{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,25]],"date-time":"2025-11-25T14:12:29Z","timestamp":1764079949834,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,26]],"date-time":"2023-11-26T00:00:00Z","timestamp":1700956800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,26]]},"DOI":"10.1145\/3605763.3625244","type":"proceedings-article","created":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T08:44:55Z","timestamp":1700729095000},"page":"17-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Enterprise Cyber Threat Modeling and Simulation of Loss Events for Cyber Risk Quantification"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-3219-8017","authenticated-orcid":false,"given":"Christian","family":"Ellerhold","sequence":"first","affiliation":[{"name":"Infineon Technologies AG, Munich, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-7214-5952","authenticated-orcid":false,"given":"Johann","family":"Schnagl","sequence":"additional","affiliation":[{"name":"BMW Group, Munich, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8960-6986","authenticated-orcid":false,"given":"Thomas","family":"Schreck","sequence":"additional","affiliation":[{"name":"HM Munich University of Applied Sciences, Munich, Germany"}]}],"member":"320","published-online":{"date-parts":[[2023,11,26]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3544420"},{"key":"e_1_3_2_1_3_1","unstructured":"Edited by Bret Jordan Rich Piazza and Trey Darley. 2021. STIX Version 2.1. OASIS Standard. https:\/\/docs.oasis-open.org\/cti\/stix\/v2.1\/os\/stix-v2.1-os.html  Edited by Bret Jordan Rich Piazza and Trey Darley. 2021. STIX Version 2.1. OASIS Standard. https:\/\/docs.oasis-open.org\/cti\/stix\/v2.1\/os\/stix-v2.1-os.html"},{"key":"e_1_3_2_1_4_1","unstructured":"VERIS Community. 2019. Vocabulary for Event Recording and Incident Sharing (VERIS) v1.3.4. http:\/\/veriscommunity.net\/actors.html  VERIS Community. 2019. Vocabulary for Event Recording and Incident Sharing (VERIS) v1.3.4. http:\/\/veriscommunity.net\/actors.html"},{"key":"e_1_3_2_1_5_1","volume-title":"https:\/\/attack.mitre.org\/versions\/v12\/matrices\/enterprise\/ Retrieved","author":"The MITRE Corporation","year":"2022","unstructured":"The MITRE Corporation . 2022a. MITRE ATT&CK Enterprise Matrix v12.1. https:\/\/attack.mitre.org\/versions\/v12\/matrices\/enterprise\/ Retrieved November 8, 2022 from The MITRE Corporation. 2022a. MITRE ATT&CK Enterprise Matrix v12.1. https:\/\/attack.mitre.org\/versions\/v12\/matrices\/enterprise\/ Retrieved November 8, 2022 from"},{"key":"e_1_3_2_1_6_1","volume-title":"https:\/\/attack.mitre.org\/versions\/v12\/matrices\/ics\/ Retrieved","author":"The MITRE Corporation","year":"2022","unstructured":"The MITRE Corporation . 2022b. MITRE ATT&CK ICS Matrix v12.1. https:\/\/attack.mitre.org\/versions\/v12\/matrices\/ics\/ Retrieved November 8, 2022 from The MITRE Corporation. 2022b. MITRE ATT&CK ICS Matrix v12.1. https:\/\/attack.mitre.org\/versions\/v12\/matrices\/ics\/ Retrieved November 8, 2022 from"},{"key":"e_1_3_2_1_7_1","volume-title":"https:\/\/attack.mitre.org\/versions\/v12\/matrices\/mobile\/ Retrieved","author":"The MITRE Corporation","year":"2022","unstructured":"The MITRE Corporation . 2022c. MITRE ATT&CK Mobile Matrix v12.1. https:\/\/attack.mitre.org\/versions\/v12\/matrices\/mobile\/ Retrieved November 8, 2022 from The MITRE Corporation. 2022c. MITRE ATT&CK Mobile Matrix v12.1. https:\/\/attack.mitre.org\/versions\/v12\/matrices\/mobile\/ Retrieved November 8, 2022 from"},{"key":"e_1_3_2_1_8_1","unstructured":"CrowdStrike. 2023. 2023 GLOBAL THREAT REPORT. Whitepaper. https:\/\/go.crowdstrike.com\/2023-global-threat-report.html  CrowdStrike. 2023. 2023 GLOBAL THREAT REPORT. Whitepaper. https:\/\/go.crowdstrike.com\/2023-global-threat-report.html"},{"key":"e_1_3_2_1_9_1","unstructured":"Christian Ellerhold. 2023. Source code for case study. https:\/\/github.com\/ellergold\/cyber-enterprise-risk  Christian Ellerhold. 2023. Source code for case study. https:\/\/github.com\/ellergold\/cyber-enterprise-risk"},{"key":"e_1_3_2_1_10_1","unstructured":"Jack Freund and Jack Jones. 2014a. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann.  Jack Freund and Jack Jones. 2014a. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann."},{"key":"e_1_3_2_1_11_1","unstructured":"Jack Freund and Jack Jones. 2014b. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann 30--31 pages.  Jack Freund and Jack Jones. 2014b. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann 30--31 pages."},{"key":"e_1_3_2_1_12_1","unstructured":"The Open Group. 2021a. Risk Analysis (O-RA) v2.0.1. Technical Standard C20A.  The Open Group. 2021a. Risk Analysis (O-RA) v2.0.1. Technical Standard C20A."},{"key":"e_1_3_2_1_13_1","unstructured":"The Open Group. 2021b. Risk Taxonomy (O-RT) v3.0.1. Technical Standard C20B.  The Open Group. 2021b. Risk Taxonomy (O-RT) v3.0.1. Technical Standard C20B."},{"key":"e_1_3_2_1_14_1","volume-title":"International Standard","author":"IEC.","year":"2022","unstructured":"ISO\/ IEC. 2022. ISO\/IEC 27005:2022. International Standard Fourth edition 2022 --10. ISO\/IEC. 2022. ISO\/IEC 27005:2022. International Standard Fourth edition 2022--10."},{"key":"e_1_3_2_1_15_1","unstructured":"Jack Jones. 2021. An Introduction to the FAIR Controls Analytics Model (FAIR-CAM). Whitepaper.  Jack Jones. 2021. An Introduction to the FAIR Controls Analytics Model (FAIR-CAM). Whitepaper."},{"key":"e_1_3_2_1_16_1","unstructured":"Jack Jones. 2023. Understanding Cyber Risk Quantification: The Buyer's Guide V2. Whitepaper.  Jack Jones. 2023. Understanding Cyber Risk Quantification: The Buyer's Guide V2. Whitepaper."},{"key":"e_1_3_2_1_17_1","volume-title":"Security Assessment Rating Framework for Enterprises using MITRE ATT&CK Matrix. arXiv preprint arXiv:2108.06559","author":"Manocha Hardik","year":"2021","unstructured":"Hardik Manocha , Akash Srivastava , Chetan Verma , Ratan Gupta , and Bhavya Bansal . 2021. Security Assessment Rating Framework for Enterprises using MITRE ATT&CK Matrix. arXiv preprint arXiv:2108.06559 ( 2021 ). Hardik Manocha, Akash Srivastava, Chetan Verma, Ratan Gupta, and Bhavya Bansal. 2021. Security Assessment Rating Framework for Enterprises using MITRE ATT&CK Matrix. arXiv preprint arXiv:2108.06559 (2021)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2015.118"},{"key":"e_1_3_2_1_19_1","unstructured":"Paul Pols. 2023. The Unified Kill Chain Version 1.3. Whitepaper.  Paul Pols. 2023. The Unified Kill Chain Version 1.3. Whitepaper."},{"key":"e_1_3_2_1_20_1","unstructured":"Bruce Schneier. 1999. Attack Trees. Dr. Dobb's Journal (Dec. 1999). https:\/\/www.schneier.com\/academic\/archives\/1999\/12\/attack_trees.html  Bruce Schneier. 1999. Attack Trees. Dr. Dobb's Journal (Dec. 1999). https:\/\/www.schneier.com\/academic\/archives\/1999\/12\/attack_trees.html"},{"key":"e_1_3_2_1_21_1","volume-title":"Threat Modeling: Designing for Security","author":"Shostack Adam","year":"2014","unstructured":"Adam Shostack . 2014 . Threat Modeling: Designing for Security . Wiley Publishing , Chapter 4. Adam Shostack. 2014. Threat Modeling: Designing for Security. Wiley Publishing, Chapter 4."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101659"},{"key":"e_1_3_2_1_23_1","unstructured":"Ramsey Williams and Adam Boeckman. 2018. Implementation Guide for Industrial Control System (Version 7). Whitepaper. 5--5 pages.  Ramsey Williams and Adam Boeckman. 2018. Implementation Guide for Industrial Control System (Version 7). Whitepaper. 5--5 pages."}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Copenhagen Denmark","acronym":"CCS '23"},"container-title":["Proceedings of the 2023 on Cloud Computing Security Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605763.3625244","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605763.3625244","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:11Z","timestamp":1750178771000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605763.3625244"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,26]]},"references-count":22,"alternative-id":["10.1145\/3605763.3625244","10.1145\/3605763"],"URL":"https:\/\/doi.org\/10.1145\/3605763.3625244","relation":{},"subject":[],"published":{"date-parts":[[2023,11,26]]},"assertion":[{"value":"2023-11-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}