{"id":"https://openalex.org/W2032858326","doi":"https://doi.org/10.1109/isias.2013.6947735","title":"The state of the art of risk assessment and management for information systems","display_name":"The state of the art of risk assessment and management for information systems","publication_year":2013,"publication_date":"2013-12-01","ids":{"openalex":"https://openalex.org/W2032858326","doi":"https://doi.org/10.1109/isias.2013.6947735","mag":"2032858326"},"language":"en","primary_location":{"id":"doi:10.1109/isias.2013.6947735","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isias.2013.6947735","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 9th International Conference on Information Assurance and Security (IAS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078836892","display_name":"Lulu Liang","orcid":"https://orcid.org/0000-0001-8766-4763"},"institutions":[{"id":"https://openalex.org/I4210160629","display_name":"China Information Technology Security Evaluation Center","ror":"https://ror.org/053cexp66","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210160629"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Lulu Liang","raw_affiliation_strings":["China Information Technology Security Evaluation Center, Beijing, P.R. China","China Information Technology Security Evaluation Center, Beijing 100085, China"],"affiliations":[{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing, P.R. China","institution_ids":["https://openalex.org/I4210160629"]},{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing 100085, China","institution_ids":["https://openalex.org/I4210160629"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100339146","display_name":"Ren Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210160629","display_name":"China Information Technology Security Evaluation Center","ror":"https://ror.org/053cexp66","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210160629"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wang Ren","raw_affiliation_strings":["China Information Technology Security Evaluation Center, Beijing, P.R. China","China Information Technology Security Evaluation Center, Beijing 100085, China"],"affiliations":[{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing, P.R. China","institution_ids":["https://openalex.org/I4210160629"]},{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing 100085, China","institution_ids":["https://openalex.org/I4210160629"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101359202","display_name":"Jing Song","orcid":null},"institutions":[{"id":"https://openalex.org/I4210160629","display_name":"China Information Technology Security Evaluation Center","ror":"https://ror.org/053cexp66","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210160629"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jing Song","raw_affiliation_strings":["China Information Technology Security Evaluation Center, Beijing, P.R. China","China Information Technology Security Evaluation Center, Beijing 100085, China"],"affiliations":[{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing, P.R. China","institution_ids":["https://openalex.org/I4210160629"]},{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing 100085, China","institution_ids":["https://openalex.org/I4210160629"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5097559570","display_name":"Huaming Hu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210160629","display_name":"China Information Technology Security Evaluation Center","ror":"https://ror.org/053cexp66","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210160629"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Huaming Hu","raw_affiliation_strings":["China Information Technology Security Evaluation Center, Beijing, P.R. China","China Information Technology Security Evaluation Center, Beijing 100085, China"],"affiliations":[{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing, P.R. China","institution_ids":["https://openalex.org/I4210160629"]},{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing 100085, China","institution_ids":["https://openalex.org/I4210160629"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019915847","display_name":"Qiang He","orcid":"https://orcid.org/0000-0002-1820-6141"},"institutions":[{"id":"https://openalex.org/I4210160629","display_name":"China Information Technology Security Evaluation Center","ror":"https://ror.org/053cexp66","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210160629"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qiang He","raw_affiliation_strings":["China Information Technology Security Evaluation Center, Beijing, P.R. China","China Information Technology Security Evaluation Center, Beijing 100085, China"],"affiliations":[{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing, P.R. China","institution_ids":["https://openalex.org/I4210160629"]},{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing 100085, China","institution_ids":["https://openalex.org/I4210160629"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102194960","display_name":"Shuo Fang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210160629","display_name":"China Information Technology Security Evaluation Center","ror":"https://ror.org/053cexp66","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210160629"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shuo Fang","raw_affiliation_strings":["China Information Technology Security Evaluation Center, Beijing, P.R. China","China Information Technology Security Evaluation Center, Beijing 100085, China"],"affiliations":[{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing, P.R. China","institution_ids":["https://openalex.org/I4210160629"]},{"raw_affiliation_string":"China Information Technology Security Evaluation Center, Beijing 100085, China","institution_ids":["https://openalex.org/I4210160629"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5078836892"],"corresponding_institution_ids":["https://openalex.org/I4210160629"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.17135914,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"66","last_page":"71"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.8157893419265747},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6615954041481018},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.6317660212516785},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.6277134418487549},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5940470099449158},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5750460028648376},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5736422538757324},{"id":"https://openalex.org/keywords/risk-management-information-systems","display_name":"Risk management information systems","score":0.5697116851806641},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.5646042227745056},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.5582639575004578},{"id":"https://openalex.org/keywords/threat","display_name":"Threat","score":0.5506224632263184},{"id":"https://openalex.org/keywords/information-systems-security","display_name":"Information systems security","score":0.540825366973877},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.503001868724823},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4714083671569824},{"id":"https://openalex.org/keywords/it-risk-management","display_name":"IT risk management","score":0.4507012367248535},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.44840008020401},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.43931859731674194},{"id":"https://openalex.org/keywords/risk-management-framework","display_name":"Risk management framework","score":0.425836980342865},{"id":"https://openalex.org/keywords/management-information-systems","display_name":"Management information systems","score":0.421403706073761},{"id":"https://openalex.org/keywords/information-security-management-system","display_name":"Information security management system","score":0.4112773537635803},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.34680482745170593},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2180386483669281},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.186377614736557},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.10006088018417358},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.07867896556854248},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.07487013936042786}],"concepts":[{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.8157893419265747},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6615954041481018},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.6317660212516785},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.6277134418487549},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5940470099449158},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5750460028648376},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5736422538757324},{"id":"https://openalex.org/C81146079","wikidata":"https://www.wikidata.org/wiki/Q7336283","display_name":"Risk management information systems","level":4,"score":0.5697116851806641},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.5646042227745056},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.5582639575004578},{"id":"https://openalex.org/C17520342","wikidata":"https://www.wikidata.org/wiki/Q7797190","display_name":"Threat","level":5,"score":0.5506224632263184},{"id":"https://openalex.org/C2988319471","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information systems security","level":4,"score":0.540825366973877},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.503001868724823},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4714083671569824},{"id":"https://openalex.org/C95609273","wikidata":"https://www.wikidata.org/wiki/Q5975208","display_name":"IT risk management","level":3,"score":0.4507012367248535},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.44840008020401},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.43931859731674194},{"id":"https://openalex.org/C164403151","wikidata":"https://www.wikidata.org/wiki/Q7336280","display_name":"Risk management framework","level":4,"score":0.425836980342865},{"id":"https://openalex.org/C29848774","wikidata":"https://www.wikidata.org/wiki/Q61905","display_name":"Management information systems","level":3,"score":0.421403706073761},{"id":"https://openalex.org/C111153917","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management system","level":5,"score":0.4112773537635803},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.34680482745170593},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2180386483669281},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.186377614736557},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.10006088018417358},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.07867896556854248},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.07487013936042786},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/isias.2013.6947735","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isias.2013.6947735","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 9th International Conference on Information Assurance and Security (IAS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W1563272187","https://openalex.org/W2512503597","https://openalex.org/W2617872846","https://openalex.org/W2618490554","https://openalex.org/W2618688419","https://openalex.org/W2620482464","https://openalex.org/W2624248292","https://openalex.org/W2635669510","https://openalex.org/W2682375553","https://openalex.org/W2734695534","https://openalex.org/W2789825598","https://openalex.org/W2790868216","https://openalex.org/W2791061415","https://openalex.org/W2794421626","https://openalex.org/W3125862264"],"related_works":["https://openalex.org/W568645608","https://openalex.org/W3003573127","https://openalex.org/W3199571163","https://openalex.org/W3048840722","https://openalex.org/W2363630253","https://openalex.org/W3096734321","https://openalex.org/W2945640515","https://openalex.org/W2032858326","https://openalex.org/W2557049691","https://openalex.org/W2186160403"],"abstract_inverted_index":{"Risk":[0],"assessment":[1,103],"and":[2,26,47,74,104,114,140],"management":[3,105,137],"for":[4,10],"information":[5,85],"system":[6,13],"are":[7,116],"very":[8],"important":[9],"assuring":[11],"the":[12,31,37,45,48,63,69,84,92,95,98,101,107,120,126,129,135],"security.":[14],"It":[15],"requires":[16],"not":[17],"only":[18],"careful":[19],"but":[20],"also":[21],"systematic":[22],"analysis":[23,32],"of":[24,61,72,80,94,97,100,122],"threat":[25],"vulnerability":[27],"information.":[28],"Depending":[29],"on":[30],"result,":[33],"we":[34,90],"could":[35,42],"determine":[36],"extent":[38],"to":[39,82,118],"which":[40],"events":[41,52],"adversely":[43],"impact":[44],"organization":[46],"likelihood":[49],"that":[50],"such":[51],"will":[53],"occur.":[54],"Under":[55],"FISMA(Federal":[56],"Information":[57,64],"Security":[58],"Management":[59],"Act)":[60],"2002,":[62],"Technology":[65,75],"Laboratory":[66],"(ITL)":[67],"at":[68,109],"National":[70],"Institute":[71],"Standards":[73],"(NIST)":[76],"develops":[77],"a":[78],"series":[79],"publications":[81,132],"protect":[83],"system.":[86],"In":[87],"this":[88],"paper,":[89],"give":[91],"outline":[93],"state":[96],"art":[99],"risk":[102,123,136],"in":[106],"ITL":[108],"NIST.":[110],"Some":[111],"fundamental":[112],"concepts":[113],"model":[115],"introduced":[117],"interpret":[119],"process":[121],"assessment.":[124],"Besides,":[125],"relationship":[127],"among":[128],"security":[130],"related":[131],"corresponding":[133],"with":[134],"is":[138],"analyzed":[139],"concluded.":[141]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1}],"updated_date":"2026-03-25T13:04:00.132906","created_date":"2025-10-10T00:00:00"}