{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,21]],"date-time":"2025-05-21T05:28:28Z","timestamp":1747805308583,"version":"3.28.0"},"reference-count":41,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,8]]},"DOI":"10.1109\/re.2011.6051659","type":"proceedings-article","created":{"date-parts":[[2011,10,21]],"date-time":"2011-10-21T15:05:14Z","timestamp":1319209514000},"page":"239-248","source":"Crossref","is-referenced-by-count":32,"title":["Risk and argument: A risk-based argumentation method for practical security"],"prefix":"10.1109","author":[{"given":"Virginia N. L.","family":"Franqueira","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thein Than","family":"Tun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yijun","family":"Yu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Roel","family":"Wieringa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bashar","family":"Nuseibeh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"year":"2011","key":"ref39","article-title":"Common Weakness Scoring System (CWSS)"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2011.6051671"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89173-4_12"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/s10550-007-0013-9"},{"key":"ref31","article-title":"Evidence of Assurance: Laying the Foundation for a Credible Security Case","author":"lipson","year":"2008","journal-title":"Department of Homeland Security"},{"key":"ref30","first-page":"2","article-title":"An Argumentation-Based Approach to Modeling Decision Support Contexts with What If Capabilities","author":"baroni","year":"2009","journal-title":"AAAI Fall Symposium Technical Report SS-09-06"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ITNG.2009.24"},{"year":"2004","key":"ref36","article-title":"Australian\/New Zealand Standards, Risk Management"},{"year":"2008","key":"ref35","article-title":"Information technology. Security techniques. (27001) Information security management systems; (27005) Information security risk management"},{"journal-title":"risk Analysis and Management Method Version 5 1","article-title":"CRAMM User Guide","year":"2005","key":"ref34"},{"article-title":"Problem Frames: Analysing and Structuring Software Development Problems","year":"2001","author":"jackson","key":"ref10"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-16934-2_46"},{"key":"ref11","article-title":"Pushing Toulmin Too Far: Learning from an Argument Representation Scheme","author":"newman","year":"1991","journal-title":"Xerox PARC Tech Rep SSL-92-45"},{"key":"ref12","article-title":"Common Attack Pattern Enumeration and Classification (CAPEC) Schema Description, Copyright Cigital Inc., commissioned by the U.S. Department of Homeland Security","author":"barnum","year":"2008","journal-title":"Version 1 3"},{"journal-title":"The MITRE Corporation","article-title":"CWE Schema Documentation","year":"2010","key":"ref13"},{"journal-title":"Common Criteria Portal Jul 2003","article-title":"The-Card-Payment-Group","year":"2010","key":"ref14"},{"journal-title":"m2m Group","article-title":"Payment Card Industry POS PIN Entry Device Security Requirements","year":"2011","key":"ref15"},{"key":"ref16","first-page":"6","article-title":"Failures on Fraud","volume":"3","author":"anderson","year":"2008","journal-title":"SPEE"},{"key":"ref17","first-page":"94","article-title":"Evolving Beyond Requirements Creep: A Risk-Based Evolutionary Prototyping Model","author":"carter","year":"2001","journal-title":"RE'OI"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2005.27"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2005.44"},{"article-title":"Argumentation Schemes for Presumptive Reasoning","year":"1996","author":"walton","key":"ref28"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14183-6_16"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1006\/ijhc.1994.1029"},{"article-title":"Arguing Safety - A Systematic Approach to Safety Case Manauement","year":"1998","author":"kelly","key":"ref3"},{"key":"ref6","first-page":"281","article-title":"Thinking Inside the Box: System-Level Failures of Tamper Proofing","author":"drimer","year":"2008","journal-title":"SP'2008"},{"key":"ref29","first-page":"87","article-title":"Justifying Practical Reasoning","author":"atkinson","year":"2004","journal-title":"CMNA'04"},{"article-title":"The Safety of Software: Constructing and Assuring Arguments","year":"2003","author":"weaver","key":"ref5"},{"journal-title":"Version 3 1 Revision 3 CCMB-2007-09-001 CCMB-2007-09-002 and CCMB-2007-09-003","article-title":"Common Criteria for Information Technology Security Evaluation","year":"2009","key":"ref8"},{"year":"2011","key":"ref7","article-title":"Testing and Approval"},{"journal-title":"An Introduction to Reasoning Macmillan","year":"1979","author":"toulmin","key":"ref2"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.187"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70754"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-004-0194-4"},{"key":"ref22","article-title":"Attack Trees: Modeling Security Threats","author":"schneier","year":"1999","journal-title":"Dr Dobb's Journal"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.1999.816013"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2004.1317437"},{"key":"ref41","first-page":"19","article-title":"A Survey on Probabilistic Argumentation","author":"haenni","year":"2001","journal-title":"ECSQARU'OI"},{"key":"ref23","first-page":"354","article-title":"Using abuse frames to bound the scope of security problems","author":"lin","year":"2004","journal-title":"RE'04 IEEE Computer Society"},{"key":"ref26","article-title":"Success Arguments: Establishing Confidence in Software Development","author":"graydon","year":"2008","journal-title":"Tech Rep CS-2008-10"},{"key":"ref25","first-page":"438","article-title":"Combining Misuse Cases with Attack Trees and Security Activity Models","author":"t?ndel","year":"2010","journal-title":"ARES'2010"}],"event":{"name":"2011 IEEE 19th International Requirements Engineering Conference (RE)","start":{"date-parts":[[2011,8,29]]},"location":"Trento, Italy","end":{"date-parts":[[2011,9,2]]}},"container-title":["2011 IEEE 19th International Requirements Engineering Conference"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/6036256\/6051621\/06051659.pdf?arnumber=6051659","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,21]],"date-time":"2017-03-21T08:04:48Z","timestamp":1490083488000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6051659\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,8]]},"references-count":41,"URL":"https:\/\/doi.org\/10.1109\/re.2011.6051659","relation":{},"subject":[],"published":{"date-parts":[[2011,8]]}}}