{"id":"https://openalex.org/W4390188836","doi":"https://doi.org/10.1109/dasc/picom/cbdcom/cy59711.2023.10361456","title":"Towards Cybersecurity Risk Assessment Automation: an Ontological Approach","display_name":"Towards Cybersecurity Risk Assessment Automation: an Ontological Approach","publication_year":2023,"publication_date":"2023-11-14","ids":{"openalex":"https://openalex.org/W4390188836","doi":"https://doi.org/10.1109/dasc/picom/cbdcom/cy59711.2023.10361456"},"language":"en","primary_location":{"id":"doi:10.1109/dasc/picom/cbdcom/cy59711.2023.10361456","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dasc/picom/cbdcom/cy59711.2023.10361456","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5055234714","display_name":"Nicol\u00f2 Maunero","orcid":"https://orcid.org/0000-0002-4331-1066"},"institutions":[{"id":"https://openalex.org/I4210152452","display_name":"Consorzio Interuniversitario Nazionale per l'Informatica","ror":"https://ror.org/03v8v5y65","country_code":"IT","type":"facility","lineage":["https://openalex.org/I4210152452"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Nicol\u00f2 Maunero","raw_affiliation_strings":["CINI Cybersecurity National Lab,Rome,Italy","CINI Cybersecurity National Lab, Rome, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CINI Cybersecurity National Lab,Rome,Italy","institution_ids":["https://openalex.org/I4210152452"]},{"raw_affiliation_string":"CINI Cybersecurity National Lab, Rome, Italy","institution_ids":["https://openalex.org/I4210152452"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107502272","display_name":"Fabio De Rosa","orcid":null},"institutions":[{"id":"https://openalex.org/I4210152452","display_name":"Consorzio Interuniversitario Nazionale per l'Informatica","ror":"https://ror.org/03v8v5y65","country_code":"IT","type":"facility","lineage":["https://openalex.org/I4210152452"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Fabio De Rosa","raw_affiliation_strings":["CINI Cybersecurity National Lab,Rome,Italy","CINI Cybersecurity National Lab, Rome, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CINI Cybersecurity National Lab,Rome,Italy","institution_ids":["https://openalex.org/I4210152452"]},{"raw_affiliation_string":"CINI Cybersecurity National Lab, Rome, Italy","institution_ids":["https://openalex.org/I4210152452"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036258272","display_name":"P. Prinetto","orcid":"https://orcid.org/0000-0003-2400-8245"},"institutions":[{"id":"https://openalex.org/I127077003","display_name":"IMT School for Advanced Studies Lucca","ror":"https://ror.org/035gh3a49","country_code":"IT","type":"education","lineage":["https://openalex.org/I127077003"]},{"id":"https://openalex.org/I177477856","display_name":"Politecnico di Torino","ror":"https://ror.org/00bgk9508","country_code":"IT","type":"education","lineage":["https://openalex.org/I177477856"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Paolo Prinetto","raw_affiliation_strings":["Politecnico di Tornio Turin,Italy","IMT School for Advanced Studies Lucca, Italy","Politecnico di Tornio Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Politecnico di Tornio Turin,Italy","institution_ids":["https://openalex.org/I177477856"]},{"raw_affiliation_string":"IMT School for Advanced Studies Lucca, Italy","institution_ids":["https://openalex.org/I127077003"]},{"raw_affiliation_string":"Politecnico di Tornio Turin, Italy","institution_ids":["https://openalex.org/I177477856"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.5881,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.9189625,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"0628","last_page":"0635"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9810000061988831,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7474269866943359},{"id":"https://openalex.org/keywords/ontology","display_name":"Ontology","score":0.7192673087120056},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5459340214729309},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.5302752256393433},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5224308371543884},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5173213481903076},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5142083168029785},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5097166895866394},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.4851875901222229},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.45595553517341614},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.3868510127067566},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3345208764076233},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.32775068283081055},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.16842880845069885},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.12064617872238159}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7474269866943359},{"id":"https://openalex.org/C25810664","wikidata":"https://www.wikidata.org/wiki/Q44325","display_name":"Ontology","level":2,"score":0.7192673087120056},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5459340214729309},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.5302752256393433},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5224308371543884},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5173213481903076},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5142083168029785},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5097166895866394},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.4851875901222229},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.45595553517341614},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.3868510127067566},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3345208764076233},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.32775068283081055},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.16842880845069885},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.12064617872238159},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/dasc/picom/cbdcom/cy59711.2023.10361456","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dasc/picom/cbdcom/cy59711.2023.10361456","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W62218527","https://openalex.org/W2078556945","https://openalex.org/W2154829072","https://openalex.org/W2622330081","https://openalex.org/W2805750930","https://openalex.org/W2884015218","https://openalex.org/W2903774181","https://openalex.org/W2937937495","https://openalex.org/W3018229887","https://openalex.org/W3030043615","https://openalex.org/W3044806866","https://openalex.org/W3185585282","https://openalex.org/W3186154954","https://openalex.org/W3193901082","https://openalex.org/W3194789266","https://openalex.org/W4200335017","https://openalex.org/W4210344620","https://openalex.org/W4210653799","https://openalex.org/W4232424383","https://openalex.org/W4239588692","https://openalex.org/W4246100533","https://openalex.org/W4282003621","https://openalex.org/W4285827321","https://openalex.org/W4311454680","https://openalex.org/W4312250199","https://openalex.org/W4312975823","https://openalex.org/W4362654097","https://openalex.org/W6812742317"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2947584067","https://openalex.org/W3118510577","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2062873522"],"abstract_inverted_index":{"In":[0],"the":[1,44,55,68,77,129,153,158,180,193,207,213,224,235],"past":[2],"decade,":[3],"cyber":[4],"attacks":[5],"have":[6],"been":[7],"escalating,":[8],"affecting":[9],"both":[10,206],"large":[11],"organizations":[12],"and":[13,20,67,101,112,139,145,171,196,212,227,233],"smaller":[14],"businesses,":[15],"as":[16,18,190,192,217],"well":[17,191],"individuals":[19],"a":[21,99,117],"proactive":[22],"approach":[23,126],"to":[24,43,64,76,91,133,167,178,200,203],"cybersecurity":[25],"risk":[26,32,78,93,181,186],"assessment":[27,33,79,94,187],"has":[28],"become":[29],"indispensable.":[30],"The":[31,50,84,120,147,185],"process":[34,80,188,226],"is":[35,81,106,149,164],"composed":[36],"of":[37,46,58,70,104,157,182],"different":[38],"activities,":[39],"from":[40],"vulnerability":[41],"management":[42],"identification":[45],"threats":[47,66],"(threat":[48],"modeling).":[49],"main":[51],"challenge":[52],"lies":[53],"in":[54,87,127,205,223,230],"manual":[56],"nature":[57],"these":[59],"activities":[60],"facing":[61],"complexities":[62],"due":[63],"evolving":[65],"growth":[69],"ICT":[71,109,208],"infrastructures.":[72],"Hence,":[73],"providing":[74],"automation":[75],"becoming":[82],"crucial.":[83],"work":[85],"presented":[86],"this":[88,131,173],"paper":[89],"aims":[90],"automate":[92],"using":[95],"an":[96,124],"ontology-based":[97],"approach;":[98],"structured":[100],"formal":[102],"representation":[103],"data":[105],"provided":[107],"for":[108,238],"infrastructures":[110],"description":[111],"related":[113],"security":[114,140,155],"information":[115,156,174,219,236],"leveraging":[116],"defined":[118,168],"ontology.":[119],"proposed":[121,198],"solution":[122],"follows":[123],"asset-oriented":[125],"defining":[128],"ontology;":[130],"allows":[132,199],"tightly":[134],"link":[135],"together":[136],"infrastructure":[137,159,209],"components":[138],"data,":[141],"enhancing":[142],"automation's":[143],"effectiveness":[144],"precision.":[146],"ontology":[148],"automatically":[150],"populated":[151],"with":[152],"required":[154,237],"under":[160,210],"analysis,":[161],"threat":[162,214],"modeling":[163],"performed":[165],"resorting":[166],"inference":[169],"rules":[170],"all":[172],"items":[175],"are":[176,220],"used":[177],"assess":[179],"identified":[183],"threats.":[184],"automation,":[189],"supporting":[194],"models":[195],"knowledge-base,":[197],"easily":[201],"adapt":[202],"changes":[204],"analysis":[211],"land":[215],"scape":[216],"new":[218],"integrated":[221],"seamlessly":[222],"evaluation":[225],"support":[228],"analyst":[229],"gather,":[231],"combine":[232],"analyse":[234],"evaluating":[239],"risk.":[240]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}