1 |
Richard A. Caralli, Julia H. Allen, Pamela D. Curtis, David W. White, and Lisa R. Young, "CERT resilience management model version 1.0," Technical Report, CMU/SEI - 2010 - TR - 012, Carnegie Mellon University, May 2010.
|
2 |
Todd Fitzgerald, "Building management commitment through security councils," Information Systems Security, vol. 14, no. 2, pp. 27-36, Feb. 2015.
|
3 |
Tom Scholtz and F. Christian Byrnes, "Information security and governance: forums and committees," G00207477, Gartner, Oct. 2010.
|
4 |
ISO/IEC 27014, "Governance of information security," May 2013.
|
5 |
Shaun Posthumus and Rossouw von Solms, "A framework for the governance of information security," Computers and Security, vol. 23, no. 8, pp. 638-646, Dec. 2004.
DOI
|
6 |
Paul Williams, "Information security governance," Information Security Technical Report, vol. 6, no. 3, pp. 60-70, Sep. 2001.
DOI
|
7 |
Basie von Solms, "Information security governance: compliance management vs operational management," Computers & Security, vol. 24, no. 6, pp. 443-447, Sep. 2005.
DOI
|
8 |
Corporate Governance Task Force, "Information security governance: a call to action," USA, 2004.
|
9 |
Joan Hash, Nadya Bartol, Holly Rollins, Will Robinson, John Abeles, and Steve Batdorff, "Integrating IT security into the capital planning and investment control process," Special Publication 800-65, National Institute of Standards and Technology, USA, Jan. 2005.
|
10 |
Rossouw von Solms and Basie von Solms, "Information security governance: a model based on the direct-control cycle," Computers & Security, vol. 25, no. 6, pp. 408-412, Sep. 2006.
DOI
|
11 |
Rolf Moulton and Robert S. Coles, "Applying information security governance," Computers & Security vol. 22, no. 7, pp. 580-584, Oct. 2003.
DOI
|
12 |
Richard M. Steinberg, "Enterprise risk management: integrated framework," COSO, Sep. 2004.
|
13 |
W. Krag Brotby, "Information security governance guidance for boards of directors and executive management," IT Governance Institute, 2006.
|
14 |
Jacqueline H. Hall, Shahram Sarkani, and Thomas A. Mazzuchi, "Impacts of organizational capabilities in information security," Information Management & Computer Security, vol. 19, no. 3, pp. 155-176, 2011.
DOI
|
15 |
Chin W.W., "The Partial Least Squares Approach to Structural Equation Modeling," in G. A. Marcoulides(Ed.) Modern Methods for Business Research, Lawrence Erlbaum Associates, pp. 295-336, 1998.
|
16 |
Claes Fornell, and David F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," Journal of Marketing Research, vol. 18, no. 1, pp. 39-50, Feb. 1981.
DOI
|
17 |
Falk R.F. and Miller N.B., A Primer for Soft Modeling, The University of Akron Press, Akron, 1992.
|