{"id":"https://openalex.org/W2159268677","doi":"https://doi.org/10.1109/issa.2015.7335053","title":"A formal qualitative risk management approach for IT security","display_name":"A formal qualitative risk management approach for IT security","publication_year":2015,"publication_date":"2015-08-01","ids":{"openalex":"https://openalex.org/W2159268677","doi":"https://doi.org/10.1109/issa.2015.7335053","mag":"2159268677"},"language":"en","primary_location":{"id":"doi:10.1109/issa.2015.7335053","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issa.2015.7335053","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 Information Security for South Africa (ISSA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057483404","display_name":"Bessy Mahopo","orcid":null},"institutions":[{"id":"https://openalex.org/I165390105","display_name":"University of South Africa","ror":"https://ror.org/048cwvf49","country_code":"ZA","type":"education","lineage":["https://openalex.org/I165390105"]}],"countries":["ZA"],"is_corresponding":true,"raw_author_name":"Bessy Mahopo","raw_affiliation_strings":["School of Computing UNISA, South Africa"],"affiliations":[{"raw_affiliation_string":"School of Computing UNISA, South Africa","institution_ids":["https://openalex.org/I165390105"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019141547","display_name":"Hanifa Abdullah","orcid":"https://orcid.org/0000-0002-0240-3327"},"institutions":[{"id":"https://openalex.org/I165390105","display_name":"University of South Africa","ror":"https://ror.org/048cwvf49","country_code":"ZA","type":"education","lineage":["https://openalex.org/I165390105"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Hanifa Abdullah","raw_affiliation_strings":["School of Computing UNISA, South Africa"],"affiliations":[{"raw_affiliation_string":"School of Computing UNISA, South Africa","institution_ids":["https://openalex.org/I165390105"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044435575","display_name":"Mathias Mujinga","orcid":"https://orcid.org/0000-0001-6560-8082"},"institutions":[{"id":"https://openalex.org/I165390105","display_name":"University of South Africa","ror":"https://ror.org/048cwvf49","country_code":"ZA","type":"education","lineage":["https://openalex.org/I165390105"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Mathias Mujinga","raw_affiliation_strings":["School of Computing UNISA, South Africa"],"affiliations":[{"raw_affiliation_string":"School of Computing UNISA, South Africa","institution_ids":["https://openalex.org/I165390105"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5057483404"],"corresponding_institution_ids":["https://openalex.org/I165390105"],"apc_list":null,"apc_paid":null,"fwci":0.8296,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.81972962,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.991599977016449,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9879999756813049,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.7210980653762817},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.7186323404312134},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.7123537063598633},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.6555994153022766},{"id":"https://openalex.org/keywords/threat","display_name":"Threat","score":0.5678759813308716},{"id":"https://openalex.org/keywords/it-risk-management","display_name":"IT risk management","score":0.5600467920303345},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5398536920547485},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.5389062166213989},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.4771239757537842},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4578908383846283},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.45312264561653137},{"id":"https://openalex.org/keywords/security-convergence","display_name":"Security convergence","score":0.4389829635620117},{"id":"https://openalex.org/keywords/factor-analysis-of-information-risk","display_name":"Factor analysis of information risk","score":0.42646342515945435},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.4223305881023407},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.4107445180416107},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.4094354808330536},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3535744547843933},{"id":"https://openalex.org/keywords/risk-management-information-systems","display_name":"Risk management information systems","score":0.30450522899627686},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.3003203868865967},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.1818077564239502},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.1302744746208191},{"id":"https://openalex.org/keywords/management-information-systems","display_name":"Management information systems","score":0.11888894438743591},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.09919968247413635},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.08771213889122009}],"concepts":[{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.7210980653762817},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.7186323404312134},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.7123537063598633},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.6555994153022766},{"id":"https://openalex.org/C17520342","wikidata":"https://www.wikidata.org/wiki/Q7797190","display_name":"Threat","level":5,"score":0.5678759813308716},{"id":"https://openalex.org/C95609273","wikidata":"https://www.wikidata.org/wiki/Q5975208","display_name":"IT risk management","level":3,"score":0.5600467920303345},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5398536920547485},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.5389062166213989},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4771239757537842},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4578908383846283},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.45312264561653137},{"id":"https://openalex.org/C52420254","wikidata":"https://www.wikidata.org/wiki/Q7445028","display_name":"Security convergence","level":5,"score":0.4389829635620117},{"id":"https://openalex.org/C168785665","wikidata":"https://www.wikidata.org/wiki/Q5428720","display_name":"Factor analysis of information risk","level":5,"score":0.42646342515945435},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.4223305881023407},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.4107445180416107},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.4094354808330536},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3535744547843933},{"id":"https://openalex.org/C81146079","wikidata":"https://www.wikidata.org/wiki/Q7336283","display_name":"Risk management information systems","level":4,"score":0.30450522899627686},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.3003203868865967},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.1818077564239502},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.1302744746208191},{"id":"https://openalex.org/C29848774","wikidata":"https://www.wikidata.org/wiki/Q61905","display_name":"Management information systems","level":3,"score":0.11888894438743591},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.09919968247413635},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.08771213889122009},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/issa.2015.7335053","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issa.2015.7335053","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 Information Security for South Africa (ISSA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W49053841","https://openalex.org/W1525753916","https://openalex.org/W1963983949","https://openalex.org/W1991816898","https://openalex.org/W2000135368","https://openalex.org/W2012270501","https://openalex.org/W2017112621","https://openalex.org/W2022556651","https://openalex.org/W2036145493","https://openalex.org/W2083620028","https://openalex.org/W2107966619","https://openalex.org/W2152802123","https://openalex.org/W2519880267","https://openalex.org/W2789168995","https://openalex.org/W2790868216","https://openalex.org/W6602002977","https://openalex.org/W6615094737","https://openalex.org/W6631537772","https://openalex.org/W6749242011"],"related_works":["https://openalex.org/W4205382715","https://openalex.org/W2358390340","https://openalex.org/W2313821829","https://openalex.org/W2098014028","https://openalex.org/W2557049691","https://openalex.org/W2132746796","https://openalex.org/W2493753605","https://openalex.org/W3186595770","https://openalex.org/W2914160598","https://openalex.org/W2062830664"],"abstract_inverted_index":{"Information":[0],"technology":[1,16],"(IT)":[2],"security,":[3],"which":[4,202,227,251],"is":[5,97,107,193,203,214],"concerned":[6],"about":[7],"protecting":[8],"the":[9,39,44,51,57,66,76,87,100,111,140,180,204,254,267,282],"confidentiality,":[10],"integrity":[11],"and":[12,27,124,146,175,222,233,256],"availability":[13],"of":[14,23,46,59,78,86,93,183,188,206,211,244,259,269,281],"information":[15],"assets,":[17],"inherently":[18],"possesses":[19],"a":[20,133,152,177,199,229,245,274,290],"significant":[21],"amount":[22],"risk,":[24],"some":[25,28,47],"known":[26],"unknown.":[29],"IT":[30,60,73,79,94,103,148,159,190,224,247,260,270,299],"security":[31,61,74,80,95,104,113,149,160,191,225,248,271,300],"risk":[32,96,105,121,154,161,192,226,231,237,249,285,301],"management":[33,92,106,122,286],"has":[34],"gained":[35],"considerable":[36],"attention":[37],"over":[38],"past":[40],"decade":[41],"due":[42],"to":[43,71,90,99,110,143,169,215,241,266,288,297],"collapsing":[45],"large":[48],"organisations":[49,69,129,296],"in":[50,56,132,157,163],"world.":[52],"Previous":[53],"investigative":[54],"research":[55,263],"field":[58,268],"have":[62,139],"indicated":[63],"that":[64,68,102,165,167,277,293],"despite":[65],"efforts":[67],"employ":[70,119],"reduce":[72],"risks,":[75],"trend":[77],"attacks":[81],"are":[82,172],"still":[83],"increasing.":[84],"One":[85],"contributing":[88],"factors":[89],"poor":[91],"attributed":[98],"fact":[101],"often":[108],"left":[109],"technical":[112],"technologist":[114],"who":[115],"do":[116,137],"not":[117,138],"necessarily":[118],"formal":[120,153],"tools":[123],"reasoning.":[125],"For":[126],"this":[127,207,212],"reason,":[128],"find":[130],"themselves":[131],"position":[134],"where":[135],"they":[136],"correct":[141,181],"approach":[142,156,187,218,276,292],"identify,":[144],"assess":[145],"treat":[147,298],"risks.":[150],"Employing":[151],"based":[155],"managing":[158],"assist":[162],"ensuring":[164],"risks":[166],"matter":[168],"an":[170,186,217],"organisation":[171],"accounted":[173],"for":[174,219,253],"as":[176,198],"result,":[178],"receive":[179],"level":[182],"attention.":[184],"Defining":[185],"how":[189],"managed":[194],"should":[195],"be":[196],"seen":[197],"fundamental":[200],"task,":[201],"basis":[205],"research.":[208],"The":[209,236,262],"objective":[210],"paper":[213],"propose":[216],"identifying,":[220],"assessing":[221],"treating":[223],"incorporates":[228],"robust":[230],"analysis":[232,238],"assessment":[234],"process.":[235],"process":[239],"aims":[240],"make":[242],"use":[243],"comprehensive":[246],"universe":[250],"caters":[252],"complex":[255],"dynamic":[257],"nature":[258],"security.":[261],"will":[264,294],"contribute":[265],"by":[272],"using":[273],"consolidated":[275],"utilises":[278],"coherent":[279],"characteristics":[280],"available":[283],"qualitative":[284],"frameworks":[287],"provide":[289],"stronger":[291],"enable":[295],"better.":[302]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2026-03-25T13:04:00.132906","created_date":"2025-10-10T00:00:00"}