{"id":"https://openalex.org/W2082377258","doi":"https://doi.org/10.1145/2381716.2381869","title":"A two-phase quantitative methodology for enterprise information security risk analysis","display_name":"A two-phase quantitative methodology for enterprise information security risk analysis","publication_year":2012,"publication_date":"2012-09-03","ids":{"openalex":"https://openalex.org/W2082377258","doi":"https://doi.org/10.1145/2381716.2381869","mag":"2082377258"},"language":"en","primary_location":{"id":"doi:10.1145/2381716.2381869","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2381716.2381869","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the CUBE International Information Technology Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058391653","display_name":"Jaya Bhattacharjee","orcid":null},"institutions":[{"id":"https://openalex.org/I170979836","display_name":"Jadavpur University","ror":"https://ror.org/02af4h012","country_code":"IN","type":"education","lineage":["https://openalex.org/I170979836"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Jaya Bhattacharjee","raw_affiliation_strings":["Jadavpur University, Kolkata, India","Jadavpur University, Kolkata. India#TAB#"],"affiliations":[{"raw_affiliation_string":"Jadavpur University, Kolkata, India","institution_ids":["https://openalex.org/I170979836"]},{"raw_affiliation_string":"Jadavpur University, Kolkata. India#TAB#","institution_ids":["https://openalex.org/I170979836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070024088","display_name":"Anirban Sengupta","orcid":"https://orcid.org/0000-0002-6239-256X"},"institutions":[{"id":"https://openalex.org/I170979836","display_name":"Jadavpur University","ror":"https://ror.org/02af4h012","country_code":"IN","type":"education","lineage":["https://openalex.org/I170979836"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Anirban Sengupta","raw_affiliation_strings":["Jadavpur University, Kolkata, India","Jadavpur University, Kolkata. India#TAB#"],"affiliations":[{"raw_affiliation_string":"Jadavpur University, Kolkata, India","institution_ids":["https://openalex.org/I170979836"]},{"raw_affiliation_string":"Jadavpur University, Kolkata. India#TAB#","institution_ids":["https://openalex.org/I170979836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062156678","display_name":"Chandan Mazumdar","orcid":"https://orcid.org/0000-0002-4252-8861"},"institutions":[{"id":"https://openalex.org/I170979836","display_name":"Jadavpur University","ror":"https://ror.org/02af4h012","country_code":"IN","type":"education","lineage":["https://openalex.org/I170979836"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Chandan Mazumdar","raw_affiliation_strings":["Jadavpur University, Kolkata, India","Jadavpur University, Kolkata. India#TAB#"],"affiliations":[{"raw_affiliation_string":"Jadavpur University, Kolkata, India","institution_ids":["https://openalex.org/I170979836"]},{"raw_affiliation_string":"Jadavpur University, Kolkata. India#TAB#","institution_ids":["https://openalex.org/I170979836"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010792114","display_name":"Mridul Sankar Barik","orcid":"https://orcid.org/0000-0001-6322-5336"},"institutions":[{"id":"https://openalex.org/I170979836","display_name":"Jadavpur University","ror":"https://ror.org/02af4h012","country_code":"IN","type":"education","lineage":["https://openalex.org/I170979836"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Mridul Sankar Barik","raw_affiliation_strings":["Jadavpur University, Kolkata, India","Jadavpur University, Kolkata. India#TAB#"],"affiliations":[{"raw_affiliation_string":"Jadavpur University, Kolkata, India","institution_ids":["https://openalex.org/I170979836"]},{"raw_affiliation_string":"Jadavpur University, Kolkata. India#TAB#","institution_ids":["https://openalex.org/I170979836"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5058391653"],"corresponding_institution_ids":["https://openalex.org/I170979836"],"apc_list":null,"apc_paid":null,"fwci":2.9691,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.92616106,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"809","last_page":"815"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.692762553691864},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.6888728737831116},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.6490586996078491},{"id":"https://openalex.org/keywords/factor-analysis-of-information-risk","display_name":"Factor analysis of information risk","score":0.6467260718345642},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.6011443138122559},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.5944549441337585},{"id":"https://openalex.org/keywords/it-risk-management","display_name":"IT risk management","score":0.5498757362365723},{"id":"https://openalex.org/keywords/enterprise-risk-management","display_name":"Enterprise risk management","score":0.538875162601471},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.5156303644180298},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5154696106910706},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.48381417989730835},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4235846996307373},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4129633605480194},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.36845362186431885},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3597056269645691},{"id":"https://openalex.org/keywords/risk-management-information-systems","display_name":"Risk management information systems","score":0.31092339754104614},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.244581401348114},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.22309443354606628},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.15580639243125916},{"id":"https://openalex.org/keywords/management-information-systems","display_name":"Management information systems","score":0.11239117383956909},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.07551363110542297}],"concepts":[{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.692762553691864},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.6888728737831116},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.6490586996078491},{"id":"https://openalex.org/C168785665","wikidata":"https://www.wikidata.org/wiki/Q5428720","display_name":"Factor analysis of information risk","level":5,"score":0.6467260718345642},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.6011443138122559},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.5944549441337585},{"id":"https://openalex.org/C95609273","wikidata":"https://www.wikidata.org/wiki/Q5975208","display_name":"IT risk management","level":3,"score":0.5498757362365723},{"id":"https://openalex.org/C207209096","wikidata":"https://www.wikidata.org/wiki/Q848268","display_name":"Enterprise risk management","level":3,"score":0.538875162601471},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.5156303644180298},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5154696106910706},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.48381417989730835},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4235846996307373},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4129633605480194},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.36845362186431885},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3597056269645691},{"id":"https://openalex.org/C81146079","wikidata":"https://www.wikidata.org/wiki/Q7336283","display_name":"Risk management information systems","level":4,"score":0.31092339754104614},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.244581401348114},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.22309443354606628},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.15580639243125916},{"id":"https://openalex.org/C29848774","wikidata":"https://www.wikidata.org/wiki/Q61905","display_name":"Management information systems","level":3,"score":0.11239117383956909},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.07551363110542297},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2381716.2381869","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2381716.2381869","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the CUBE International Information Technology Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.5699999928474426}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W1535142105","https://openalex.org/W1549342539","https://openalex.org/W1558089875","https://openalex.org/W1596097493","https://openalex.org/W2418938958","https://openalex.org/W4301248776","https://openalex.org/W6632901372"],"related_works":["https://openalex.org/W3139368913","https://openalex.org/W564931784","https://openalex.org/W2993238681","https://openalex.org/W2357639658","https://openalex.org/W2098014028","https://openalex.org/W2358390340","https://openalex.org/W2407472053","https://openalex.org/W201042542","https://openalex.org/W4322485238","https://openalex.org/W4318828890"],"abstract_inverted_index":{"As":[0],"Enterprise":[1],"information":[2,41],"infrastructure":[3,112],"is":[4,18],"becoming":[5],"more":[6,8],"and":[7,10,26,75,100,126],"complex,":[9],"connected,":[11],"amount":[12],"of":[13,23,28],"risks":[14,31],"to":[15,81,113,132],"enterprise":[16],"assets":[17,89,136],"increasing.":[19],"Hence,":[20],"the":[21,68],"process":[22],"identification,":[24],"analysis,":[25],"mitigation":[27],"Information":[29],"Security":[30],"has":[32],"assumed":[33],"utmost":[34],"importance.":[35],"This":[36],"paper":[37],"presents":[38],"a":[39,59,73,77],"quantitative":[40],"security":[42,83,123],"risk":[43,57,74,78,95,102],"analysis":[44],"methodology":[45,50],"for":[46,62,72,85,117,135],"enterprises.":[47],"The":[48,88],"proposed":[49],"incorporates":[51],"two":[52],"approaches.":[53],"Consolidated":[54],"approach":[55,66],"identifies":[56,67],"as":[58],"single":[60],"value":[61],"each":[63,82],"asset.":[64,87],"Detailed":[65],"threat-vulnerability":[69],"pair":[70],"responsible":[71],"computes":[76],"factor":[79],"corresponding":[80],"property":[84],"every":[86],"are":[90],"classified":[91],"into":[92],"three":[93],"different":[94],"zones":[96],"namely":[97],"high,":[98],"medium":[99],"low":[101],"zone.":[103],"For":[104],"high-risk":[105],"assets,":[106,119],"management":[107,120,128],"may":[108,121,129],"install":[109],"high":[110],"cost":[111],"safeguard":[114],"an":[115],"asset;":[116],"medium-risk":[118],"apply":[122],"policies,":[124],"guidelines":[125],"procedures;":[127],"decide":[130],"not":[131],"invest":[133],"anything":[134],"at":[137],"low-risk.":[138]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}