{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T01:21:14Z","timestamp":1777598474069,"version":"3.51.4"},"reference-count":65,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/OAPA.html"}],"funder":[{"name":"Ministry of Science and Technology of Spain by ECLIPSE and SEQUOIA projects","award":["TIN2015-63502-C3-2-R"],"award-info":[{"award-number":["TIN2015-63502-C3-2-R"]}]},{"DOI":"10.13039\/501100008530","name":"European Regional Development Fund","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100008530","id-type":"DOI","asserted-by":"publisher"}]},{"name":"C\u00e1tedra of Telef\u00f3nica"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2019]]},"DOI":"10.1109\/access.2019.2901408","type":"journal-article","created":{"date-parts":[[2019,2,25]],"date-time":"2019-02-25T19:50:56Z","timestamp":1551124256000},"page":"26448-26465","source":"Crossref","is-referenced-by-count":14,"title":["Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models"],"prefix":"10.1109","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9953-6005","authenticated-orcid":false,"given":"Angel J.","family":"Varela-Vaca","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luisa","family":"Parody","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rafael M.","family":"Gasca","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria T.","family":"Gomez-Lopez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","article-title":"Information security metrics: State of the art: State of the art","author":"barabanov","year":"2011"},{"key":"ref38","year":"2012","journal-title":"Comet"},{"key":"ref33","author":"rossi","year":"2006","journal-title":"Handbook Constraint Prog"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-01020-0_3"},{"key":"ref31","author":"borrego","year":"2012","journal-title":"Diagnostic reasoning with structural analysis and constraint programming for quality improvement of business process management systems"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/11881216_22"},{"key":"ref37","author":"prud\u2019homme","year":"2017","journal-title":"Choco Documentation"},{"key":"ref36","year":"2017","journal-title":"IBM ILOG CPLEX Optimizer"},{"key":"ref35","article-title":"OPBUS tools","author":"varela-vaca","year":"2018"},{"key":"ref34","first-page":"32","article-title":"Algorithms for constraint-satisfaction problems: A survey","volume":"13","author":"kumar","year":"1992","journal-title":"AI Mag"},{"key":"ref60","first-page":"118","article-title":"Conceptual model 1188 of risk: Towards a risk modelling language","volume":"4832","author":"sienou","year":"2007","journal-title":"Proc Web Inf Syst Eng -WISE Workshops"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2009.90"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2868726"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.3233\/IFS-151975"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2010.09.002"},{"key":"ref64","first-page":"1","article-title":"Integrating risks in business process models","author":"rosemann","year":"2005","journal-title":"16th Australasian Conference on Information Systems (ACIS)"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2007.10.014"},{"key":"ref65","year":"2013"},{"key":"ref29","first-page":"7","article-title":"A compiled model for faults diagnosis based on different techniques","volume":"20","author":"ceballos","year":"2007","journal-title":"AI Commun"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2881759"},{"key":"ref1","author":"weske","year":"2007","journal-title":"Business Process Management Concepts Languages Architectures"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/0004-3702(92)90027-U"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/RCIS.2011.6006844"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2004.835010"},{"key":"ref24","year":"2009","journal-title":"UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms Object Management Group (OMG)"},{"key":"ref23","first-page":"370","article-title":"Opbus: Risk-aware framework for the conformance of security-quality requirements in business processes","author":"varela-vaca","year":"2011","journal-title":"Proc SECRYPT"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/S0951-8320(00)00076-4"},{"key":"ref25","year":"2007","journal-title":"Business Motivation Model (BMM)"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03848-8_9"},{"key":"ref51","year":"2004","journal-title":"Integrity-Driven Performance A New Strategy for Success Through Inte-grated Governance Risk and Compliance Management Pricewaterhouse-Coopers"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-09699-5_31"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.174"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/1082983.1083099"},{"key":"ref56","first-page":"1","article-title":"A reference model for process-oriented it risk management","volume":"246","author":"sackmann","year":"2008","journal-title":"Proc ECIS"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/CRISIS.2009.5411973"},{"key":"ref54","first-page":"412","article-title":"UMLsec: Extending UML for secure systems development","author":"j\u00fcrjens","year":"2002","journal-title":"The Unified Modeling Language"},{"key":"ref53","first-page":"1","article-title":"Governance, risk & compliance (GRC) software - An exploratory study of software vendor and market research perspectives","author":"racz","year":"2011","journal-title":"Proc 44th Hawaii Int Conf Syst Sci"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13241-4_11"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1201\/1078\/44118.21.2.20040301\/80419.5"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2011.10.021"},{"key":"ref12","year":"2018"},{"key":"ref13","year":"2008","journal-title":"Methodology for Information Systems Risk Analysis and Management"},{"key":"ref14","article-title":"Bonita Open Solution","author":"soft","year":"2017"},{"key":"ref15","year":"2017","journal-title":"Business Process Model and Notation"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/S0377-2217(00)00292-7"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/S0950-5849(99)00016-6"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45441-1_7"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.datak.2013.04.008"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.jpdc.2018.04.015"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2018.08.001"},{"key":"ref6","article-title":"Cyber security breaches survey","author":"klahr","year":"2017"},{"key":"ref5","article-title":"Business process compromise (BPC)","author":"micro","year":"2017"},{"key":"ref8","year":"2002","journal-title":"CCTA Risk Analysis and Management Method"},{"key":"ref7","article-title":"Metodolog&#x00ED;a de An&#x00E1;lisis y Gesti&#x00F3;n de Riesgos de los Sistemas de Informaci&#x00F3;n","author":"goverment","year":"2006"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1120.0450"},{"key":"ref9","year":"2004","journal-title":"Enterprise Risk Management&#x2014;Integrated Framework"},{"key":"ref46","first-page":"1","article-title":"Integrating risks in business process models with value focused process engineering","author":"churilov","year":"2006","journal-title":"14th Eur Conf Inf Syst"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1002\/sys.20054"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2008.10.002"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/11824633_6"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2013.12.007"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.17705\/1CAIS.03452"},{"key":"ref44","first-page":"454","article-title":"Risk management in the BPM lifecycle","author":"muehlen","year":"2005","journal-title":"Proc Business Process Manage Workshops"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1147\/JRD.2010.2045777"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/8600701\/08651587.pdf?arnumber=8651587","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,10]],"date-time":"2021-08-10T19:40:55Z","timestamp":1628624455000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8651587\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"references-count":65,"URL":"https:\/\/doi.org\/10.1109\/access.2019.2901408","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]}}}