1. Alberts, C., Dorofee, A.: Managing Information Security Risks. Addison-Wesley, Reading (2002)
2. Ammann, P., et al.: Scalable, Graph-based Network Vulnerability Analysis. In: 9th ACM Conf. on Computer and Communications security, Washington, DC, USA (November 2002)
3. Anderson, R.J.: Security Engineering A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Chichester (2001)
4. Baiardi, F., et al.: Constrained Automata: a Formal Tool for ICT Risk Assessment. In: NATO Advanced Research Workshop on Information Security and Assurance, Marocco (June 2005)
5. Barber, B., Davey, J.: The use of the CCTA risk analysis and management methodology CRAMM. In: Proc. MEDINFO 1992, vol. 1589, p. 1593. North Holland, Amsterdam (1992)