{"id":"https://openalex.org/W2286966007","doi":"https://doi.org/10.1007/978-3-319-20376-8_23","title":"Identifying Blind Spots in IS Security Risk Management Processes Using Qualitative Model Analysis","display_name":"Identifying Blind Spots in IS Security Risk Management Processes Using Qualitative Model Analysis","publication_year":2015,"publication_date":"2015-01-01","ids":{"openalex":"https://openalex.org/W2286966007","doi":"https://doi.org/10.1007/978-3-319-20376-8_23","mag":"2286966007"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-319-20376-8_23","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-20376-8_23","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1007/978-3-319-20376-8_23","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010063260","display_name":"Christian Sillaber","orcid":null},"institutions":[{"id":"https://openalex.org/I190249584","display_name":"Universit\u00e4t Innsbruck","ror":"https://ror.org/054pv6659","country_code":"AT","type":"education","lineage":["https://openalex.org/I190249584"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Christian Sillaber","raw_affiliation_strings":["University of Innsbruck, Innsbruck, Austria"],"affiliations":[{"raw_affiliation_string":"University of Innsbruck, Innsbruck, Austria","institution_ids":["https://openalex.org/I190249584"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037343322","display_name":"Ruth Breu","orcid":"https://orcid.org/0000-0001-7093-4341"},"institutions":[{"id":"https://openalex.org/I190249584","display_name":"Universit\u00e4t Innsbruck","ror":"https://ror.org/054pv6659","country_code":"AT","type":"education","lineage":["https://openalex.org/I190249584"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Ruth Breu","raw_affiliation_strings":["University of Innsbruck, Innsbruck, Austria"],"affiliations":[{"raw_affiliation_string":"University of Innsbruck, Innsbruck, Austria","institution_ids":["https://openalex.org/I190249584"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5010063260"],"corresponding_institution_ids":["https://openalex.org/I190249584"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":{"value":5000,"currency":"EUR","value_usd":5392},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.11992209,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"252","last_page":"259"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9929999709129333,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.9869999885559082,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7364414930343628},{"id":"https://openalex.org/keywords/business-process","display_name":"Business process","score":0.5971140265464783},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5180706977844238},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5003046989440918},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.4832818806171417},{"id":"https://openalex.org/keywords/quality","display_name":"Quality (philosophy)","score":0.4487907290458679},{"id":"https://openalex.org/keywords/business-process-modeling","display_name":"Business process modeling","score":0.4467507004737854},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.4247719645500183},{"id":"https://openalex.org/keywords/process-modeling","display_name":"Process modeling","score":0.41310715675354004},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.35122719407081604},{"id":"https://openalex.org/keywords/work-in-process","display_name":"Work in process","score":0.1387493908405304},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.12041282653808594}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7364414930343628},{"id":"https://openalex.org/C85345410","wikidata":"https://www.wikidata.org/wiki/Q851587","display_name":"Business process","level":3,"score":0.5971140265464783},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5180706977844238},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5003046989440918},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.4832818806171417},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.4487907290458679},{"id":"https://openalex.org/C207505557","wikidata":"https://www.wikidata.org/wiki/Q4374012","display_name":"Business process modeling","level":4,"score":0.4467507004737854},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.4247719645500183},{"id":"https://openalex.org/C76956256","wikidata":"https://www.wikidata.org/wiki/Q27610560","display_name":"Process modeling","level":3,"score":0.41310715675354004},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.35122719407081604},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.1387493908405304},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.12041282653808594},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/978-3-319-20376-8_23","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-20376-8_23","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"}],"best_oa_location":{"id":"doi:10.1007/978-3-319-20376-8_23","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-20376-8_23","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W38876016","https://openalex.org/W834895598","https://openalex.org/W1507365153","https://openalex.org/W1536398137","https://openalex.org/W1549342539","https://openalex.org/W1589815886","https://openalex.org/W1602619638","https://openalex.org/W1963803712","https://openalex.org/W1993575476","https://openalex.org/W2012352432","https://openalex.org/W2013587720","https://openalex.org/W2054994890","https://openalex.org/W2109026747","https://openalex.org/W2110461478","https://openalex.org/W2125336328","https://openalex.org/W2128555200","https://openalex.org/W2143472739","https://openalex.org/W2154257511","https://openalex.org/W2170899042","https://openalex.org/W2506444507","https://openalex.org/W2973442464","https://openalex.org/W3146559281"],"related_works":["https://openalex.org/W1778671501","https://openalex.org/W2066228984","https://openalex.org/W29490832","https://openalex.org/W2588429740","https://openalex.org/W1488157296","https://openalex.org/W2293459815","https://openalex.org/W4247239877","https://openalex.org/W2999942143","https://openalex.org/W194173266","https://openalex.org/W2281014969"],"abstract_inverted_index":{"The":[0,110,200],"present":[1],"paper":[2],"examines":[3],"quality":[4,115],"aspects":[5,73,116],"of":[6,39,42,46,58,74,82,117,147,168],"models":[7,45,94,118],"created":[8,93,119],"by":[9,120,197],"stakeholders":[10,67,121,176],"to":[11,35,70,100,133,140,185,212],"identify":[12,186],"blind":[13,188,210],"spots":[14,189,211],"in":[15,55,79,161],"information":[16,48],"systems":[17],"security":[18,53,101,148],"risk":[19,203],"management":[20],"(ISSRM)":[21],"processes":[22,130],"via":[23],"a":[24,206],"multi-method":[25],"research":[26,152,201],"study":[27,164],"at":[28,177],"the":[29,47,56,75,80,92,105,125,141,157,166,178,182],"organizational":[30],"level.":[31],"Stakeholders":[32],"were":[33,68],"interviewed":[34],"gain":[36],"an":[37,59,134],"understanding":[38],"their":[40],"awareness":[41],"business":[43,86,129,142],"processes,":[44],"system":[49],"(IS),":[50],"and":[51,85,96,144,170,190,215],"related":[52,128],"requirements":[54],"context":[57],"ongoing":[60],"ISSRM":[61,106,136,183],"process.":[62],"During":[63],"several":[64],"modeling":[65],"sessions,":[66],"asked":[69],"model":[71,172],"various":[72,114],"IS":[76,126],"under":[77],"investigation":[78],"form":[81],"component,":[83],"activity":[84],"process":[87,107,184,207],"diagrams.":[88],"We":[89],"then":[90],"analyzed":[91],"qualitatively":[95],"linked":[97],"identified":[98],"inconsistencies":[99],"issues":[102],"omitted":[103],"during":[104,181],"(blind":[108],"spots).":[109],"findings":[111],"indicate":[112],"that":[113,122,153,193],"describe":[123],"either":[124],"or":[127],"can":[131],"contribute":[132],"improved":[135,145],"process,":[137],"better":[138],"alignment":[139],"environment":[143],"elicitation":[146],"requirements.":[149],"Following":[150],"current":[151],"considers":[154],"users":[155],"as":[156],"most":[158],"important":[159],"resource":[160],"ISSRM,":[162],"this":[163],"highlights":[165],"importance":[167],"using":[169],"analyzing":[171],"diagrams":[173],"from":[174],"appropriate":[175],"right":[179],"time":[180],"potential":[187],"avoid":[191],"unclarity,":[192],"might":[194],"be":[195],"introduced":[196],"verbal":[198],"communication.":[199],"provides":[202],"managers":[204],"with":[205],"for":[208],"identifying":[209],"improve":[213],"results":[214],"reduce":[216],"overhead.":[217]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}