1. Joint Task Force Transformation Initiative, National Institute of Standards and Technology (NIST), Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publication 800-53, Revision 4. (Washington, D.C., National Institute of Standards and Technology, 2013). http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf .

2. Oxford English Dictionary (online) (Oxford/New York, Oxford University Press, 2014). risk, n. http://www.oed.com/view/Entry/166306?rskey=Z0aceK\&result=1\&isAdvanced=false (accessed November 17, 2014).

3. Joint Task Force Transformation Initiative, National Institute of Standards and Technology (NIST), Guide for Conducting Risk Assessments (NIST Special Publication 800-30 Revision 1). (Washington, D.C., National Institute of Standards and Technology, 2012). http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf .

4. P Slovic, B Fischhoff, S Lichtenstein, in Perilous progress: Managing the hazards of technology, ed. by RW Kates, C Hohenemser, and JX Kasperson. Characterizing perceived risk. (Boulder:Westview, 1985), pp. 91–125.

5. B Fischhoff, SR Watson, C Hope, Defining risk. Policy Sci. 17, 123–139 (1984). doi:10.1007/BF00146924.