1 |
Baker, W. H. and Wallace, L. (2007), Is information security under control? Investigating quality in information security management, IEEE Security and Privacy, 5(1), 36-44.
DOI
|
2 |
Barlette, Y. and Fomin, V. V. (2008), Exploring the suitability of IS security management standards for SMEs, Proceedings of the 41st Hawaii International Conference on System Sciences, Waikoloa, HI, 1-10.
|
3 |
Baskerville, R. (1991), Risk analysis: an interpretive feasibility tool in justifying information systems security, European Journal of Information Systems, 1(2), 121-130.
DOI
|
4 |
Brenner, J. (2007), ISO 27001: Risk management and compliance, Risk Management, 54(1), 24-29.
|
5 |
British Standards Institution (2008), BS 31100:2008 Risk management - Code of practice.
|
6 |
British Standards Institution (2011), BS 31100:2011 Risk management - Code of practice and guidance for the implementation of BS ISO 31000.
|
7 |
Broderick, J. S. (2006), ISMS, security standards and security regulations, Information Security Technical Report, 11(1), 26-31.
DOI
ScienceOn
|
8 |
Chin, K. S., Chan, A., and Yang, J. B. (2008), Development of a fuzzy FMEA based product design system, International Journal of Advanced Manufacturing Technology, 36(7-8), 633-649
DOI
ScienceOn
|
9 |
Chin, K. S., Wang, Y. M., Poon, G. K. K., and Yang, J. B. (2009), Failure mode and effects analysis using a group-based evidential reasoning approach, Computers and Operations Research, 36(6), 1768-1779.
DOI
ScienceOn
|
10 |
Humphreys, E. (2008), Information security management standards: compliance, governance and risk management, Information Security Technical Report, 13(4), 247-255.
DOI
ScienceOn
|
11 |
Fomin, V. V., de Vries H. J., Barlette, Y., and Montpellier, F. (2008), ISO/IEC 27001 Information Systems Security Management Standard: exploring the reasons for low adoption, Proceedings of the 3rd European Conference on Management of Technology, Nice, France.
|
12 |
Fung, C. M. (2004), The implementation procedures for information security management (access control) in BS 7799/ISO 17799, M. S. Thesis, Department of Manufacturing Engineering and Engineering Management, City University of Hong Kong, China.
|
13 |
Halliday, S., Badenhorst, K., and Von Solms, R. (1996), A business approach to effective information technology risk analysis and management, Information Management and Computer Security, 4(1), 19-31.
DOI
|
14 |
International Organization for Standardization (2009), ISO 31000:2009, Risk management - Principles and guidelines.
|
15 |
International Organization for Standardization (2000), ISO/IEC 17799:2000 Information technology - Code of practice for information security management.
|
16 |
International Organization for Standardization (2002), ISO/IEC Guide 73:2002 Risk management - Vocabulary - Guidelines for use in standards.
|
17 |
International Organization for Standardization (2005), ISO/IEC 27001:2005, Information technology - Security techniques - Information security management system-Requirements.
|
18 |
International Organization for Standardization (2011), ISO/IEC 27005:2011 Information technology - Security techniques - Information security risk management.
|
19 |
Kwok, L. F. and Longley, D. (1999), Information security management and modeling, Information Management and Computer Security, 7(1), 30-39.
DOI
ScienceOn
|
20 |
Lai, L. K. H., Chin, K. S., and Tsang, A. H. C. (2010), Risk management of information security: information security FMEA circle, Proceedings of the 8th Asia Network for Quality (ANQ) Congress, New Delhi, India, paper HK01.
|
21 |
Standards Association of Australia (1999), AS/NZS 4360: 1999 Risk management.
|
22 |
Misra, S. C., Kumar, V., and Kumar, U. (2007), A strategic modeling technique for information security risk assessment, Information Management and Computer Security, 15(1), 64-77.
DOI
|
23 |
Segismundo, A. and Miguel P. A. C. (2008), Failure mode and effects analysis (FMEA) in the context of risk management in new product development: a case study in an automotive company, International Journal of Quality and Reliability Management, 25(9), 899-912.
DOI
|
24 |
British Standards Institution (2006), BS EN 60812:2006 Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA).
|
25 |
Spinellis, D., Kokolakis, S., and Gritzalis, S. (1999), Security requirements, risks and recommendations for small enterprise and home-office environments, Information Management and Computer Security, 7(3), 121-128.
DOI
|
26 |
Tsohou, A., Karyda, M., Kokolakis, S., and Kiountouzis, E. (2006), Formulating information systems risk management strategies through cultural theory, Information Management and Computer Security, 14(3), 198-217.
DOI
|
27 |
Wang, Y. M., Chin, K. S., Poon, G. K. K., and Yang, J. B. (2009), Risk evaluation in failure mode and effects analysis using fuzzy weighted geometric mean, Expert Systems with Applications, 36(2), 1195-1207.
DOI
|
28 |
Institute of Risk Management (2002), A Risk Management Standard, Institute of Risk Management, London.
|
29 |
von Ahsen, A. (2008), Cost-oriented failure mode and effects analysis, International Journal of Quality and Reliability Management, 25(5), 466-476.
DOI
|