{"id":"https://openalex.org/W2006335128","doi":"https://doi.org/10.1109/espre.2014.6890527","title":"Pattern-based and ISO 27001 compliant risk analysis for cloud systems","display_name":"Pattern-based and ISO 27001 compliant risk analysis for cloud systems","publication_year":2014,"publication_date":"2014-08-01","ids":{"openalex":"https://openalex.org/W2006335128","doi":"https://doi.org/10.1109/espre.2014.6890527","mag":"2006335128"},"language":"en","primary_location":{"id":"doi:10.1109/espre.2014.6890527","is_oa":false,"landing_page_url":"https://doi.org/10.1109/espre.2014.6890527","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014569696","display_name":"Azadeh Alebrahim","orcid":null},"institutions":[{"id":"https://openalex.org/I62318514","display_name":"University of Duisburg-Essen","ror":"https://ror.org/04mz5ra38","country_code":"DE","type":"education","lineage":["https://openalex.org/I62318514"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Azadeh Alebrahim","raw_affiliation_strings":["Paluno-The Ruhr Institute for Software Technology, University of Duisburg-Essen, Germany","[Paluno-The Ruhr Institute for Software Technology, University of Duisburg-Essen, Germany]"],"affiliations":[{"raw_affiliation_string":"Paluno-The Ruhr Institute for Software Technology, University of Duisburg-Essen, Germany","institution_ids":["https://openalex.org/I62318514"]},{"raw_affiliation_string":"[Paluno-The Ruhr Institute for Software Technology, University of Duisburg-Essen, Germany]","institution_ids":["https://openalex.org/I62318514"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012295892","display_name":"Denis Hatebur","orcid":null},"institutions":[{"id":"https://openalex.org/I62318514","display_name":"University of Duisburg-Essen","ror":"https://ror.org/04mz5ra38","country_code":"DE","type":"education","lineage":["https://openalex.org/I62318514"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Denis Hatebur","raw_affiliation_strings":["Paluno-The Ruhr Institute for Software Technology, University of Duisburg-Essen, Germany","[Paluno-The Ruhr Institute for Software Technology, University of Duisburg-Essen, Germany]"],"affiliations":[{"raw_affiliation_string":"Paluno-The Ruhr Institute for Software Technology, University of Duisburg-Essen, Germany","institution_ids":["https://openalex.org/I62318514"]},{"raw_affiliation_string":"[Paluno-The Ruhr Institute for Software Technology, University of Duisburg-Essen, Germany]","institution_ids":["https://openalex.org/I62318514"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001892609","display_name":"Ludger Goeke","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ludger Goeke","raw_affiliation_strings":["ITESYS GmbH, Dortmund, Germany","ITESYS GmbH Dortmund, Germany"],"affiliations":[{"raw_affiliation_string":"ITESYS GmbH, Dortmund, Germany","institution_ids":[]},{"raw_affiliation_string":"ITESYS GmbH Dortmund, Germany","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5014569696"],"corresponding_institution_ids":["https://openalex.org/I62318514"],"apc_list":null,"apc_paid":null,"fwci":0.7889,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.81095848,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"42","last_page":"47"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10101","display_name":"Cloud Computing and Resource Management","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7960734963417053},{"id":"https://openalex.org/keywords/information-security-management-system","display_name":"Information security management system","score":0.7355637550354004},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6030961275100708},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.590715765953064},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5653653144836426},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.5038782954216003},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.4974656403064728},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4754195809364319},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.41556715965270996},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.2804562449455261},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.21236565709114075},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.19249919056892395}],"concepts":[{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7960734963417053},{"id":"https://openalex.org/C111153917","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management system","level":5,"score":0.7355637550354004},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6030961275100708},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.590715765953064},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5653653144836426},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.5038782954216003},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.4974656403064728},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4754195809364319},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.41556715965270996},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.2804562449455261},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.21236565709114075},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.19249919056892395},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/espre.2014.6890527","is_oa":false,"landing_page_url":"https://doi.org/10.1109/espre.2014.6890527","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W146540859","https://openalex.org/W1602002062","https://openalex.org/W2022756008","https://openalex.org/W2027127753","https://openalex.org/W2086116693","https://openalex.org/W2108375742","https://openalex.org/W2111695375","https://openalex.org/W2131629857","https://openalex.org/W2134633310","https://openalex.org/W2151519068","https://openalex.org/W2275530856","https://openalex.org/W2492688925","https://openalex.org/W6676517742","https://openalex.org/W6679408652","https://openalex.org/W6694821995","https://openalex.org/W6723544875"],"related_works":["https://openalex.org/W40842196","https://openalex.org/W3089669902","https://openalex.org/W203815982","https://openalex.org/W2188382005","https://openalex.org/W2546952811","https://openalex.org/W2392937364","https://openalex.org/W2000891179","https://openalex.org/W1495551475","https://openalex.org/W3195449469","https://openalex.org/W1988974780"],"abstract_inverted_index":{"For":[0,14],"accepting":[1],"clouds":[2],"and":[3,78,87,126],"using":[4,29],"cloud":[5,15,95,117,140],"services":[6],"by":[7,138],"companies,":[8],"security":[9,26,41,121],"plays":[10],"a":[11,85,139],"decisive":[12],"role.":[13],"providers,":[16],"one":[17],"way":[18],"to":[19,24,74,90,101],"obtain":[20],"customers'":[21],"confidence":[22],"is":[23,47,99,136],"establish":[25],"mechanisms":[27],"when":[28],"clouds.":[30],"The":[31,134],"ISO":[32,53,110],"27001":[33,54],"standard":[34,55],"provides":[35],"general":[36],"concepts":[37],"for":[38,56,94,129],"establishing":[39],"information":[40,58],"in":[42,51],"an":[43,48],"organization.":[44],"Risk":[45],"analysis":[46,93,119],"essential":[49],"part":[50],"the":[52,106,109,116,131],"achieving":[57],"security.":[59],"This":[60],"standard,":[61],"however,":[62],"contains":[63],"ambiguous":[64],"descriptions.":[65],"In":[66,80],"addition,":[67],"it":[68],"does":[69],"not":[70],"stipulate":[71],"any":[72],"method":[73,89,104,135],"identify":[75],"assets,":[76],"threats,":[77],"vulnerabilities.":[79],"this":[81],"paper,":[82],"we":[83],"present":[84],"structured":[86],"pattern-based":[88],"conduct":[91],"risk":[92,132],"computing":[96],"systems.":[97],"It":[98],"tailored":[100],"SMEs.":[102],"Our":[103],"addresses":[105],"requirements":[107],"of":[108,115],"27001.":[111],"We":[112],"make":[113],"use":[114],"system":[118],"pattern,":[120],"requirement":[122],"patterns,":[123,125],"threat":[124],"control":[127],"patterns":[128],"conducting":[130],"analysis.":[133],"illustrated":[137],"logistics":[141],"application":[142],"example.":[143]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}