"key2022100508503359300_ref020","first-page":"541","article-title":"Adapting secure tropos for security risk management in the early phases of information systems development","volume-title":"\u2018International Conference on Advanced Information Systems Engineering\u2019","year":"2008"},{"key":"key2022100508503359300_ref021","first-page":"1","article-title":"A complete guide to the common vulnerability scoring system version 2.0","volume-title":"\u2018FIRST-Forum of Incident Response and Security Teams\u2019","year":"2007"},{"key":"key2022100508503359300_ref022","unstructured":"MITRE (2017), \u201cCommon attack pattern enumeration and classification, (CAPEC)\u201d, available at: https:\/\/capec.mitre.org\/"},{"issue":"2","key":"key2022100508503359300_ref023","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1142\/S0218194007003240","article-title":"Secure tropos: a security-oriented extension of the tropos methodology","volume":"17","year":"2007","journal-title":"International Journal of Software Engineering and Knowledge Engineering"},{"key":"key2022100508503359300_ref024","first-page":"357","article-title":"Security requirements engineering for cloud computing: the secure tropos approach","volume-title":"\u2018Domain-Specific Conceptual Modeling, Concepts, Methods and Tools","year":"2016"},{"issue":"2","key":"key2022100508503359300_ref025","first-page":"189","article-title":"Multi-objective reasoning with constrained goal models","volume":"23","year":"2016","journal-title":"Requirements Engineering"},{"key":"key2022100508503359300_ref026","unstructured":"Open Web Application Security Project (2015), \u201cApplication threat modeling\u201d, Technical report, OWASP."},{"key":"key2022100508503359300_ref027","first-page":"1","article-title":"Automating trade-off analysis of security requirements","year":"2015","journal-title":"Requirements Engineering"},{"volume-title":"Analytic Hierarchy Process","year":"1980","key":"key2022100508503359300_ref028"},{"key":"key2022100508503359300_ref029","first-page":"109","article-title":"What is the analytic hierarchy process","volume-title":"\u2018Mathematical Models for Decision Support","year":"1988"},{"key":"key2022100508503359300_ref030","first-page":"447","article-title":"OptiMathSAT: a tool for optimization modulo theories","volume-title":"\u2018Computer Aided Verification \u2013 27th International Conference","year":"2015"},{"key":"key2022100508503359300_ref031","doi-asserted-by":"crossref","unstructured":"Stoneburner, G., Goguen, A. and Feringa, A. (2002), \u201cRisk management guide for information technology systems (NIST special publication 800-30)\u201d, Technical report.","DOI":"10.6028\/NIST.SP.800-30"},{"issue":"1","key":"key2022100508503359300_ref032","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ejor.2004.04.028","article-title":"Analytic hierarchy process: an overview of applications","volume":"169","year":"2006","journal-title":"European Journal of Operational Research"},{"key":"key2022100508503359300_ref033","first-page":"462","article-title":"A multi-objective genetic algorithm for minimising network security risk and cost","volume-title":"\u2018High Performance Computing and Simulation (HPCS), 2012 International Conference on\u2019","year":"2012"},{"key":"key2022100508503359300_ref034","first-page":"33","article-title":"Architecture-based self-protecting software systems","volume-title":"\u2018Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures\u2019","year":"2013"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2018-0010\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2018-0010\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:35Z","timestamp":1753406555000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/26\/4\/472-490\/107949"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,10,8]]},"references-count":34,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2018,10,8]]}},"alternative-id":["10.1108\/ICS-01-2018-0010"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2018-0010","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2018,10,8]]}}}