{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,3,31]],"date-time":"2022-03-31T15:33:29Z","timestamp":1648740809442},"reference-count":75,"publisher":"Wiley","issue":"1","license":[{"start":{"date-parts":[[2012,5,16]],"date-time":"2012-05-16T00:00:00Z","timestamp":1337126400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/http\/doi.wiley.com\/10.1002\/tdm_license_1.1"},{"start":{"date-parts":[[2012,5,16]],"date-time":"2012-05-16T00:00:00Z","timestamp":1337126400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/http\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security Comm. Networks"],"published-print":{"date-parts":[[2014,1]]},"DOI":"10.1002\/sec.547","type":"journal-article","created":{"date-parts":[[2012,5,16]],"date-time":"2012-05-16T06:45:41Z","timestamp":1337150741000},"page":"139-156","source":"Crossref","is-referenced-by-count":0,"title":["Policy override in practice: model, evaluation, and decision support"],"prefix":"10.1002","volume":"7","author":[{"given":"Steffen","family":"Bartsch","sequence":"first","affiliation":[{"name":"TZI; Universit\u00e4t Bremen; Bibliothekstr. 1 28359 Bremen Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","published-online":{"date-parts":[[2012,5,16]]},"reference":[{"key":"10.1002\/sec.547-BIB0001|sec547-cit-0001","first-page":"519","article-title":"The use of knowledge in society","volume":"35","author":"Hayek","year":"1945","journal-title":"American Economic Review"},{"key":"10.1002\/sec.547-BIB0002|sec547-cit-0002","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/978-3-540-78550-7_11","volume-title":"Proceedings for the 3\u2009rd International Workshop on Enterprise Applications and Services in the Finance Industry","author":"Sinclair","year":"2008"},{"key":"10.1002\/sec.547-BIB0003|sec547-cit-0003","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1145\/1595676.1595684","volume-title":"New Security Paradigms Workshop 2008","author":"Beautement","year":"2008"},{"issue":"9","key":"10.1002\/sec.547-BIB0004|sec547-cit-0004","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","article-title":"The protection of information in computer systems","volume":"63","author":"Saltzer","year":"1975","journal-title":"Proceedings of the IEEE"},{"key":"10.1002\/sec.547-BIB0005|sec547-cit-0005","unstructured":"Sikkel K Stiemerling O User-oriented authorization in collaborative environments Proceedings of COOP '98 1998"},{"issue":"5","key":"10.1002\/sec.547-BIB0006|sec547-cit-0006","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1201\/1086\/44797.13.5.20041101\/84907.5","article-title":"Secure coding: building security into the software development life cycle","volume":"13","author":"Jones","year":"2004","journal-title":"Information Systems Security"},{"key":"10.1002\/sec.547-BIB0007|sec547-cit-0007","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/978-0-387-09762-6_8","volume-title":"Managing Information Risk and the Economics of Security","author":"Zhao","year":"2009"},{"key":"10.1002\/sec.547-BIB0008|sec547-cit-0008","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1145\/335169.335188","volume-title":"NSPW '99: Proceedings of the 1999 Workshop on New Security Paradigms","author":"Povey","year":"2000"},{"key":"10.1002\/sec.547-BIB0009|sec547-cit-0009","doi-asserted-by":"crossref","first-page":"196","DOI":"10.1145\/587078.587106","volume-title":"CSCW '02: Proceedings of the 2002 ACM Conference on Computer Supported Cooperative Work","author":"Stevens","year":"2002"},{"issue":"2-3","key":"10.1002\/sec.547-BIB0010|sec547-cit-0010","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1007\/s10207-007-0017-y","article-title":"Audit-based compliance control","volume":"6","author":"Cederquist","year":"2007","journal-title":"International Journal of Information Security"},{"key":"10.1002\/sec.547-BIB0011|sec547-cit-0011","volume-title":"Information Security: An Integrated Collection of Essays","author":"Jajodia","year":"1995"},{"key":"10.1002\/sec.547-BIB0012|sec547-cit-0012","first-page":"175","volume-title":"ACSAC","author":"R\u00f8stad","year":"2006"},{"key":"10.1002\/sec.547-BIB0013|sec547-cit-0013","first-page":"115","volume-title":"CSFW","author":"Badger","year":"1990"},{"key":"10.1002\/sec.547-BIB0014|sec547-cit-0014","first-page":"312","volume-title":"Security Protocols Workshop, Lecture Notes in Computer Science","volume":"3957","author":"Rissanen","year":"2004"},{"key":"10.1002\/sec.547-BIB0015|sec547-cit-0015","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/SP.2007.21","volume-title":"SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy","author":"Cheng","year":"2007"},{"issue":"7194","key":"10.1002\/sec.547-BIB0016|sec547-cit-0016","doi-asserted-by":"crossref","first-page":"1328","DOI":"10.1136\/bmj.318.7194.1328","article-title":"Privacy in clinical information systems in secondary care","volume":"318","author":"Denley","year":"1999","journal-title":"BMJ"},{"key":"10.1002\/sec.547-BIB0017|sec547-cit-0017","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1145\/344287.344304","volume-title":"RBAC '00: Proceedings of the fifth ACM workshop on Role-based access control","author":"Longstaff","year":"2000"},{"key":"10.1002\/sec.547-BIB0018|sec547-cit-0018","unstructured":"Miller JA Fan M Wu S Arpinar IB Sheth AP Kochut KJ Security for the METEOR workflow management system Technical Report 1999"},{"issue":"2","key":"10.1002\/sec.547-BIB0019|sec547-cit-0019","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","article-title":"Role-based access control models","volume":"29","author":"Sandhu","year":"1996","journal-title":"IEEE Computer"},{"key":"10.1002\/sec.547-BIB0020|sec547-cit-0020","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1007\/978-3-642-03354-4_35","volume-title":"3rd International Workshop on Trusted Collaboration (TrustCol-2008)","author":"Bartsch","year":"2009"},{"key":"10.1002\/sec.547-BIB0021|sec547-cit-0021","first-page":"554","volume-title":"15th NIST-NCSC National Computer Security Conference","author":"Ferraiolo","year":"1992"},{"issue":"4","key":"10.1002\/sec.547-BIB0022|sec547-cit-0022","doi-asserted-by":"crossref","first-page":"441","DOI":"10.2307\/249551","article-title":"Coping with system risk: security planning models for management decision-making","volume":"22","author":"Straub","year":"1998","journal-title":"MIS Quarterly"},{"key":"10.1002\/sec.547-BIB0023|sec547-cit-0023","unstructured":"GAO Information security risk assessment: practices of leading organizations Technical Report AIMD-00-33 1999"},{"key":"10.1002\/sec.547-BIB0024|sec547-cit-0024","first-page":"1","volume":"14","author":"Alter","year":"2004","journal-title":"Communications of the AIS"},{"key":"10.1002\/sec.547-BIB0025|sec547-cit-0025","doi-asserted-by":"crossref","unstructured":"Stoneburner G Goguen A Feringa A Risk management guide for information technology systems-NIST special publication 800-30 Technical Report 2002","DOI":"10.6028\/NIST.SP.800-30"},{"key":"10.1002\/sec.547-BIB0026|sec547-cit-0026","doi-asserted-by":"crossref","DOI":"10.1201\/9781420031195","volume-title":"Information Security Risk Analysis","author":"Peltier","year":"2005"},{"key":"10.1002\/sec.547-BIB0027|sec547-cit-0027","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511808098","volume-title":"Heuristics and Biases: The Psychology of Intuitive Judgement","author":"Gilovich","year":"2002"},{"key":"10.1002\/sec.547-BIB0028|sec547-cit-0028","volume-title":"The Book of Risk","author":"Borge","year":"2001"},{"key":"10.1002\/sec.547-BIB0029|sec547-cit-0029","article-title":"Cars, cholera and cows: the management of risk and uncertainty","author":"Adams","year":"1999","journal-title":"Policy Analysis"},{"key":"10.1002\/sec.547-BIB0030|sec547-cit-0030","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1109\/AFIPS.1978.169","volume-title":"International Workshop on Managing Requirements Knowledge","author":"Hoffman","year":"1978"},{"key":"10.1002\/sec.547-BIB0031|sec547-cit-0031","volume-title":"Information Technology-Security Techniques-Information Security Risk Management","author":"ISO\/IEC 27005:2008","year":"2008"},{"key":"10.1002\/sec.547-BIB0032|sec547-cit-0032","first-page":"391","volume-title":"ACISP, Lecture Notes in Computer Science","volume":"3108","author":"Lenstra","year":"2004"},{"key":"10.1002\/sec.547-BIB0033|sec547-cit-0033","volume-title":"Computer Security: Principles and Practice","author":"Stallings","year":"2008"},{"key":"10.1002\/sec.547-BIB0034|sec547-cit-0034","unstructured":"Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI). BSI-Standard 100-2: IT-Grundschutz-Vorgehensweise 2008"},{"issue":"6","key":"10.1002\/sec.547-BIB0035|sec547-cit-0035","doi-asserted-by":"crossref","first-page":"526","DOI":"10.1016\/S0167-4048(02)01009-X","article-title":"A framework for understanding and predicting insider attacks","volume":"21","author":"Schultz","year":"2002","journal-title":"Computers & Security"},{"key":"10.1002\/sec.547-BIB0036|sec547-cit-0036","volume-title":"Research on Mitigating the Insider Threat to Information Systems #2","author":"Wood","year":"2000"},{"issue":"4","key":"10.1002\/sec.547-BIB0037|sec547-cit-0037","doi-asserted-by":"crossref","first-page":"304","DOI":"10.1016\/j.infoandorg.2006.08.001","article-title":"Understanding the perpetration of employee computer crime in the organisational context","volume":"16","author":"Willison","year":"2006","journal-title":"Information and Organization"},{"issue":"4","key":"10.1002\/sec.547-BIB0038|sec547-cit-0038","doi-asserted-by":"publisher","first-page":"403","DOI":"10.1057\/palgrave.ejis.3000592","article-title":"Opportunities for computer crime: considering systems risk from a criminological perspective","volume":"15","author":"Willison","year":"2006","journal-title":"European Journal"},{"issue":"1","key":"10.1002\/sec.547-BIB0039|sec547-cit-0039","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1016\/S0167-4048(02)00109-8","article-title":"Insider threat prediction tool: evaluating the probability of it misuse","volume":"21","author":"Magklaras","year":"2002","journal-title":"Computers & Security"},{"key":"10.1002\/sec.547-BIB0040|sec547-cit-0040","article-title":"The insider threat to information systems-the psychology of the dangerous insider","author":"Shaw","year":"1998","journal-title":"Security Awareness Bulletin"},{"key":"10.1002\/sec.547-BIB0041|sec547-cit-0041","unstructured":"Randazzo MR Keeney M Kowalski E Cappelli D Moore A Insider threat study: illicit cyber activity in the banking and finance sector Technical Report CMU\/SEI-2004-TR-021 2005"},{"key":"10.1002\/sec.547-BIB0042|sec547-cit-0042","doi-asserted-by":"crossref","unstructured":"Moore A Cappelli D Trzeciak RF The \u2018big picture\u2019 of insider IT sabotage across U.S. critical infrastructures Technical Report CMU\/SEI-2008-TR-009 2008","DOI":"10.21236\/ADA482452"},{"key":"10.1002\/sec.547-BIB0043|sec547-cit-0043","unstructured":"Cappelli D Moore A Trzeciak RF Shimeall TJ Common sense guide to prevention and detection of insider threats 3\u2009rd edition-version 3.1 Technical Report 2009"},{"key":"10.1002\/sec.547-BIB0044|sec547-cit-0044","unstructured":"Association of Certified Fraud Examiners (ACFE) 2006"},{"issue":"3","key":"10.1002\/sec.547-BIB0045|sec547-cit-0045","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1207\/s15327566ijce0301_5","article-title":"Theory of activity and situation awareness","volume":"1","author":"Bedny","year":"1999","journal-title":"International Journal of Cognitive Ergonomics"},{"issue":"1","key":"10.1002\/sec.547-BIB0046|sec547-cit-0046","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1518\/001872095779049543","article-title":"Toward a theory of situation awareness in dynamic systems","volume":"37","author":"Endsley","year":"1995","journal-title":"Human Factors: The Journal of the Human Factors and Ergonomics Society"},{"key":"10.1002\/sec.547-BIB0047|sec547-cit-0047","volume-title":"Opportunity Makes a Thief: An Analysis of Computer Abuse","author":"Audit Commission","year":"1994"},{"key":"10.1002\/sec.547-BIB0048|sec547-cit-0048","unstructured":"Gallaher MP O'Connor AC Kropp B The economic impact of role-based access control 2002"},{"key":"10.1002\/sec.547-BIB0049|sec547-cit-0049","unstructured":"NIST Fips 191: guideline for the analysis local area network security Technical Report 1994 https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/http\/www.itl.nist.gov\/fipspubs\/fip191.htm"},{"key":"10.1002\/sec.547-BIB0050|sec547-cit-0050","unstructured":"HIPAA Break glass procedure: granting emergency access to critical ePHI systems 2009 https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/http\/hipaa.yale.edu\/security\/sysadmin\/breakglass.html"},{"key":"10.1002\/sec.547-BIB0051|sec547-cit-0051","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1109\/ACSAC.2009.12","volume-title":"Annual Computer Security Applications Conference (ACSAC 2009)","author":"Ferreira","year":"2009"},{"key":"10.1002\/sec.547-BIB0052|sec547-cit-0052","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1145\/1542207.1542239","volume-title":"SACMAT '09: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies","author":"Brucker","year":"2009"},{"key":"10.1002\/sec.547-BIB0053|sec547-cit-0053","unstructured":"Zhao X Johnson ME Access flexibility with escalation and audit WISE 2008: Twentieth Workshop on Information Systems and Economics 2008"},{"key":"10.1002\/sec.547-BIB0054|sec547-cit-0054","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1719030.1719032","volume-title":"New Security Paradigms Workshop 2009","author":"Johnson","year":"2009"},{"key":"10.1002\/sec.547-BIB0055|sec547-cit-0055","first-page":"294","volume-title":"Information Assurance Workshop (IAW 05)","author":"Choudhary","year":"2005"},{"key":"10.1002\/sec.547-BIB0056|sec547-cit-0056","unstructured":"Britton DW Brown IA A security risk measurement for the RAdAC model 2007"},{"key":"10.1002\/sec.547-BIB0057|sec547-cit-0057","doi-asserted-by":"publisher","first-page":"419","DOI":"10.1109\/ECUMN.2007.19","volume-title":"Universal Multiservice Networks, 2007. ECUMN '07. Fourth European Conference on","author":"Diep","year":"2007"},{"key":"10.1002\/sec.547-BIB0058|sec547-cit-0058","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1145\/990036.990062","volume-title":"SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies","author":"Dimmock","year":"2004"},{"key":"10.1002\/sec.547-BIB0059|sec547-cit-0059","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1145\/1595676.1595694","volume-title":"New Security Paradigms Workshop 2008","author":"Molloy","year":"2008"},{"key":"10.1002\/sec.547-BIB0060|sec547-cit-0060","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1145\/366173.366195","volume-title":"NSPW '00: Proceedings of the 2000 Workshop on New Security Paradigms","author":"Irvine","year":"2000"},{"key":"10.1002\/sec.547-BIB0061|sec547-cit-0061","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1109\/NOMSW.2010.5486590","volume-title":"Network Operations and Management Symposium Workshops (NOMS Wksps), 2010 IEEE\/IFIP","author":"Beresnevichiene","year":"2010"},{"key":"10.1002\/sec.547-BIB0062|sec547-cit-0062","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1145\/1900546.1900553","volume-title":"Proceedings of the 2010 Workshop on New Security Paradigms (NSPW '10)","author":"Parkin","year":"2010"},{"key":"10.1002\/sec.547-BIB0063|sec547-cit-0063","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1016\/0167-4048(87)90030-7","article-title":"Principles and procedures of the Lram approach to information systems risk analysis and management","volume":"6","author":"Guarro","year":"1987","journal-title":"Computer Security"},{"key":"10.1002\/sec.547-BIB0064|sec547-cit-0064","doi-asserted-by":"publisher","first-page":"363","DOI":"10.2307\/249191","article-title":"A stochastic dominance approach to risk analysis of computer systems","volume":"10","author":"Post","year":"1986","journal-title":"MIS Quarterly"},{"key":"10.1002\/sec.547-BIB0065|sec547-cit-0065","volume-title":"Proceedings of the INFORMS Conference on Information Systems and Technology","author":"Jaisingh","year":"2001"},{"issue":"1","key":"10.1002\/sec.547-BIB0066|sec547-cit-0066","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1080\/07421222.1991.11517914","article-title":"Risk analysis for information technology","volume":"8","author":"Rainer","year":"1991","journal-title":"Journal of Management Information System"},{"issue":"2","key":"10.1002\/sec.547-BIB0067|sec547-cit-0067","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.cose.2004.07.004","article-title":"Isram: information security risk analysis method","volume":"24","author":"Karabacak","year":"2005","journal-title":"Computers and Security"},{"issue":"4","key":"10.1002\/sec.547-BIB0068|sec547-cit-0068","doi-asserted-by":"publisher","first-page":"375","DOI":"10.1145\/162124.162127","article-title":"Information systems security design methods: implications for information systems development","volume":"25","author":"Baskerville","year":"1993","journal-title":"ACM Computing Surveys"},{"key":"10.1002\/sec.547-BIB0069|sec547-cit-0069","unstructured":"Campbell PL Stamp JE A classification scheme for risk assessment methods Technical Report SAND2004-4233 2004"},{"key":"10.1002\/sec.547-BIB0070|sec547-cit-0070","unstructured":"NIST Fips 65: guidelines for automatic data processing risk analysis Technical Report 1975"},{"key":"10.1002\/sec.547-BIB0071|sec547-cit-0071","unstructured":"The CRAMM Manager Cramm user guide issue 5.1 Technical Report 2005"},{"key":"10.1002\/sec.547-BIB0072|sec547-cit-0072","doi-asserted-by":"crossref","DOI":"10.21236\/ADA634134","volume-title":"Introduction to the OCTAVE Approach","author":"Alberts","year":"2003"},{"key":"10.1002\/sec.547-BIB0073|sec547-cit-0073","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1145\/1030083.1030092","volume-title":"CCS '04: Proceedings of the 11th ACM Conference on Computer and Communications Security","author":"Kapadia","year":"2004"},{"key":"10.1002\/sec.547-BIB0074|sec547-cit-0074","first-page":"200","volume-title":"Proceedings of the European Conference on Artificial Intelligence (ECAI)","author":"Bonatti","year":"2006"},{"key":"10.1002\/sec.547-BIB0075|sec547-cit-0075","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1007\/978-3-540-77442-6_7","volume-title":"Symposium on Practical Aspects of Declarative Languages (PADL 2008)","volume":"4902","author":"Becker","year":"2008"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.547","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.547","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/http\/onlinelibrary.wiley.com\/wol1\/doi\/10.1002\/sec.547\/fullpdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,7,4]],"date-time":"2021-07-04T05:49:14Z","timestamp":1625377754000},"score":1,"resource":{"primary":{"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/onlinelibrary.wiley.com\/doi\/10.1002\/sec.547"}},"subtitle":["Policy override in practice: model, evaluation, and decision support"],"short-title":[],"issued":{"date-parts":[[2012,5,16]]},"references-count":75,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2014,1]]}},"URL":"https:\/\/summer-heart-0930.chufeiyun1688.workers.dev:443\/https\/doi.org\/10.1002\/sec.547","archive":["Portico"],"relation":{},"ISSN":["1939-0114"],"issn-type":[{"value":"1939-0114","type":"print"}],"subject":[],"published":{"date-parts":[[2012,5,16]]}}}