{"id":"https://openalex.org/W2066933549","doi":"https://doi.org/10.1145/2786805.2804435","title":"Towards automating the security compliance value chain","display_name":"Towards automating the security compliance value chain","publication_year":2015,"publication_date":"2015-08-26","ids":{"openalex":"https://openalex.org/W2066933549","doi":"https://doi.org/10.1145/2786805.2804435","mag":"2066933549"},"language":"en","primary_location":{"id":"doi:10.1145/2786805.2804435","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2786805.2804435","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5089477311","display_name":"Smita Ghaisas","orcid":"https://orcid.org/0000-0003-0790-0880"},"institutions":[{"id":"https://openalex.org/I55215948","display_name":"Tata Consultancy Services (India)","ror":"https://ror.org/01b9n8m42","country_code":"IN","type":"company","lineage":["https://openalex.org/I4210086519","https://openalex.org/I55215948"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Smita Ghaisas","raw_affiliation_strings":["Tata Consultancy Services, India","[Tata Consultancy Services, India]"],"affiliations":[{"raw_affiliation_string":"Tata Consultancy Services, India","institution_ids":["https://openalex.org/I55215948"]},{"raw_affiliation_string":"[Tata Consultancy Services, India]","institution_ids":["https://openalex.org/I55215948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103152221","display_name":"Manish Motwani","orcid":"https://orcid.org/0000-0001-5129-3980"},"institutions":[{"id":"https://openalex.org/I55215948","display_name":"Tata Consultancy Services (India)","ror":"https://ror.org/01b9n8m42","country_code":"IN","type":"company","lineage":["https://openalex.org/I4210086519","https://openalex.org/I55215948"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Manish Motwani","raw_affiliation_strings":["Tata Consultancy Services, India","[Tata Consultancy Services, India]"],"affiliations":[{"raw_affiliation_string":"Tata Consultancy Services, India","institution_ids":["https://openalex.org/I55215948"]},{"raw_affiliation_string":"[Tata Consultancy Services, India]","institution_ids":["https://openalex.org/I55215948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009689081","display_name":"Balaji Balasubramaniam","orcid":"https://orcid.org/0009-0004-8208-0784"},"institutions":[{"id":"https://openalex.org/I55215948","display_name":"Tata Consultancy Services (India)","ror":"https://ror.org/01b9n8m42","country_code":"IN","type":"company","lineage":["https://openalex.org/I4210086519","https://openalex.org/I55215948"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Balaji Balasubramaniam","raw_affiliation_strings":["Tata Consultancy Services, India","[Tata Consultancy Services, India]"],"affiliations":[{"raw_affiliation_string":"Tata Consultancy Services, India","institution_ids":["https://openalex.org/I55215948"]},{"raw_affiliation_string":"[Tata Consultancy Services, India]","institution_ids":["https://openalex.org/I55215948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051680818","display_name":"Anjali Gajendragadkar","orcid":null},"institutions":[{"id":"https://openalex.org/I55215948","display_name":"Tata Consultancy Services (India)","ror":"https://ror.org/01b9n8m42","country_code":"IN","type":"company","lineage":["https://openalex.org/I4210086519","https://openalex.org/I55215948"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Anjali Gajendragadkar","raw_affiliation_strings":["Tata Consultancy Services, India","[Tata Consultancy Services, India]"],"affiliations":[{"raw_affiliation_string":"Tata Consultancy Services, India","institution_ids":["https://openalex.org/I55215948"]},{"raw_affiliation_string":"[Tata Consultancy Services, India]","institution_ids":["https://openalex.org/I55215948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078168677","display_name":"Rahul Kelkar","orcid":null},"institutions":[{"id":"https://openalex.org/I55215948","display_name":"Tata Consultancy Services (India)","ror":"https://ror.org/01b9n8m42","country_code":"IN","type":"company","lineage":["https://openalex.org/I4210086519","https://openalex.org/I55215948"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Rahul Kelkar","raw_affiliation_strings":["Tata Consultancy Services, India","[Tata Consultancy Services, India]"],"affiliations":[{"raw_affiliation_string":"Tata Consultancy Services, India","institution_ids":["https://openalex.org/I55215948"]},{"raw_affiliation_string":"[Tata Consultancy Services, India]","institution_ids":["https://openalex.org/I55215948"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025006858","display_name":"Harrick M. Vin","orcid":null},"institutions":[{"id":"https://openalex.org/I55215948","display_name":"Tata Consultancy Services (India)","ror":"https://ror.org/01b9n8m42","country_code":"IN","type":"company","lineage":["https://openalex.org/I4210086519","https://openalex.org/I55215948"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Harrick Vin","raw_affiliation_strings":["Tata Consultancy Services, India","[Tata Consultancy Services, India]"],"affiliations":[{"raw_affiliation_string":"Tata Consultancy Services, India","institution_ids":["https://openalex.org/I55215948"]},{"raw_affiliation_string":"[Tata Consultancy Services, India]","institution_ids":["https://openalex.org/I55215948"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5089477311"],"corresponding_institution_ids":["https://openalex.org/I55215948"],"apc_list":null,"apc_paid":null,"fwci":0.7946,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.8085211,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1014","last_page":"1017"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13999","display_name":"Digital Rights Management and Security","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6642468571662903},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5846021175384521},{"id":"https://openalex.org/keywords/traceability","display_name":"Traceability","score":0.5764532685279846},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5291619300842285},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.48540958762168884},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.48161762952804565},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.45852935314178467},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.4419832229614258},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.44113099575042725},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.43227308988571167},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.41520750522613525},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.34676593542099},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.26349833607673645},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.14648205041885376},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.11505034565925598},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.11245569586753845}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6642468571662903},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5846021175384521},{"id":"https://openalex.org/C153876917","wikidata":"https://www.wikidata.org/wiki/Q899704","display_name":"Traceability","level":2,"score":0.5764532685279846},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5291619300842285},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.48540958762168884},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.48161762952804565},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.45852935314178467},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.4419832229614258},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.44113099575042725},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.43227308988571167},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.41520750522613525},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.34676593542099},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.26349833607673645},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.14648205041885376},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.11505034565925598},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.11245569586753845},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2786805.2804435","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2786805.2804435","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.4699999988079071,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W97210008","https://openalex.org/W187147204","https://openalex.org/W1558219513","https://openalex.org/W1877481539","https://openalex.org/W2004698694","https://openalex.org/W2005285066","https://openalex.org/W2050372066","https://openalex.org/W2075876574","https://openalex.org/W2077017685","https://openalex.org/W2103699027","https://openalex.org/W2122987719","https://openalex.org/W2129264276","https://openalex.org/W2188624432","https://openalex.org/W2222110153","https://openalex.org/W2485575382","https://openalex.org/W2518792881","https://openalex.org/W4235073904","https://openalex.org/W4285719527","https://openalex.org/W6608219163","https://openalex.org/W6833189738"],"related_works":["https://openalex.org/W2120086576","https://openalex.org/W3189065608","https://openalex.org/W1811024770","https://openalex.org/W2164920192","https://openalex.org/W2097628364","https://openalex.org/W4230385779","https://openalex.org/W2395987867","https://openalex.org/W896362041","https://openalex.org/W2031957425","https://openalex.org/W2018644264"],"abstract_inverted_index":{"Information":[0],"security":[1,44,118,124],"is":[2],"of":[3,39,69,85,99,102,111,122,132],"paramount":[4],"importance":[5],"in":[6,76,82],"this":[7,58],"digital":[8],"era.":[9],"While":[10],"businesses":[11],"strive":[12],"to":[13,29,105,116],"adopt":[14],"industry-accepted":[15],"system-hardening":[16],"standards":[17],"such":[18],"as":[19],"benchmarks":[20],"recommended":[21],"by":[22],"the":[23,70,80,83,86,112],"Center":[24],"for":[25],"Internet":[26],"Security":[27,71,91],"(CIS)":[28],"combat":[30],"threats,":[31],"they":[32],"are":[33],"confronted":[34],"with":[35],"an":[36],"additional":[37,48],"challenge":[38],"ever-evolving":[40],"regulations":[41,104],"that":[42],"address":[43],"concerns.":[45],"These":[46],"create":[47],"requirements,":[49,108],"which":[50],"must":[51],"be":[52],"incorporated":[53],"into":[54],"software":[55],"systems.":[56],"In":[57],"paper,":[59],"we":[60,96],"present":[61,97],"a":[62],"generic":[63],"approach":[64,81],"towards":[65],"automating":[66],"different":[67],"activities":[68],"Compliance":[72],"Value":[73],"Chain":[74],"(SCVC)":[75],"organizations.":[77],"We":[78],"discuss":[79],"context":[84],"Payment":[87],"Card":[88],"Industry":[89],"Data":[90],"Standard":[92],"(PCI-DSS)":[93],"regulations.":[94],"Specifically,":[95],"automation":[98],"(1)":[100],"interpretation":[101],"PCI-DSS":[103],"infer":[106],"system":[107,114],"(2)":[109],"traceability":[110],"inferred":[113],"requirements":[115],"CIS":[117],"controls":[119],"(3)":[120],"implementation":[121],"appropriate":[123],"controls,":[125],"and":[126,130],"finally,":[127],"(4)":[128],"verification":[129],"reporting":[131],"compliance.":[133]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}