1 |
Peltier and Thomas R, Information security risk analysis, 2nd Ed., CRC press, Taylor & Francis Group 6000, Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742, pp. 77-80, 2005.
|
2 |
Cavusoglu, Huseyin, Birendra Mishra, and Srinivasan Raghunathan, "A model for evaluating IT security investments," Communications of the ACM, vol. 47, no. 7, pp. 87-92, Jul. 2004.
DOI
|
3 |
Joh, HyunChul, and Y.K. Malaiya, "Defining and assessing quantitative security risk measures using vulnerability lifecycle and cvss metrics," SAM'11, pp. 10-16, Jul. 2011
|
4 |
Stoneburner, Gary, A.Y. Goguen, and Alexis Feringa, "Sp 800-30. risk management guide for information technology systems," NIST, Jul. 2002
|
5 |
Karabacak, Bilge, and Ibrahim Sogukpinar, "ISRAM: information security risk analysis method," Computers & Security, vol. 24, no. 2, pp. 147-159, Mar. 2005
DOI
|
6 |
Mell, Peter, Karen Scarfone, and Sasha Romanosky, "Common vulnerability scoring system," Security & Privacy, vol. 4, no. 6, pp. 85-89, Nov. 2006
DOI
|
7 |
Kotenko, Igor, and Mikhail Stepashkin. "Attack graph based evaluation of network security." Communications and Multimedia Security. Springer Berlin Heidelberg, Jan. 2006.
|
8 |
Phillips, Cynthia, and L.P. Swiler, "A graph-based system for network vulnerability analysis," Proceedings of the 1998 workshop on New security paradigms, ACM, pp. 71-79, Sep. 1998.
|
9 |
L.P. Swiler, Cynthia Phillips, and Timothy Gaylor, "A graph-based network-vulnerability analysis system," Sandia National Labs, Jan. 1998.
|
10 |
Singhal, Anoop, and Xinming Ou, "Security risk analysis of enterprise networks using probabilistic attack graphs," NIST, Aug. 2011.
|
11 |
Wang, Lingyu, Anoop Singhal, and Sushil Jajodia, "Measuring the overall security of network configurations using attack graphs," Data and Applications Security XXI, Springer, pp. 98-112, Jul. 2007
|
12 |
NVD: Common Vulnerability and Exposure (CVE), http://cve.mitre.org/about/index.html
|
13 |
Shodan:Shodan http://www.shodanhq.com/help
|