{"id":"https://openalex.org/W4415399893","doi":"https://doi.org/10.1109/etfa65518.2025.11205716","title":"Automated Documentation of Security Risk Assessments with Large Language Models","display_name":"Automated Documentation of Security Risk Assessments with Large Language Models","publication_year":2025,"publication_date":"2025-09-09","ids":{"openalex":"https://openalex.org/W4415399893","doi":"https://doi.org/10.1109/etfa65518.2025.11205716"},"language":null,"primary_location":{"id":"doi:10.1109/etfa65518.2025.11205716","is_oa":false,"landing_page_url":"https://doi.org/10.1109/etfa65518.2025.11205716","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 30th International Conference on Emerging Technologies and Factory Automation (ETFA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005787965","display_name":"Marco Ehrlich","orcid":null},"institutions":[{"id":"https://openalex.org/I4210113436","display_name":"SC Solutions (United States)","ror":"https://ror.org/01x5py295","country_code":"US","type":"company","lineage":["https://openalex.org/I4210113436"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Marco Ehrlich","raw_affiliation_strings":["Rt-Solutions.de GmbH,Industrial Security,Cologne,Germany"],"affiliations":[{"raw_affiliation_string":"Rt-Solutions.de GmbH,Industrial Security,Cologne,Germany","institution_ids":["https://openalex.org/I4210113436"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031273028","display_name":"Lisa Gebauer","orcid":null},"institutions":[{"id":"https://openalex.org/I5209920","display_name":"Ostwestfalen-Lippe University of Applied Sciences and Arts","ror":"https://ror.org/04eka8j06","country_code":"DE","type":"education","lineage":["https://openalex.org/I5209920"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lisa Gebauer","raw_affiliation_strings":["InIT - Institute Industrial IT,Lemgo,Germany"],"affiliations":[{"raw_affiliation_string":"InIT - Institute Industrial IT,Lemgo,Germany","institution_ids":["https://openalex.org/I5209920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043157830","display_name":"S. Wolf","orcid":"https://orcid.org/0000-0001-7841-3452"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sebastian Wolf","raw_affiliation_strings":["Weidm&#x00FC;ller GmbH &#x0026; Co KG,Detmold,Germany"],"affiliations":[{"raw_affiliation_string":"Weidm&#x00FC;ller GmbH &#x0026; Co KG,Detmold,Germany","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056365501","display_name":"Uwe M\u00f6nks","orcid":"https://orcid.org/0000-0003-1015-0697"},"institutions":[{"id":"https://openalex.org/I4210113436","display_name":"SC Solutions (United States)","ror":"https://ror.org/01x5py295","country_code":"US","type":"company","lineage":["https://openalex.org/I4210113436"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Uwe M\u00f6nks","raw_affiliation_strings":["Rt-Solutions.de GmbH,Industrial Security,Cologne,Germany"],"affiliations":[{"raw_affiliation_string":"Rt-Solutions.de GmbH,Industrial Security,Cologne,Germany","institution_ids":["https://openalex.org/I4210113436"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5032285377","display_name":"Henning Trsek","orcid":"https://orcid.org/0000-0002-0133-0656"},"institutions":[{"id":"https://openalex.org/I5209920","display_name":"Ostwestfalen-Lippe University of Applied Sciences and Arts","ror":"https://ror.org/04eka8j06","country_code":"DE","type":"education","lineage":["https://openalex.org/I5209920"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Henning Trsek","raw_affiliation_strings":["InIT - Institute Industrial IT,Lemgo,Germany"],"affiliations":[{"raw_affiliation_string":"InIT - Institute Industrial IT,Lemgo,Germany","institution_ids":["https://openalex.org/I5209920"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5005787965"],"corresponding_institution_ids":["https://openalex.org/I4210113436"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.45058023,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"4"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.975600004196167,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.975600004196167,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9455999732017517,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9043999910354614,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.7792999744415283},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.5777999758720398},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.48649999499320984},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.41280001401901245},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.37220001220703125},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.34439998865127563},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.3395000100135803}],"concepts":[{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.7792999744415283},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.599399983882904},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.5777999758720398},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5126000046730042},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.48649999499320984},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4332999885082245},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.41280001401901245},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.37220001220703125},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.34439998865127563},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3395000100135803},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3312999904155731},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.31130000948905945},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.304500013589859},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.30379998683929443},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.2985999882221222},{"id":"https://openalex.org/C25688753","wikidata":"https://www.wikidata.org/wiki/Q1413406","display_name":"Technical documentation","level":3,"score":0.29820001125335693},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2897000014781952},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2824999988079071},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.27559998631477356},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.27549999952316284},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.27230000495910645},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.26589998602867126}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/etfa65518.2025.11205716","is_oa":false,"landing_page_url":"https://doi.org/10.1109/etfa65518.2025.11205716","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 30th International Conference on Emerging Technologies and Factory Automation (ETFA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W2599557761","https://openalex.org/W2767011015","https://openalex.org/W2991118826","https://openalex.org/W3012963018","https://openalex.org/W3016062171","https://openalex.org/W3094320230","https://openalex.org/W4281288583","https://openalex.org/W4312648232","https://openalex.org/W4320712876","https://openalex.org/W4386071846","https://openalex.org/W4386071867","https://openalex.org/W4401671778","https://openalex.org/W4404688214","https://openalex.org/W4413558600"],"related_works":[],"abstract_inverted_index":{"The":[0],"general":[1],"development":[2,25,40,82],"of":[3,19,41,75,105],"Industry":[4],"4.0":[5],"and":[6,38,44,55,66,93,99],"the":[7,13,24,36,68,73,76,81,85,96,103],"highly":[8],"dynamic":[9],"threat":[10],"landscape":[11],"extend":[12],"need":[14],"for":[15,59,89],"continuous":[16],"security":[17,77],"engineering":[18],"industrial":[20],"components,":[21],"especially":[22],"during":[23],"phase.":[26,83],"Security":[27],"risk":[28,78],"assessments":[29],"play":[30],"an":[31],"important":[32],"role":[33],"to":[34,71],"ensure":[35],"secure":[37],"safe":[39],"Industrial":[42],"Automation":[43],"Control":[45],"Systems":[46],"(IACSs),":[47],"but":[48],"they":[49],"are":[50,91],"based":[51],"on":[52],"sophisticated":[53],"manual":[54],"typically":[56],"time-consuming":[57],"tasks":[58],"human":[60],"experts.":[61],"Therefore,":[62],"this":[63],"publication":[64],"identifies":[65],"analyzes":[67],"information":[69],"required":[70],"document":[72],"results":[74,101],"assessment":[79],"throughout":[80],"Furthermore,":[84],"currently":[86],"present":[87],"concepts":[88],"documentation":[90],"integrated":[92],"aligned":[94],"towards":[95],"initially":[97],"automated":[98],"tool-based":[100],"by":[102],"utilization":[104],"Large":[106],"Language":[107],"Models":[108],"(LLMs).":[109]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-22T00:00:00"}