{"id":"https://openalex.org/W3006426379","doi":"https://doi.org/10.1109/iceei47359.2019.8988832","title":"OTPAF: A Security Requirement Conceptual Model of SaaS for Malaysian Government based on Common Criteria","display_name":"OTPAF: A Security Requirement Conceptual Model of SaaS for Malaysian Government based on Common Criteria","publication_year":2019,"publication_date":"2019-07-01","ids":{"openalex":"https://openalex.org/W3006426379","doi":"https://doi.org/10.1109/iceei47359.2019.8988832","mag":"3006426379"},"language":"en","primary_location":{"id":"doi:10.1109/iceei47359.2019.8988832","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iceei47359.2019.8988832","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 International Conference on Electrical Engineering and Informatics (ICEEI)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013299498","display_name":"Norlaili binti Abdul Hamid","orcid":null},"institutions":[{"id":"https://openalex.org/I885383172","display_name":"National University of Malaysia","ror":"https://ror.org/00bw8d226","country_code":"MY","type":"education","lineage":["https://openalex.org/I885383172"]}],"countries":["MY"],"is_corresponding":true,"raw_author_name":"Norlaili binti Abdul Hamid","raw_affiliation_strings":["Faculty of Information Science &#x0026; Technology (FTSM), Universiti Kebangsaan Malaysia (UKM),Selangor,Malaysia","Faculty of Information Science & Technology (FTSM), Universiti Kebangsaan Malaysia (UKM), Selangor, Malaysia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Science &#x0026; Technology (FTSM), Universiti Kebangsaan Malaysia (UKM),Selangor,Malaysia","institution_ids":["https://openalex.org/I885383172"]},{"raw_affiliation_string":"Faculty of Information Science & Technology (FTSM), Universiti Kebangsaan Malaysia (UKM), Selangor, Malaysia","institution_ids":["https://openalex.org/I885383172"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101493491","display_name":"Ibrahim Mohamed","orcid":"https://orcid.org/0009-0004-2552-2013"},"institutions":[{"id":"https://openalex.org/I885383172","display_name":"National University of Malaysia","ror":"https://ror.org/00bw8d226","country_code":"MY","type":"education","lineage":["https://openalex.org/I885383172"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Ibrahim Mohamed","raw_affiliation_strings":["Faculty of Information Science &#x0026; Technology (FTSM), Universiti Kebangsaan Malaysia (UKM),Selangor,Malaysia","Faculty of Information Science & Technology (FTSM), Universiti Kebangsaan Malaysia (UKM), Selangor, Malaysia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Science &#x0026; Technology (FTSM), Universiti Kebangsaan Malaysia (UKM),Selangor,Malaysia","institution_ids":["https://openalex.org/I885383172"]},{"raw_affiliation_string":"Faculty of Information Science & Technology (FTSM), Universiti Kebangsaan Malaysia (UKM), Selangor, Malaysia","institution_ids":["https://openalex.org/I885383172"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010946494","display_name":"Maslina Daud","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Maslina Daud","raw_affiliation_strings":["CyberSecurity Malaysia,Cyber Security Proactive Services Division,Selangor,Malaysia","Cyber Security Proactive Services Division, CyberSecurity Malaysia, Selangor, Malaysia"],"affiliations":[{"raw_affiliation_string":"CyberSecurity Malaysia,Cyber Security Proactive Services Division,Selangor,Malaysia","institution_ids":[]},{"raw_affiliation_string":"Cyber Security Proactive Services Division, CyberSecurity Malaysia, Selangor, Malaysia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068081575","display_name":"Norahana Salimin","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Norahana Salimin","raw_affiliation_strings":["CyberSecurity Malaysia,Malaysian Security Evaluation Facility (MySEF) Department,Selangor,Malaysia","Malaysian Security Evaluation Facility (MySEF) Department, CyberSecurity Malaysia, Selangor, Malaysia"],"affiliations":[{"raw_affiliation_string":"CyberSecurity Malaysia,Malaysian Security Evaluation Facility (MySEF) Department,Selangor,Malaysia","institution_ids":[]},{"raw_affiliation_string":"Malaysian Security Evaluation Facility (MySEF) Department, CyberSecurity Malaysia, Selangor, Malaysia","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026392787","display_name":"Nur Ilyani Ahmad","orcid":null},"institutions":[{"id":"https://openalex.org/I885383172","display_name":"National University of Malaysia","ror":"https://ror.org/00bw8d226","country_code":"MY","type":"education","lineage":["https://openalex.org/I885383172"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Nur Ilyani Ahmad","raw_affiliation_strings":["Faculty of Information Science &#x0026; Technology (FTSM), Universiti Kebangsaan Malaysia (UKM),Selangor,Malaysia","Faculty of Information Science & Technology (FTSM), Universiti Kebangsaan Malaysia (UKM), Selangor, Malaysia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Science &#x0026; Technology (FTSM), Universiti Kebangsaan Malaysia (UKM),Selangor,Malaysia","institution_ids":["https://openalex.org/I885383172"]},{"raw_affiliation_string":"Faculty of Information Science & Technology (FTSM), Universiti Kebangsaan Malaysia (UKM), Selangor, Malaysia","institution_ids":["https://openalex.org/I885383172"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5013299498"],"corresponding_institution_ids":["https://openalex.org/I885383172"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.30233035,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"69","last_page":"74"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7497097253799438},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.647624135017395},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.6128026247024536},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.6082643866539001},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5979731678962708},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.5717012286186218},{"id":"https://openalex.org/keywords/software-as-a-service","display_name":"Software as a service","score":0.5580443143844604},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5484781861305237},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5173496603965759},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.47661104798316956},{"id":"https://openalex.org/keywords/government","display_name":"Government (linguistics)","score":0.4597362279891968},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.45723873376846313},{"id":"https://openalex.org/keywords/procurement","display_name":"Procurement","score":0.42474308609962463},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.29898667335510254},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.23819145560264587},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.22288012504577637}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7497097253799438},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.647624135017395},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.6128026247024536},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.6082643866539001},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5979731678962708},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.5717012286186218},{"id":"https://openalex.org/C175133352","wikidata":"https://www.wikidata.org/wiki/Q1254596","display_name":"Software as a service","level":4,"score":0.5580443143844604},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5484781861305237},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5173496603965759},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.47661104798316956},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.4597362279891968},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.45723873376846313},{"id":"https://openalex.org/C201650216","wikidata":"https://www.wikidata.org/wiki/Q829492","display_name":"Procurement","level":2,"score":0.42474308609962463},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.29898667335510254},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.23819145560264587},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.22288012504577637},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iceei47359.2019.8988832","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iceei47359.2019.8988832","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 International Conference on Electrical Engineering and Informatics (ICEEI)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W1987826190","https://openalex.org/W2035863211","https://openalex.org/W2046266419","https://openalex.org/W2131730994","https://openalex.org/W2342723101","https://openalex.org/W2599371600","https://openalex.org/W2742200672","https://openalex.org/W2780375555","https://openalex.org/W2785655981","https://openalex.org/W2886046342","https://openalex.org/W2904349874"],"related_works":["https://openalex.org/W2165898552","https://openalex.org/W2784006287","https://openalex.org/W2353811196","https://openalex.org/W2097628364","https://openalex.org/W2907868081","https://openalex.org/W2056412463","https://openalex.org/W1811024770","https://openalex.org/W4230385779","https://openalex.org/W2032098076","https://openalex.org/W2187486724"],"abstract_inverted_index":{"The":[0],"aim":[1],"of":[2,11,191],"this":[3],"study":[4],"is":[5,17,32,63],"to":[6,36,65,76,90,159,178,196],"define":[7],"security":[8,42,79,101,120,124,147,167,193],"requirements":[9],"(SR)":[10],"Information":[12],"Technology":[13],"(IT)":[14],"product":[15,39,74],"that":[16,82,200],"deployed":[18],"on":[19],"Cloud":[20],"platform":[21],"as":[22,24,45,69,71],"Software":[23],"a":[25,112,138,197],"Service":[26],"(SaaS)":[27],"for":[28,103,115],"Malaysian":[29],"government.":[30],"This":[31],"critical":[33],"in":[34,57,99,136],"order":[35],"secure":[37],"the":[38,54,67,73,85,144,166,176,184,189,192],"from":[40,94],"information":[41,146],"threats":[43,154],"such":[44],"malware":[46],"attack,":[47],"account":[48],"hijacking,":[49],"data":[50],"leakage":[51],"and":[52,96,133,149,155,174,188],"at":[53],"same":[55],"time,":[56],"line":[58],"with":[59],"government":[60,86,92,145],"policy.":[61],"It":[62],"important":[64],"address":[66],"SR":[68,117],"early":[70],"before":[72],"acquisition":[75,104],"avoid":[77],"any":[78],"incidents":[80],"happen":[81],"will":[83],"affect":[84],"IT":[87,95],"ecosystem.":[88],"Hence,":[89],"help":[91],"officer":[93],"procurement":[97,106],"department":[98],"preparing":[100],"specification":[102],"or":[105],"exercise,":[107],"we":[108,142,164],"introduce":[109],"OTPAF":[110,187],"model,":[111],"novel":[113],"approach":[114,173],"defining":[116],"by":[118],"connecting":[119],"components":[121,177,194],"which":[122],"are":[123,157],"objective":[125],"(O),":[126],"threat":[127],"(T),":[128],"policy":[129],"(P),":[130],"assumption":[131],"(A)":[132],"functionality":[134,168],"(F)":[135],"deriving":[137,195],"relational":[139,198],"statement.":[140],"First":[141],"acquire":[143],"objectives":[148],"policies.":[150],"Then":[151],"cloud":[152],"top":[153],"controls":[156],"referred":[158],"map":[160],"altogether.":[161],"Following":[162],"that,":[163],"elicit":[165],"using":[169],"Common":[170],"Criteria":[171],"(CC)":[172],"combines":[175],"become":[179],"SR.":[180,202],"Result":[181],"presents":[182],"how":[183],"conceptual":[185],"model":[186],"values":[190],"statement":[199],"becoming":[201]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}