{"id":"https://openalex.org/W127755304","doi":"https://doi.org/10.1007/978-3-642-21424-0_22","title":"On Computing Enterprise IT Risk Metrics","display_name":"On Computing Enterprise IT Risk Metrics","publication_year":2011,"publication_date":"2011-01-01","ids":{"openalex":"https://openalex.org/W127755304","doi":"https://doi.org/10.1007/978-3-642-21424-0_22","mag":"127755304"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-642-21424-0_22","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-642-21424-0_22","pdf_url":null,"source":{"id":"https://openalex.org/S4210175514","display_name":"IFIP International Federation for Information Processing/IFIP","issn_l":"1571-5736","issn":["1571-5736","1861-2288"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IFIP Advances in Information and Communication Technology","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://inria.hal.science/hal-01567601","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100878559","display_name":"Sandeep Bhatt","orcid":null},"institutions":[{"id":"https://openalex.org/I1324840837","display_name":"Hewlett-Packard (United States)","ror":"https://ror.org/059rn9488","country_code":"US","type":"company","lineage":["https://openalex.org/I1324840837"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Sandeep Bhatt","raw_affiliation_strings":["Cloud and Security Lab, HP Laboratories, Princeton, USA","HP Labs,"],"affiliations":[{"raw_affiliation_string":"Cloud and Security Lab, HP Laboratories, Princeton, USA","institution_ids":["https://openalex.org/I1324840837"]},{"raw_affiliation_string":"HP Labs,","institution_ids":["https://openalex.org/I1324840837"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029183392","display_name":"William Horne","orcid":null},"institutions":[{"id":"https://openalex.org/I1324840837","display_name":"Hewlett-Packard (United States)","ror":"https://ror.org/059rn9488","country_code":"US","type":"company","lineage":["https://openalex.org/I1324840837"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"William Horne","raw_affiliation_strings":["Cloud and Security Lab, HP Laboratories, Princeton, USA","HP Labs,"],"affiliations":[{"raw_affiliation_string":"Cloud and Security Lab, HP Laboratories, Princeton, USA","institution_ids":["https://openalex.org/I1324840837"]},{"raw_affiliation_string":"HP Labs,","institution_ids":["https://openalex.org/I1324840837"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5004512380","display_name":"Prasad Rao","orcid":null},"institutions":[{"id":"https://openalex.org/I1324840837","display_name":"Hewlett-Packard (United States)","ror":"https://ror.org/059rn9488","country_code":"US","type":"company","lineage":["https://openalex.org/I1324840837"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Prasad Rao","raw_affiliation_strings":["Cloud and Security Lab, HP Laboratories, Princeton, USA","HP Labs,"],"affiliations":[{"raw_affiliation_string":"Cloud and Security Lab, HP Laboratories, Princeton, USA","institution_ids":["https://openalex.org/I1324840837"]},{"raw_affiliation_string":"HP Labs,","institution_ids":["https://openalex.org/I1324840837"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100878559"],"corresponding_institution_ids":["https://openalex.org/I1324840837"],"apc_list":null,"apc_paid":null,"fwci":0.7353,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.74187656,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"271","last_page":"280"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9919999837875366,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7106555700302124},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6630920171737671},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6445658206939697},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.6295713186264038},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.6042737364768982},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.48507967591285706},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4508041739463806},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.39709198474884033},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3233177065849304},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2960612177848816},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.23692205548286438},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.14602041244506836},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.11078566312789917},{"id":"https://openalex.org/keywords/psychological-intervention","display_name":"Psychological intervention","score":0.07782173156738281},{"id":"https://openalex.org/keywords/operations-management","display_name":"Operations management","score":0.07593068480491638}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7106555700302124},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6630920171737671},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6445658206939697},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.6295713186264038},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.6042737364768982},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.48507967591285706},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4508041739463806},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.39709198474884033},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3233177065849304},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2960612177848816},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.23692205548286438},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.14602041244506836},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.11078566312789917},{"id":"https://openalex.org/C27415008","wikidata":"https://www.wikidata.org/wiki/Q7256382","display_name":"Psychological intervention","level":2,"score":0.07782173156738281},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.07593068480491638},{"id":"https://openalex.org/C118552586","wikidata":"https://www.wikidata.org/wiki/Q7867","display_name":"Psychiatry","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/978-3-642-21424-0_22","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-642-21424-0_22","pdf_url":null,"source":{"id":"https://openalex.org/S4210175514","display_name":"IFIP International Federation for Information Processing/IFIP","issn_l":"1571-5736","issn":["1571-5736","1861-2288"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IFIP Advances in Information and Communication Technology","raw_type":"book-chapter"},{"id":"pmh:oai:HAL:hal-01567601v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-01567601","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"26th International Information Security Conference (SEC), Jun 2011, Lucerne, Switzerland. pp.271-280, &#x27E8;10.1007/978-3-642-21424-0_22&#x27E9;","raw_type":"Conference papers"}],"best_oa_location":{"id":"pmh:oai:HAL:hal-01567601v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-01567601","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"26th International Information Security Conference (SEC), Jun 2011, Lucerne, Switzerland. pp.271-280, &#x27E8;10.1007/978-3-642-21424-0_22&#x27E9;","raw_type":"Conference papers"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W273646509","https://openalex.org/W1570043269","https://openalex.org/W2009470162","https://openalex.org/W2077937403","https://openalex.org/W2083270195","https://openalex.org/W2092773459","https://openalex.org/W2100033648","https://openalex.org/W2110908300","https://openalex.org/W2121141821","https://openalex.org/W2143396794","https://openalex.org/W3103588133"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W2947584067","https://openalex.org/W2062873522","https://openalex.org/W3118510577","https://openalex.org/W3157230915","https://openalex.org/W1756374135","https://openalex.org/W4390540899","https://openalex.org/W2789975780","https://openalex.org/W2007895524"],"abstract_inverted_index":{"Assessing":[0],"the":[1,16,33,56,59,86,106,109,145,168,178,185],"vulnerability":[2,70],"of":[3,18,41,43,58,85,115,148,180,187,201],"large":[4],"heterogeneous":[5],"systems":[6],"is":[7],"crucial":[8],"to":[9,72,104,140,177,184,195],"IT":[10,61,81],"operational":[11],"decisions":[12],"such":[13],"as":[14,167],"prioritizing":[15,181],"deployment":[17],"security":[19],"patches":[20],"and":[21,54,67,134,142],"enhanced":[22,202],"monitoring.":[23,203],"These":[24],"assessments":[25],"are":[26,102,118,131],"based":[27],"on":[28,45,92],"various":[29],"criteria,":[30],"including":[31],"(i)":[32],"NIST":[34],"National":[35],"Vulnerability":[36],"Database":[37],"which":[38,63,101],"reports":[39],"tens":[40],"thousands":[42],"vulnerabilities":[44,91,155],"individual":[46,93,154],"components,":[47],"with":[48],"several":[49,80],"thousand":[50],"added":[51],"every":[52],"year,":[53],"(ii)":[55],"specifics":[57],"enterprise":[60,150],"infrastructure":[62],"includes":[64],"many":[65],"components.Defining":[66],"computing":[68],"appropriate":[69],"metrics":[71,88,130],"support":[73],"decision":[74],"making":[75],"remains":[76],"a":[77,137],"challenge.":[78],"Currently,":[79],"organizations":[82],"make":[83],"use":[84],"CVSS":[87,95,158,169],"that":[89],"score":[90],"components.":[94],"does":[96],"allow":[97],"for":[98,121,199],"environmental":[99,129,170],"metrics,":[100],"meant":[103],"capture":[105],"connectivity":[107,186],"among":[108],"components;":[110],"unfortunately,":[111],"within":[112],"Section":[113],"2.3":[114],"[1]":[116],"there":[117],"no":[119],"guidelines":[120],"how":[122],"these":[123],"should":[124],"be":[125,165,175,193],"defined":[126,133],"and,":[127],"consequently,":[128],"rarely":[132],"used.We":[135],"present":[136],"systematic":[138],"approach":[139],"quantify":[141],"automatically":[143],"compute":[144],"risk":[146],"profile":[147],"an":[149,188],"from":[151],"information":[152],"about":[153],"contained":[156],"in":[157],"scores.":[159],"The":[160],"metric":[161,173],"we":[162],"propose":[163],"can":[164,174,191],"used":[166,194],"score.":[171],"Our":[172],"applied":[176],"problem":[179],"patches,":[182],"customized":[183],"enterprise.":[189],"It":[190],"also":[192],"prioritize":[196],"vulnerable":[197],"components":[198],"purposes":[200]},"counts_by_year":[{"year":2017,"cited_by_count":1},{"year":2015,"cited_by_count":3},{"year":2013,"cited_by_count":1}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}