{"id":"https://openalex.org/W2023041382","doi":"https://doi.org/10.1145/2691195.2691275","title":"Security metrics to evaluate organizational IT security","display_name":"Security metrics to evaluate organizational IT security","publication_year":2014,"publication_date":"2014-10-27","ids":{"openalex":"https://openalex.org/W2023041382","doi":"https://doi.org/10.1145/2691195.2691275","mag":"2023041382"},"language":"en","primary_location":{"id":"doi:10.1145/2691195.2691275","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2691195.2691275","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047438044","display_name":"Teresa Pereira","orcid":"https://orcid.org/0000-0002-5845-4086"},"institutions":[{"id":"https://openalex.org/I192341844","display_name":"Polytechnic Institute of Viana do Castelo","ror":"https://ror.org/03w6kry90","country_code":"PT","type":"education","lineage":["https://openalex.org/I192341844"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Teresa Pereira","raw_affiliation_strings":["Polytechnic Institute of Viana do Castelo, Viana do Castelo, Portugal","Polytechnic Institute of Viana do Castelo, Viana do Castelo, Portugal#TAB#"],"affiliations":[{"raw_affiliation_string":"Polytechnic Institute of Viana do Castelo, Viana do Castelo, Portugal","institution_ids":["https://openalex.org/I192341844"]},{"raw_affiliation_string":"Polytechnic Institute of Viana do Castelo, Viana do Castelo, Portugal#TAB#","institution_ids":["https://openalex.org/I192341844"]}]},{"author_position":"last","author":{"id":null,"display_name":"Henrique Santos","orcid":null},"institutions":[{"id":"https://openalex.org/I99682543","display_name":"University of Minho","ror":"https://ror.org/037wpkx04","country_code":"PT","type":"education","lineage":["https://openalex.org/I99682543"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Henrique Santos","raw_affiliation_strings":["University of Minho, Guimar\u00e3es, Portugal"],"affiliations":[{"raw_affiliation_string":"University of Minho, Guimar\u00e3es, Portugal","institution_ids":["https://openalex.org/I99682543"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5047438044"],"corresponding_institution_ids":["https://openalex.org/I192341844"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.16342691,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"500","last_page":"501"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9932000041007996,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9932000041007996,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.920199990272522,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9199000000953674,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.6032189726829529},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5671885013580322},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5646307468414307},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.5627989172935486},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.551277220249176},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5302464962005615},{"id":"https://openalex.org/keywords/security-convergence","display_name":"Security convergence","score":0.5259014964103699},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.5158187747001648},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.47254467010498047},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.45669394731521606},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.43612220883369446},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.4287520945072174},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.42485329508781433},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.41660356521606445},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3837991952896118},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.2597599923610687},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.21402040123939514},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.10725662112236023}],"concepts":[{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.6032189726829529},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5671885013580322},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5646307468414307},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.5627989172935486},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.551277220249176},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5302464962005615},{"id":"https://openalex.org/C52420254","wikidata":"https://www.wikidata.org/wiki/Q7445028","display_name":"Security convergence","level":5,"score":0.5259014964103699},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.5158187747001648},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.47254467010498047},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.45669394731521606},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.43612220883369446},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.4287520945072174},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.42485329508781433},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.41660356521606445},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3837991952896118},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.2597599923610687},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.21402040123939514},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.10725662112236023},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2691195.2691275","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2691195.2691275","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5799999833106995,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":1,"referenced_works":["https://openalex.org/W157316374"],"related_works":["https://openalex.org/W4256374004","https://openalex.org/W2384723023","https://openalex.org/W4310892428","https://openalex.org/W833563683","https://openalex.org/W2379320583","https://openalex.org/W3048948897","https://openalex.org/W2037111858","https://openalex.org/W2033357182","https://openalex.org/W2894900144","https://openalex.org/W1566093676"],"abstract_inverted_index":{"Organizations":[0],"have":[1],"moved":[2],"their":[3,110,115],"business":[4],"activity":[5],"to":[6,17,27,53,71,74,82,101],"the":[7,35,55,60,76,79,84,93],"Internet":[8],"and":[9,19,38,113],"mobile":[10],"applications,":[11],"which":[12],"make":[13],"them":[14],"more":[15],"exposed":[16],"unexpected":[18],"underestimated":[20],"security":[21,30,61,85,99],"risks.":[22],"This":[23,87],"fact":[24],"requires":[25],"organizations":[26,70],"implement":[28],"adequate":[29],"controls":[31],"as":[32,34],"well":[33],"respective":[36],"monitoring":[37],"evaluation":[39],"on":[40],"a":[41],"regular":[42],"basis.":[43],"However,":[44],"these":[45],"tasks":[46],"require":[47],"strong":[48],"arguments":[49],"(in":[50],"monetary":[51],"terms)":[52],"justify":[54,83],"return":[56],"of":[57,78,95,98],"investment":[58],"in":[59],"controls.":[62],"In":[63],"this":[64],"context,":[65],"it":[66],"is":[67],"crucial":[68],"for":[69,105,108],"define":[72],"metrics":[73,97],"assess":[75],"efficiency":[77],"implemented":[80],"controls,":[81,100],"investments.":[86],"paper":[88],"highlights":[89],"some":[90],"reflections":[91],"regarding":[92],"definition":[94],"meaningful":[96],"deliver":[102],"actionable":[103],"information":[104],"decision":[106],"makers":[107],"managing":[109],"organizational":[111],"assets":[112],"ensure":[114],"day-to-day":[116],"operations.":[117]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":1}],"updated_date":"2026-04-16T08:26:57.006410","created_date":"2025-10-10T00:00:00"}