{"id":"https://openalex.org/W2053094163","doi":"https://doi.org/10.4018/ijsse.2014040101","title":"Threat Analysis in Goal-Oriented Security Requirements Modelling","display_name":"Threat Analysis in Goal-Oriented Security Requirements Modelling","publication_year":2014,"publication_date":"2014-04-01","ids":{"openalex":"https://openalex.org/W2053094163","doi":"https://doi.org/10.4018/ijsse.2014040101","mag":"2053094163"},"language":"en","primary_location":{"id":"doi:10.4018/ijsse.2014040101","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijsse.2014040101","pdf_url":null,"source":{"id":"https://openalex.org/S43656255","display_name":"International Journal of Secure Software Engineering","issn_l":"1947-3036","issn":["1947-3036","1947-3044"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Secure Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028218902","display_name":"Per H\u00e5kon Meland","orcid":"https://orcid.org/0000-0002-5509-0184"},"institutions":[{"id":"https://openalex.org/I173888879","display_name":"SINTEF","ror":"https://ror.org/01f677e56","country_code":"NO","type":"facility","lineage":["https://openalex.org/I173888879"]}],"countries":["NO"],"is_corresponding":true,"raw_author_name":"Per H\u00e5kon Meland","raw_affiliation_strings":["SINTEF ICT, Trondheim, Norway"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"SINTEF ICT, Trondheim, Norway","institution_ids":["https://openalex.org/I173888879"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074577975","display_name":"Elda Paja","orcid":"https://orcid.org/0000-0002-8346-2467"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Elda Paja","raw_affiliation_strings":["Department of Information Engineering and Computer Science (DISI), University of Trento, Trento, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Engineering and Computer Science (DISI), University of Trento, Trento, Italy","institution_ids":["https://openalex.org/I193223587"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062661168","display_name":"Erlend Andreas Gj\u00e6re","orcid":null},"institutions":[{"id":"https://openalex.org/I173888879","display_name":"SINTEF","ror":"https://ror.org/01f677e56","country_code":"NO","type":"facility","lineage":["https://openalex.org/I173888879"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Erlend Andreas Gj\u00e6re","raw_affiliation_strings":["SINTEF ICT, Trondheim, Norway"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"SINTEF ICT, Trondheim, Norway","institution_ids":["https://openalex.org/I173888879"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102869178","display_name":"St\u00e9phane Paul","orcid":"https://orcid.org/0000-0003-2123-5370"},"institutions":[{"id":"https://openalex.org/I4210140930","display_name":"Thales (France)","ror":"https://ror.org/04emwm605","country_code":"FR","type":"company","lineage":["https://openalex.org/I4210140930"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"St\u00e9phane Paul","raw_affiliation_strings":["Critical Embedded Systems Laboratory, Information Science and Technology Research Group, Thales Research and Technology, Palaiseau, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Critical Embedded Systems Laboratory, Information Science and Technology Research Group, Thales Research and Technology, Palaiseau, France","institution_ids":["https://openalex.org/I4210140930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069677848","display_name":"Fabiano Dalpiaz","orcid":"https://orcid.org/0000-0003-4480-3887"},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Fabiano Dalpiaz","raw_affiliation_strings":["Department of Information and Computing Sciences, Buys Ballot Laboratory, Utrecht University, Utrecht, The Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information and Computing Sciences, Buys Ballot Laboratory, Utrecht University, Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073056211","display_name":"Paolo Giorgini","orcid":"https://orcid.org/0000-0003-4152-9683"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Paolo Giorgini","raw_affiliation_strings":["Department of Information Engineering and Computer Science (DISI), University of Trento, Trento, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Engineering and Computer Science (DISI), University of Trento, Trento, Italy","institution_ids":["https://openalex.org/I193223587"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5028218902"],"corresponding_institution_ids":["https://openalex.org/I173888879"],"apc_list":null,"apc_paid":null,"fwci":0.8201,"has_fulltext":false,"cited_by_count":14,"citation_normalized_percentile":{"value":0.82595059,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"5","issue":"2","first_page":"1","last_page":"19"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.811949610710144},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.6012815237045288},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.534125566482544},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.5258995890617371},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.507696270942688},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5004799365997314},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.45692065358161926},{"id":"https://openalex.org/keywords/requirements-engineering","display_name":"Requirements engineering","score":0.4218709170818329},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.41979825496673584},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4194602966308594},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.38931775093078613},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.3253331780433655},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.19347336888313293},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.13898465037345886},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.10539171099662781}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.811949610710144},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.6012815237045288},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.534125566482544},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.5258995890617371},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.507696270942688},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5004799365997314},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45692065358161926},{"id":"https://openalex.org/C6604083","wikidata":"https://www.wikidata.org/wiki/Q376937","display_name":"Requirements engineering","level":3,"score":0.4218709170818329},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.41979825496673584},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4194602966308594},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.38931775093078613},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.3253331780433655},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.19347336888313293},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.13898465037345886},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.10539171099662781},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.4018/ijsse.2014040101","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijsse.2014040101","pdf_url":null,"source":{"id":"https://openalex.org/S43656255","display_name":"International Journal of Secure Software Engineering","issn_l":"1947-3036","issn":["1947-3036","1947-3044"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Secure Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:RePEc:igg:jsse00:v:5:y:2014:i:2:p:1-19","is_oa":false,"landing_page_url":"http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/ijsse.2014040101","pdf_url":null,"source":{"id":"https://openalex.org/S4306401271","display_name":"RePEc: Research Papers in Economics","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I77793887","host_organization_name":"Federal Reserve Bank of St. Louis","host_organization_lineage":["https://openalex.org/I77793887"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"article"},{"id":"pmh:oai:iris.unitn.it:11572/101720","is_oa":false,"landing_page_url":"http://hdl.handle.net/11572/101720","pdf_url":null,"source":{"id":"https://openalex.org/S4306401913","display_name":"Institutional Research Information System (Universit\u00e0 degli Studi di Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4099999964237213,"display_name":"Partnerships for the goals","id":"https://metadata.un.org/sdg/17"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W32063464","https://openalex.org/W67677442","https://openalex.org/W1502367483","https://openalex.org/W1521415124","https://openalex.org/W1524500851","https://openalex.org/W1525753916","https://openalex.org/W1582787832","https://openalex.org/W1721033460","https://openalex.org/W1731979679","https://openalex.org/W1912066346","https://openalex.org/W1971211625","https://openalex.org/W1972276999","https://openalex.org/W2014754306","https://openalex.org/W2017739343","https://openalex.org/W2035622004","https://openalex.org/W2043312149","https://openalex.org/W2047723056","https://openalex.org/W2086416991","https://openalex.org/W2097154968","https://openalex.org/W2105539612","https://openalex.org/W2105920911","https://openalex.org/W2110143060","https://openalex.org/W2110157102","https://openalex.org/W2113435553","https://openalex.org/W2130310983","https://openalex.org/W2137363082","https://openalex.org/W2147692099","https://openalex.org/W2150071393","https://openalex.org/W2151451947","https://openalex.org/W2153177282","https://openalex.org/W2158572645","https://openalex.org/W2164866973","https://openalex.org/W2557655908","https://openalex.org/W2614268818","https://openalex.org/W2759273942","https://openalex.org/W2899987233","https://openalex.org/W3118517595","https://openalex.org/W4229680087","https://openalex.org/W4285719527","https://openalex.org/W6602722151","https://openalex.org/W6744384640"],"related_works":["https://openalex.org/W3189065608","https://openalex.org/W2164920192","https://openalex.org/W1909163279","https://openalex.org/W2125403566","https://openalex.org/W2120086576","https://openalex.org/W2293554594","https://openalex.org/W2574735744","https://openalex.org/W896362041","https://openalex.org/W2940646603","https://openalex.org/W2758682319"],"abstract_inverted_index":{"Goal":[0],"and":[1,31,34,61,72,79,109,155,184,205],"threat":[2,59,89,121],"modelling":[3,57,60,90,95],"are":[4],"important":[5],"activities":[6],"of":[7,116,182,194,201],"security":[8,94,159,196],"requirements":[9,160],"engineering:":[10],"goals":[11,30,183],"express":[12],"why":[13],"a":[14,73,120,129,152,175],"system":[15],"is":[16,69],"needed,":[17],"while":[18],"threats":[19,32,104,117,150,185],"motivate":[20],"the":[21,37,45,86,92,106,133,158,162,188,202],"need":[22],"for":[23,157],"security.":[24],"Unfortunately,":[25],"existing":[26],"approaches":[27],"mostly":[28],"consider":[29],"separately,":[33],"thus":[35],"neglect":[36],"mutual":[38],"influence":[39],"between":[40,75],"them.":[41],"In":[42],"this":[43,48,67,169],"paper,":[44],"authors":[46,64,87,124,147,163],"address":[47],"deficiency":[49],"by":[50,119],"proposing":[51],"an":[52],"approach":[53,127],"that":[54,66,102,113,149,161,198],"extends":[55],"goal":[56,166],"with":[58,91],"analysis.":[62],"The":[63,123,146,180],"show":[65],"effort":[68],"not":[70,171],"trivial":[71],"trade-off":[74],"visual":[76],"expressiveness,":[77],"usability":[78],"usefulness":[80],"has":[81],"to":[82,177],"be":[83,172],"considered.":[84],"Specifically,":[85],"integrate":[88],"socio-technical":[93],"language":[96],"(STS-ml),":[97],"introduce":[98],"automated":[99],"analysis":[100],"techniques":[101],"propagate":[103],"in":[105,187],"combined":[107],"models,":[108],"present":[110],"tool":[111],"support":[112],"enables":[114],"reuse":[115],"facilitated":[118],"repository.":[122],"illustrate":[125],"their":[126],"on":[128],"case":[130],"study":[131],"from":[132,139,165],"Air":[134],"Traffic":[135],"Management":[136],"(ATM)":[137],"domain,":[138],"which":[140],"they":[141],"extract":[142],"some":[143],"practical":[144],"challenges.":[145],"conclude":[148],"provide":[151],"useful":[153],"foundation":[154],"justification":[156],"derive":[164],"modelling,":[167],"but":[168],"should":[170],"considered":[173],"as":[174],"replacement":[176],"risk":[178],"assessment.":[179],"usage":[181],"early":[186],"development":[189],"process":[190],"allows":[191],"raising":[192],"awareness":[193],"high-level":[195],"issues":[197],"occur":[199],"regardless":[200],"chosen":[203],"technology":[204],"organizational":[206],"processes.":[207]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":3},{"year":2015,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}