{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T12:06:11Z","timestamp":1773921971201,"version":"3.50.1"},"reference-count":38,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,8]]},"DOI":"10.1109\/issa.2015.7335053","type":"proceedings-article","created":{"date-parts":[[2015,11,23]],"date-time":"2015-11-23T17:50:11Z","timestamp":1448301011000},"page":"1-8","source":"Crossref","is-referenced-by-count":3,"title":["A formal qualitative risk management approach for IT security"],"prefix":"10.1109","author":[{"given":"Bessy","family":"Mahopo","sequence":"first","affiliation":[]},{"given":"Hanifa","family":"Abdullah","sequence":"additional","affiliation":[]},{"given":"Mathias","family":"Mujinga","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref38","article-title":"Information Security Forum (ISF) Limited. The ISF Standard of Good Practice","author":"chaplin","year":"2011"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.04.005"},{"key":"ref32","article-title":"A Model for Legal Compliance in the South African Banking Sector - An Information Security Perspective","author":"maphakela","year":"2008","journal-title":"Nelson Mandela Metropolitan University"},{"key":"ref31","article-title":"An Introduction to Standards Related to Information Security","author":"amsenga","year":"2008","journal-title":"Proceedings of the ISSA 2008 Innovative Minds Conference"},{"key":"ref30","article-title":"Data and Information Security in Morden day Businesses","author":"ajibuwa","year":"2008","journal-title":"Atlantic International University"},{"key":"ref37","article-title":"the OCTAVE Approach to Information Security Risk Assessment","volume":"4","author":"panda","year":"2009","journal-title":"ISACA Journal"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1080\/19393550802369792"},{"key":"ref35","year":"0"},{"key":"ref34","first-page":"152","article-title":"VINE: Incorporating a knowledge perspective into security risk assessments","volume":"41","author":"shedden","year":"2011"},{"key":"ref10","article-title":"Cobit 4.1","year":"2007","journal-title":"IT Governance Institute USA"},{"key":"ref11","year":"2009","journal-title":"King III code"},{"key":"ref12","article-title":"Just so stories","author":"kipling","year":"1902","journal-title":"Double Day Page"},{"key":"ref13","article-title":"the OCTAVE Approach to Information Security Risk Assessment","volume":"4","author":"panda","year":"2009","journal-title":"ISACA Journal"},{"key":"ref14","first-page":"15213","article-title":"Introduction to the OCTAVE® Approach, Networked Systems Survivability Program","author":"alberts","year":"2003","journal-title":"Carnegie Mellon Software Engineering Institute"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.aci.2011.05.002"},{"key":"ref16","first-page":"1","article-title":"Information Security Management Principles - An ISEB Certificate","author":"taylor","year":"2008","journal-title":"The British Computer Society"},{"key":"ref17","article-title":"Information Security and ISO 27001: An Introduction, IT Governance Green Paper","author":"calder","year":"2013","journal-title":"Infosec-and-ISO27001v3-uk"},{"key":"ref18","article-title":"Framework-Control Objectives-Management Guidelines — Maturity Models","year":"2007"},{"key":"ref19","article-title":"Challenges generated by the implementation of the IT Standards ITGI, ITIL V3 and ISO\/IEC 27002 in enterprises","author":"nastase","year":"2009","journal-title":"The Bucharest Academy of Economic Studies"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2014.05.452"},{"key":"ref4","article-title":"HP Project and Portfolio Management Center Briefing","author":"furner","year":"2008","journal-title":"Hewlett-Packard Development Company USA"},{"key":"ref27","article-title":"Threat Modeling as a Basis for Security Requirements","author":"myagmar","year":"2005","journal-title":"National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1593105.1593203"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1655168.1655179"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/1363686.1363820"},{"key":"ref5","article-title":"Information technology — Security techniques — Code of practice for information security management","year":"2007"},{"key":"ref8","article-title":"What is a RACI","author":"banacorsi","year":"2011","journal-title":"Homepage of 6sixsigma com"},{"key":"ref7","article-title":"Aligning CobiT® 4.1, ITIL® V3 and ISO\/IEC 27002 for Business Benefit","year":"2008","journal-title":"IT Governance Institute USA"},{"key":"ref2","article-title":"Managing Security Projects in Telecommunication Networks","author":"krichene","year":"2008","journal-title":"Engineering School of Communications SUP'COM"},{"key":"ref9","article-title":"Cobit Mapping: Mapping of IT v3 With Cobit 4.1","year":"2008","journal-title":"IT Governance Institute USA"},{"key":"ref1","article-title":"How Much Is Enough? A Risk-Management Approach to Computer Security","author":"soo hoo","year":"2000"},{"key":"ref20","article-title":"Combine ITIL and COBIT to Meet Business Challenges","author":"hill","year":"2006","journal-title":"BMC Software"},{"key":"ref22","article-title":"The RIPE Framework: A Process-Driven Approach towards Effective and Sustainable Industrial Control System Security","author":"langner","year":"2013","journal-title":"Langner Communications Whitepaper Langner Communications GmbH"},{"key":"ref21","first-page":"20899","article-title":"Guide for Applying the Risk Management Framework to Federal Information Systems, A Security Life Cycle Approach","year":"2010"},{"key":"ref24","first-page":"5","article-title":"Role & Responsibility Charting (RACI)","author":"smith","year":"2005","journal-title":"Project Management Forum"},{"key":"ref23","first-page":"1","article-title":"A structured approach to enterprise risk management","year":"2010","journal-title":"The Public Risk Management Association London"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.protcy.2012.05.078"},{"key":"ref25","year":"2014"}],"event":{"name":"2015 Information Security for South Africa (ISSA)","location":"Johannesburg, South Africa","start":{"date-parts":[[2015,8,12]]},"end":{"date-parts":[[2015,8,13]]}},"container-title":["2015 Information Security for South Africa (ISSA)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7328027\/7335039\/07335053.pdf?arnumber=7335053","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,24]],"date-time":"2017-03-24T20:15:26Z","timestamp":1490386526000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7335053\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,8]]},"references-count":38,"URL":"https:\/\/doi.org\/10.1109\/issa.2015.7335053","relation":{},"subject":[],"published":{"date-parts":[[2015,8]]}}}