A. Acquisti, A. Friedman, and R. Telang, Is there a cost to privacy breaches? An event study, Fifth Workshop on the Economics of Information Security, 2006.

A. Arora, D. Hall, C. Pinto, D. Ramsey, and R. Telang, An ounce of prevention vs. a pound of cure: How can we measure the value of IT security solutions?, 2004.

S. Berinato, Finally, a real return on security spending, CIO Magazine, Februari 15, pp.43-52, 2002.

G. Bornman and L. Labuschagne, A comparative framework for evaluating information security risk management methods, Proceedings of the Information Security South Africa Conference, 2004.

A. Garg, J. Curtis, and H. Halper, Quantifying the financial impact of IT security breaches, Information Management & Computer Security, vol.11, issue.2, pp.74-83, 2003.
DOI : 10.1108/09685220310468646

L. Gordon and M. Loeb, The economics of information security investment, ACM Transactions on Information and System Security, vol.5, issue.4, pp.438-457, 2002.
DOI : 10.1145/581271.581274

K. J. Hoo, How much is enough? A risk management approach to computer security, NIST Special, vol.8, 2000.

T. Longstaff, C. Chittister, R. Pethia, and Y. Haimes, Are we forgetting the risks of information technology?, Computer, vol.33, issue.12, pp.43-51, 2000.
DOI : 10.1109/2.889092

R. A. Martin, Managing vulnerabilities in networked systems, Computer, vol.34, issue.11, pp.32-38, 2001.
DOI : 10.1109/2.963441

T. Neubauer, M. Klemen, and S. Biffl, Business process-based valuation of IT-security Proceedings of the 7th international workshop on Economics-driven software engineering research, ICSE Risk Reduction Overview example, vol.14, pp.1-5, 2005.

A. Roy, D. S. Kim, and K. S. Trivedi, Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees, Security and Communication Networks, vol.1, issue.1, pp.929-943, 2012.
DOI : 10.1002/sec.299

B. Schneier, Attack Trees. Dr. Dobb's, Journal of Software Tools, vol.24, issue.12, pp.21-29, 1999.