. Symantec, Internal security threat report 2011 trends, 2012.

. Symantec, Internet security threat report 2013, 2013.

Y. He and C. Johnson, Generic security cases for information system security in healthcare systems, 7th IET International Conference on System Safety, incorporating the Cyber Security Conference 2012, pp.2012-2013
DOI : 10.1049/cp.2012.1507

J. Hadgkiss, Computer security incident response teams: Exploring the incident learning capability, 2004.

J. Hadgkiss, Computer security incident handling, step-by-step, 1997.

U. V. Administration, Administrative investigation loss of va information va medical center birmingham, pp.7-01083, 2007.

Y. He, C. Johnson, K. Renaud, Y. Lu, and S. Jebriel, An empirical study on the use of the Generic Security Template for structuring the lessons from information security incidents, 2014 6th International Conference on Computer Science and Information Technology (CSIT), pp.178-188, 2014.
DOI : 10.1109/CSIT.2014.6805998

T. P. Kelly, Arguing safety-a systematic approach to safety case management, 1998.

R. F. Dacey, Federal Information System Controls Audit Manual (FISCAM), 2010.

Y. He, C. Johnson, Y. Lu, and Y. Lin, Improving the Information Security Management: An Industrial Study in the Privacy of Electronic Patient Records, 2014 IEEE 27th International Symposium on Computer-Based Medical Systems, 2014.
DOI : 10.1109/CBMS.2014.121

E. Commissioner, Directive, 2009.

D. Craigen, Formal methods technology transfer: Impediments and innovation. In: CONCUR'95: Concurrency Theory, pp.328-332, 1995.

M. G. Hinchey, Confessions of a formal methodist, In: SCS, pp.17-20, 2002.

K. Finney and A. Fedorec, An empirical study of specification readability. Teaching and Learning Formal Methods, 1996.

K. Finney, Mathematical notation in formal specification: Too difficult for the masses? Software Engineering, IEEE Transactions on, vol.22, issue.2, pp.158-159, 1996.

D. Carew, C. Exton, and J. Buckley, An empirical investigation of the comprehensibility of requirements specifications, 2005 International Symposium on Empirical Software Engineering, 2005., p.10, 2005.
DOI : 10.1109/ISESE.2005.1541834

R. Weber, D. W. Aha, and I. Becerra-fernandez, Intelligent lessons learned systems, Expert Systems with Applications, vol.20, issue.1, pp.17-34, 2001.
DOI : 10.1016/S0957-4174(00)00046-4

E. Folmer and J. Bosch, Architecting for usability: a survey, Journal of Systems and Software, vol.70, issue.1-2, pp.61-78, 2004.
DOI : 10.1016/S0164-1212(02)00159-0

S. G. Hart and L. E. Staveland, Development of NASA-TLX (Task Load Index): Results of Empirical and Theoretical Research, Human mental workload, vol.1, issue.3, pp.139-183, 1988.
DOI : 10.1016/S0166-4115(08)62386-9

J. R. Landis and G. G. Koch, The Measurement of Observer Agreement for Categorical Data, Biometrics, vol.33, issue.1, pp.159-174, 1977.
DOI : 10.2307/2529310

P. Shoval and S. Shiran, Entity-relationship and object-oriented data modeling ??? An experimental comparison of design quality, Data & Knowledge Engineering, vol.21, issue.3, pp.297-315, 1997.
DOI : 10.1016/S0169-023X(97)88935-5

C. Glezer, M. Last, E. Nachmany, and P. Shoval, Quality and comprehension of UML interaction diagrams-an experimental comparison, Information and Software Technology, vol.47, issue.10, pp.675-692, 2005.
DOI : 10.1016/j.infsof.2005.01.003

R. Razali, C. Snook, M. Poppleton, P. Garratt, and R. Walters, Usability assessment of a uml-based formal modelling method, 19th Annual Psychology of Programming Workshop (PPIG'07), Citeseer, pp.56-71, 2007.