{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T21:15:51Z","timestamp":1773954951331,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":15,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,9,3]],"date-time":"2012-09-03T00:00:00Z","timestamp":1346630400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,9,3]]},"DOI":"10.1145\/2381716.2381869","type":"proceedings-article","created":{"date-parts":[[2012,10,11]],"date-time":"2012-10-11T15:35:23Z","timestamp":1349969723000},"page":"809-815","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["A two-phase quantitative methodology for enterprise information security risk analysis"],"prefix":"10.1145","author":[{"given":"Jaya","family":"Bhattacharjee","sequence":"first","affiliation":[{"name":"Jadavpur University, Kolkata, India"}]},{"given":"Anirban","family":"Sengupta","sequence":"additional","affiliation":[{"name":"Jadavpur University, Kolkata, India"}]},{"given":"Chandan","family":"Mazumdar","sequence":"additional","affiliation":[{"name":"Jadavpur University, Kolkata, India"}]},{"given":"Mridul Sankar","family":"Barik","sequence":"additional","affiliation":[{"name":"Jadavpur University, Kolkata, India"}]}],"member":"320","published-online":{"date-parts":[[2012,9,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Alberts C. and Dorofee A. 2001. An Introduction to the OCTAVE Method. Software Engineering Institute Carnegie Mellon University USA - http:\/\/www.cert.org\/octave\/methodintro.html  Alberts C. and Dorofee A. 2001. An Introduction to the OCTAVE Method . Software Engineering Institute Carnegie Mellon University USA - http:\/\/www.cert.org\/octave\/methodintro.html"},{"key":"e_1_3_2_1_2_1","unstructured":"COBRA\n  : Introduction to Security Risk Analysis - http:\/\/www.security-risk-analysis.com\/ COBRA: Introduction to Security Risk Analysis - http:\/\/www.security-risk-analysis.com\/"},{"key":"e_1_3_2_1_3_1","unstructured":"CORAS\n  : A platform for risk analysis of security critical systems - http:\/\/www2.nr.no\/coras\/ CORAS: A platform for risk analysis of security critical systems - http:\/\/www2.nr.no\/coras\/"},{"key":"e_1_3_2_1_4_1","unstructured":"CRAMM\n  : Information Security Risk Assessment Toolkit - http:\/\/www.cramm.com CRAMM: Information Security Risk Assessment Toolkit - http:\/\/www.cramm.com"},{"key":"e_1_3_2_1_5_1","unstructured":"enisa: European Network and Information Security Agency - http:\/\/rm-inv.enisa.europa.eu\/rm_ra_methods.html enisa: European Network and Information Security Agency - http:\/\/rm-inv.enisa.europa.eu\/rm_ra_methods.html"},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of the National Workshop on Software Security","author":"Mazumdar C.","year":"2007","unstructured":"Mazumdar , C. , et. al. 2007 . Enterprise Information Security Risk Analysis: A Quantitative Methodology . In Proceedings of the National Workshop on Software Security ( New Delhi, India , 2007), S. I. Ahson and M. Mehrotra, Ed. NWSS 2007. I. K. International Publishing House Pvt. Ltd., New Delhi, India, 1--12. Mazumdar, C., et. al. 2007. Enterprise Information Security Risk Analysis: A Quantitative Methodology. In Proceedings of the National Workshop on Software Security (New Delhi, India, 2007), S. I. Ahson and M. Mehrotra, Ed. NWSS 2007. I. K. International Publishing House Pvt. Ltd., New Delhi, India, 1--12."},{"key":"e_1_3_2_1_7_1","volume-title":"Information Security Risk Analysis","author":"Peltier T. R.","unstructured":"Peltier , T. R. 201 0. Information Security Risk Analysis . Third Edition, Auerbach Publications , USA. Peltier, T. R. 2010. Information Security Risk Analysis. Third Edition, Auerbach Publications, USA."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/11593980_26"},{"key":"e_1_3_2_1_9_1","volume-title":"et. al","author":"Stoneburner G.","year":"2002","unstructured":"Stoneburner , G. , et. al . 2002 . Risk Management Guide for Information Technology Systems. NIST Special Publication 800--30, MD, USA. Stoneburner, G., et. al. 2002. Risk Management Guide for Information Technology Systems. NIST Special Publication 800--30, MD, USA."},{"key":"e_1_3_2_1_10_1","volume-title":"The International Electrotechnical Commission (ISO\/IEC)","author":"The International Organization for Standardization","year":"2005","unstructured":"The International Organization for Standardization , The International Electrotechnical Commission (ISO\/IEC) . 2005 . ISO\/IEC 27002:2005, Information technology -- Security techniques - Code of practice for information security management. Edition 1. Switzerland . The International Organization for Standardization, The International Electrotechnical Commission (ISO\/IEC). 2005. ISO\/IEC 27002:2005, Information technology -- Security techniques - Code of practice for information security management. Edition 1. Switzerland."},{"key":"e_1_3_2_1_11_1","volume-title":"The International Electrotechnical Commission (ISO\/IEC)","author":"The International Organization for Standardization","year":"2009","unstructured":"The International Organization for Standardization , The International Electrotechnical Commission (ISO\/IEC) . 2009 . ISO\/IEC 31010:2009, Risk management --- Risk assessment techniques. Edition 1. Switzerland . The International Organization for Standardization, The International Electrotechnical Commission (ISO\/IEC). 2009. ISO\/IEC 31010:2009, Risk management --- Risk assessment techniques. Edition 1. Switzerland."},{"key":"e_1_3_2_1_12_1","volume-title":"The International Electrotechnical Commission (ISO\/IEC)","author":"The International Organization for Standardization","year":"2011","unstructured":"The International Organization for Standardization , The International Electrotechnical Commission (ISO\/IEC) . 2011 . ISO\/IEC 27005:2011, Information technology -- Security techniques - information security risk management. Edition 1. Switzerland . The International Organization for Standardization, The International Electrotechnical Commission (ISO\/IEC). 2011. ISO\/IEC 27005:2011, Information technology -- Security techniques - information security risk management. Edition 1. Switzerland."},{"key":"e_1_3_2_1_13_1","unstructured":"Unified Modeling Language - http:\/\/www.uml.org\/ Unified Modeling Language - http:\/\/www.uml.org\/"},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the Annual Research Conference of the South African Institute of Computer Scientists (South Africa, September 20--22, 2005). SAICSIT 2005. ACM","author":"Vorster A.","unstructured":"Vorster , A. and Labuschagne, L . 2005. A Framework for Comparing Different Information Security Risk Analysis Methodologies . In Proceedings of the Annual Research Conference of the South African Institute of Computer Scientists (South Africa, September 20--22, 2005). SAICSIT 2005. ACM , New York, NY, 95--103. Vorster, A. and Labuschagne, L. 2005. A Framework for Comparing Different Information Security Risk Analysis Methodologies. In Proceedings of the Annual Research Conference of the South African Institute of Computer Scientists (South Africa, September 20--22, 2005). SAICSIT 2005. ACM, New York, NY, 95--103."},{"key":"e_1_3_2_1_15_1","volume-title":"Fuzzy Logic, and Fuzzy Systems: Selected Papers by L. A. Zadeh. In Advances in Fuzzy Systems: Applications and Theory","author":"Zadeh L. A.","unstructured":"Zadeh , L. A. 1996. Fuzzy Sets , Fuzzy Logic, and Fuzzy Systems: Selected Papers by L. A. Zadeh. In Advances in Fuzzy Systems: Applications and Theory Vol. 6 , G. J. Klir and B. Yuan, Ed . World Scientific , Singapore. Zadeh, L. A. 1996. Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems: Selected Papers by L. A. Zadeh. In Advances in Fuzzy Systems: Applications and Theory Vol. 6, G. J. Klir and B. Yuan, Ed. World Scientific, Singapore."}],"event":{"name":"CUBE '12: CUBE International IT Conference & Exhibition","location":"Pune India","acronym":"CUBE '12","sponsor":["CUOT Curtin University of Technology"]},"container-title":["Proceedings of the CUBE International Information Technology Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2381716.2381869","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2381716.2381869","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:34:46Z","timestamp":1750239286000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2381716.2381869"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,9,3]]},"references-count":15,"alternative-id":["10.1145\/2381716.2381869","10.1145\/2381716"],"URL":"https:\/\/doi.org\/10.1145\/2381716.2381869","relation":{},"subject":[],"published":{"date-parts":[[2012,9,3]]},"assertion":[{"value":"2012-09-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}