{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,2]],"date-time":"2025-07-02T04:27:36Z","timestamp":1751430456862,"version":"3.41.0"},"reference-count":136,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2022,7,12]],"date-time":"2022-07-12T00:00:00Z","timestamp":1657584000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Ministerio de Ciencia, Innovaci\u00f3n y Universidades, y Fondo Europeo de Desarrollo Regional FEDER","award":["RTI2018-098309-B-C31"],"award-info":[{"award-number":["RTI2018-098309-B-C31"]}]},{"name":"Consejer\u00eda de Educaci\u00f3n, Cultura y Deportes de la Junta de Comunidades de Castilla La Mancha, y Fondo Europeo de Desarrollo Regional FEDER","award":["SBPLY\/17\/180501\/000150"],"award-info":[{"award-number":["SBPLY\/17\/180501\/000150"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2022,10,31]]},"abstract":"<jats:p>In order to improve and sustain their competitiveness over time, organisations nowadays need to undertake different initiatives to adopt frameworks, models and standards that will allow them to align and improve their business processes. In spite of these efforts, organisations may still encounter governance and management problems. This is where<jats:bold>Risk Management (RM)<\/jats:bold>can play a major role, since its purpose is to contribute to the creation and preservation of value in the context of the organisation's processes. RM is a complex and subjective activity that requires experience and a high level of knowledge about risks, and it is for this reason that standardisation institutions and researchers have made great efforts to define initiatives to overcome these challenges. However, the RM field nevertheless presents a lack of uniformity in its terms and concepts, due to the different contexts and scopes of application, a situation that can generate ambiguities and misunderstandings. To address these issues, this paper aims to present an ontology called<jats:bold>SRMO (Software Risk Management Ontology)<\/jats:bold>, which seeks to unify the terms and concepts associated with RM and provide an integrated and holistic view of risk. In doing so, the Pipeline framework has been applied in order to assure and verify the quality of the proposed ontology, and it has been implemented in Prot\u00e9g\u00e9 and validated by means of competency questions. Three application scenarios of this ontology demonstrating their usefulness in the software engineering field are presented in this paper. We believe that this ontology can be useful for organisations that are interested in: (i) establishing an RM strategy from an integrated approach, (ii) defining the elements that help to identify risks and the criteria that support decision-making in risk assessment, and (iii) helping the involved stakeholders during the process of risk management.<\/jats:p>","DOI":"10.1145\/3498539","type":"journal-article","created":{"date-parts":[[2022,2,12]],"date-time":"2022-02-12T17:13:28Z","timestamp":1644686008000},"page":"1-47","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["A Common Terminology for Software Risk Management"],"prefix":"10.1145","volume":"31","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9977-2881","authenticated-orcid":false,"given":"Jhon","family":"Masso","sequence":"first","affiliation":[{"name":"Alarcos Research Group, Institute of Technologies and Information Systems, University of Castilla-La Mancha, Spain and GTI Research Group. Electronic and Telecommunications Engineering Faculty, University of Cauca, Popay\u00e1n, Cauca"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6460-0353","authenticated-orcid":false,"given":"F\u00e9lix","family":"Garc\u00eda","sequence":"additional","affiliation":[{"name":"Alarcos Research Group, Institute of Technologies and Information Systems, University of Castilla-La Mancha, Castilla la Mancha, Spain"}]},{"given":"C\u00e9sar","family":"Pardo","sequence":"additional","affiliation":[{"name":"GTI Research Group. Electronic and Telecommunications Engineering Faculty, University of Cauca, Popay\u00e1n, Cauca, Colombia"}]},{"given":"Francisco J.","family":"Pino","sequence":"additional","affiliation":[{"name":"IDIS Research Group. Electronic and Telecommunications Engineering Faculty, University of Cauca, Popay\u00e1n, Cauca, Colombia"}]},{"given":"Mario","family":"Piattini","sequence":"additional","affiliation":[{"name":"Alarcos Research Group, Institute of Technologies and Information Systems, University of Castilla-La Mancha, Castilla la Mancha, Spain"}]}],"member":"320","published-online":{"date-parts":[[2022,7,12]]},"reference":[{"key":"e_1_3_2_2_2","volume-title":"HAISA","author":"Agrawal Vivek","year":"2016","unstructured":"Vivek Agrawal. 2016. Towards the ontology of ISO\/IEC 27005: 2011 Risk management standard. In HAISA."},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2007.152"},{"key":"e_1_3_2_4_2","doi-asserted-by":"crossref","first-page":"444","DOI":"10.1007\/978-3-642-33618-8_60","volume-title":"On the Move to Meaningful Internet Systems: OTM 2012 Workshops","author":"Ansaldi Silvia","year":"2012","unstructured":"Silvia Ansaldi, Marina Monti, Patrizia Agnello, and Franca Giannini. 2012. An ontology for the identification of the most appropriate risk management methodology. In On the Move to Meaningful Internet Systems: OTM 2012 Workshops, Springer Berlin, Berlin, 444\u2013453."},{"volume-title":"AS\/NZS 4360: 2004: Risk management","year":"2004","key":"e_1_3_2_5_2","unstructured":"AS\/NZS. 2004. AS\/NZS 4360: 2004: Risk management. Standards Australia; Standards New Zealand Sydney."},{"key":"e_1_3_2_6_2","unstructured":"Managing Successful Projects with PRINCE2\u00ae 2017"},{"key":"e_1_3_2_7_2","unstructured":"Judson Bandeira Ig Ibert Bittencourt Patr\u00edcia Espinheira and Seiji Isotani. 2016. FOCA: A methodology for ontology evaluation. ArXiv abs\/1612.0 (2016)."},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2016.11.010"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2018.04.010"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1002\/smr.1984"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-34518-3_6"},{"key":"e_1_3_2_12_2","first-page":"275","article-title":"Developing domain ontologies for course content","volume":"10","author":"Boyce Sin\u00e9ad","year":"2007","unstructured":"Sin\u00e9ad Boyce and Claus Pahl. 2007. Developing domain ontologies for course content. J. Educ. Technol. Soc. 10, (2007), 275\u2013288.","journal-title":"J. Educ. Technol. Soc."},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.4018\/jkss.2010100101"},{"key":"e_1_3_2_14_2","unstructured":"BSI. 2016. IT-Grundschutz-Katalog . Retrieved from https:\/\/bit.ly\/3sMAQX7."},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.21236\/ADA266992"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2019.12.171"},{"key":"e_1_3_2_17_2","volume-title":"Software Risk Management","author":"Christel Michael","year":"1996","unstructured":"Michael Christel and Kyo Kang. 1996. Software Risk Management. Pittsburgh, PA. Retrieved from https:\/\/bit.ly\/3EHkIgM."},{"key":"e_1_3_2_18_2","unstructured":"CMMI Institute. 2018. CMMI Model V2.0 . Retrieved from https:\/\/bit.ly\/2QlAFFa."},{"key":"e_1_3_2_19_2","unstructured":"CMMI Institute. 2018. CMMI V2.0 Adoption and Transition Guidance (Version 2.1) . Retrieved from https:\/\/bit.ly\/3aAJ6TP."},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.5555\/1177337"},{"key":"e_1_3_2_21_2","first-page":"1","volume-title":"PMI Global Congress Proceedings","author":"Hillson David","year":"2006","unstructured":"David Hillson. 2006. Integrated risk management as a framework for organisational success. In PMI Global Congress Proceedings, Project Management Institute, North America, Seattle, WA. Newtown Square, PA, 1\u20136. Retrieved from https:\/\/bit.ly\/3gBw2RV."},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-27303-7_13"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbusres.2019.08.002"},{"key":"e_1_3_2_24_2","unstructured":"Eclipse Foundation. 2018. Eclipse process framework project. Retrieved from https:\/\/bit.ly\/3kw1GSA."},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1002\/smr.2269"},{"key":"e_1_3_2_26_2","unstructured":"ENISA. 2006. Risk Management - Principles and Inventories for Risk Management \/Risk Assessment Methods and Tools . Retrieved from https:\/\/bit.ly\/2RVp8wp."},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(11)70015-X"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-25983-1_2"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1504\/IJBPIM.2009.032281"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/568760.568822"},{"key":"e_1_3_2_31_2","unstructured":"Ricardo Falbo Credin\u00e9 Menezes and A. Rocha. 1998. Using ontologies to improve knowledge integration in software engineering environments. (January 1998)."},{"key":"e_1_3_2_32_2","volume-title":"Ontologies: A Silver Bullet for Knowledge Management and Electronic Commerce","author":"Fensel Dieter","year":"2003","unstructured":"Dieter Fensel. 2003. Ontologies: A Silver Bullet for Knowledge Management and Electronic Commerce (2nd ed.). Springer-Verlag, Berlin.","edition":"2"},{"key":"e_1_3_2_33_2","unstructured":"Mariano Fern\u00e1ndez-L\u00f3pez Asunci\u00f3n G\u00f3mez-P\u00e9rez and Natalia Juristo. 1997. Methontology: From ontological art towards ontological engineering. (1997)."},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1080\/0266476042000214501"},{"key":"e_1_3_2_35_2","volume-title":"European Conference on Information Systems, ECIS, ESADE \/AIS","author":"Fill Hans-Georg","year":"2012","unstructured":"Hans-Georg Fill. 2012. An approach for analyzing the effects of risks on business processes using semantic annotations. In European Conference on Information Systems, ECIS, ESADE \/AIS, Barcelona. Retrieved from https:\/\/bit.ly\/3dNT6uV."},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2005.07.001"},{"key":"e_1_3_2_37_2","doi-asserted-by":"crossref","first-page":"253","DOI":"10.1007\/978-3-030-16181-1_24","volume-title":"New Knowledge in Information Systems and Technologies","author":"Gaspoz C\u00e9dric","year":"2019","unstructured":"C\u00e9dric Gaspoz, Ulysse Rosselet, Mathias Rossi, and M\u00e9lanie Thomet. 2019. Ontology driven feedforward risk management. In New Knowledge in Information Systems and Technologies, Springer International Publishing, Cham, 253\u2013261."},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/ITMS47855.2019.8940653"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2016.09.187"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24750-0_13"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1007\/b97353"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1006\/ijhc.1995.1081"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-34847-6_3"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.5555\/521669"},{"key":"e_1_3_2_45_2","first-page":"331","volume-title":"Formal Ontology in Information Systems: Proceedings of the 9th International Conference (FOIS 2016)","author":"Guarino Nicola","year":"2016","unstructured":"Nicola Guarino, Birger Andersson, Paul Johannesson, and B. Livieri. 2016. Towards an ontology of value ascription. In Formal Ontology in Information Systems: Proceedings of the 9th International Conference (FOIS 2016), 331."},{"key":"e_1_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1108\/17410390910993554"},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1108\/02635570910982283"},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1109\/SNPD.2019.8935813"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1006\/ijhc.1996.0090"},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.rcim.2007.07.007"},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1287\/isre.9.2.164"},{"volume-title":"A Risk Management Standard","year":"2002","key":"e_1_3_2_52_2","unstructured":"IRM. 2002. A Risk Management Standard. London. Retrieved from https:\/\/bit.ly\/3v9WVjQ."},{"volume-title":"COBIT 5 for Risk","year":"2013","key":"e_1_3_2_53_2","unstructured":"ISACA. 2013. COBIT 5 for Risk. ISACA, Rolling Meadows, Illinois EE.UU. Retrieved from https:\/\/bit.ly\/3aBCqEX."},{"key":"e_1_3_2_54_2","unstructured":"ISACA. 2012. COBIT 5: A Business Framework for the Governance and Management of Enterprise IT . Rolling Meadows Illinois EE.UU. Retrieved from https:\/\/bit.ly\/3aCIaOD."},{"volume-title":"COBIT 5 Enabling Processes. ISACA","year":"2012","key":"e_1_3_2_55_2","unstructured":"ISACA. 2012. COBIT 5 Enabling Processes. ISACA, Rolling Meadows, Illinois EE.UU. Retrieved from https:\/\/bit.ly\/3ngJZpH."},{"volume-title":"COBIT 2019 Framework: Introduction and Methodology","year":"2018","key":"e_1_3_2_56_2","unstructured":"ISACA. 2018. COBIT 2019 Framework: Introduction and Methodology. Schaumburg, Illinois USA. Retrieved from https:\/\/bit.ly\/2QkaWNj."},{"volume-title":"COBIT 2019 Framework: Governance and Management Objectives","year":"2018","key":"e_1_3_2_57_2","unstructured":"ISACA. 2018. COBIT 2019 Framework: Governance and Management Objectives. ISACA, Schaumburg, Illinois USA. Retrieved from https:\/\/bit.ly\/2S1BnYz."},{"key":"e_1_3_2_58_2","volume-title":"Risk IT Framework","year":"2020","unstructured":"ISACA. 2020. Risk IT Framework, 2nd Edition. ISACA, Schaumburg, Illinois USA. Retrieved from https:\/\/bit.ly\/3ez23HQ.","edition":"2"},{"volume-title":"ISO GUIDE 73: Risk management \u2014 Vocabulary \u2014 Guidelines for Use in Standards","year":"2007","key":"e_1_3_2_59_2","unstructured":"ISO. 2007. ISO GUIDE 73: Risk management \u2014 Vocabulary \u2014 Guidelines for Use in Standards. International Organization for Standardization; International Electrotechnical Commission, Geneva, Switzerland."},{"volume-title":"ISO 31000:2009 Risk management \u2014 Principles and guidelines","year":"2009","key":"e_1_3_2_60_2","unstructured":"ISO. 2009. ISO 31000:2009 Risk management \u2014 Principles and guidelines. Geneva, Switzerland. Retrieved from https:\/\/bit.ly\/3AzqCOC."},{"key":"e_1_3_2_61_2","unstructured":"ISO. 2011. ISO\/IEC 27005: Information technology \u2013 Security techniques \u2013 Information security risk management . Geneva Switzerland. Retrieved from https:\/\/bit.ly\/39u7BkF."},{"key":"e_1_3_2_62_2","unstructured":"ISO. 2013. ISO\/IEC 27001:2013. Information Security Management System (ISMS) Requirements . Technical report . Retrieved from https:\/\/bit.ly\/3xlbS4q."},{"volume-title":"ISO\/IEC 27000:2014 Information technology \u2014 Security techniques \u2014 Information security management systems \u2014 Overview and vocabulary","year":"2014","key":"e_1_3_2_63_2","unstructured":"ISO. 2014. ISO\/IEC 27000:2014 Information technology \u2014 Security techniques \u2014 Information security management systems \u2014 Overview and vocabulary. Geneva, Switzerland. Retrieved from https:\/\/bit.ly\/3tYSglv."},{"volume-title":"ISO 55000: Asset management \u2014 Overview, Principles and Terminology","year":"2014","key":"e_1_3_2_64_2","unstructured":"ISO. 2014. ISO 55000: Asset management \u2014 Overview, Principles and Terminology. Geneva, Switzerland. Retrieved from https:\/\/bit.ly\/3sSuFAB"},{"volume-title":"ISO\/IEC\/IEEE 15288: Systems and software engineering \u2014 System life cycle processes","year":"2015","key":"e_1_3_2_65_2","unstructured":"ISO. 2015. ISO\/IEC\/IEEE 15288: Systems and software engineering \u2014 System life cycle processes. Geneva, Switzerland. Retrieved from https:\/\/bit.ly\/3erT771."},{"volume-title":"ISO 9001: Quality management systems \u2014 Requirements","year":"2015","key":"e_1_3_2_66_2","unstructured":"ISO. 2015. ISO 9001: Quality management systems \u2014 Requirements. Geneva, Switzerland. Retrieved from https:\/\/bit.ly\/3eodemq."},{"volume-title":"ISO\/IEC\/IEEE 15939: Systems and software engineering \u2014 Measurement process","year":"2017","key":"e_1_3_2_67_2","unstructured":"ISO. 2017. ISO\/IEC\/IEEE 15939: Systems and software engineering \u2014 Measurement process. Geneva, Switzerland. Retrieved from https:\/\/bit.ly\/3xlRMaw."},{"volume-title":"IEC 31010 Risk management - Risk assessment techniques","year":"2019","key":"e_1_3_2_68_2","unstructured":"ISO. 2019. IEC 31010 Risk management - Risk assessment techniques. Geneva, Switzerland. Retrieved from https:\/\/bit.ly\/3u15FbK."},{"key":"e_1_3_2_69_2","unstructured":"ISO. 2021. ISO\/IEC 16085 Systems and software engineering \u2013- Life cycle processes \u2013- Risk management. Geneva Switzerland. Retrieved from https:\/\/bit.ly\/3NNNX59."},{"key":"e_1_3_2_70_2","unstructured":"ISO. 2009. IEC 31010:2009 Risk management - Risk assessment techniques. International Organization for Standardization and International Electrotechnical Commission. Retrieved from https:\/\/bit.ly\/3mbTKWg."},{"key":"e_1_3_2_71_2","unstructured":"ISO. 2017. ISO\/IEC\/IEEE 12207:2017 Systems and software engineering \u2013 Software life cycle processes. International Organization for Standardization International Electrotechnical Commission and Institute of Electrical and Electronics Engineers. Retrieved from https:\/\/bit.ly\/3tOc76b."},{"key":"e_1_3_2_72_2","unstructured":"Risk management \u2013 Guidelines 2018"},{"key":"e_1_3_2_73_2","unstructured":"ISO Guide 73:2009 Risk management \u2013 Vocabulary 2009"},{"key":"e_1_3_2_74_2","doi-asserted-by":"publisher","DOI":"10.1109\/TLA.2015.7069116"},{"key":"e_1_3_2_75_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2017.09.003"},{"key":"e_1_3_2_76_2","volume-title":"Finding the Concept, Not Just the Word A Librarian's Guide to Ontologies and Semantics","author":"King Brandy E.","year":"2008","unstructured":"Brandy E. King and Kathy Reinold. Finding the Concept Not Just the Word (Eds.). 2008. Finding the Concept, Not Just the Word A Librarian's Guide to Ontologies and Semantics. Chandos Publishing Oxford - England. Retrieved from https:\/\/shorturl.at\/duF59."},{"key":"e_1_3_2_77_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-35832-7_2"},{"key":"e_1_3_2_78_2","first-page":"7","volume-title":"Central European Conference on Information and Intelligent Systems (CECIIS-2008)","author":"Lovrencic Sandra","year":"2008","unstructured":"Sandra Lovrencic and Mirko Cubrilo. 2008. Ontology evaluation - comprising verification and validation. In Central European Conference on Information and Intelligent Systems (CECIIS-2008), Zagreb, Croatia, 7."},{"key":"e_1_3_2_79_2","doi-asserted-by":"publisher","DOI":"10.1109\/CEC.2011.18"},{"key":"e_1_3_2_80_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jclepro.2018.12.023"},{"key":"e_1_3_2_81_2","doi-asserted-by":"publisher","DOI":"10.22490\/25394088.1437"},{"key":"e_1_3_2_82_2","doi-asserted-by":"publisher","DOI":"10.22490\/25394088.1437"},{"key":"e_1_3_2_83_2","doi-asserted-by":"publisher","DOI":"10.1145\/3329124"},{"key":"e_1_3_2_84_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11219-018-9427-5"},{"key":"e_1_3_2_85_2","doi-asserted-by":"publisher","DOI":"10.1111\/1098-1616.00006"},{"key":"e_1_3_2_86_2","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.301331"},{"key":"e_1_3_2_87_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.promfg.2019.09.069"},{"key":"e_1_3_2_88_2","unstructured":"Minciencias. Standard Model of Internal Control (MECI). Retrieved August 9 2020 from https:\/\/bit.ly\/3lJFK5O."},{"key":"e_1_3_2_89_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijproman.2016.12.007"},{"key":"e_1_3_2_90_2","first-page":"15","author":"Mizen Hayley","year":"2005","unstructured":"Hayley Mizen, Catherine Dolbear, and Glen Hart. 2005. Ontology Ontogeny: Understanding How an Ontology Is Created and Developed BT - GeoSpatial Semantics. Springer Berlin, Berlin, 15\u201329.","journal-title":"Ontology Ontogeny: Understanding How an Ontology Is Created and Developed BT - GeoSpatial Semantics"},{"key":"e_1_3_2_91_2","doi-asserted-by":"publisher","DOI":"10.1145\/2757001.2757003"},{"key":"e_1_3_2_92_2","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1007\/978-88-470-1778-8_14","volume-title":"Ontology Based Risk Management BT - Decision Theory and Choices: a Complexity Approach","author":"Nota Giancarlo","year":"2010","unstructured":"Giancarlo Nota, Rossella Aiello, and Maria Pia Di Gregorio. 2010. Ontology Based Risk Management BT - Decision Theory and Choices: a Complexity Approach. Springer Milan, Milano, 235\u2013251."},{"key":"e_1_3_2_93_2","unstructured":"Natalya F. Noy and Deborah L. McGuinness. 2001. Ontology Development 101: A Guide to Creating Your First Ontology . Retrieved from https:\/\/stanford.io\/3gO7iWT."},{"key":"e_1_3_2_94_2","doi-asserted-by":"crossref","unstructured":"Jason R. C. Nurse and Jane E. Sinclair. 2009. Supporting the comparison of business-level security requirements within cross-enterprise service development BT - business information systems. Springer Berlin Berlin 61\u201372.","DOI":"10.1007\/978-3-642-01190-0_6"},{"key":"e_1_3_2_95_2","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2007.361"},{"key":"e_1_3_2_96_2","doi-asserted-by":"publisher","DOI":"10.1590\/0370-44672018720123"},{"key":"e_1_3_2_97_2","unstructured":"OMG. 2008. Software & Systems Process Engineering Meta-Model Specification V2.0 . Retrieved from https:\/\/bit.ly\/3sPY5Q1."},{"key":"e_1_3_2_98_2","unstructured":"OMG. 2008. Software & Systems Process Engineering Metamodel (SPEM 2.0) . Retrieved from https:\/\/bit.ly\/2W1zgGz."},{"key":"e_1_3_2_99_2","doi-asserted-by":"crossref","first-page":"29","DOI":"10.17533\/udea.redin.14120","article-title":"A reference ontology for harmonizing process- reference models","author":"Pardo-Calvache C\u00e9sar Jes\u00fas","year":"2014","unstructured":"C\u00e9sar Jes\u00fas Pardo-Calvache, F\u00e9lix Oscar Garc\u00eda-Rubio, Mario Piattini- Velthuis, Francisco Jose Pino-Correa, and Mar\u00edaTeresa Baldassarre. 2014. A reference ontology for harmonizing process- reference models. Rev. Fac. Ing. Univ. Antioquia (2014), 29\u201342. Retrieved from https:\/\/bit.ly\/32MqZG2.","journal-title":"Rev. Fac. Ing. Univ. Antioquia"},{"key":"e_1_3_2_100_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2011.05.005"},{"key":"e_1_3_2_101_2","doi-asserted-by":"publisher","DOI":"10.1145\/2684200.2684367"},{"key":"e_1_3_2_102_2","volume-title":"Twenty-Fifth European Conference on Information Systems (ECIS), Guimar\u00e3es, Portugal","author":"Pittl Benedikt","year":"2017","unstructured":"Benedikt Pittl, Hans-Georg Fill, and Gerald Honegger. 2017. Enabling risk-aware enterprise modeling using semantic annotations and visual rules. In Twenty-Fifth European Conference on Information Systems (ECIS), Guimar\u00e3es, Portugal, ECIS, Guimar\u00e3es, Portugal."},{"volume-title":"Practice Standard for Project Risk Management","year":"2009","key":"e_1_3_2_103_2","unstructured":"PMI. 2009. Practice Standard for Project Risk Management. Project Management Institute, Inc., Newtown Square, PA USA. Retrieved from https:\/\/bit.ly\/3tQb9WO."},{"key":"e_1_3_2_104_2","volume-title":"A Guide to the Project Management Body of Knowledge (PMBOK\u00ae Guide)","year":"2013","unstructured":"PMI. 2013. A Guide to the Project Management Body of Knowledge (PMBOK\u00ae Guide) (5th ed.). Project Management Institute, Inc., Newton Square, Pennsylvania USA.","edition":"5"},{"key":"e_1_3_2_105_2","volume-title":"A Guide to the Project Management Body of Knowledge (PMBOK\u00ae Guide)","year":"2017","unstructured":"PMI. 2017. A Guide to the Project Management Body of Knowledge (PMBOK\u00ae Guide) (6th ed.). Project Management Institute, Inc., Newtown Square, PA USA. Retrieved from https:\/\/bit.ly\/2gDuS9V.","edition":"6"},{"volume-title":"The Standard for Risk Management in Portfolios, Programs, and Projects","year":"2019","key":"e_1_3_2_106_2","unstructured":"PMI. 2019. The Standard for Risk Management in Portfolios, Programs, and Projects. Project Management Institute, Inc., Newton Square, Pennsylvania USA. Retrieved from https:\/\/bit.ly\/2QUIlxI."},{"volume-title":"Pulse of the Profession 2020","year":"2020","key":"e_1_3_2_107_2","unstructured":"PMI. 2020. Pulse of the Profession 2020. Newtown Square, PA USA. Retrieved from https:\/\/bit.ly\/2QPoIau."},{"key":"e_1_3_2_108_2","doi-asserted-by":"publisher","DOI":"10.1002\/smr.1986"},{"key":"e_1_3_2_109_2","doi-asserted-by":"publisher","DOI":"10.1109\/CBI.2017.40"},{"key":"e_1_3_2_110_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2018.04.007"},{"key":"e_1_3_2_111_2","doi-asserted-by":"publisher","DOI":"10.1109\/SNPD.2008.127"},{"key":"e_1_3_2_112_2","doi-asserted-by":"publisher","DOI":"10.1145\/1947940.1948067"},{"key":"e_1_3_2_113_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2016.09.053"},{"key":"e_1_3_2_114_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACIT-CSII-BCD.2017.26"},{"key":"e_1_3_2_115_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-85729-724-2_2"},{"key":"e_1_3_2_116_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-34518-3_2"},{"key":"e_1_3_2_117_2","doi-asserted-by":"publisher","DOI":"10.1142\/S0218194004001646"},{"key":"e_1_3_2_118_2","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1007\/978-3-030-00847-5_11","volume-title":"Conceptual Modeling","author":"Sales Tiago Prince","year":"2018","unstructured":"Tiago Prince Sales, Fernanda Bai\u00e3o, Giancarlo Guizzardi, Jo\u00e3o Paulo A. Almeida, Nicola Guarino, and John Mylopoulos. 2018. The common ontology of value and risk. In Conceptual Modeling, Springer International Publishing, Cham, 121\u2013135."},{"key":"e_1_3_2_119_2","doi-asserted-by":"publisher","DOI":"10.1109\/EDOC.2017.32"},{"key":"e_1_3_2_120_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICITST.2009.5402526"},{"key":"e_1_3_2_121_2","doi-asserted-by":"publisher","DOI":"10.1184\/R1\/6572342.v1"},{"key":"e_1_3_2_122_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.promfg.2020.01.400"},{"key":"e_1_3_2_123_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.bushor.2018.05.001"},{"key":"e_1_3_2_124_2","article-title":"An OWL ontology for representing the CMMI-SW Model","author":"Soydan G.","year":"2006","unstructured":"G. Soydan and Mieczyslaw M. Kokar. 2006. An OWL ontology for representing the CMMI-SW Model. In Workshop on Semantic Web Enabled Software Engineering (SWESE), Athens, GA, USA. Retrieved from https:\/\/shorturl.at\/uDR23.","journal-title":"Workshop on Semantic Web Enabled Software Engineering (SWESE)"},{"key":"e_1_3_2_125_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0169-023X(97)00056-6"},{"key":"e_1_3_2_126_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2018.08.167"},{"key":"e_1_3_2_127_2","unstructured":"C. Tautz and Christiane Gresse von Wangenheim. 1998. REFSENO: A representation formalism for software engineering ontologies \u2013 IESE-Report No. 015.98\/E . Kaiserslautern - Germany. Retrieved from https:\/\/bit.ly\/3sNeOnc."},{"key":"e_1_3_2_128_2","unstructured":"Treasury Board of Canada Secretariat. 2016. Guide to integrated risk management. Government of Canada . Retrieved April 15 2020 from https:\/\/bit.ly\/3gIqZPs."},{"key":"e_1_3_2_129_2","doi-asserted-by":"publisher","DOI":"10.1017\/S0269888900007797"},{"key":"e_1_3_2_130_2","unstructured":"Denny Vrande\u010di\u0107. 2010. Ontology Evaluation. Karlsruher Instituts f\u00fcr Technologie (KIT). Retrieved from https:\/\/bit.ly\/3dLt2k0."},{"key":"e_1_3_2_131_2","unstructured":"W3C. 2012. OWL 2 Web Ontology Language Document Overview . Retrieved from https:\/\/bit.ly\/3tO2ioH."},{"key":"e_1_3_2_132_2","unstructured":"W3C. 2013. SPARQL 1.1 Query Language . Retrieved from https:\/\/bit.ly\/3tUo6PG."},{"key":"e_1_3_2_133_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2011.05.025"},{"key":"e_1_3_2_134_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2019.11.112"},{"key":"e_1_3_2_135_2","doi-asserted-by":"publisher","DOI":"10.48084\/etasr.1340"},{"key":"e_1_3_2_136_2","doi-asserted-by":"publisher","DOI":"10.1145\/3286606.3286825"},{"key":"e_1_3_2_137_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2019.05.003"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3498539","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3498539","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:27Z","timestamp":1750188627000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3498539"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,12]]},"references-count":136,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,10,31]]}},"alternative-id":["10.1145\/3498539"],"URL":"https:\/\/doi.org\/10.1145\/3498539","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"type":"print","value":"1049-331X"},{"type":"electronic","value":"1557-7392"}],"subject":[],"published":{"date-parts":[[2022,7,12]]},"assertion":[{"value":"2021-04-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-07-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}