{"id":"https://openalex.org/W4365505539","doi":"https://doi.org/10.1109/msec.2023.3236540","title":"Security Policy Audits: Why and How","display_name":"Security Policy Audits: Why and How","publication_year":2023,"publication_date":"2023-03-01","ids":{"openalex":"https://openalex.org/W4365505539","doi":"https://doi.org/10.1109/msec.2023.3236540"},"language":"en","primary_location":{"id":"doi:10.1109/msec.2023.3236540","is_oa":true,"landing_page_url":"https://doi.org/10.1109/msec.2023.3236540","pdf_url":"https://ieeexplore.ieee.org/ielx7/8013/10102603/10102619.pdf","source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://ieeexplore.ieee.org/ielx7/8013/10102603/10102619.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058102069","display_name":"Arvind Narayanan","orcid":"https://orcid.org/0000-0001-7176-4479"},"institutions":[{"id":"https://openalex.org/I20089843","display_name":"Princeton University","ror":"https://ror.org/00hx57361","country_code":"US","type":"education","lineage":["https://openalex.org/I20089843"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Arvind Narayanan","raw_affiliation_strings":["Computer Science, Princeton University, Princeton, NJ, USA"],"raw_orcid":"https://orcid.org/0000-0001-7176-4479","affiliations":[{"raw_affiliation_string":"Computer Science, Princeton University, Princeton, NJ, USA","institution_ids":["https://openalex.org/I20089843"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100379912","display_name":"Kevin Lee","orcid":"https://orcid.org/0000-0001-5416-4826"},"institutions":[{"id":"https://openalex.org/I1305429384","display_name":"JPMorgan Chase & Co (United States)","ror":"https://ror.org/01x3kkr08","country_code":"US","type":"company","lineage":["https://openalex.org/I1305429384"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kevin Lee","raw_affiliation_strings":["Research Scientist, JP Morgan Chase, New York, NY, USA"],"raw_orcid":"https://orcid.org/0000-0001-5416-4826","affiliations":[{"raw_affiliation_string":"Research Scientist, JP Morgan Chase, New York, NY, USA","institution_ids":["https://openalex.org/I1305429384"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.0438,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.75538412,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"21","issue":"2","first_page":"77","last_page":"81"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.8132427930831909},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.642827570438385},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.5320979356765747},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.5147476196289062},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.510141909122467},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.3833466172218323},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.34868955612182617},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.325797438621521},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.2325936257839203},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.20111224055290222}],"concepts":[{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.8132427930831909},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.642827570438385},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.5320979356765747},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.5147476196289062},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.510141909122467},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.3833466172218323},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.34868955612182617},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.325797438621521},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.2325936257839203},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.20111224055290222}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/msec.2023.3236540","is_oa":true,"landing_page_url":"https://doi.org/10.1109/msec.2023.3236540","pdf_url":"https://ieeexplore.ieee.org/ielx7/8013/10102603/10102619.pdf","source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1109/msec.2023.3236540","is_oa":true,"landing_page_url":"https://doi.org/10.1109/msec.2023.3236540","pdf_url":"https://ieeexplore.ieee.org/ielx7/8013/10102603/10102619.pdf","source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4365505539.pdf","grobid_xml":"https://content.openalex.org/works/W4365505539.grobid-xml"},"referenced_works_count":13,"referenced_works":["https://openalex.org/W1992728747","https://openalex.org/W2067227483","https://openalex.org/W2376050373","https://openalex.org/W2794995912","https://openalex.org/W2908161602","https://openalex.org/W2914041294","https://openalex.org/W2963070937","https://openalex.org/W3133749611","https://openalex.org/W4226334994","https://openalex.org/W4288086175","https://openalex.org/W6759482308","https://openalex.org/W6767406509","https://openalex.org/W6783956734"],"related_works":["https://openalex.org/W2331734816","https://openalex.org/W4210317576","https://openalex.org/W2373849942","https://openalex.org/W2080460539","https://openalex.org/W2352946410","https://openalex.org/W2368348502","https://openalex.org/W1563611063","https://openalex.org/W2017158390","https://openalex.org/W4285359482","https://openalex.org/W2049188895"],"abstract_inverted_index":{"We":[0,26],"describe":[1],"a":[2,29,42],"series":[3],"of":[4,16,32],"security":[5,33],"policy":[6,12],"audits":[7],"that":[8,18,28],"we":[9],"conducted,":[10],"exposing":[11],"flaws":[13],"affecting":[14],"billions":[15],"users":[17],"are":[19],"often":[20],"exploited":[21],"by":[22],"even":[23],"low-tech":[24],"attackers.":[25],"argue":[27],"systematic":[30],"study":[31],"policies":[34],"and":[35,40],"processes":[36],"is":[37],"sorely":[38],"needed,":[39],"present":[41],"research":[43],"agenda.":[44]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}
