1. ISO/IEC, “ISO 27005 information technology security techniques information security risk management,” 2008, ISO/IEC.

2. A model for deriving information security control attribute profiles;Van der Haar;Comput Secur,2003

3. Security risk management: Building an information security risk management program from the ground up;Wheeler,2011

4. Budgeting process for information security expenditures;Gordon;Commun ACM,2006

5. Improving risk assessment methodology: a statistical design of experiments approach;Singh,2009