T. Humphreys, How to implement an ISO/IEC 27001 information security management system. ISO Management Systems, pp.40-44, 2006.

A. B. Ruighaver, Organisational Security Requirements: An agile approach to Ubiquitous Information Security, Proceedings of the 6th Australian Security management Conference, 2008.

. It-governance-institute, Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Edition, 2006.

T. C. Tan, A. B. Ruighaver, and A. Ahmad, Incident Handling: Where the Need for Planning is often not Recognised, Proceedings of the 1st Australian Computer Network, Information & Forensics Conference, 2003.

T. C. Tan and A. B. Ruighaver, Understanding the Scope of Strategic Context in Security Governance, Proceedings of the 2005 IT Governance Int. Conf, 2005.

T. C. Tan and A. B. Ruighaver, A Framework for investigating the development of Security Strategic Context in Organisations, Proceedings of the 6th Aus Information Warfare & Security Conference: Protecting the Australian Homeland, pp.216-226, 2005.

P. Wright, . Liberatore, . Mj, and . Nydick, A Survey of Operations Research Models and Applications in Homeland Security, Interfaces, vol.36, issue.6, pp.514-529, 2006.
DOI : 10.1287/inte.1060.0253

D. Theunissen, Corporate Incident Handling Guidelines. The SANS Institute http, 2001.

G. T. Pasikowski, Prosecution: A subset of Incident Response Procedures. The SANS Institute, 2001.

T. C. Tan and A. B. Ruighaver, Developing a framework for understanding Security Governance, Proceedings of the 2nd Australian Information Security Management Conference, 2004.

D. "-amico and E. , Cyber Crime is on the rise, but let " s keep it quiet, Chemical Week, vol.164, issue.17, pp.24-27, 2002.

M. Braid, Collecting Electronic Evidence after a System Compromise Australian Computer Emergency Response Team (AusCert), 2001.

D. Pultorak and . Governance, Toward a Unified Framework Linked to and Driven by Corporate Governance, CIO Wisdom II, 2005.

R. S. Kaplan and D. P. Norton, Balanced Scorecard, 1996.
DOI : 10.1007/978-3-8349-9320-5_12

G. Mclane, IT Governance and its Impact on IT Mngt, 2003.

P. Proctor, Sarbanes-Oxley security and risk controls: When is enough enough? Infusion: Security & Risk Strategies, 2004.

R. Peterson, R. O-"-callaghan, and P. Ribbers, Information Technology Governance by Design: Investigating Hybrid Configurations and Integration Mechanisms, Proceedings of the 20th International Conference on Information Systems, 2000.

P. Ribbers, . Peterson, . Marylin, and . Mp, Designing information technology governance processes: diagnosing contemporary practices and competing theories, Proceedings of the 35th Annual Hawaii International Conference on System Sciences, pp.1-12, 2002.
DOI : 10.1109/HICSS.2002.994351

P. Weill and R. Woodham, Don " t Just Lead, Govern: Implementing Effective IT Governance, Massachusetts Institute of Technology, 2002.

M. Vitale, The dot.com Legacy: Governing IT on Internet Time, Information Systems Research Center, 2001.

P. Weill and J. W. Ross, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results

M. Broadbent and P. Weill, Management by Maxim: Creating Business Driven Information Technology Infrastructures, 1996.

M. Broadbent, CIO Futures ? Lead With Effective Governance, 2002.