{"id":"https://openalex.org/W7127994882","doi":"https://doi.org/10.1007/s10207-026-01220-6","title":"Quantifying cyber threat using Bayesian statistical analysis","display_name":"Quantifying cyber threat using Bayesian statistical analysis","publication_year":2026,"publication_date":"2026-02-05","ids":{"openalex":"https://openalex.org/W7127994882","doi":"https://doi.org/10.1007/s10207-026-01220-6"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-026-01220-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01220-6","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01220-6.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01220-6.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5125231954","display_name":"Sajeev Thevaratnam","orcid":null},"institutions":[{"id":"https://openalex.org/I178535277","display_name":"University of the West of England","ror":"https://ror.org/02nwg5t34","country_code":"GB","type":"education","lineage":["https://openalex.org/I178535277"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Sajeev Thevaratnam","raw_affiliation_strings":["School of Computer Science and Creative Technologies, University of the West of England, Bristol, United Kingdom"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Creative Technologies, University of the West of England, Bristol, United Kingdom","institution_ids":["https://openalex.org/I178535277"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006594746","display_name":"Zeinab Rezaeifar","orcid":"https://orcid.org/0000-0002-7561-7123"},"institutions":[{"id":"https://openalex.org/I178535277","display_name":"University of the West of England","ror":"https://ror.org/02nwg5t34","country_code":"GB","type":"education","lineage":["https://openalex.org/I178535277"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Zeinab Rezaeifar","raw_affiliation_strings":["School of Computer Science and Creative Technologies, University of the West of England, Bristol, United Kingdom"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Creative Technologies, University of the West of England, Bristol, United Kingdom","institution_ids":["https://openalex.org/I178535277"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5006594746"],"corresponding_institution_ids":["https://openalex.org/I178535277"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.47966501,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"25","issue":"2","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.7936999797821045,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.7936999797821045,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11807","display_name":"Infrastructure Resilience and Vulnerability Analysis","score":0.03689999878406525,"subfield":{"id":"https://openalex.org/subfields/2205","display_name":"Civil and Structural Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11357","display_name":"Risk and Safety Analysis","score":0.019600000232458115,"subfield":{"id":"https://openalex.org/subfields/1804","display_name":"Statistics, Probability and Uncertainty"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/hazard","display_name":"Hazard","score":0.5135999917984009},{"id":"https://openalex.org/keywords/bayesian-probability","display_name":"Bayesian probability","score":0.48980000615119934},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.478300005197525},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4652999937534332},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.44179999828338623},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.41370001435279846},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.4077000021934509},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.38609999418258667},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.35929998755455017}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7475000023841858},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5684999823570251},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5185999870300293},{"id":"https://openalex.org/C49261128","wikidata":"https://www.wikidata.org/wiki/Q1132455","display_name":"Hazard","level":2,"score":0.5135999917984009},{"id":"https://openalex.org/C107673813","wikidata":"https://www.wikidata.org/wiki/Q812534","display_name":"Bayesian probability","level":2,"score":0.48980000615119934},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.478300005197525},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4652999937534332},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.44999998807907104},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.44179999828338623},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.41370001435279846},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.4077000021934509},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.38609999418258667},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37059998512268066},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.35929998755455017},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.33719998598098755},{"id":"https://openalex.org/C2777526511","wikidata":"https://www.wikidata.org/wiki/Q691543","display_name":"Pace","level":2,"score":0.33649998903274536},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3359000086784363},{"id":"https://openalex.org/C206355099","wikidata":"https://www.wikidata.org/wiki/Q3614972","display_name":"Hazard analysis","level":2,"score":0.3116999864578247},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.30869999527931213},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2930000126361847},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.27639999985694885},{"id":"https://openalex.org/C160234255","wikidata":"https://www.wikidata.org/wiki/Q812535","display_name":"Bayesian inference","level":3,"score":0.2761000096797943},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.2619999945163727},{"id":"https://openalex.org/C62555980","wikidata":"https://www.wikidata.org/wiki/Q1460420","display_name":"Emergency management","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C114289077","wikidata":"https://www.wikidata.org/wiki/Q3284399","display_name":"Statistical model","level":2,"score":0.2574000060558319},{"id":"https://openalex.org/C107327155","wikidata":"https://www.wikidata.org/wiki/Q330268","display_name":"Decision support system","level":2,"score":0.2524999976158142},{"id":"https://openalex.org/C87345402","wikidata":"https://www.wikidata.org/wiki/Q485202","display_name":"Analytic hierarchy process","level":2,"score":0.2524000108242035},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.2522999942302704},{"id":"https://openalex.org/C33724603","wikidata":"https://www.wikidata.org/wiki/Q812540","display_name":"Bayesian network","level":2,"score":0.25110000371932983}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10207-026-01220-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01220-6","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01220-6.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10207-026-01220-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01220-6","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01220-6.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7636399269104004}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7127994882.pdf","grobid_xml":"https://content.openalex.org/works/W7127994882.grobid-xml"},"referenced_works_count":15,"referenced_works":["https://openalex.org/W2072063551","https://openalex.org/W2106188980","https://openalex.org/W2111959010","https://openalex.org/W2808902175","https://openalex.org/W2898126418","https://openalex.org/W3137260098","https://openalex.org/W3198189922","https://openalex.org/W4214543602","https://openalex.org/W4376955551","https://openalex.org/W4386318712","https://openalex.org/W4388816770","https://openalex.org/W4394989655","https://openalex.org/W4399208250","https://openalex.org/W4399999524","https://openalex.org/W4416025347"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Modern":[1],"organisations":[2,22],"face":[3],"a":[4,35,134,196],"cyber":[5,37,96],"threat":[6,83,92,97,224],"landscape":[7],"that":[8,41,139,208],"evolves":[9],"faster":[10],"than":[11,158],"traditional":[12],"qualitative":[13],"risk":[14,38,128,181],"scoring":[15],"can":[16],"adapt.":[17],"It":[18],"is":[19,88,100],"important":[20],"for":[21,123,198,230],"to":[23,72,76,90,223],"keep":[24],"pace":[25],"with":[26,46,150,160,183,214],"adversaries\u2019":[27],"tactics":[28,79],"and":[29,62,69,80,85,119,130,175,226,233],"react":[30],"accordingly.":[31],"This":[32],"paper":[33],"develops":[34],"quantitative":[36],"assessment":[39],"framework":[40],"integrates":[42],"Bayesian":[43,210],"statistical":[44],"analysis":[45],"system":[47,215],"specific":[48],"hazard":[49,121,192],"mapping.":[50],"Drawing":[51],"on":[52,145],"the":[53,65,140,189,202,228],"Cyber":[54],"Security":[55],"Body":[56],"of":[57,104],"Knowledge":[58],"(CyBOK)":[59],"Risk":[60],"Management":[61],"NIST":[63],"guidance,":[64],"study":[66,206],"maps":[67],"unacceptable":[68],"acceptable":[70],"losses":[71],"hazards,":[73],"links":[74],"hazards":[75,143],"MITRE":[77],"ATT&amp;CK":[78],"onto":[81],"broader":[82],"categories;":[84],"Bayes\u2019":[86],"Theorem":[87],"applied":[89],"update":[91],"probabilities":[93,122,157],"as":[94,195],"new":[95],"intelligence":[98],"(CTI)":[99],"ingested.":[101],"A":[102],"proof":[103],"concept":[105],"spreadsheet":[106],"tool":[107,141],"was":[108],"developed":[109],"-":[110],"it":[111],"ingests":[112],"CTI":[113,152],"pulses":[114],"from":[115],"publicly":[116],"available":[117],"feeds":[118],"recalculates":[120],"each":[124],"system,":[125],"producing":[126],"dynamic":[127],"scores":[129,167],"dashboards.":[131],"Evaluation":[132],"using":[133],"simulated":[135],"vulnerability":[136],"set":[137],"shows":[138],"reprioritises":[142],"based":[144],"current":[146],"exploitation":[147],"activity:":[148],"vulnerabilities":[149],"recent":[151],"evidence":[153],"receive":[154],"higher":[155],"posterior":[156],"those":[159],"similar":[161],"CVSS":[162],"(Common":[163],"Vulnerability":[164],"Scoring":[165],"System)":[166],"but":[168],"no":[169],"active":[170],"threats.":[171],"The":[172,205],"tool\u2019s":[173],"transparency":[174],"its":[176],"value":[177],"in":[178],"bridging":[179],"technical":[180],"data":[182],"organisational":[184],"decision":[185],"making,":[186],"while":[187],"noting":[188],"manual":[190],"effort":[191],"mapping":[193],"process":[194],"candidate":[197],"future":[199,231],"automation":[200,232],"are":[201],"key":[203],"observations.":[204],"concludes":[207],"simple":[209],"updating,":[211],"when":[212],"combined":[213],"context,":[216],"provides":[217],"an":[218],"accessible":[219],"yet":[220],"rigorous":[221],"approach":[222],"quantification":[225],"lays":[227],"foundation":[229],"dependency":[234],"modelling.":[235]},"counts_by_year":[],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2026-02-07T00:00:00"}