{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T16:07:45Z","timestamp":1772122065312,"version":"3.50.1"},"reference-count":70,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100005004","name":"Basque Government Project Elkartek 2020","doi-asserted-by":"publisher","award":["KK-2020\/00054"],"award-info":[{"award-number":["KK-2020\/00054"]}],"id":[{"id":"10.13039\/501100005004","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/access.2021.3085530","type":"journal-article","created":{"date-parts":[[2021,6,3]],"date-time":"2021-06-03T03:43:25Z","timestamp":1622691805000},"page":"80741-80762","source":"Crossref","is-referenced-by-count":21,"title":["Cyber Resilience Self-Assessment Tool (CR-SAT) for SMEs"],"prefix":"10.1109","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2514-0312","authenticated-orcid":false,"given":"Juan Francisco","family":"Carias","sequence":"first","affiliation":[{"name":"TECNUN, School of Engineering, University of Navarra, San Sebastian, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9958-9799","authenticated-orcid":false,"given":"Saioa","family":"Arrizabalaga","sequence":"additional","affiliation":[{"name":"TECNUN, School of Engineering, University of Navarra, San Sebastian, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1721-0624","authenticated-orcid":false,"given":"Leire","family":"Labaka","sequence":"additional","affiliation":[{"name":"TECNUN, School of Engineering, University of Navarra, San Sebastian, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9307-9787","authenticated-orcid":false,"given":"Josune","family":"Hernantes","sequence":"additional","affiliation":[{"name":"TECNUN, School of Engineering, University of Navarra, San Sebastian, Spain"}]}],"member":"263","reference":[{"key":"ref70","first-page":"456","article-title":"Software system engineering process models","volume":"14","author":"davis","year":"2011","journal-title":"Software Requirements Engineering"},{"key":"ref39","first-page":"225","article-title":"Comparative analysis and design of cybersecurity maturity assessment methodology using NIST CSF, COBIT, ISO\/IEC 27002 and PCI DSS","volume":"4","author":"sulistyowati","year":"2020","journal-title":"Int J Informatics Vis"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.cie.2020.106829"},{"key":"ref33","year":"2016","journal-title":"CERT Resilience Management Model (CERT-RMM) Version 1 2"},{"key":"ref32","first-page":"1","year":"2014","journal-title":"ISO\/IEC 15408 2009 Information Technology&#x2014;Security Techniques&#x2014;Evaluation Criteria for IT Security"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/s10669-013-9485-y"},{"key":"ref30","year":"2012","journal-title":"A Business Framework for the Governance and Management of Enterprise IT"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.giq.2019.101419"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-16184-2_17"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-019-03034-9"},{"key":"ref34","year":"2017","journal-title":"Advancing Cyber Resilience&#x2014;Principles and Tools for Boards"},{"key":"ref60","first-page":"1","article-title":"Der Krieg und die Liebe&#x2014;Untersuchungen zur r&#x00F6;mischen Venus","volume":"5","author":"zainal","year":"2007","journal-title":"J Kemanus"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1111\/j.1365-2648.1994.tb01088.x"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1016\/j.technovation.2011.04.002"},{"key":"ref63","year":"2021","journal-title":"Basque Cyber Security Center"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.3390\/app10217393"},{"key":"ref64","year":"2021","journal-title":"Ziur"},{"key":"ref27","year":"2016","journal-title":"Cyber Resilience Review"},{"key":"ref65","year":"2021","journal-title":"Instituto Nacional de Ciberseguridad de Espa&#x00F1;a"},{"key":"ref66","year":"2021","journal-title":"White Paper on Cybersecurity in the Basque Country"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.21236\/ADA470450"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/357980.358010"},{"key":"ref68","first-page":"476","article-title":"Quality improvement methodologies&#x2013;PDCA cycle, RADAR matrix, DMAIC and DFSS","volume":"43","author":"sokovich","year":"2010","journal-title":"J Achiev Mater Manuf Eng"},{"key":"ref69","author":"tupper","year":"2011","journal-title":"Data Architecture From Zen to Reality"},{"key":"ref2","year":"2020","journal-title":"The Global Risk Report 2020"},{"key":"ref1","first-page":"3","volume":"353","author":"bj\u00f6rk","year":"2015","journal-title":"Cyber Resilience&#x2013;Fundamentals for a Definition"},{"key":"ref20","author":"deutscher","year":"2017","journal-title":"Building a Cyberresilient Organization"},{"key":"ref22","author":"crane","year":"2019","journal-title":"15 Small Business Cyber Security Statistics That You Need to Know&#x2014;Hashed Out by The SSL StoreTM"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-57805-3_29"},{"key":"ref24","year":"2019","journal-title":"Buildings Cybersecurity Capability Maturity Model"},{"key":"ref23","author":"huelsman","year":"2016","journal-title":"Cyber risk in advanced manufacturing"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-4666-3990-4.ch049"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.21236\/ADA610461"},{"key":"ref50","article-title":"Independent co-assurance using the safety-security assurance framework (SSAF): A Bayesian belief network implementation for IEC 61508 and common criteria","author":"johnson","year":"2020","journal-title":"arXiv 2010 07288"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3404663.3404678"},{"key":"ref59","author":"yin","year":"2018","journal-title":"Case study research and applications Design and methods"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1017\/S0003055404001182"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.3390\/s19010138"},{"key":"ref56","first-page":"84","article-title":"Ensuring information security in public organizations in the Republic of Moldova through the ISO 27001 standard","volume":"4","author":"alexei","year":"2021","journal-title":"The Social Science Journal"},{"key":"ref55","first-page":"311","article-title":"Aligning with cybersecurity framework by modelling OT security","author":"parekh","year":"2021","journal-title":"Informatik"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2021.3064196"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1108\/TQM-09-2020-0202"},{"key":"ref52","author":"penilla","year":"2021","journal-title":"Gu&#x00ED;a\/Framework Para la Definici&#x00F3;n de la Funci&#x00F3;n de Seguridad"},{"key":"ref10","year":"2013","journal-title":"ISO\/IEC 27001 2013 Information Technology&#x2014;Security Techniques&#x2014;Information Security Management Systems&#x2014;Requirements"},{"key":"ref11","year":"2014","journal-title":"Cybersecurity Capability Maturity Model (C2M2)"},{"key":"ref40","first-page":"1","article-title":"Designing recommendations and road map of governance for quality management system of online SKCK based on information security using ISO 9001: 2015 and ISO 27001:2013 (case study: Ditintelkam Polda ABC)","author":"putra","year":"2020","journal-title":"Proc 14th Int Conf Telecommun Syst Serv Appl TSSA"},{"key":"ref12","year":"2016","journal-title":"A Framework for Assessing Cyber Resilience"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1021\/es403443n"},{"key":"ref14","year":"2019","journal-title":"CIS Controls V 7 1"},{"key":"ref15","year":"2016","journal-title":"Cyber resilience assessment framework"},{"key":"ref16","first-page":"1","year":"2009","journal-title":"ANSI\/ISA-62443-2-1 (99 02 01) Security for Industrial Automation and Control Systems Part 2-1 Establishing an Industrial Automation and Control Systems Security Program"},{"key":"ref17","year":"2013","journal-title":"Security and Privacy Controls for Federal Information Systems and Organizations (NIST SP 800&#x2013;53 Rev 4)"},{"key":"ref18","author":"tang","year":"2017","journal-title":"Key performance indicators for process control system cybersecurity performance analysis"},{"key":"ref19","first-page":"1","article-title":"How to steer cyber security with only one KPI: The cyber risk resilience","author":"nys","year":"2016","journal-title":"Proc RSA Conf"},{"key":"ref4","author":"damiano","year":"2017","journal-title":"VIPRE Announces Launch of VIPRE Endpoint Security&#x2014;Cloud Edition |Business Wire"},{"key":"ref3","author":"millaire","year":"2017","journal-title":"What all cyber criminals know Small & midsize businesses with little or no cybersecurity are ideal targets"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.102"},{"key":"ref5","year":"2019","journal-title":"Indicadores Para Mejora de la Ciberresiliencia (IMC)"},{"key":"ref8","year":"2018","journal-title":"Framework for Improving Critical Infrastructure Cybersecurity"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3026063"},{"key":"ref49","article-title":"ISO 27001 information security management standard&#x2019;s implementation in software development environment: A case study","author":"ojalainen","year":"2020"},{"key":"ref9","year":"2012","journal-title":"Cyber Resiliency Metrics"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.2478\/picbe-2020-0049"},{"key":"ref45","first-page":"39","article-title":"ISM application tool, a contribution to address the barrier of information security management system implementation","volume":"18","author":"chandra","year":"2020","journal-title":"J Inf Commun Converg Eng"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2020.0110817"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1088\/1757-899X\/940\/1\/012048"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.14419\/ijet.v9i2.30581"},{"key":"ref41","first-page":"1176","author":"maleh","year":"2020","journal-title":"Designing an Effective Information Security Policy for Public Organizations ISO 27001 as a Success Framework"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.3390\/info11100471"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1088\/1757-899X\/879\/1\/012074"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9312710\/09445083.pdf?arnumber=9445083","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,8]],"date-time":"2022-09-08T20:55:38Z","timestamp":1662670538000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9445083\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":70,"URL":"https:\/\/doi.org\/10.1109\/access.2021.3085530","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]}}}