1. C. Alberts and A. Dorofee, Managing Information Security Risks: The OCTAVE Approach, Addison-Wesley/Pearson, Boston, Massachusetts, 2003.
2. L. Bodin, L. Gordon and M. Loeb, Information security and risk management, Communications of the ACM, vol. 51(4), pp. 64–68, 2008.
3. S. Dynes, Information Security and Health Care: A Field Study of a Hospital after a Worm Event, Technical Report, Center for Digital Strategies, Tuck School of Business, Dartmouth College, Hanover, New Hampshire, 2006.
4. S. Dynes, Information Security Investment Case Study: The Manufacturing Sector, Technical Report, Center for Digital Strategies, Tuck School of Business, Dartmouth College, Hanover, New Hampshire, 2006.
5. S. Dynes, Emergent risks in critical infrastructures, in Critical Infrastructure Protection II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 3–16, 2008.