{"id":"https://openalex.org/W4205746881","doi":"https://doi.org/10.1016/j.procs.2021.11.070","title":"A Customizable Web Platform to Manage Standards Compliance of Information Security and Cybersecurity Auditing","display_name":"A Customizable Web Platform to Manage Standards Compliance of Information Security and Cybersecurity Auditing","publication_year":2022,"publication_date":"2022-01-01","ids":{"openalex":"https://openalex.org/W4205746881","doi":"https://doi.org/10.1016/j.procs.2021.11.070"},"language":"en","primary_location":{"is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.procs.2021.11.070","pdf_url":null,"source":{"id":"https://openalex.org/S120348307","display_name":"Procedia Computer Science","issn_l":"1877-0509","issn":["1877-0509"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true},"type":"article","type_crossref":"journal-article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1016/j.procs.2021.11.070","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5085602004","display_name":"M\u00e1rio Antunes","orcid":"https://orcid.org/0000-0003-3448-6726"},"institutions":[{"id":"https://openalex.org/I169427155","display_name":"Instituto Polit\u00e9cnico de Leiria","ror":"https://ror.org/010dvvh94","country_code":"PT","type":"education","lineage":["https://openalex.org/I169427155"]},{"id":"https://openalex.org/I4210166615","display_name":"INESC TEC","ror":"https://ror.org/05fa8ka61","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I4210125590","https://openalex.org/I4210166615"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"M\u00e1rio Antunes","raw_affiliation_strings":["Computer Science and Communication Research Centre (CIIC), School of Technology and Management, Polytechnic of Leiria","INESC TEC, CRACS, Porto, Portugal","Leiria, Portugal"],"affiliations":[{"raw_affiliation_string":"Computer Science and Communication Research Centre (CIIC), School of Technology and Management, Polytechnic of Leiria","institution_ids":["https://openalex.org/I169427155"]},{"raw_affiliation_string":"Leiria, Portugal","institution_ids":[]},{"raw_affiliation_string":"INESC TEC, CRACS, Porto, Portugal","institution_ids":["https://openalex.org/I4210166615"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084294182","display_name":"Marisa Maximiano","orcid":"https://orcid.org/0000-0002-1212-7864"},"institutions":[{"id":"https://openalex.org/I169427155","display_name":"Instituto Polit\u00e9cnico de Leiria","ror":"https://ror.org/010dvvh94","country_code":"PT","type":"education","lineage":["https://openalex.org/I169427155"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Marisa Maximiano","raw_affiliation_strings":["Computer Science and Communication Research Centre (CIIC), School of Technology and Management, Polytechnic of Leiria","Leiria, Portugal"],"affiliations":[{"raw_affiliation_string":"Leiria, Portugal","institution_ids":[]},{"raw_affiliation_string":"Computer Science and Communication Research Centre (CIIC), School of Technology and Management, Polytechnic of Leiria","institution_ids":["https://openalex.org/I169427155"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040242140","display_name":"Ricardo Gomes","orcid":"https://orcid.org/0000-0002-0438-9119"},"institutions":[{"id":"https://openalex.org/I169427155","display_name":"Instituto Polit\u00e9cnico de Leiria","ror":"https://ror.org/010dvvh94","country_code":"PT","type":"education","lineage":["https://openalex.org/I169427155"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Ricardo Gomes","raw_affiliation_strings":["Leiria, Portugal","School of Technology and Management, Polytechnic of Leiria"],"affiliations":[{"raw_affiliation_string":"School of Technology and Management, Polytechnic of Leiria","institution_ids":["https://openalex.org/I169427155"]},{"raw_affiliation_string":"Leiria, Portugal","institution_ids":[]}]}],"institution_assertions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5085602004"],"corresponding_institution_ids":["https://openalex.org/I169427155","https://openalex.org/I4210166615"],"apc_list":null,"apc_paid":null,"fwci":4.455,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.842952,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":93,"max":94},"biblio":{"volume":"196","issue":null,"first_page":"36","last_page":"43"},"is_retracted":false,"is_paratext":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information Security Policy Compliance and Awareness","score":0.9987,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information Security Policy Compliance and Awareness","score":0.9987,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Intrusion Detection and Defense Mechanisms","score":0.9956,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Log Analysis and System Performance Diagnosis","score":0.9946,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/iot-security","display_name":"IoT Security","score":0.558364},{"id":"https://openalex.org/keywords/information-security","display_name":"Information Security","score":0.536462},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.5320894},{"id":"https://openalex.org/keywords/policy-compliance","display_name":"Policy Compliance","score":0.523976},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.5211206},{"id":"https://openalex.org/keywords/intrusion-detection","display_name":"Intrusion Detection","score":0.502337},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.45330793},{"id":"https://openalex.org/keywords/information-technology-audit","display_name":"Information technology audit","score":0.42607927}],"concepts":[{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.75124896},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7224987},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5698068},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.5320894},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.5211206},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.45330793},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.44842935},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.44727474},{"id":"https://openalex.org/C177309310","wikidata":"https://www.wikidata.org/wiki/Q758917","display_name":"Information technology audit","level":5,"score":0.42607927},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.3466301},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.341361},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.33227825},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3045131},{"id":"https://openalex.org/C170856484","wikidata":"https://www.wikidata.org/wiki/Q6452684","display_name":"Internal audit","level":3,"score":0.24121857},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.22054109},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.17051125},{"id":"https://openalex.org/C191602146","wikidata":"https://www.wikidata.org/wiki/Q6269489","display_name":"Joint audit","level":4,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.procs.2021.11.070","pdf_url":null,"source":{"id":"https://openalex.org/S120348307","display_name":"Procedia Computer Science","issn_l":"1877-0509","issn":["1877-0509"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true}],"best_oa_location":{"is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.procs.2021.11.070","pdf_url":null,"source":{"id":"https://openalex.org/S120348307","display_name":"Procedia Computer Science","issn_l":"1877-0509","issn":["1877-0509"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true},"sustainable_development_goals":[],"grants":[{"funder":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","award_id":null}],"datasets":[],"versions":[],"referenced_works_count":7,"referenced_works":["https://openalex.org/W1977232457","https://openalex.org/W2810502478","https://openalex.org/W2898826849","https://openalex.org/W3037669891","https://openalex.org/W3146035656","https://openalex.org/W4242064452","https://openalex.org/W53176000"],"related_works":["https://openalex.org/W815057058","https://openalex.org/W4386208045","https://openalex.org/W3195449469","https://openalex.org/W2749905988","https://openalex.org/W2562041511","https://openalex.org/W2497647994","https://openalex.org/W2379831727","https://openalex.org/W2360780502","https://openalex.org/W1988974780","https://openalex.org/W1531865573"],"abstract_inverted_index":{"Information":[0],"security":[1,229],"and":[2,16,25,43,47,54,96,109,122,132,139,152,160,171,193,206,210,213,245],"cybersecurity":[3,162],"are":[4,83,116,129,140,243],"key":[5],"subjects":[6],"in":[7,40,179,216,254],"modern":[8],"enterprises'":[9,38,208],"management,":[10],"being":[11,79],"ISO-27001:2013,":[12],"NIST":[13],"Cybersecurity":[14],"Framework":[15],"ISO-27009":[17],"some":[18],"of":[19,58,66,99,102,183,249],"the":[20,34,77,93,104,241,247],"most":[21],"implemented":[22],"international":[23],"frameworks":[24],"standards.":[26],"Their":[27],"main":[28],"goal":[29],"is":[30,166],"to":[31,72,119,143,176,202],"globally":[32],"reduce":[33],"risk,":[35],"by":[36,88,146,186],"leveraging":[37],"competitiveness":[39],"global":[41],"markets":[42],"enhancing":[44],"business":[45],"processes":[46,52,82],"collaborators'":[48],"cyber":[49],"awareness.":[50],"Auditing":[51],"examine":[53],"assess":[55],"a":[56,64,97,158,180,188,217],"list":[57],"predefined":[59,189],"controls.":[60],"For":[61],"each":[62],"control,":[63],"set":[65,98,182],"corrective":[67],"measures":[68],"could":[69],"be":[70,107,144,177],"proposed,":[71],"increase":[73],"its":[74],"compliance":[75],"with":[76,149],"standard":[78],"used.":[80],"These":[81],"time-consuming,":[84],"involve":[85],"on-site":[86],"intervention":[87],"specialized":[89],"consulting":[90],"teams":[91],"on":[92,136,225],"intervened":[94],"enterprises,":[95],"status":[100],"reports":[101],"all":[103],"interventions":[105],"should":[106],"elaborated":[108],"delivered.":[110],"The":[111,220,237],"existing":[112],"auditing":[113,153,163,184,212,230,257],"information":[114,164,221,228,252],"systems":[115],"not":[117,141],"developed":[118],"meet":[120,203],"Small":[121],"Medium-sized":[123],"Enterprises":[124],"(SME)":[125],"requirements,":[126,209],"as":[127],"they":[128],"mostly":[130],"proprietary":[131],"expensive,":[133],"ground":[134],"usually":[135],"off-the-shelf":[137],"applications,":[138],"generic":[142,159],"used":[145,178],"several":[147],"standards":[148],"different":[150],"checklists":[151],"methodologies.":[154],"In":[155],"this":[156,251],"paper,":[157],"web-integrated":[161],"system":[165,222,253],"described.":[167],"Its":[168],"architecture,":[169],"design,":[170],"data":[172,215],"model":[173],"enable":[174],"it":[175],"wide":[181],"processes,":[185],"loading":[187],"controls":[190],"checklist":[191],"assessment":[192],"their":[194],"corresponding":[195],"mitigation":[196],"tasks":[197],"list.":[198],"It":[199],"was":[200,223],"designed":[201],"both":[204],"SMEs":[205],"large":[207],"stores":[211],"intervention-related":[214],"relational":[218],"database.":[219],"tested":[224],"an":[226],"ISO-27001:2013":[227],"project,":[231],"which":[232],"has":[233],"integrated":[234],"fifty":[235],"SMEs.":[236],"results":[238],"obtained":[239],"during":[240],"project":[242],"promising":[244],"reveal":[246],"appropriateness":[248],"using":[250],"further":[255],"similar":[256],"processes.":[258]},"cited_by_api_url":"https://api.openalex.org/works?filter=cites:W4205746881","counts_by_year":[{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":4},{"year":2021,"cited_by_count":1}],"updated_date":"2024-12-03T17:36:12.099170","created_date":"2022-01-25"}
