1. Baskerville, R., Rowe, F., Wolff, F.C.: Integration of information systems and cybersecurity countermeasures: an exposure to risk perspective. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 49(1), 33–52 (2018)

2. Schmitz, C., Sekula, A., Pape, S., Pipek, V., Rannenberg, K.: Easing the burden of security self-assessments. In: 12th International Symposium on Human Aspects of Information Security & Assurance, pp. 29–31 (2018)

3. Manna, A., Sengupta, A., Mazumdar, C.: A quantitative methodology for business process-based data privacy risk computation. In: Advanced Computing and Systems for Security, pp. 17–33 (2020)

4. Varela-Vaca, A.J., Parody, L., Gasca, R.M., Gomez-Lopez, M.T.: Automatic verification and diagnosis of security risk assessments in business process models. IEEE Access 7, 26448–26465 (2019)

5. Xue, B., Krishnan, R., Padman, R., Wang, H.J.: On risk management with information flows in business processes. Inf. Syst. Res. 12, 1–19 (2012)