{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:32:16Z","timestamp":1750307536912,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":12,"publisher":"ACM","license":[{"start":{"date-parts":[[2008,3,28]],"date-time":"2008-03-28T00:00:00Z","timestamp":1206662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2008,3,28]]},"DOI":"10.1145\/1593105.1593203","type":"proceedings-article","created":{"date-parts":[[2009,8,11]],"date-time":"2009-08-11T13:29:27Z","timestamp":1249997367000},"page":"373-376","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["IT security risk management"],"prefix":"10.1145","author":[{"given":"Mohammed","family":"Ketel","sequence":"first","affiliation":[{"name":"University of Baltimore, Baltimore, MD"}]}],"member":"320","published-online":{"date-parts":[[2008,3,28]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Principles of Information Security","author":"Whitman M.","year":"2005","unstructured":"M. Whitman and H. Mattord , Principles of Information Security , Second Edition, Thomson Course Technology , 2005 . M. Whitman and H. Mattord, Principles of Information Security, Second Edition, Thomson Course Technology, 2005."},{"key":"e_1_3_2_1_2_1","volume-title":"Risk Management Guide for Information Technology Systems. NIST special publication 800--30","author":"Stoneburner G.","year":"2002","unstructured":"G. Stoneburner , A. Goguen , and A. Feringa , Risk Management Guide for Information Technology Systems. NIST special publication 800--30 , National Institute of Standards and Technology , July 2002 . G. Stoneburner, A. Goguen, and A. Feringa, Risk Management Guide for Information Technology Systems. NIST special publication 800--30, National Institute of Standards and Technology, July 2002."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.151"},{"key":"e_1_3_2_1_4_1","volume-title":"Dr. Dobb's Journal","author":"Schneier B.","year":"1999","unstructured":"B. Schneier , Attack trees: Modeling security threats , in Dr. Dobb's Journal , December 1999 . B. Schneier, Attack trees: Modeling security threats, in Dr. Dobb's Journal, December 1999."},{"key":"e_1_3_2_1_5_1","volume-title":"Digital Security in a Networked World","author":"Schneier B.","year":"2000","unstructured":"B. Schneier . Secrets & Lies : Digital Security in a Networked World . John Wiley & amp; Sons, 2000 . B. Schneier. Secrets & Lies: Digital Security in a Networked World. John Wiley & Sons, 2000."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/11734727_17"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2006.46"},{"key":"e_1_3_2_1_8_1","volume-title":"Jan.","author":"Reavis J.","year":"2004","unstructured":"J. Reavis , \" Managing Risk and Reducing the Cost of Web Application Security ,\" Chief Security Officer , White paper series , Jan. 2004 . J. Reavis, \"Managing Risk and Reducing the Cost of Web Application Security,\" Chief Security Officer, White paper series, Jan. 2004."},{"key":"e_1_3_2_1_9_1","first-page":"87","volume-title":"Las Vegas, Nevada","author":"Schechter S. E.","year":"2004","unstructured":"S. E. Schechter , \"Toward econometric models of the security risk from remote attacks,\" in 3rd Workshop on Economics and Information Security , Las Vegas, Nevada , pp. 87 -- 92 , May 13 --14 , 2004 . S. E. Schechter, \"Toward econometric models of the security risk from remote attacks,\" in 3rd Workshop on Economics and Information Security, Las Vegas, Nevada, pp. 87--92, May 13--14, 2004."},{"issue":"1","key":"e_1_3_2_1_10_1","first-page":"55","volume":"38","author":"Sonnenreich W.","year":"2006","unstructured":"W. Sonnenreich , J. Albanese , and B. Stout , \"Return On Security Investment (ROSI): A practical quantitative model,\" Journal of Research and Practice in Information Technology , Vol. 38 , No. 1 , pp. 55 -- 66 , 2006 . W. Sonnenreich, J. Albanese, and B. Stout, \"Return On Security Investment (ROSI): A practical quantitative model,\" Journal of Research and Practice in Information Technology, Vol. 38, No. 1, pp. 55--66, 2006.","journal-title":"\"Return On Security Investment (ROSI): A practical quantitative model,\" Journal of Research and Practice in Information Technology"},{"key":"e_1_3_2_1_11_1","unstructured":"S. Losi \"The ROI of Security \" http:\/\/www.sei.cmu.edu\/news-at-sei\/columns\/security_matters\/2006\/05\/security-matters-2006-05.htm (Accessed 10\/29\/06)  S. Losi \"The ROI of Security \" http:\/\/www.sei.cmu.edu\/news-at-sei\/columns\/security_matters\/2006\/05\/security-matters-2006-05.htm (Accessed 10\/29\/06)"},{"key":"e_1_3_2_1_12_1","volume-title":"Computer Security Strength &amp","author":"Schechter S. E.","year":"2004","unstructured":"S. E. Schechter , Computer Security Strength &amp ; Risk : A Quantitative Approach, PhD Thesis, Harvard University , Massachusetts, June 2004 . S. E. Schechter, Computer Security Strength & Risk: A Quantitative Approach, PhD Thesis, Harvard University, Massachusetts, June 2004."}],"event":{"name":"ACM SE08: ACM Southeast Regional Conference","acronym":"ACM SE08","location":"Auburn Alabama"},"container-title":["Proceedings of the 46th Annual Southeast Regional Conference on XX"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1593105.1593203","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1593105.1593203","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:23:19Z","timestamp":1750249399000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1593105.1593203"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,3,28]]},"references-count":12,"alternative-id":["10.1145\/1593105.1593203","10.1145\/1593105"],"URL":"https:\/\/doi.org\/10.1145\/1593105.1593203","relation":{},"subject":[],"published":{"date-parts":[[2008,3,28]]},"assertion":[{"value":"2008-03-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}