{rfName}
Cy

Indexed in

License and use

Icono OpenAccess

Citations

15

Altmetrics

Analysis of institutional authors

Sánchez-García IdCorresponding AuthorSan Feliu Gilabert TAuthor

Share

January 16, 2023
Publications
>
Review

Cybersecurity Risk Assessment: A Systematic Mapping Review, Proposal, and Validation

Publicated to:Applied Sciences-Basel. 13 (1): 395- - 2023-01-01 13(1), DOI: 10.3390/app13010395

Authors: Daniel Sanchez-Garcia, Isaac; Mejia, Jezreel; San Feliu Gilabert, Tomas

Affiliations

Centro de Investigacion en Matematicas, A.C. - Author
Ctr Invest Matemat AC, Zacatecas 98000, Zacatecas, Mexico - Author
Escuela Tecnica Superior de Ingenieros Informaticos, Universidad Politecnica de Madrid - Author
Univ Politecn Madrid UPM, Escuela Tecn Super Ingenieros Informat, Madrid 28660, Spain - Author

Abstract

Incorporating technologies across all sectors has meant that cybersecurity risk assessment is now a critical step in cybersecurity risk management. However, risk assessment can be a complicated process for organizations. Therefore, many authors have attempted to automate this step using qualitative and quantitative tools. The problems with the tools and the risk assessment stage in general are (1) not considering all the sub-steps of risk assessment and (2) not identifying the variables necessary for an accurate risk calculation. To address these issues, this article presents a systematic mapping review (SMR) of tools that automate the cybersecurity risk assessment stage based on studies published in the last decade. As a result, we identify and describe 35 tools from 40 primary studies. Most of the primary studies were published between 2012 and 2020, indicating an upward trend of cyber risk assessment tool publication in recent years. The main objectives of this paper are to: (I) identify the differences (reference models and applications) and coverage of the main qualitative and quantitative models, (II) identify relevant risk assessment variables, (III) propose a risk assessment model (qualitative and quantitative) that considers the main variables and sub-stages of risk assessment stage, and (IV) obtain an assessment of the proposed model by experts in the field of cybersecurity. The proposal was sent to a group of 28 cybersecurity experts who approved the proposed variables and their relevance in the cybersecurity risk assessment stage, identifying a majority use of qualitative tools but a preference of experts for quantitative tools.

Keywords

algorithmsautomationcyber-securitycybersecuritycybersecurity expertsexperimentationintelligencemanagementproposalsystematic mapping reviewtoolsvalidationAlgorithmsAutomationCybersecurityCybersecurity expertsExperimentationInformation securityProposalRisk assessmentSystematic mapping reviewToolsValidation

Quality index

Bibliometric impact. Analysis of the contribution and dissemination channel

The work has been published in the journal Applied Sciences-Basel due to its progression and the good impact it has achieved in recent years, according to the agency WoS (JCR), it has become a reference in its field. In the year of publication of the work, 2023, it was in position 44/181, thus managing to position itself as a Q1 (Primer Cuartil), in the category Engineering, Multidisciplinary.

From a relative perspective, and based on the normalized impact indicator calculated from World Citations from Scopus Elsevier, it yields a value for the Field-Weighted Citation Impact from the Scopus agency: 1.13, which indicates that, compared to works in the same discipline and in the same year of publication, it ranks as a work cited above average. (source consulted: ESI Nov 14, 2024)

This information is reinforced by other indicators of the same type, which, although dynamic over time and dependent on the set of average global citations at the time of their calculation, consistently position the work at some point among the top 50% most cited in its field:

  • Field Citation Ratio (FCR) from Dimensions: 7.87 (source consulted: Dimensions Aug 2025)

Specifically, and according to different indexing agencies, this work has accumulated citations as of 2025-08-18, the following number of citations:

  • WoS: 5
  • Scopus: 7

Impact and social visibility

From the perspective of influence or social adoption, and based on metrics associated with mentions and interactions provided by agencies specializing in calculating the so-called "Alternative or Social Metrics," we can highlight as of 2025-08-18:

  • The use, from an academic perspective evidenced by the Altmetric agency indicator referring to aggregations made by the personal bibliographic manager Mendeley, gives us a total of: 113.
  • The use of this contribution in bookmarks, code forks, additions to favorite lists for recurrent reading, as well as general views, indicates that someone is using the publication as a basis for their current work. This may be a notable indicator of future more formal and academic citations. This claim is supported by the result of the "Capture" indicator, which yields a total of: 114 (PlumX).

With a more dissemination-oriented intent and targeting more general audiences, we can observe other more global scores such as:

  • The Total Score from Altmetric: 0.25.
  • The number of mentions on the social network X (formerly Twitter): 1 (Altmetric).

It is essential to present evidence supporting full alignment with institutional principles and guidelines on Open Science and the Conservation and Dissemination of Intellectual Heritage. A clear example of this is:

  • The work has been submitted to a journal whose editorial policy allows open Open Access publication.

Leadership analysis of institutional authors

This work has been carried out with international collaboration, specifically with researchers from: Mexico.

There is a significant leadership presence as some of the institution’s authors appear as the first or last signer, detailed as follows: First Author (SANCHEZ GARCIA, ISAAC DANIEL) and Last Author (SAN FELIU GILABERT, TOMAS).

the author responsible for correspondence tasks has been SANCHEZ GARCIA, ISAAC DANIEL.