K. Stouffer, J. Falco, and K. Scarfone, Guide to industrial control systems (ics) security, NIST Special Publication, vol.800, issue.82, pp.16-16

E. Commission, ec of 8 december 2008 on the identification and designation of european critical infrastructures and the assessment of the need to improve their protection, Official Journal of the European Union, vol.114, 2008.

T. R. Peltier, Information security risk analysis, 2005.

G. Stoneburner, A. Y. Goguen, and A. Feringa, SP 800-30. risk management guide for information technology systems, National Institute of Standards & Technology, 2002.

C. J. Alberts and A. Dorofee, Managing information security risks: the OCTAVE approach, 2002.

B. Karabacak and I. Sogukpinar, ISRAM: information security risk analysis method, Computers & Security, vol.24, issue.2, pp.147-159, 2005.
DOI : 10.1016/j.cose.2004.07.004

K. Stouffer, J. Falco, and K. Kent, Guide to supervisory control and data aquisition (scada) and industrial control systems security. Recommendations of the National Institute of Standards and Technology (NIST), pp.800-82, 2006.

G. Georgios, F. Roberto, and S. Muriel, Risk assessment methodologies for critical infrastructure protection. part i: A state of the art. EUR -scientific and technical research reports

R. Espejo and R. Harnden, The viable system model: interpretations of Stafford Beer's VSM, European Journal of Operational Research, vol.44, issue.2, 1989.
DOI : 10.1016/0377-2217(90)90368-L

S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly, Identifying, understanding, and analyzing critical infrastructure interdependencies, IEEE Control Systems Magazine, vol.21, issue.6, pp.11-25, 2001.
DOI : 10.1109/37.969131

W. Chunlei, F. Lan, and D. Yiqi, A simulation environment for scada security analysis and assessment, Measuring Technology and Mechatronics Automation (ICMTMA), 2010 International Conference on, pp.342-347, 2010.

C. Taylor, A. Krings, and J. Alves-foss, Risk analysis and probabilistic survivability assessment (rapsa): An assessment approach for power substation hardening, Proc. ACM Workshop on Scientific Aspects of Cyber TerrorismSACT), 2002.

S. Beer, Brain of the firm: the managerial cybernetics of organization, 1981.

S. Beer, The heart of enterprise, 1994.

B. Hutchinson and M. Warren, Information Warfare: using the viable system model as a framework to attack organisations, Australasian Journal of Information Systems, vol.9, issue.2, 2007.
DOI : 10.3127/ajis.v9i2.193

E. Alqurashi, G. Wills, and L. Gilbert, A Viable System Model for Information Security Governance: Establishing a Baseline of the Current Information Security Operations System, Security and Privacy Protection in Information Processing Systems, pp.245-256, 2013.
DOI : 10.1016/j.cose.2006.07.005

URL : https://hal.archives-ouvertes.fr/hal-01463830