{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T11:26:26Z","timestamp":1764588386625,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":26,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,16]],"date-time":"2022-05-16T00:00:00Z","timestamp":1652659200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Direktoratet for Str\u00e5levern og atomsikkerhet \/ Norwegian Radiation and Nuclear Safety Authority","award":["Prosjekt nr. 773\/ Project number 773"],"award-info":[{"award-number":["Prosjekt nr. 773\/ Project number 773"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,16]]},"DOI":"10.1145\/3524489.3527304","type":"proceedings-article","created":{"date-parts":[[2022,11,30]],"date-time":"2022-11-30T17:05:01Z","timestamp":1669827901000},"page":"49-56","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Better security assessment communication"],"prefix":"10.1145","author":[{"given":"Sechi","family":"Fabien","sequence":"first","affiliation":[{"name":"Institute for Energy Technology, Halden, \u00d8stfold, Norway"}]},{"given":"Gran Bj\u00f8rn","family":"Axel","sequence":"additional","affiliation":[{"name":"Institute for Energy Technology, Halden, \u00d8stfold, Norway"}]},{"given":"J\u00f8rgensen","family":"Per-Arne","sequence":"additional","affiliation":[{"name":"Institute for Energy Technology, Halden, \u00d8stfold, Norway"}]},{"given":"Kilyukh","family":"Oleh","sequence":"additional","affiliation":[{"name":"Rivne Nuclear Power Plant, Varash, Oblast, Ukraine"}]}],"member":"320","published-online":{"date-parts":[[2022,11,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Information technology --- Security techniques --- Information security management systems --- Requirements ISO\/IEC 27001:2013: 2013. https:\/\/www.iso.org\/standard\/54534.html. Accessed: 2021-10-13.'"},{"key":"e_1_3_2_1_2_1","unstructured":"Information technology --- Security techniques --- Code of practice for information security controls ISO\/IEC 27002:2013: 2013. https:\/\/www.iso.org\/standard\/54533.html.Accessed: 2021-10-13."},{"key":"e_1_3_2_1_3_1","unstructured":"Computer and information security at nuclear facilities | IAEA: 2021. https:\/\/www.iaea.org\/topics\/computer-and-information-security. Accessed: 2021-10-13."},{"key":"e_1_3_2_1_4_1","unstructured":"NIST Cybersecurity Framework: 2021. https:\/\/www.nist.gov\/cyberframework. Accessed: 2021-10-13."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","unstructured":"Kevin Stine Stephen Quinn Greg Witte and R.K. Gardner. 2020. Integrating Cybersecurity and Enterprise Risk Management (ERM). National Institute of Standards and Technology. 10.6028\/NIST.IR.8286","DOI":"10.6028\/NIST.IR.8286"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.22682\/bcrp.2020.3.2.73"},{"key":"e_1_3_2_1_7_1","unstructured":"Terje Sivertsen. 2019. Safe T - Requirements to models Doc. no. 201803746-19.Bane Nor"},{"key":"e_1_3_2_1_9_1","volume-title":"Bj\u00f8rn Axel Gran, Janne Valkonen and Joonas Linnosmaa","author":"Hauge Andr\u00e9 A.","year":"2019","unstructured":"Andr\u00e9 A. Hauge, Peter Karpati, Fabien Sechi, Bj\u00f8rn Axel Gran, Janne Valkonen and Joonas Linnosmaa. 2019. Model-based Engineering for Nuclear Safety Critical Systems - Applicability of SysML and AADL for Design of Nuclear Reactor Protection System, status - write, for publication in the Proceedings of the 11th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies (NPIC & HMIT 2019), 276--289."},{"key":"e_1_3_2_1_10_1","unstructured":"About the Unified Modeling Language Specification Version 2.5.1. 2021. Omg.org. https:\/\/www.omg.org\/spec\/UML\/. Accessed: 2021-10-13."},{"key":"e_1_3_2_1_11_1","volume-title":"RASCI table v5","author":"Wagner Matthias","year":"2019","unstructured":"Matthias Wagner. RASCI table v5. 2019. iso27001security.com. https:\/\/www.iso27001security.com\/html\/toolkit.html. Accessed: 2021-10-13."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/21.376495"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/0029-5493(87)90304-9"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","unstructured":"Bj\u00f8rn Axel Gran Rune Fredriksen Atoosa P.-J. Thunem. 2007. Addressing dependability by applying an approach for model-based risk assessment. Reliability Engineering and System Safety 92. 1492--1502. 10.1016\/j.ress.2006.10.002","DOI":"10.1016\/j.ress.2006.10.002"},{"key":"e_1_3_2_1_16_1","volume-title":"The","author":"Booch Grady","year":"2021","unstructured":"Grady Booch, James Rumbaugh, and Ivar Jacobson. 2021. Unified Modeling Language User Guide, The, 2nd Edition | InformIT. Informit.com. https:\/\/www.informit.com\/store\/unified-modeling-language-user-guide-9780321267979. Accessed: 2021-10-13.","edition":"2"},{"key":"e_1_3_2_1_17_1","volume-title":"Superstructure ISO\/IEC 19505-2:2012","author":"Information technology --- Object Management Group Unified Modeling Language (OMG UML) --- Part 2","year":"2012","unstructured":"Information technology --- Object Management Group Unified Modeling Language (OMG UML) --- Part 2: Superstructure ISO\/IEC 19505-2:2012 2012. https:\/\/www.iso.org\/standard\/52854.html. Accessed: 2021-10-13."},{"volume-title":"Security Risk Management Body of Knowledge","author":"Talbot Julian","key":"e_1_3_2_1_18_1","unstructured":"Julian Talbot and Miles Jakeman. 2009. Security Risk Management Body of Knowledge, John Wiley & Sons"},{"key":"e_1_3_2_1_19_1","unstructured":"Education I. 2021. What are Security Controls?. Ibm.com. https:\/\/www.ibm.com\/cloud\/learn\/security-controls. Accessed: 2021-10-13."},{"key":"e_1_3_2_1_20_1","volume-title":"CSRC. Retrieved","author":"NIST Joint Task Force (Ed.).","year":"2020","unstructured":"NIST Joint Task Force (Ed.). 2020, December 10. NIST SP 800-53 Rev 5. Security and Privacy Controls for Information Systems and organizations. CSRC. Retrieved March 17, 2022, from https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-53\/rev-5\/final"},{"key":"e_1_3_2_1_21_1","volume-title":"IEC. Retrieved","author":"Editorial IEC","year":"2022","unstructured":"IEC Editorial Team (Ed.). (n.d.). Understanding IEC 62443. IEC. Retrieved March 16, 2022, from https:\/\/www.iec.ch\/blog\/understanding-iec-62443"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","unstructured":"Cabanillas Cristina Manuel Resinas and Antonio Ruiz-Cort\u00e9s. 2011. Mixing RASCI Matrices and BPMN Together for Responsibility Management. Unpublished. (2011). 10.13140\/2.1.4769.6960","DOI":"10.13140\/2.1.4769.6960"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/0166-3615(94)90017-5"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314257.1314275"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-74860-3_3"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45800-X_32"},{"key":"e_1_3_2_1_27_1","unstructured":"Patrick Mallory. 2021. Rapid threat model prototyping: Introduction and overview | https:\/\/resources.infosecinstitute.com\/topic\/rapid-threat-model-prototyping-introduction-and-overview\/ Accessed: 2022-01-22."}],"event":{"name":"ICSE '22: 44th International Conference on Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"],"location":"Pittsburgh Pennsylvania","acronym":"ICSE '22"},"container-title":["Proceedings of the 3rd International Workshop on Engineering and Cybersecurity of Critical Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3524489.3527304","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3524489.3527304","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:51Z","timestamp":1750183791000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3524489.3527304"}},"subtitle":["combining ISO 27002 controls with UML sequence diagrams"],"short-title":[],"issued":{"date-parts":[[2022,5,16]]},"references-count":26,"alternative-id":["10.1145\/3524489.3527304","10.1145\/3524489"],"URL":"https:\/\/doi.org\/10.1145\/3524489.3527304","relation":{},"subject":[],"published":{"date-parts":[[2022,5,16]]},"assertion":[{"value":"2022-11-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}