{"id":"https://openalex.org/W112401318","doi":"https://doi.org/10.1007/978-3-642-23082-0_6","title":"A Method for Security Governance, Risk, and Compliance (GRC): A Goal-Process Approach","display_name":"A Method for Security Governance, Risk, and Compliance (GRC): A Goal-Process Approach","publication_year":2011,"publication_date":"2011-01-01","ids":{"openalex":"https://openalex.org/W112401318","doi":"https://doi.org/10.1007/978-3-642-23082-0_6","mag":"112401318"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-642-23082-0_6","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-642-23082-0_6","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5041367526","display_name":"Yudistira Asnar","orcid":null},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Yudistira Asnar","raw_affiliation_strings":["Department of Information Engineering and Computer Science, University of Trento, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Information Engineering and Computer Science, University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085639552","display_name":"Fabio Massacci","orcid":"https://orcid.org/0000-0002-1091-8486"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Fabio Massacci","raw_affiliation_strings":["Department of Information Engineering and Computer Science, University of Trento, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Information Engineering and Computer Science, University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5041367526"],"corresponding_institution_ids":["https://openalex.org/I193223587"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":null,"fwci":2.2006,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.8762362,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"152","last_page":"184"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7494401931762695},{"id":"https://openalex.org/keywords/itil-security-management","display_name":"ITIL security management","score":0.5514795780181885},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5323401093482971},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.527877926826477},{"id":"https://openalex.org/keywords/business-process","display_name":"Business process","score":0.5261839628219604},{"id":"https://openalex.org/keywords/information-technology-infrastructure-library","display_name":"Information Technology Infrastructure Library","score":0.5204256176948547},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.485330730676651},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.47285082936286926},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4669925272464752},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4535251557826996},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.44118720293045044},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.3463590741157532},{"id":"https://openalex.org/keywords/work-in-process","display_name":"Work in process","score":0.2818916440010071},{"id":"https://openalex.org/keywords/information-technology","display_name":"Information technology","score":0.26202666759490967},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2185799479484558},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1286579668521881},{"id":"https://openalex.org/keywords/operations-management","display_name":"Operations management","score":0.1069512665271759}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7494401931762695},{"id":"https://openalex.org/C114351632","wikidata":"https://www.wikidata.org/wiki/Q5974820","display_name":"ITIL security management","level":5,"score":0.5514795780181885},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5323401093482971},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.527877926826477},{"id":"https://openalex.org/C85345410","wikidata":"https://www.wikidata.org/wiki/Q851587","display_name":"Business process","level":3,"score":0.5261839628219604},{"id":"https://openalex.org/C201359696","wikidata":"https://www.wikidata.org/wiki/Q152361","display_name":"Information Technology Infrastructure Library","level":3,"score":0.5204256176948547},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.485330730676651},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.47285082936286926},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4669925272464752},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4535251557826996},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44118720293045044},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3463590741157532},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.2818916440010071},{"id":"https://openalex.org/C121017731","wikidata":"https://www.wikidata.org/wiki/Q11661","display_name":"Information technology","level":2,"score":0.26202666759490967},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2185799479484558},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1286579668521881},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.1069512665271759},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":6,"locations":[{"id":"doi:10.1007/978-3-642-23082-0_6","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-642-23082-0_6","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.475.9741","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.475.9741","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.ieeeisi.org/article.pdf","raw_type":"text"},{"id":"pmh:oai:iris.unitn.it:11572/99559","is_oa":false,"landing_page_url":"http://hdl.handle.net/11572/99559","pdf_url":null,"source":{"id":"https://openalex.org/S4306401913","display_name":"Institutional Research Information System (Universit\u00e0 degli Studi di Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/bookPart"},{"id":"pmh:oai:iris.unitn.it:11572/99562","is_oa":false,"landing_page_url":"http://www.scopus.com/record/display.url?eid=2-s2.0-84857744199&origin=inward&txGid=2B8AF6BF6E1491A95C77AE2AE16F9EF5.N5T5nM1aaTEF8rE6yKCR3A%3a21","pdf_url":null,"source":{"id":"https://openalex.org/S4306401913","display_name":"Institutional Research Information System (Universit\u00e0 degli Studi di Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"},{"id":"pmh:oai:research.vu.nl:publications/9cc73d13-4420-4a4e-bc6a-a1c45263b806","is_oa":false,"landing_page_url":"https://hdl.handle.net/1871.1/9cc73d13-4420-4a4e-bc6a-a1c45263b806","pdf_url":null,"source":{"id":"https://openalex.org/S4306400546","display_name":"Digital Academic REpository of VU University Amsterdam (Vrije Universiteit Amsterdam)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Asnar, Y & Massacci, F 2011, A method for security governance, risk, and compliance (GRC): A goal-process approach. https://doi.org/10.1007/978-3-642-23082-0_6","raw_type":"book"},{"id":"pmh:vu:oai:research.vu.nl:publications/9cc73d13-4420-4a4e-bc6a-a1c45263b806","is_oa":false,"landing_page_url":"https://research.vu.nl/en/publications/9cc73d13-4420-4a4e-bc6a-a1c45263b806","pdf_url":null,"source":{"id":"https://openalex.org/S4306401843","display_name":"Data Archiving and Networked Services (DANS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1322597698","host_organization_name":"Royal Netherlands Academy of Arts and Sciences","host_organization_lineage":["https://openalex.org/I1322597698"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/book"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals","score":0.4099999964237213}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W146540859","https://openalex.org/W1514888816","https://openalex.org/W1516054582","https://openalex.org/W1524500851","https://openalex.org/W1543835543","https://openalex.org/W1544262338","https://openalex.org/W1561082337","https://openalex.org/W1589398260","https://openalex.org/W1589731227","https://openalex.org/W1763951514","https://openalex.org/W1911281453","https://openalex.org/W1972276999","https://openalex.org/W2059914506","https://openalex.org/W2092016553","https://openalex.org/W2093844899","https://openalex.org/W2097810426","https://openalex.org/W2101107197","https://openalex.org/W2116190908","https://openalex.org/W2130891285","https://openalex.org/W2137454160","https://openalex.org/W2139889174","https://openalex.org/W2143932955","https://openalex.org/W2166056089","https://openalex.org/W2183152877","https://openalex.org/W2290660652","https://openalex.org/W2492688925","https://openalex.org/W3144627111","https://openalex.org/W3165744266","https://openalex.org/W3203078008","https://openalex.org/W4256581596"],"related_works":["https://openalex.org/W2033357182","https://openalex.org/W2469558869","https://openalex.org/W4321844648","https://openalex.org/W2370581992","https://openalex.org/W833563683","https://openalex.org/W2358770215","https://openalex.org/W2105642970","https://openalex.org/W2560277441","https://openalex.org/W2986166089","https://openalex.org/W4252386057"],"abstract_inverted_index":null,"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":2}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}