{"id":"https://openalex.org/W3005786557","doi":"https://doi.org/10.1109/uemcon47517.2019.8993090","title":"CSAT: A User-interactive Cyber Security Architecture Tool based on NIST-compliance Security Controls for Risk Management","display_name":"CSAT: A User-interactive Cyber Security Architecture Tool based on NIST-compliance Security Controls for Risk Management","publication_year":2019,"publication_date":"2019-10-01","ids":{"openalex":"https://openalex.org/W3005786557","doi":"https://doi.org/10.1109/uemcon47517.2019.8993090","mag":"3005786557"},"language":"en","primary_location":{"id":"doi:10.1109/uemcon47517.2019.8993090","is_oa":false,"landing_page_url":"https://doi.org/10.1109/uemcon47517.2019.8993090","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE 10th Annual Ubiquitous Computing, Electronics &amp; Mobile Communication Conference (UEMCON)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102712337","display_name":"Yi Huang","orcid":"https://orcid.org/0009-0003-5477-6189"},"institutions":[{"id":"https://openalex.org/I4210128869","display_name":"InfoBeyond Technology (United States)","ror":"https://ror.org/02tc88d30","country_code":"US","type":"company","lineage":["https://openalex.org/I4210128869"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yi Huang","raw_affiliation_strings":["Research and Development Infobeyond Technology LLC., Louisville, KY"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Research and Development Infobeyond Technology LLC., Louisville, KY","institution_ids":["https://openalex.org/I4210128869"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053057030","display_name":"Jayanta K. Debnath","orcid":null},"institutions":[{"id":"https://openalex.org/I4210128869","display_name":"InfoBeyond Technology (United States)","ror":"https://ror.org/02tc88d30","country_code":"US","type":"company","lineage":["https://openalex.org/I4210128869"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jayanta Debnath","raw_affiliation_strings":["Research and Development Infobeyond Technology LLC., Louisville, KY"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Research and Development Infobeyond Technology LLC., Louisville, KY","institution_ids":["https://openalex.org/I4210128869"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069879868","display_name":"Michaela Iorga","orcid":"https://orcid.org/0000-0001-7880-6045"},"institutions":[{"id":"https://openalex.org/I1321296531","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416","country_code":"US","type":"funder","lineage":["https://openalex.org/I1321296531","https://openalex.org/I1343035065"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michaela Iorga","raw_affiliation_strings":["Research and Development, National Institute of Standards and Technology, Gaithersburg, MD"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Research and Development, National Institute of Standards and Technology, Gaithersburg, MD","institution_ids":["https://openalex.org/I1321296531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103541589","display_name":"Anup Kumar","orcid":null},"institutions":[{"id":"https://openalex.org/I142740786","display_name":"University of Louisville","ror":"https://ror.org/01ckdn478","country_code":"US","type":"education","lineage":["https://openalex.org/I142740786"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anup Kumar","raw_affiliation_strings":["Computer Engineering and Computer Science University of Louisville, Louisville, KY"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Computer Engineering and Computer Science University of Louisville, Louisville, KY","institution_ids":["https://openalex.org/I142740786"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103125014","display_name":"Bin Xie","orcid":"https://orcid.org/0000-0001-5118-3570"},"institutions":[{"id":"https://openalex.org/I4210128869","display_name":"InfoBeyond Technology (United States)","ror":"https://ror.org/02tc88d30","country_code":"US","type":"company","lineage":["https://openalex.org/I4210128869"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bin Xie","raw_affiliation_strings":["Research and Development Infobeyond Technology LLC., Louisville, KY"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Research and Development Infobeyond Technology LLC., Louisville, KY","institution_ids":["https://openalex.org/I4210128869"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.4107,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.87608356,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"0697","last_page":"0707"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9839000105857849,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.9739999771118164,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.8190564513206482},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6214785575866699},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.571864902973175},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.569625198841095},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5677645802497864},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.5656661987304688},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5151714086532593},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5075417757034302},{"id":"https://openalex.org/keywords/threat","display_name":"Threat","score":0.5061585307121277},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.4772895872592926},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.474774569272995},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.46408841013908386},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.3472636342048645},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.3170746862888336},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.12337863445281982}],"concepts":[{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.8190564513206482},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6214785575866699},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.571864902973175},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.569625198841095},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5677645802497864},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.5656661987304688},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5151714086532593},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5075417757034302},{"id":"https://openalex.org/C17520342","wikidata":"https://www.wikidata.org/wiki/Q7797190","display_name":"Threat","level":5,"score":0.5061585307121277},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.4772895872592926},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.474774569272995},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.46408841013908386},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3472636342048645},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.3170746862888336},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.12337863445281982},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.0},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/uemcon47517.2019.8993090","is_oa":false,"landing_page_url":"https://doi.org/10.1109/uemcon47517.2019.8993090","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE 10th Annual Ubiquitous Computing, Electronics &amp; Mobile Communication Conference (UEMCON)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.47999998927116394,"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":4,"referenced_works":["https://openalex.org/W2010292970","https://openalex.org/W2295356689","https://openalex.org/W2810356228","https://openalex.org/W6752616907"],"related_works":["https://openalex.org/W40842196","https://openalex.org/W1557523735","https://openalex.org/W1972167346","https://openalex.org/W2369588203","https://openalex.org/W3195871191","https://openalex.org/W1529017291","https://openalex.org/W4232424383","https://openalex.org/W2156811504","https://openalex.org/W2363630253","https://openalex.org/W2370581992"],"abstract_inverted_index":{"Security":[0],"risk":[1,34,74,82,131,136,150,172],"management":[2,35,83,151,173],"is":[3,48,127],"a":[4,52,125],"vital":[5],"part":[6],"of":[7,65,71,81,123,128],"any":[8],"system":[9,111,140,155,177],"development,":[10],"including":[11],"e-commerce":[12],"and":[13,26,61,101,118,171],"other":[14],"information":[15,38,66,110,154,176],"systems":[16,67],"that":[17],"need":[18],"security.":[19],"Notably,":[20],"NIST":[21,89,169],"has":[22],"developed":[23],"cyber":[24],"security":[25,44,112,117,134,141,164],"privacy":[27,119],"controls,":[28,45],"such":[29,42,124],"as":[30],"SP-800-53,":[31],"to":[32,50,96,107,147],"facilitate":[33],"for":[36,56,130],"federal":[37],"systems.":[39],"By":[40],"integrating":[41],"NIST-compliance":[43],"our":[46],"CSAT":[47],"innovative":[49],"offer":[51],"user-interactive":[53],"software":[54],"tool":[55,106,126],"effectively":[57],"facilitating":[58],"the":[59,69,79,105,149,153,158,163,175],"robust":[60],"secure":[62],"architecture":[63,156],"development":[64,98,122,178],"in":[68,87,152,157,174],"way":[70],"enhancing":[72],"overall":[73],"management.":[75],"It":[76,143],"specifically":[77],"promotes":[78],"enhancement":[80],"by":[84,103,166],"composing":[85],"reports/graphs":[86],"different":[88],"defined":[90],"do-mains/controls/capabilities":[91],"specification":[92],"effectively.":[93],"This":[94],"helps":[95],"reduce":[97],"cost,":[99,160],"time,":[100],"manpower":[102],"using":[104],"quickly":[108],"define":[109],"standards":[113],"based":[114],"on":[115],"NIST's":[116],"guidelines.":[120],"The":[121],"importance":[129],"management,":[132],"e.g.,":[133],"evaluation,":[135],"assessment,":[137],"controls":[138],"implementation,":[139],"planning).":[142],"can":[144],"be":[145],"used":[146],"optimize":[148],"lowest":[159],"while":[161],"increasing":[162],"robustness":[165],"systemically":[167],"providing":[168],"guideline":[170],"level.":[179]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
