1. Managing Network Security — Risk Management or Risk Analysis?;Cohen;Network Securityt Magazine,1997

2. An Analysis Of Security Incidents On The Internet — 1989 – 1995;Howard,1997

3. Fundamentals of Computer Security Technology;Amoroso,1994

4. A Taxonomy of Computer Security Flaws;Landwehr;ACM Computing Surveys,1994

5. Fred Cohen, Cynthia Phillips, Laura Painton Swiler, Timothy Gaylor, Patricia Leary, Fran Rupley, Richard Isler and Eli Dart A Preliminary Classification Scheme for Information System Threats, Attacks, and Defences; A Cause and Effect Model; and Some Analysis Based on That Model, Computers & Security, Elsevier. [This paper describes 37 different types of actors that may Cause Information System Failure (Threats), 94 different Mechanisms by Which Information Systems are Caused to Fail (Attacks), and 140 different Mechanisms Which May Prevent, Limit, Reduce, or Mitigate Harm (Defences). We describe a cause-effect model of information system attacks and defences, based on the notions that particular threats use particular attacks to cause desired consequences and successful defenders use particular defensive measures to defend successfully against those attacks and thus limit the consequences. Human defenders and attackers also use a variety of different viewpoints to understand and analyze their attacks and defenses, and this notion is also brought to bear. We then describe some analytical methods by which this model may be analyzed to derive useful information from available and uncertain information. This useful information can then be applied to meeting the needs of defenders (or if turned on its head attackers) to find effective and minimal cost defences (or attacks) on information systems. Next we consider the extension of this method to networks and describe a system that implements some of these notions in an experimental test-bed called HEAT.]