1 |
ISACA (2006), "CISA Review Manual 2006. Information Systems Audit and Control Association," p. 85. ISBN 1-933284-15-3.
|
2 |
ISO/IEC 13335-1 : 1996, "Guidelines for the Management of Security - Part 1 : Concepts and Models of IT Security," 1996.
|
3 |
Artur Rot, "IT Risk Assessment: Quantitative and Qualitive Approach," Proceedings of the World Congress on Engineering and Computer Science, Oct 22-24, 2008, San Francisco, USA
|
4 |
Christopher Alberts, Audrey Dorofee, James Stevens and Carol Woody, "Introduction to the OCTAVE(R)," Aug. 2003.
|
5 |
Yazar and Zeki, "A qualitative risk analysis and management tool-CRAMM," SANS InfoSec Reading Room White Paper (2002).
|
6 |
Boritz and J. Efrim, "IS Practitioners' Views on Core Concepts of Information Integrity," International Journal of Accounting Information Systems. Elsevier. Retrieved 12, Aug. 2011.
|
7 |
ANNEX TO NISTISSI No. 4011, INFORMATION SYSTEMS SECURITY : A COMPREHENSIVE MODEL
|
8 |
Loukas, G. and Oke, G., (September 2010) [August 2009]. "Protection Against Denial of Service Attacks: A Survey," Comput. J. 53 (7): 1020-1037. doi:10.1093/comjnl/bxp078.
DOI
|
9 |
ISO 7498-2, Information processing Systems - Open Systems Interconnection - Basic Reference Model -Part 2 : Security Architecture
|
10 |
NIST SP. "800-33, Underlying Technical Models for Information Technology Security." National Institute for Standards and Technology (2001)
|
11 |
Rainer Jr, Rex Kelly, Charles A. Snyder, and Houston H. Carr., "Risk analysis for information technology," Journal of Management Information Systems (1991): 129-147.
|
12 |
Cox Jr and Louis Anthony Tony. "Some limitations of "Risk= Threat Vulnerability Consequence" for risk analysis of terrorist attacks." Risk Analysis 28.6 (2008): 1749-1761.
|
13 |
Sung won Kim, Hui young Kim, Young chan Kwon, Ho sang Yun and Chul ho Kim, "Risk analysis and assessment Methodology Research for network based Real-time Risk Management," KCC, vol. 34, no. 1.
|
14 |
Kwo-jean Farn et al., "A study on information security management system evaluation-assets, threat and vulnerability," Computer Standards & interfaces 26 (2004) 501-513.
DOI
|
15 |
Hank Marquis, "10 Steps to Do It Yourself CRAMM," vol.4.50, December 17, 2008.
|
16 |
Caralli and Richard A., et al., "Introducing octave allegro: Improving the information security risk assessment process," No. CMU/SEI-2007-TR-012. CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, 2007.
|
17 |
NIST, SP. "800-30 Risk Management Guide for Information Technology Systems," National Institute for Standards and Technology (2002).
|
18 |
Ferson and Scott. "Bayesian methods in risk assessment," Technical report for the Waste and Storage Unit, Service Environnement & Procedes, Bureau de Recherches Geologiques et Minieres, France. Available at: www.ramas.com/bayes.pdf, 2003.
|
19 |
ISACA. "The it practitioner guide. Technical report," ISACA, USA, 2009
|
20 |
Inhyun Cho and Jaehee Lee, "Study on scenario-based Personnel Risk Analysis," Research Briefs on Informaiton & Communication Technology Evolution (ReBICTE), Vol. 1, Article No. 12 (January 15, 2015)
|
21 |
CSE, RCMP. "Harmonized Threat and Risk Assessment (TRA) Methodology," TRA-1 Date: October 23 (2007).
|
22 |
ISO27k implementer's forum,"Matrices for Asset Valuation and Risk Analysis," www.ISO27001security.com, 2009.
|
23 |
Christopher Alberts and Audrey Dorofee, "OCTAVESM*Threat Profiles," Software Engineering Institute Carnegie Mellon University's White Paper.
|
24 |
"Threat risk assessment working guide," 1999, Government of Canada, Communications Security Establishment, p 73.
|
25 |
British Standards Institute (BSI), "Information security management systems - part 3: Guidelines for information security risk management," BSI Standard 7799-3:2006, 2006.
|
26 |
Brewer and David. "An Introduction to ISO/IEC 27001: 2013," London: Bristish Standards (2013).
|
27 |
Chung, Yoon Jung, et al. "Security risk vector for quantitative asset assessment," Computational Science and Its Applications-ICCSA 2005. Springer Berlin Heidelberg, 274-283.
|
28 |
Eppler, Martin J., and Markus Aeschimann. "A systematic framework for risk visualization in risk management and communication," Risk Management 11.2 (2009): 67-89.
DOI
|
29 |
Lipkus, Isaac M., and J. G. Hollands. "The visual communication of risk," Journal of the National Cancer Institute. Monographs 25 (1998): 149-163.
|
30 |
Smerecnik, Chris MR, et al. "Understanding the positive effects of graphical risk information on comprehension: measuring attention directed to written, tabular, and graphical risk information," Risk analysis 30.9 (2010): 1387-1398.
DOI
|
31 |
Dezfuli, Homayoon, et al. "NASA Risk Management Handbook. Version 1.0," (2011).
|