{"id":"https://openalex.org/W2476147379","doi":"https://doi.org/10.4018/ijcwt.2016070104","title":"The Next Generation of Scientific-Based Risk Metrics","display_name":"The Next Generation of Scientific-Based Risk Metrics","publication_year":2016,"publication_date":"2016-07-01","ids":{"openalex":"https://openalex.org/W2476147379","doi":"https://doi.org/10.4018/ijcwt.2016070104","mag":"2476147379"},"language":"en","primary_location":{"id":"doi:10.4018/ijcwt.2016070104","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijcwt.2016070104","pdf_url":null,"source":{"id":"https://openalex.org/S4210168647","display_name":"International Journal of Cyber Warfare and Terrorism","issn_l":"1947-3435","issn":["1947-3435","1947-3443"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Cyber Warfare and Terrorism","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035321347","display_name":"Lanier Watkins","orcid":"https://orcid.org/0000-0002-3322-1833"},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Lanier Watkins","raw_affiliation_strings":["Johns Hopkins University Information Security Institution, Baltimore, MD, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Johns Hopkins University Information Security Institution, Baltimore, MD, USA","institution_ids":["https://openalex.org/I145311948"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5082546271","display_name":"John S. Hurley","orcid":null},"institutions":[{"id":"https://openalex.org/I111149068","display_name":"National Defense University","ror":"https://ror.org/01nqk4x38","country_code":"US","type":"education","lineage":["https://openalex.org/I111149068"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"John S. Hurley","raw_affiliation_strings":["National Defense University, Washington D.C., USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Defense University, Washington D.C., USA","institution_ids":["https://openalex.org/I111149068"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5035321347"],"corresponding_institution_ids":["https://openalex.org/I145311948"],"apc_list":null,"apc_paid":null,"fwci":0.6902,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.79476603,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":"6","issue":"3","first_page":"43","last_page":"52"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.986299991607666,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.9682000279426575,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7187449932098389},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6414668560028076},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6270803213119507},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.6256346702575684},{"id":"https://openalex.org/keywords/preparedness","display_name":"Preparedness","score":0.6102191805839539},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.5752044916152954},{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.5010199546813965},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4772641360759735},{"id":"https://openalex.org/keywords/maturity","display_name":"Maturity (psychological)","score":0.45791569352149963},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.30142247676849365}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7187449932098389},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6414668560028076},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6270803213119507},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.6256346702575684},{"id":"https://openalex.org/C2777042776","wikidata":"https://www.wikidata.org/wiki/Q4583103","display_name":"Preparedness","level":2,"score":0.6102191805839539},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.5752044916152954},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.5010199546813965},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4772641360759735},{"id":"https://openalex.org/C101433766","wikidata":"https://www.wikidata.org/wiki/Q3543263","display_name":"Maturity (psychological)","level":2,"score":0.45791569352149963},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.30142247676849365},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C138496976","wikidata":"https://www.wikidata.org/wiki/Q175002","display_name":"Developmental psychology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.4018/ijcwt.2016070104","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijcwt.2016070104","pdf_url":null,"source":{"id":"https://openalex.org/S4210168647","display_name":"International Journal of Cyber Warfare and Terrorism","issn_l":"1947-3435","issn":["1947-3435","1947-3443"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Cyber Warfare and Terrorism","raw_type":"journal-article"},{"id":"pmh:oai:RePEc:igg:jcwt00:v:6:y:2016:i:3:p:43-52","is_oa":false,"landing_page_url":"http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/IJCWT.2016070104","pdf_url":null,"source":{"id":"https://openalex.org/S4306401271","display_name":"RePEc: Research Papers in Economics","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I77793887","host_organization_name":"Federal Reserve Bank of St. Louis","host_organization_lineage":["https://openalex.org/I77793887"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.5799999833106995}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1547152107","https://openalex.org/W1581030558","https://openalex.org/W1967546682","https://openalex.org/W1983758807","https://openalex.org/W2122024580","https://openalex.org/W2242935657"],"related_works":["https://openalex.org/W1974343333","https://openalex.org/W141916771","https://openalex.org/W2376398693","https://openalex.org/W2024164043","https://openalex.org/W4235557154","https://openalex.org/W3137235688","https://openalex.org/W2089917086","https://openalex.org/W2118094739","https://openalex.org/W4362720688","https://openalex.org/W3010647146"],"abstract_inverted_index":{"One":[0],"of":[1,12,33,37,53,122,136,143,158,187,217,221,228,234,244,288,311,336],"the":[2,29,38,49,54,72,85,92,107,117,127,133,137,156,166,202,212,226,235,242,264,276,283,289,291,295,309,312,334,349],"major":[3],"challenges":[4],"to":[5,14,27,48,60,83,110,126,131,177,191,204,211,247,253,281,343],"an":[6,175],"organization":[7,176],"achieving":[8,106],"a":[9,77,169,248,344],"certain":[10],"level":[11,157,184],"preparedness":[13],"\u201ceffectively\u201d":[15],"combat":[16],"existing":[17,39,193],"and":[18,22,31,45,51,95,145,150,194,215,231,298,347,351],"future":[19],"cyber":[20,196],"threats":[21,86,144],"vulnerabilities":[23,146,230],"is":[24,124,161,269],"its":[25,34,181],"ability":[26],"ensure":[28],"security":[30,216],"reliability":[32,214],"networks.":[35,138],"Most":[36],"efforts":[40],"are":[41,79,101,152],"quantitative,":[42],"by":[43,129,271,339],"nature,":[44],"limited":[46],"solely":[47],"networks":[50,149,218],"systems":[52,151],"organization.":[55],"It":[56],"would":[57],"be":[58,317],"unfair":[59],"not":[61,153],"acknowledge":[62],"that":[63,74,120,160,173,314],"for":[64,99],"sure":[65],"some":[66,121],"progress":[67],"has":[68,293],"been":[69],"achieved":[70],"in":[71,185,219,301],"way":[73],"organizations,":[75],"as":[76,308],"whole,":[78],"now":[80],"positioning":[81,189],"themselves":[82],"address":[84,192],"(GAO":[87],"2012).":[88],"Unfortunately,":[89],"so":[90],"have":[91],"skill":[93],"sets":[94],"resource":[96],"levels":[97,142],"improved":[98],"attackers--they":[100],"increasingly":[102],"getting":[103],"better":[104,188,205],"at":[105],"unwanted":[108],"access":[109],"organizations'":[111,148],"information":[112],"assets.":[113],"In":[114,139,163],"large":[115],"part":[116],"authors":[118,167,199,331],"believe":[119],"this":[123,164],"due":[125,246],"failure":[128],"methods":[130],"assess":[132,180],"overall":[134,232,284],"vulnerability":[135,233,292],"addition,":[140],"significant":[141],"beyond":[147],"being":[154],"given":[155,249],"attention":[159],"warranted.":[162],"paper,":[165],"propose":[168,201],"more":[170,178,286],"comprehensive":[171],"approach":[172,342],"enables":[174],"realistically":[179],"\u201ccyber":[182],"maturity\u201d":[183],"hope":[186],"itself":[190],"new":[195],"threats.":[197,258],"The":[198,330],"also":[200],"need":[203],"understand":[206],"another":[207],"missing":[208],"critical":[209],"piece":[210],"puzzle--the":[213],"terms":[220],"scientific":[222],"risk-based":[223,238],"metrics":[224,239],"(e.g.,":[225],"severity":[227],"individual":[229],"network).":[236],"Their":[237],"focus":[240],"on":[241,263,294],"probability":[243],"compromise":[245],"vulnerability;":[250],"employee":[251],"non-adherence":[252],"company":[254],"cyber-based":[255],"policies;":[256],"insider":[257],"They":[259],"are:":[260],"(1)":[261],"built":[262],"CVSS":[265],"Base":[266],"Score":[267],"which":[268,353],"modified":[270],"developing":[272],"weights":[273],"derived":[274],"from":[275,325],"Analytic":[277],"Hierarchy":[278],"Process":[279],"(AHP)":[280],"make":[282],"score":[285],"representative":[287],"impact":[290],"global":[296],"infrastructure,":[297],"(2)":[299],"rooted":[300],"repeatable":[302],"quantitative":[303],"characteristics":[304],"(i.e.,":[305],"vulnerabilities)":[306],"such":[307],"sum":[310],"probabilities":[313],"devices":[315],"will":[316,332],"compromised":[318],"via":[319],"client-side":[320],"or":[321,327],"server-side":[322],"attacks":[323],"stemming":[324],"software":[326],"hardware":[328],"vulnerabilities.":[329],"demonstrate":[333],"feasibility":[335],"their":[337,341],"method":[338],"applying":[340],"case":[345],"study":[346],"highlighting":[348],"benefits":[350],"impediments":[352],"result.":[354]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}