{"id":"https://openalex.org/W2801008321","doi":"https://doi.org/10.1080/12460125.2018.1468177","title":"Decision support for selecting information security controls","display_name":"Decision support for selecting information security controls","publication_year":2018,"publication_date":"2018-05-10","ids":{"openalex":"https://openalex.org/W2801008321","doi":"https://doi.org/10.1080/12460125.2018.1468177","mag":"2801008321"},"language":"en","primary_location":{"id":"doi:10.1080/12460125.2018.1468177","is_oa":false,"landing_page_url":"https://doi.org/10.1080/12460125.2018.1468177","pdf_url":null,"source":{"id":"https://openalex.org/S119153320","display_name":"Journal of Decision System","issn_l":"1246-0125","issn":["1246-0125","2116-7052"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Decision Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://hdl.handle.net/10451/33934","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043517773","display_name":"Lu\u00eds Pereira de Almeida","orcid":"https://orcid.org/0000-0001-5831-3307"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Lu\u00eds Almeida","raw_affiliation_strings":["Departamento de Inform\u00e1tica, Faculdade de Ci\u00eancias, Universidade de Lisboa , Lisboa, Portugal"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Departamento de Inform\u00e1tica, Faculdade de Ci\u00eancias, Universidade de Lisboa , Lisboa, Portugal","institution_ids":["https://openalex.org/I141596103"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065455336","display_name":"Ana Resp\u00edcio","orcid":"https://orcid.org/0000-0003-2758-7035"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Ana Resp\u00edcio","raw_affiliation_strings":["CMAF-CIO and Departamento de Inform\u00e1tica, Faculdade de Ci\u00eancias, Universidade de Lisboa , Lisboa, Portugal"],"raw_orcid":"https://orcid.org/0000-0003-2758-7035","affiliations":[{"raw_affiliation_string":"CMAF-CIO and Departamento de Inform\u00e1tica, Faculdade de Ci\u00eancias, Universidade de Lisboa , Lisboa, Portugal","institution_ids":["https://openalex.org/I141596103"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5065455336"],"corresponding_institution_ids":["https://openalex.org/I141596103"],"apc_list":null,"apc_paid":null,"fwci":4.5222,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.95211303,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"27","issue":"sup1","first_page":"173","last_page":"180"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.6578467488288879},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6518945693969727},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.592319130897522},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5886006951332092},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.5406662225723267},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5288295149803162},{"id":"https://openalex.org/keywords/portfolio","display_name":"Portfolio","score":0.5191961526870728},{"id":"https://openalex.org/keywords/selection","display_name":"Selection (genetic algorithm)","score":0.5034770369529724},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.49845409393310547},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.47865068912506104},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.462754487991333},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.45193326473236084},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.41955065727233887},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.3497283458709717},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3340189754962921},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.12262651324272156}],"concepts":[{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.6578467488288879},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6518945693969727},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.592319130897522},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5886006951332092},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.5406662225723267},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5288295149803162},{"id":"https://openalex.org/C2780821815","wikidata":"https://www.wikidata.org/wiki/Q5340806","display_name":"Portfolio","level":2,"score":0.5191961526870728},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.5034770369529724},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.49845409393310547},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.47865068912506104},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.462754487991333},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.45193326473236084},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.41955065727233887},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.3497283458709717},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3340189754962921},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.12262651324272156},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1080/12460125.2018.1468177","is_oa":false,"landing_page_url":"https://doi.org/10.1080/12460125.2018.1468177","pdf_url":null,"source":{"id":"https://openalex.org/S119153320","display_name":"Journal of Decision System","issn_l":"1246-0125","issn":["1246-0125","2116-7052"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Decision Systems","raw_type":"journal-article"},{"id":"pmh:oai:repositorio.ul.pt:10451/33934","is_oa":true,"landing_page_url":"http://hdl.handle.net/10451/33934","pdf_url":null,"source":{"id":"https://openalex.org/S4306402433","display_name":"Portuguese National Funding Agency for Science, Research and Technology (RCAAP Project by FCT)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"master thesis"}],"best_oa_location":{"id":"pmh:oai:repositorio.ul.pt:10451/33934","is_oa":true,"landing_page_url":"http://hdl.handle.net/10451/33934","pdf_url":null,"source":{"id":"https://openalex.org/S4306402433","display_name":"Portuguese National Funding Agency for Science, Research and Technology (RCAAP Project by FCT)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"master thesis"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7099999785423279,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G5718556257","display_name":null,"funder_award_id":"PTDC/EEI-ESS/5863/2014","funder_id":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia"},{"id":"https://openalex.org/G7573641107","display_name":null,"funder_award_id":"UID/MAT/04561/2013","funder_id":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia"},{"id":"https://openalex.org/G8948934892","display_name":null,"funder_award_id":"grant.Provided by PTCRIS: 144502","funder_id":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia"}],"funders":[{"id":"https://openalex.org/F4320334779","display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","ror":"https://ror.org/00snfqn58"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1614559240","https://openalex.org/W1925725102","https://openalex.org/W2059209509","https://openalex.org/W2336041988","https://openalex.org/W2528769776","https://openalex.org/W2892670700"],"related_works":["https://openalex.org/W2776554033","https://openalex.org/W805142288","https://openalex.org/W2363177828","https://openalex.org/W1988974780","https://openalex.org/W2495229164","https://openalex.org/W2399025821","https://openalex.org/W2390821232","https://openalex.org/W2293554594","https://openalex.org/W2894900144","https://openalex.org/W2940646603"],"abstract_inverted_index":{"With":[0],"the":[1,4,6,32,61,67,70,127,136,141,150,159,170,185],"emergence":[2],"of":[3,8,18,34,45,53,96,107,138,143,161],"Internet,":[5],"volume":[7],"cyberattacks":[9],"has":[10,20,156,188],"been":[11,189],"progressively":[12],"growing":[13],"and,":[14],"therefore,":[15],"adequate":[16,51,167],"security":[17,35,73,90,97,103],"information":[19,41],"a":[21,82,94,108,192],"crucial":[22],"role":[23],"in":[24,66,72],"IT":[25],"systems.":[26],"Organisations":[27],"face":[28],"complex":[29],"decisions":[30],"regarding":[31],"selection":[33,57],"controls":[36,47,98,104,144,162],"that":[37,145],"allow":[38],"protecting":[39],"their":[40,56],"assets.":[42],"The":[43,122],"implementation":[44],"these":[46],"should":[48],"ensure":[49],"an":[50,86,166],"level":[52],"protection.":[54],"However,":[55],"requires":[58],"knowledge":[59],"about":[60],"vulnerabilities":[62,91],"and":[63,69,92,119,131,140],"threats":[64],"existing":[65,151],"organisation,":[68],"investment":[71],"must":[74],"comply":[75],"with":[76],"economic":[77],"constraints.":[78],"This":[79],"work":[80],"proposes":[81],"framework":[83,123],"to":[84,88,99,134,157,163,179],"support":[85,135,195],"organisation":[87],"identify":[89],"optimise":[93],"portfolio":[95],"mitigate":[100,147],"them.":[101,148],"Those":[102],"may":[105],"be":[106],"mixed":[109],"nature,":[110],"such":[111],"as":[112,191],"hardware":[113],"controls,":[114,116],"software":[115],"policies,":[117],"procedures":[118],"training":[120],"actions.":[121],"is":[124,177],"established":[125],"using":[126],"standards":[128],"ISO/IEC":[129,132],"27001:2013":[130],"27002:2013":[133],"identification":[137],"vulnerabilities/threats":[139,152],"choice":[142],"can":[146],"Once":[149],"are":[153],"identified,":[154],"one":[155],"select":[158],"subset":[160],"implement,":[164],"assuring":[165],"mitigation":[168],"at":[169],"lowest":[171],"cost.":[172],"An":[173],"integer":[174],"programming":[175],"model":[176],"used":[178],"address":[180],"this":[181],"optimisation":[182],"problem":[183],"within":[184],"framework,":[186],"which":[187],"implemented":[190],"prototype":[193],"decision":[194],"tool.":[196]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}