{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T15:36:41Z","timestamp":1775230601565,"version":"3.50.1"},"reference-count":20,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,10]]},"DOI":"10.1109\/ccst.2017.8167819","type":"proceedings-article","created":{"date-parts":[[2017,12,7]],"date-time":"2017-12-07T23:28:21Z","timestamp":1512689301000},"page":"1-8","source":"Crossref","is-referenced-by-count":61,"title":["A quantitative CVSS-based cyber security risk assessment methodology for IT systems"],"prefix":"10.1109","author":[{"given":"M. Ugur","family":"Aksu","sequence":"first","affiliation":[]},{"given":"M. Hadi","family":"Dilek","sequence":"additional","affiliation":[]},{"given":"E. Islam","family":"Tatli","sequence":"additional","affiliation":[]},{"given":"Kemal","family":"Bicakci","sequence":"additional","affiliation":[]},{"given":"H. Ibrahim","family":"Dirik","sequence":"additional","affiliation":[]},{"given":"M. Umut","family":"Demirezen","sequence":"additional","affiliation":[]},{"given":"Tayfun","family":"Aykir","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2012.4"},{"key":"ref11","first-page":"1","article-title":"Common Vulnerability Scoring System v3.0: Specification Document","year":"2015","journal-title":"Forum of Incident Response and Security Teams (FIRST)"},{"key":"ref12","first-page":"13","volume":"199","year":"2004","journal-title":"Standards for Security Categorization of Federal Information and Information Systems"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7788"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.5121\/ijnsa.2014.6303"},{"key":"ref15","volume":"49","author":"pendleton","year":"2016","journal-title":"A Survey on Security Metrics"},{"key":"ref16","article-title":"Automated Generation Of Attack Graphs Using NVD","author":"aksu","year":"2017","journal-title":"24th ACM Conference on Computer and Communications Security"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.21236\/ADA431826"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/818957"},{"key":"ref19","year":"0","journal-title":"Skybox Security"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1002\/9781119162315"},{"key":"ref3","first-page":"1106","article-title":"Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches","volume":"10","author":"elena ramona","year":"2011","journal-title":"Chinese Business Review"},{"key":"ref6","first-page":"800","volume":"1","year":"2010","journal-title":"NIST Special Publication 800&#x2013;37 R1 Guide for Applying the Risk Management Framework to Federal Information Systems"},{"key":"ref5","first-page":"1","year":"2014","journal-title":"ISO 27001 Information Security Certification"},{"key":"ref8","first-page":"1","article-title":"A Complete Guide to the Common Vulnerability Scoring System Version 2.0","author":"mell","year":"2007","journal-title":"Forum of Incident Response and Security Teams"},{"key":"ref7","author":"jaquith","year":"2007","journal-title":"Security Metrics Replacing Fear Uncertainty and Doubt"},{"key":"ref2","first-page":"312","article-title":"Why You Need to Conduct Risk Assessment","author":"kim","year":"2005","journal-title":"Inside Network Security Assessment Guarding your IT Infrastructure"},{"key":"ref1","first-page":"95","year":"2012","journal-title":"NIST Special Publications on Guide for Conducting Risk Assessment"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1201\/b14047"},{"key":"ref20","year":"0","journal-title":"Risk Assessment Model PoC Coding in Java"}],"event":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","location":"Madrid","start":{"date-parts":[[2017,10,23]]},"end":{"date-parts":[[2017,10,26]]}},"container-title":["2017 International Carnahan Conference on Security Technology (ICCST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8122075\/8167784\/08167819.pdf?arnumber=8167819","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,1,15]],"date-time":"2018-01-15T22:47:07Z","timestamp":1516056427000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/8167819\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10]]},"references-count":20,"URL":"https:\/\/doi.org\/10.1109\/ccst.2017.8167819","relation":{},"subject":[],"published":{"date-parts":[[2017,10]]}}}