{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T16:59:13Z","timestamp":1763830753674,"version":"3.38.0"},"reference-count":26,"publisher":"SAGE Publications","issue":"1","license":[{"start":{"date-parts":[[2016,9,26]],"date-time":"2016-09-26T00:00:00Z","timestamp":1474848000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"funder":[{"name":"national social science fund project of China","award":["12ATQ001"],"award-info":[{"award-number":["12ATQ001"]}]}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Librarianship and Information Science"],"published-print":{"date-parts":[[2019,3]]},"abstract":"<jats:p> This study proposes an objective methodology for identifying and computing the factors relevant to the assessment of information security risks for digital libraries that is also compliant with the ISO 27000 and the GB\/T 20984 standards. By introducing a fuzzy comprehensive assessment method and an expert investigation method to the dimensions of assets and threats, this study proposes a model for computing the value of assets and the severity of threats. In the dimension of vulnerabilities, a vulnerability computation model based on the multi-channel weighted average method is proposed. By considering the digital library of a typical public library in China as the object of assessment, this study acquires assessment data by using a combination of a questionnaire survey, an on-site survey and vulnerability scanning. Research findings consisted of the following: (1) the digital library identified a total of 3111 information security risk items; (2) according to the assessment results attained using a combination of the factor identification and computational methodologies proposed here in conjunction with the multiplicative method specified in GB\/T 20984, the high-risk (or higher risk) items accounted for 0.9% of all risky items, which is consistent with the status quo in information security risks faced by digital libraries. The analysis showed that the proposed methodology is more scientific than the currently prevailing direct value assignment method. <\/jats:p>","DOI":"10.1177\/0961000616668572","type":"journal-article","created":{"date-parts":[[2016,9,28]],"date-time":"2016-09-28T00:18:00Z","timestamp":1475021880000},"page":"78-94","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":8,"title":["Factor identification and computation in the assessment of information security risks for digital libraries"],"prefix":"10.1177","volume":"51","author":[{"given":"Shuiqing","family":"Huang","sequence":"first","affiliation":[]},{"given":"Zhengbiao","family":"Han","sequence":"additional","affiliation":[]},{"given":"Bo","family":"Yang","sequence":"additional","affiliation":[{"name":"Nanjing Agricultural University, China"}]},{"given":"Ni","family":"Ren","sequence":"additional","affiliation":[{"name":"Nanjing Agricultural University, Jiangsu Academy of Agricultural Sciences, China"}]}],"member":"179","published-online":{"date-parts":[[2016,9,26]]},"reference":[{"key":"bibr1-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1109\/69.991718"},{"key":"bibr2-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1108\/01435120410562880"},{"key":"bibr3-0961000616668572","doi-asserted-by":"publisher","DOI":"10.15612\/BD.2012.171"},{"volume-title":"Information Security Technology-Risk Assessment Specification for Information Security","year":"2007","author":"AQSIQ","key":"bibr4-0961000616668572"},{"issue":"3","key":"bibr5-0961000616668572","first-page":"28","volume":"25","author":"Balas JL","year":"2005","journal-title":"Computers in Libraries"},{"key":"bibr6-0961000616668572","doi-asserted-by":"publisher","DOI":"10.5772\/15762"},{"key":"bibr7-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1108\/10650750610706961"},{"key":"bibr8-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2006.02.006"},{"key":"bibr9-0961000616668572","unstructured":"German Federal Office for Information Security (2000) IT Baseline Protection Manual: 2000. Standard Security Measures. Available at: http:\/\/www.iwar.org.uk\/comsec\/resources\/standards\/germany\/itbpm.pdf (accessed 1 September 2016)."},{"key":"bibr10-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1108\/09685220810908796"},{"key":"bibr11-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1108\/EL-09-2014-0158"},{"key":"bibr12-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1108\/08880450710773020"},{"volume-title":"Information Security Management of Digital Library","year":"2011","author":"Huang S","key":"bibr13-0961000616668572"},{"issue":"2","key":"bibr14-0961000616668572","first-page":"14","volume":"58","author":"Huang S","year":"2014","journal-title":"Library and Information Service"},{"key":"bibr15-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1177\/0961000613477676"},{"key":"bibr16-0961000616668572","unstructured":"ISO\/IEC (2011) ISO\/IEC 27005:2011 Information Technology-Security Techniques-Information Security Risk Management. International Organization for Standardization. Available at: http:\/\/www.iso27001security.com\/html\/27005.html (accessed 1 September 2016)."},{"key":"bibr17-0961000616668572","unstructured":"ISO\/IEC (2013) ISO\/IEC 27001:2013 Information Technology-Security Techniques-Information Security Management Systems-Requirements. International Organization for Standardization. Available at: http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=54534 (accessed 1 September 2016)."},{"key":"bibr18-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1108\/07378831011076657"},{"issue":"5","key":"bibr19-0961000616668572","first-page":"76","volume":"33","author":"Li C","year":"2015","journal-title":"Information Science"},{"volume-title":"Study in information security risk assessment of library based on fault tree","year":"2011","author":"Li W","key":"bibr20-0961000616668572"},{"key":"bibr21-0961000616668572","unstructured":"OCLC (2015) Security White Paper: OCLC\u2019s Commitment to Secure Library Services. Available at: http:\/\/www.oclc.org\/content\/dam\/oclc\/policies\/security\/oclcinformationsecuritywhitepaper.pdf (accessed 12 July 2015)."},{"key":"bibr22-0961000616668572","doi-asserted-by":"publisher","DOI":"10.1007\/s007990050003"},{"key":"bibr23-0961000616668572","doi-asserted-by":"publisher","DOI":"10.5539\/ibr.v2n1p210"},{"key":"bibr24-0961000616668572","doi-asserted-by":"publisher","DOI":"10.6017\/ital.v25i4.3355"},{"volume-title":"A research in information security risk assessment of library based on ITBPM","year":"2012","author":"Zeng S","key":"bibr25-0961000616668572"},{"issue":"2","key":"bibr26-0961000616668572","first-page":"48","volume":"29","author":"Zhu L","year":"2009","journal-title":"Library Work in Colleges and Universities"}],"container-title":["Journal of Librarianship and Information Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0961000616668572","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/0961000616668572","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0961000616668572","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,2]],"date-time":"2025-03-02T18:58:20Z","timestamp":1740941900000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/0961000616668572"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,9,26]]},"references-count":26,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,3]]}},"alternative-id":["10.1177\/0961000616668572"],"URL":"https:\/\/doi.org\/10.1177\/0961000616668572","relation":{},"ISSN":["0961-0006","1741-6477"],"issn-type":[{"type":"print","value":"0961-0006"},{"type":"electronic","value":"1741-6477"}],"subject":[],"published":{"date-parts":[[2016,9,26]]}}}