{"id":"https://openalex.org/W4313492016","doi":"https://doi.org/10.1145/3570991.3571008","title":"Towards Automated Assessment of Organizational Cybersecurity Posture in Cloud","display_name":"Towards Automated Assessment of Organizational Cybersecurity Posture in Cloud","publication_year":2023,"publication_date":"2023-01-04","ids":{"openalex":"https://openalex.org/W4313492016","doi":"https://doi.org/10.1145/3570991.3571008"},"language":"en","primary_location":{"id":"doi:10.1145/3570991.3571008","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3570991.3571008","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 6th Joint International Conference on Data Science &amp; Management of Data (10th ACM IKDD CODS and 28th COMAD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037214580","display_name":"Roy Bar-Haim","orcid":"https://orcid.org/0000-0001-7365-1662"},"institutions":[{"id":"https://openalex.org/I4210167297","display_name":"IBM Research - Haifa","ror":"https://ror.org/05rw9t746","country_code":"IL","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210167297"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"Roy Bar-Haim","raw_affiliation_strings":["IBM Research, Israel"],"affiliations":[{"raw_affiliation_string":"IBM Research, Israel","institution_ids":["https://openalex.org/I4210167297"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042370088","display_name":"Lilach Eden","orcid":"https://orcid.org/0000-0001-5244-3813"},"institutions":[{"id":"https://openalex.org/I4210167297","display_name":"IBM Research - Haifa","ror":"https://ror.org/05rw9t746","country_code":"IL","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210167297"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Lilach Eden","raw_affiliation_strings":["IBM Research, Israel"],"affiliations":[{"raw_affiliation_string":"IBM Research, Israel","institution_ids":["https://openalex.org/I4210167297"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037905755","display_name":"Yoav Kantor","orcid":"https://orcid.org/0000-0002-0775-437X"},"institutions":[{"id":"https://openalex.org/I4210167297","display_name":"IBM Research - Haifa","ror":"https://ror.org/05rw9t746","country_code":"IL","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210167297"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Yoav Kantor","raw_affiliation_strings":["IBM Research, Israel"],"affiliations":[{"raw_affiliation_string":"IBM Research, Israel","institution_ids":["https://openalex.org/I4210167297"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004401541","display_name":"Vikas Agarwal","orcid":"https://orcid.org/0000-0002-7719-1066"},"institutions":[{"id":"https://openalex.org/I4210103279","display_name":"IBM Research - India","ror":"https://ror.org/014wt7r80","country_code":"IN","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210103279","https://openalex.org/I4210114115"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Vikas Agarwal","raw_affiliation_strings":["IBM Research, India"],"affiliations":[{"raw_affiliation_string":"IBM Research, India","institution_ids":["https://openalex.org/I4210103279"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047632804","display_name":"Mark Devereux","orcid":"https://orcid.org/0000-0002-2349-6892"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mark Devereux","raw_affiliation_strings":["Promontory Financial Group, a Business Unit of IBM, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Promontory Financial Group, a Business Unit of IBM, United Kingdom","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103091570","display_name":"Nisha Gupta","orcid":"https://orcid.org/0000-0003-4417-6393"},"institutions":[{"id":"https://openalex.org/I4210103279","display_name":"IBM Research - India","ror":"https://ror.org/014wt7r80","country_code":"IN","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210103279","https://openalex.org/I4210114115"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Nisha Gupta","raw_affiliation_strings":["IBM Research, India"],"affiliations":[{"raw_affiliation_string":"IBM Research, India","institution_ids":["https://openalex.org/I4210103279"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101868106","display_name":"Arun Kumar","orcid":"https://orcid.org/0000-0002-3513-3634"},"institutions":[{"id":"https://openalex.org/I4210103279","display_name":"IBM Research - India","ror":"https://ror.org/014wt7r80","country_code":"IN","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210103279","https://openalex.org/I4210114115"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Arun Kumar","raw_affiliation_strings":["IBM Research, India"],"affiliations":[{"raw_affiliation_string":"IBM Research, India","institution_ids":["https://openalex.org/I4210103279"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078223247","display_name":"Matan Orbach","orcid":"https://orcid.org/0000-0001-9923-5093"},"institutions":[{"id":"https://openalex.org/I4210167297","display_name":"IBM Research - Haifa","ror":"https://ror.org/05rw9t746","country_code":"IL","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210167297"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Matan Orbach","raw_affiliation_strings":["IBM Research, Israel"],"affiliations":[{"raw_affiliation_string":"IBM Research, Israel","institution_ids":["https://openalex.org/I4210167297"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019857676","display_name":"Michael Zan","orcid":"https://orcid.org/0000-0002-9195-1084"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Michael Zan","raw_affiliation_strings":["Promontory Financial Group, a Business Unit of IBM, USA"],"affiliations":[{"raw_affiliation_string":"Promontory Financial Group, a Business Unit of IBM, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5037214580"],"corresponding_institution_ids":["https://openalex.org/I4210167297"],"apc_list":null,"apc_paid":null,"fwci":1.1982,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.78739471,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"167","last_page":"175"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7650640606880188},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.6837388277053833},{"id":"https://openalex.org/keywords/mandate","display_name":"Mandate","score":0.5838013291358948},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.561006486415863},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.535434365272522},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5047780275344849},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.4661513566970825},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.4461880922317505},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.4444623291492462},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.42873504757881165},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.4227045476436615},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.37768951058387756},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.36645621061325073},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.33414924144744873},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.17493271827697754},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.149652361869812}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7650640606880188},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.6837388277053833},{"id":"https://openalex.org/C2775884135","wikidata":"https://www.wikidata.org/wiki/Q845436","display_name":"Mandate","level":2,"score":0.5838013291358948},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.561006486415863},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.535434365272522},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5047780275344849},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.4661513566970825},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.4461880922317505},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.4444623291492462},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.42873504757881165},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4227045476436615},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.37768951058387756},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.36645621061325073},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.33414924144744873},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.17493271827697754},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.149652361869812},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3570991.3571008","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3570991.3571008","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 6th Joint International Conference on Data Science &amp; Management of Data (10th ACM IKDD CODS and 28th COMAD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W113835813","https://openalex.org/W1847618513","https://openalex.org/W2525916685","https://openalex.org/W2564816500","https://openalex.org/W2593403028","https://openalex.org/W2748402820","https://openalex.org/W2970641574","https://openalex.org/W3212028098","https://openalex.org/W4241376244"],"related_works":["https://openalex.org/W2065250680","https://openalex.org/W2348567840","https://openalex.org/W2390665136","https://openalex.org/W2092708554","https://openalex.org/W2353177111","https://openalex.org/W4206199931","https://openalex.org/W2336014427","https://openalex.org/W2379266188","https://openalex.org/W4242058059","https://openalex.org/W2210929881"],"abstract_inverted_index":{"In":[0],"a":[1],"world":[2],"where":[3],"reliance":[4],"on":[5],"digital":[6],"services":[7],"becomes":[8,133],"more":[9],"critical":[10],"every":[11],"year":[12],"with":[13,123],"billions":[14],"of":[15,35,43,81],"dollars":[16],"in":[17,78,112],"penalties":[18],"being":[19,37],"levied":[20],"annually":[21],"by":[22,104],"regulators":[23],"and":[24,47,65,87,90,98,139],"the":[25,32,41,79,105],"impacts":[26],"from":[27],"security":[28,84,97,126],"control":[29,48,85,108],"failures":[30],"growing,":[31],"potential":[33,141],"consequence":[34],"organizations":[36,74,118],"unable":[38],"to":[39,121,136],"determine":[40],"completeness":[42],"their":[44,83,129],"cybersecurity":[45],"strategy":[46],"environment":[49,86],"are":[50,110],"worsening.":[51],"Established":[52],"standards":[53],"such":[54],"as":[55],"NIST":[56],"800-53,":[57],"Cloud":[58,61],"Security":[59,68],"Alliance":[60],"Controls":[62,69],"Matrix":[63],"(CSA-CCM)":[64],"CIS":[66],"20":[67],"offer":[70],"baselines":[71],"against":[72],"which":[73],"can":[75],"mandate":[76],"compliance,":[77],"support":[80],"managing":[82],"meeting":[88],"risk":[89],"regulatory":[91],"expectations.":[92],"While":[93],"there":[94],"is":[95,102],"increased":[96],"compliance":[99],"automation,":[100],"it":[101,132],"hampered":[103],"fact":[106],"that":[107],"requirements":[109,127],"expressed":[111],"natural":[113],"language":[114],"text.":[115],"With":[116],"large":[117],"often":[119],"needing":[120],"comply":[122],"several":[124],"thousand":[125],"across":[128],"IT":[130],"enterprise,":[131],"humanly":[134],"impossible":[135],"assess":[137],"coverage":[138],"identify":[140],"gaps.":[142]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}