{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:19:34Z","timestamp":1750220374258,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,8,17]],"date-time":"2021-08-17T00:00:00Z","timestamp":1629158400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["832907"],"award-info":[{"award-number":["832907"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,8,17]]},"DOI":"10.1145\/3465481.3470475","type":"proceedings-article","created":{"date-parts":[[2021,8,16]],"date-time":"2021-08-16T17:57:21Z","timestamp":1629136641000},"page":"1-13","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Integrating Security Behavior into Attack Simulations"],"prefix":"10.1145","author":[{"given":"Simon","family":"Hacks","sequence":"first","affiliation":[{"name":"KTH Royal Institute of Technology, SE"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ismail","family":"Butun","sequence":"additional","affiliation":[{"name":"KTH Royal Institute of Technology, SE"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robert","family":"Lagerstr\u00f6m","sequence":"additional","affiliation":[{"name":"KTH Royal Institute of Technology, SE"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrei","family":"Buhaiu","sequence":"additional","affiliation":[{"name":"Swedish Defence University, SE"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anna","family":"Georgiadou","sequence":"additional","affiliation":[{"name":"National Technical University of Athens, GR"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ariadni","family":"Michalitsi Psarrou","sequence":"additional","affiliation":[{"name":"National Technical University of Athens, GR"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,8,17]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Information\u00a0Systems Audit and Control\u00a0Association (isaca). 2012. COBIT5: A Business Framework for the Governance and Management of Enterprise IT. (2012)."},{"volume-title":"45th Hawaii International Conference on Systems Sciences","author":"Aurigemma S.","key":"e_1_3_2_1_2_1","unstructured":"S. Aurigemma and R. Panko. 2012. A Composite Framework for Behavioral Compliance with Information Security Policies. In 45th Hawaii International Conference on Systems Sciences. Maui, Hawaii."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/0377-2217(86)90054-8"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2878100"},{"key":"e_1_3_2_1_5_1","volume-title":"Modeling Enterprise Risk Management and Security with the ArchiMate\u00ae. Language","author":"Band Iver","year":"2015","unstructured":"Iver Band, Wilco Engelsman, C Feltus, Sonia\u00a0Gonz\u00e1lez Paredes, and Dux Diligens. 2015. Modeling Enterprise Risk Management and Security with the ArchiMate\u00ae. Language, The Open Group(2015)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/0377-2217(86)90044-5"},{"volume-title":"Intrusion Detection in Industrial Networks via Data Streaming","author":"Butun Ismail","key":"e_1_3_2_1_7_1","unstructured":"Ismail Butun, Magnus Almgren, Vincenzo Gulisano, and Marina Papatriantafilou. 2020. Intrusion Detection in Industrial Networks via Data Streaming. In Industrial IoT. Springer, 213\u2013238."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5220\/0009187307330741"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.09.010"},{"key":"e_1_3_2_1_10_1","volume-title":"Analysis of the cyber attack on the Ukrainian power grid","author":"Case Defense Use","year":"2016","unstructured":"Defense Use Case. 2016. Analysis of the cyber attack on the Ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC) (2016)."},{"key":"e_1_3_2_1_11_1","volume-title":"Enterprise Distributed Object Computing Workshop (EDOCW)","author":"Ekstedt Mathias","year":"2015","unstructured":"Mathias Ekstedt, Pontus Johnson, Robert Lagerstr\u00f6m, Dan Gorton, Joakim Nydr\u00e9n, and Khurram Shahzad. 2015. securiCAD by foreseeti: A CAD tool for enterprise cyber security management. In Enterprise Distributed Object Computing Workshop (EDOCW), 2015 IEEE 19th International. IEEE, 152\u2013155."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(05)70275-X"},{"key":"e_1_3_2_1_14_1","unstructured":"EnergyShield. 2021. Deliverable 1.5 \u2013 System architecture. Technical Report."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/UKSim.2018.00018"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5121\/ijnsa.2021.13103"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.3390\/s21093267"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","unstructured":"A. Georgiadou S. Mouzakitis and D. Askounis. 2021. Detecting Insider Threat via a Cyber-Security Culture Framework. Journal of Computer Information Systems(2021). https:\/\/doi.org\/10.1080\/08874417.2021.1903367","DOI":"10.1080\/08874417.2021.1903367"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1057\/s41284-021-00286-2"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1080\/08874417.2020.1845583"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/EDOCW.2013.19"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3332448.3332458"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-7133-3_5"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/EDOC.2019.00020"},{"key":"e_1_3_2_1_25_1","volume-title":"powerLang: a probabilistic attack simulation language for the power domain. Energy Informatics 3, 1","author":"Hacks Simon","year":"2020","unstructured":"Simon Hacks, Sotirios Katsikeas, Engla Ling, Robert Lagerstr\u00f6m, and Mathias Ekstedt. 2020. powerLang: a probabilistic attack simulation language for the power domain. Energy Informatics 3, 1 (2020)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","unstructured":"K. Hasan S. Shetty and S. Ullah. 2019. Artificial Intelligence Empowered Cyber Threat Detection and Protection for Power Utilities. In 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC) Los Angeles (Ed.). https:\/\/doi.org\/10.1109\/CIC48465.2019.00049","DOI":"10.1109\/CIC48465.2019.00049"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-012-0252-1"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2382574"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.9766\/KIMST.2019.22.6.797"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","unstructured":"Q. Hu T. Dinev P. Hart and D. Cooke. 2012. Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture. Decision Sciences 43 (August 2012) 4. https:\/\/doi.org\/10.1111\/j.1540-5915.2012.00361.x","DOI":"10.1111\/j.1540-5915.2012.00361.x"},{"volume-title":"Security and Privacy Controls for Federal Information Systems and Organizations","author":"Joint Task Force","key":"e_1_3_2_1_31_1","unstructured":"Joint Task Force\u00a0Transformation Initiative. 2013. SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations. National Institute of Standards and Technology."},{"key":"e_1_3_2_1_32_1","first-page":"2013","article-title":"Information technology \u2014 Security techniques \u2014 Code of practice for information security controls","volume":"27002","author":"Central Secretary ISO","year":"2013","unstructured":"ISO Central Secretary. 2013. Information technology \u2014 Security techniques \u2014 Code of practice for information security controls. Standard ISO\/IEC 27002:2013. International Organization for Standardization. https:\/\/www.iso.org\/standard\/54533.html","journal-title":"Standard ISO\/IEC"},{"key":"e_1_3_2_1_33_1","first-page":"2015","article-title":"Information security management","volume":"27001","author":"Central Secretary ISO","year":"2015","unstructured":"ISO Central Secretary. 2015. Information security management. Standard ISO\/IEC 27001:2015. International Organization for Standardization. https:\/\/www.iso.org\/isoiec-27001-information-security.html","journal-title":"Standard ISO\/IEC"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3232799"},{"volume-title":"Graphical Models for Security","author":"Katsikeas Sotirios","key":"e_1_3_2_1_35_1","unstructured":"Sotirios Katsikeas, Simon Hacks, Pontus Johnson, Mathias Ekstedt, Robert Lagerstr\u00f6m, Joar Jacobsson, Max W\u00e4llstedt, and Per Eliasson. 2020. An Attack Simulation Language for the IT Domain. In Graphical Models for Security. Springer, Cham, 67\u201386."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2990195"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.9708\/jksci.2020.25.09.071"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2012.02.006"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/EDOCW.2010.35"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1108\/MRR-04-2013-0085"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.17705\/1JAIS.00030"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1952982.1952995"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1080\/15536548.2014.924807"},{"key":"e_1_3_2_1_44_1","volume-title":"Multikonferenz Wirtschaftsinformatik (MKWI)","author":"Mathew Delin","year":"2018","unstructured":"Delin Mathew, Simon Hacks, and Horst Lichter. 2018. Developing a Semantic Mapping betwen TOGAF and BSI-IT-Grundschutz. In Multikonferenz Wirtschaftsinformatik (MKWI) 2018, Paul Drews, Burkhardt Funk, Peter Niemeyer, and Lie Xie (Eds.), Vol.\u00a05. 1971\u20131982."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2017.8258514"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1080\/15332861.2010.487415"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/NBiS.2011.113"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2008.11.010"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.02.013"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1088\/1742-6596"},{"key":"e_1_3_2_1_51_1","volume-title":"Proceedings of Informing Science & IT Education Conference (InSITE)","author":"Ophoff J.","year":"2014","unstructured":"J. Ophoff, A. Jensen, J. Sanderson-Smith, M. Porter, and K. Johnston. 2014. A Descriptive Literature Review and Classification of Insider Threat Research. In Proceedings of Informing Science & IT Education Conference (InSITE) 2014. Wollongong."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0377-2217(03)00020-1"},{"volume-title":"IS Security Policy Compliance. In 2007 40th Annual Hawaii International Conference on System Sciences (HICSS\u201907)","author":"Pahnila S.","key":"e_1_3_2_1_53_1","unstructured":"S. Pahnila, M. Siponen, and A. Mahmood. 2007. Employees\u2019 Behavior towards IS Security Policy Compliance. In 2007 40th Annual Hawaii International Conference on System Sciences (HICSS\u201907). Waikoloa."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","unstructured":"M. Parmar and A. Domingo. 2019. On the Use of Cyber Threat Intelligence (CTI) in Support of Developing the Commander\u2019s Understanding of the Adversary. in MILCOM (2019) 2019\u20132019. https:\/\/doi.org\/10.1109\/MILCOM47813.2019.9020852","DOI":"10.1109\/MILCOM47813.2019.9020852"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Thomas Petermann Harald Bradke Arne L\u00fcllmann Maik Poetzsch and Ulrich Riehm. 2011. Was bei einem Blackout geschieht: Folgen eines langandauernden und gro\u00dffl\u00e4chigen Stromausfalls. Vol.\u00a0662. B\u00fcro f\u00fcr Technikfolgen-Absch\u00e4tzung.","DOI":"10.5771\/9783845270210"},{"key":"e_1_3_2_1_56_1","unstructured":"G. Petric and K. Roer. 2018. To measure security culture: A scientific approach. CLTRe North America Inc."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.05.008"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0218127407018531"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1016\/0377-2217(90)90057-I"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1080\/00048402.2014.992447"},{"key":"e_1_3_2_1_61_1","first-page":"133","article-title":"Employees\u2019 Adherence to Information Security Policies: An Empirical Study","volume":"232","author":"Siponen M.","year":"2007","unstructured":"M. Siponen, S. Pahnila, and A. Mahmood. 2007. Employees\u2019 Adherence to Information Security Policies: An Empirical Study. Privacy and Trust in Complex Environments 232 (2007), 133\u2013144.","journal-title":"Privacy and Trust in Complex Environments"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2015.11.009"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.5555\/2206293"},{"key":"e_1_3_2_1_64_1","volume-title":"Cascade-based attack vulnerability on the US power grid. Safety science 47, 10","author":"Wang Jian-Wei","year":"2009","unstructured":"Jian-Wei Wang and Li-Li Rong. 2009. Cascade-based attack vulnerability on the US power grid. Safety science 47, 10 (2009), 1332\u20131336."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2008.04.005"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/EDOCW.2019.00031"},{"key":"e_1_3_2_1_67_1","volume-title":"A Method for Assigning Probability Distributions in Attack Simulation Languages. Complex Systems Informatics and Modeling Quarterly26","author":"Xiong Wenjun","year":"2021","unstructured":"Wenjun Xiong, Simon Hacks, and Robert Lagerstr\u00f6m. 2021. A Method for Assigning Probability Distributions in Attack Simulation Languages. Complex Systems Informatics and Modeling Quarterly26 (2021), 55\u201377."}],"event":{"name":"ARES 2021: The 16th International Conference on Availability, Reliability and Security","acronym":"ARES 2021","location":"Vienna Austria"},"container-title":["Proceedings of the 16th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465481.3470475","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3465481.3470475","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:17:42Z","timestamp":1750191462000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465481.3470475"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,17]]},"references-count":66,"alternative-id":["10.1145\/3465481.3470475","10.1145\/3465481"],"URL":"https:\/\/doi.org\/10.1145\/3465481.3470475","relation":{},"subject":[],"published":{"date-parts":[[2021,8,17]]},"assertion":[{"value":"2021-08-17","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}