1. An Introduction to the Business Model for information Security. https://www.isaca.org/Knowledge-Center/Research/Documents/Introduction-to-the-Business-Model-for-Information-Security_res_Eng_0109.pdf. Access date: Dec 2019.

2. Mejias, R.: An integrative model of information security awareness for assessing information systems security risk. In: Proceedings of the Annual Hawaii International Conference on System Sciences, pp. 3258–3267 (2012)

3. Princely, I.: Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Comput. Secur. 31(1), 83–95 (2012)

4. ISO/IEC 15408-1:2009: Informational technology—security techniques—evaluation criteria for IT security. Part 1: Introduction and General Model (2009)

5. ISO/IEC 15408-2:2008: Information technology—security techniques—evaluation criteria for IT security. Part 2: Security Functional Components (2008)