{"id":"https://openalex.org/W2086280313","doi":"https://doi.org/10.1108/imcs-09-2012-0054","title":"Resolving vulnerability identification errors using security requirements on business process models","display_name":"Resolving vulnerability identification errors using security requirements on business process models","publication_year":2013,"publication_date":"2013-07-12","ids":{"openalex":"https://openalex.org/W2086280313","doi":"https://doi.org/10.1108/imcs-09-2012-0054","mag":"2086280313"},"language":"en","primary_location":{"id":"doi:10.1108/imcs-09-2012-0054","is_oa":false,"landing_page_url":"https://doi.org/10.1108/imcs-09-2012-0054","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039795147","display_name":"Stefan Taubenberger","orcid":null},"institutions":[{"id":"https://openalex.org/I204136569","display_name":"The Open University","ror":"https://ror.org/05mzfcs16","country_code":"GB","type":"education","lineage":["https://openalex.org/I204136569"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Stefan Taubenberger","raw_affiliation_strings":["Computing Department, The Open University, Milton Keynes, UK","Computing Department The Open University, Milton Keynes, UK"],"affiliations":[{"raw_affiliation_string":"Computing Department, The Open University, Milton Keynes, UK","institution_ids":["https://openalex.org/I204136569"]},{"raw_affiliation_string":"Computing Department The Open University, Milton Keynes, UK","institution_ids":["https://openalex.org/I204136569"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029120753","display_name":"Jan J\u00fcrjens","orcid":"https://orcid.org/0000-0002-8938-0470"},"institutions":[{"id":"https://openalex.org/I4210163630","display_name":"Fraunhofer Institute for Software and Systems Engineering","ror":"https://ror.org/058kjq542","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210163630","https://openalex.org/I4923324"]},{"id":"https://openalex.org/I200332995","display_name":"TU Dortmund University","ror":"https://ror.org/01k97gp34","country_code":"DE","type":"education","lineage":["https://openalex.org/I200332995"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Jan J\u00fcrjens","raw_affiliation_strings":["Department of Computer Science, Technical University Dortmund, Dortmund, Germany and Fraunhofer Institute for Software and Systems Engineering ISST, Dortmund, Germany","(Department of Computer Science, Technical University Dortmund, Dortmund, Germany and Fraunhofer Institute for Software and Systems Engineering ISST, Dortmund, Germany)"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Technical University Dortmund, Dortmund, Germany and Fraunhofer Institute for Software and Systems Engineering ISST, Dortmund, Germany","institution_ids":["https://openalex.org/I200332995","https://openalex.org/I4210163630"]},{"raw_affiliation_string":"(Department of Computer Science, Technical University Dortmund, Dortmund, Germany and Fraunhofer Institute for Software and Systems Engineering ISST, Dortmund, Germany)","institution_ids":["https://openalex.org/I200332995"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002289161","display_name":"Yijun Yu","orcid":"https://orcid.org/0000-0002-7154-8570"},"institutions":[{"id":"https://openalex.org/I204136569","display_name":"The Open University","ror":"https://ror.org/05mzfcs16","country_code":"GB","type":"education","lineage":["https://openalex.org/I204136569"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Yijun Yu","raw_affiliation_strings":["Computing Department, The Open University, Milton Keynes, UK","Computing Department The Open University, Milton Keynes, UK"],"affiliations":[{"raw_affiliation_string":"Computing Department, The Open University, Milton Keynes, UK","institution_ids":["https://openalex.org/I204136569"]},{"raw_affiliation_string":"Computing Department The Open University, Milton Keynes, UK","institution_ids":["https://openalex.org/I204136569"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060861082","display_name":"Bashar Nuseibeh","orcid":"https://orcid.org/0000-0002-3476-053X"},"institutions":[{"id":"https://openalex.org/I230495080","display_name":"University of Limerick","ror":"https://ror.org/00a0n9e72","country_code":"IE","type":"education","lineage":["https://openalex.org/I230495080"]},{"id":"https://openalex.org/I4210130076","display_name":"Lero","ror":"https://ror.org/038dhnb42","country_code":"IE","type":"other","lineage":["https://openalex.org/I4210130076"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Bashar Nuseibeh","raw_affiliation_strings":["Lero \u2013 The Irish Software Engineering Research Centre; and Computing Department, University of Limerick, Limerick, Ireland and The Open University, Milton Keynes, UK","(Lero \u2013 The Irish Software Engineering Research Centre; and Computing Department, University of Limerick, Limerick, Ireland and The Open University, Milton Keynes, UK)"],"affiliations":[{"raw_affiliation_string":"Lero \u2013 The Irish Software Engineering Research Centre; and Computing Department, University of Limerick, Limerick, Ireland and The Open University, Milton Keynes, UK","institution_ids":["https://openalex.org/I4210130076","https://openalex.org/I230495080"]},{"raw_affiliation_string":"(Lero \u2013 The Irish Software Engineering Research Centre; and Computing Department, University of Limerick, Limerick, Ireland and The Open University, Milton Keynes, UK)","institution_ids":["https://openalex.org/I230495080"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5039795147"],"corresponding_institution_ids":["https://openalex.org/I204136569"],"apc_list":null,"apc_paid":null,"fwci":2.5078,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.91623452,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":"21","issue":"3","first_page":"202","last_page":"223"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9898999929428101,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.9890000224113464,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7139343619346619},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6392059326171875},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.6169586181640625},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5990211367607117},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.5781537294387817},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5761095285415649},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.5470938086509705},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5286296606063843},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.485879123210907},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4717733860015869},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.46127769351005554},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2626829743385315},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.19639837741851807}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7139343619346619},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6392059326171875},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.6169586181640625},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5990211367607117},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.5781537294387817},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5761095285415649},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.5470938086509705},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5286296606063843},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.485879123210907},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4717733860015869},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.46127769351005554},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2626829743385315},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.19639837741851807},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1108/imcs-09-2012-0054","is_oa":false,"landing_page_url":"https://doi.org/10.1108/imcs-09-2012-0054","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"},{"id":"pmh:http://www.rian.ie/71780/","is_oa":false,"landing_page_url":"http://hdl.handle.net/10344/3485","pdf_url":null,"source":{"id":"https://openalex.org/S4306400033","display_name":"Arrow@dit (Dublin Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I115570527","host_organization_name":"Dublin Institute of Technology","host_organization_lineage":["https://openalex.org/I115570527"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"Information Management and Computer Security;21(3), pp. 202-223","raw_type":"Journal article"},{"id":"pmh:oai:oro.open.ac.uk:37410","is_oa":false,"landing_page_url":"https://oro.open.ac.uk/view/person/yy66.html>","pdf_url":null,"source":{"id":"https://openalex.org/S4306401187","display_name":"Open Research Online (The Open University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I204136569","host_organization_name":"The Open University","host_organization_lineage":["https://openalex.org/I204136569"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"},{"id":"pmh:oai:publica.fraunhofer.de:publica/232874","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/232874","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"journal article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.46000000834465027,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W48058385","https://openalex.org/W110993677","https://openalex.org/W171045190","https://openalex.org/W1444168786","https://openalex.org/W1590753067","https://openalex.org/W1598535537","https://openalex.org/W1973715336","https://openalex.org/W1978807326","https://openalex.org/W1994621643","https://openalex.org/W1996525336","https://openalex.org/W2000891179","https://openalex.org/W2003422966","https://openalex.org/W2031189121","https://openalex.org/W2044839138","https://openalex.org/W2048416997","https://openalex.org/W2049561176","https://openalex.org/W2053154970","https://openalex.org/W2060268744","https://openalex.org/W2083280706","https://openalex.org/W2104800148","https://openalex.org/W2106326663","https://openalex.org/W2130425133","https://openalex.org/W2131730994","https://openalex.org/W2136769082","https://openalex.org/W2146537463","https://openalex.org/W2146863076","https://openalex.org/W2149289754","https://openalex.org/W2150546866","https://openalex.org/W2164777277","https://openalex.org/W2167321783","https://openalex.org/W2167771807","https://openalex.org/W2221810736","https://openalex.org/W2339802317","https://openalex.org/W2369295637","https://openalex.org/W4234540472","https://openalex.org/W4237954349","https://openalex.org/W4250195845","https://openalex.org/W4285719527","https://openalex.org/W6635747591"],"related_works":["https://openalex.org/W2103623742","https://openalex.org/W3189065608","https://openalex.org/W793801093","https://openalex.org/W4200186781","https://openalex.org/W2365617256","https://openalex.org/W4320712973","https://openalex.org/W1165274528","https://openalex.org/W2747667641","https://openalex.org/W1589929340","https://openalex.org/W2188103875"],"abstract_inverted_index":{"Purpose":[0],"In":[1],"any":[2],"information":[3,64,99],"security":[4,34,41,61,106,155,167,198,214],"risk":[5,125],"assessment,":[6],"vulnerabilities":[7,23],"are":[8,30,36,93],"usually":[9],"identified":[10,20],"by":[11,58,118,164],"information\u2010gathering":[12],"techniques.":[13],"However,":[14],"vulnerability":[15,56,111,187],"identification":[16,159,188,200],"errors":[17,57,112,160,189,201],"\u2013":[18,24],"wrongly":[19],"or":[21],"unidentified":[22],"can":[25,113,161,202],"occur":[26,190],"as":[27,144,146],"uncertain":[28],"data":[29],"used.":[31],"Furthermore,":[32],"businesses'":[33],"needs":[35],"not":[37,44,176],"considered":[38,177],"sufficiently.":[39],"Hence,":[40],"functions":[42,92],"may":[43],"protect":[45],"business":[46,67,86,102],"assets":[47,65],"sufficiently":[48],"and":[49,89],"cost\u2010effectively.":[50],"This":[51],"paper":[52],"aims":[53],"to":[54],"resolve":[55],"analysing":[59],"the":[60,98,120,129,170,194,210],"requirements":[62,168],"of":[63,97,101,122,140,172,197,213],"in":[66,95,169,178,191],"process":[68,72,87],"models.":[69],"Design/methodology/approach":[70],"Business":[71],"models":[73],"have":[74],"been":[75],"selected":[76],"for":[77],"use,":[78],"because":[79],"there":[80],"is":[81,134,175,184],"a":[82,123,148,152],"close":[83],"relationship":[84],"between":[85],"objectives":[88],"risks.":[90],"Security":[91],"evaluated":[94],"terms":[96],"flow":[100],"processes":[103],"regarding":[104],"their":[105],"requirements.":[107,215],"The":[108,132],"claim":[109],"that":[110,186],"be":[114,162,203],"resolved":[115,163],"was":[116],"validated":[117],"comparing":[119],"results":[121],"current":[124,179],"assessment":[126,180,206],"approach":[127],"with":[128],"proposed":[130],"approach.":[131],"comparison":[133],"conducted":[135],"both":[136],"at":[137],"three":[138],"entities":[139],"an":[141],"insurance":[142],"company,":[143],"well":[145],"through":[147],"controlled":[149],"experiment":[150],"within":[151],"survey":[153],"among":[154],"professionals.":[156],"Findings":[157],"Vulnerability":[158],"explicitly":[165],"evaluating":[166],"course":[171],"business;":[173],"this":[174],"methods.":[181],"Originality/value":[182],"It":[183],"shown":[185],"practice.":[192],"With":[193],"explicit":[195,211],"evaluation":[196,212],"requirements,":[199],"resolved.":[204],"Risk":[205],"methods":[207],"should":[208],"consider":[209]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}