{"id":"https://openalex.org/W2136052907","doi":"https://doi.org/10.1109/crisis.2009.5411970","title":"A quantitative approach to assess information security related risks","display_name":"A quantitative approach to assess information security related risks","publication_year":2009,"publication_date":"2009-10-01","ids":{"openalex":"https://openalex.org/W2136052907","doi":"https://doi.org/10.1109/crisis.2009.5411970","mag":"2136052907"},"language":"en","primary_location":{"id":"doi:10.1109/crisis.2009.5411970","is_oa":false,"landing_page_url":"https://doi.org/10.1109/crisis.2009.5411970","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009)","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043135516","display_name":"Anton Romanov","orcid":"https://orcid.org/0000-0001-5275-7628"},"institutions":[{"id":"https://openalex.org/I146399215","display_name":"University of Tsukuba","ror":"https://ror.org/02956yf07","country_code":"JP","type":"education","lineage":["https://openalex.org/I146399215"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Anton Romanov","raw_affiliation_strings":["Graduate School of Systems and Information Engineering, University of Tsukuba, Japan","Graduate Sch. of Syst. & Inf. Eng., Univ. of Tsukuba, Japan#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Graduate School of Systems and Information Engineering, University of Tsukuba, Japan","institution_ids":["https://openalex.org/I146399215"]},{"raw_affiliation_string":"Graduate Sch. of Syst. & Inf. Eng., Univ. of Tsukuba, Japan#TAB#","institution_ids":["https://openalex.org/I146399215"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5007597460","display_name":"Eiji Okamoto","orcid":"https://orcid.org/0000-0001-7834-1639"},"institutions":[{"id":"https://openalex.org/I146399215","display_name":"University of Tsukuba","ror":"https://ror.org/02956yf07","country_code":"JP","type":"education","lineage":["https://openalex.org/I146399215"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Eiji Okamoto","raw_affiliation_strings":["Graduate School of Systems and Information Engineering, University of Tsukuba, Japan","Graduate Sch. of Syst. & Inf. Eng., Univ. of Tsukuba, Japan#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Graduate School of Systems and Information Engineering, University of Tsukuba, Japan","institution_ids":["https://openalex.org/I146399215"]},{"raw_affiliation_string":"Graduate Sch. of Syst. & Inf. Eng., Univ. of Tsukuba, Japan#TAB#","institution_ids":["https://openalex.org/I146399215"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I146399215"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"117","last_page":"122"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9901000261306763,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9890999794006348,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.6702492237091064},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6258262991905212},{"id":"https://openalex.org/keywords/information-assurance","display_name":"Information assurance","score":0.6230185627937317},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.6176716089248657},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5717649459838867},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.5592089295387268},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5552240014076233},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.5546836853027344},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.46824395656585693},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.4614606499671936},{"id":"https://openalex.org/keywords/speculation","display_name":"Speculation","score":0.4516044855117798},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.42944714426994324},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4146898090839386},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.30686289072036743},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.19378259778022766},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.08990636467933655}],"concepts":[{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.6702492237091064},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6258262991905212},{"id":"https://openalex.org/C2780795517","wikidata":"https://www.wikidata.org/wiki/Q6030997","display_name":"Information assurance","level":3,"score":0.6230185627937317},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.6176716089248657},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5717649459838867},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.5592089295387268},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5552240014076233},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.5546836853027344},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.46824395656585693},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.4614606499671936},{"id":"https://openalex.org/C47941915","wikidata":"https://www.wikidata.org/wiki/Q107885","display_name":"Speculation","level":2,"score":0.4516044855117798},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.42944714426994324},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4146898090839386},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.30686289072036743},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.19378259778022766},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.08990636467933655},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/crisis.2009.5411970","is_oa":false,"landing_page_url":"https://doi.org/10.1109/crisis.2009.5411970","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W120093952","https://openalex.org/W191865523","https://openalex.org/W1480983297","https://openalex.org/W1505260036","https://openalex.org/W1530212340","https://openalex.org/W1543208566","https://openalex.org/W1551275368","https://openalex.org/W1586561602","https://openalex.org/W2021873433","https://openalex.org/W2030121826","https://openalex.org/W2146792152","https://openalex.org/W2161254067","https://openalex.org/W2262309431","https://openalex.org/W2504190647","https://openalex.org/W2610289416","https://openalex.org/W3135723249","https://openalex.org/W4285719527","https://openalex.org/W4300116433","https://openalex.org/W6607830251","https://openalex.org/W6628642564","https://openalex.org/W6632373117","https://openalex.org/W6632850048","https://openalex.org/W6634793804","https://openalex.org/W6657781296","https://openalex.org/W6692873993","https://openalex.org/W6724652335","https://openalex.org/W6814465184"],"related_works":["https://openalex.org/W4256374004","https://openalex.org/W4310892428","https://openalex.org/W2120971814","https://openalex.org/W2384723023","https://openalex.org/W3048948897","https://openalex.org/W2777401565","https://openalex.org/W2144394323","https://openalex.org/W2362334938","https://openalex.org/W2056794087","https://openalex.org/W1557523735"],"abstract_inverted_index":{"Nowadays":[0],"providing":[1],"information":[2,27,52],"security":[3,53,164],"(IS)":[4],"assurance":[5],"becomes":[6],"one":[7],"of":[8,22,39,46,57,84,91,101,105,119,134],"key":[9,132],"aspects":[10],"for":[11,114],"many":[12],"organizations":[13],"worldwide.":[14],"This":[15],"is":[16,54,108,137],"caused":[17],"not":[18,141],"only":[19],"by":[20,29,36],"desire":[21],"management":[23],"to":[24,50,68,77,109,128,160],"protect":[25],"sensitive":[26],"fed":[28],"growing":[30],"hackers":[31],"'":[32],"activity":[33],"but":[34],"also":[35],"recent":[37],"enforcement":[38],"legal":[40],"requirements":[41],"and":[42,94,116,146,158,162],"industry":[43],"regulations.":[44],"One":[45],"the":[47],"required":[48],"procedures":[49],"manage":[51],"regular":[55],"performing":[56],"IS":[58,70,120],"risk":[59],"assessment.":[60],"Though":[61],"there":[62],"already":[63],"are":[64,74,83],"several":[65],"approaches":[66],"proposed":[67,135],"measure":[69],"related":[71,121],"risk,":[72],"they":[73],"either":[75],"inapplicable":[76],"real":[78],"enterprises'":[79],"IT":[80],"landscapes":[81],"or":[82],"qualitative":[85],"nature":[86],"(based":[87],"on":[88,148],"subjective":[89,144],"decisions":[90],"implementation":[92],"team)":[93],"thus":[95],"could":[96],"suffer":[97,142],"from":[98,143],"significant":[99],"degree":[100],"speculation.":[102],"The":[103],"purpose":[104],"this":[106],"paper":[107],"present":[110],"a":[111],"quantitative":[112],"approach":[113,136],"effective":[115],"efficient":[117],"assessment":[118],"risks":[122],"which":[123],"can":[124],"be":[125],"easily":[126],"applied":[127],"any":[129],"enterprise.":[130],"A":[131],"feature":[133],"that":[138],"it":[139],"does":[140],"considerations":[145],"relies":[147],"statistical":[149],"data.":[150],"Other":[151],"relevant":[152],"features":[153],"are:":[154],"maintenance":[155],"cost":[156],"reduction":[157],"possibility":[159],"prioritize":[161],"compare":[163],"initiatives.":[165]},"counts_by_year":[{"year":2018,"cited_by_count":1}],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2025-10-10T00:00:00"}
