P. Embrechts, H. Furrer, and R. Kaufmann, Quantifying regulatory capital for operational risk, Derivatives Use, Trading and Regulation, pp.217-233, 2003.

J. D. Weis, A system security engineering process Proceedings of the 14th National, Computer Security Conference, 1991.

M. Leippold and P. Vanini, The quantification of operational risk, 2003.

K. Böcker and C. Klüppelberg, Operational var: A closed-form approximation, 2005.

P. Artzner, F. Delbaen, J. Eber, and D. Heath, Coherent Measures of Risk, Mathematical Finance, vol.9, issue.3, pp.203-228, 2001.
DOI : 10.1111/1467-9965.00068

H. M. Markowitz, PORTFOLIO SELECTION*, The Journal of Finance, vol.7, issue.1, 1991.
DOI : 10.1111/j.1540-6261.1952.tb01525.x

B. Schneier, Attack Trees, Dr. Dobb' s Journal, vol.24, issue.12, pp.21-29, 1999.
DOI : 10.1002/9781119183631.ch21

A. P. Moore, R. J. Ellison, and R. C. Linger, Attack modeling for information security and survivability, 2001.

O. Sheyner and J. Wing, Tools for Generating and Anaylzing Attack Graphs, FMCO 2003, pp.344-371, 2004.
DOI : 10.1007/978-3-540-30101-1_17
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.61.1605

T. R. Ingoldsby, Fundamentals of Capabilities-based Attack Tree Analysis. Amenaza Technologies Limited, pp.406-917

S. Mauw and M. Oostdijk, Foundations of Attack Trees, International Conference on Information Security and Cryptology ? ICISC 2005, pp.186-198, 2005.
DOI : 10.1007/11734727_17
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.107.5617

B. Kordy, S. Mauw, M. Melissen, and P. Schweitzer, Attack???Defense Trees and Two-Player Binary Zero-Sum Extensive Form Games Are Equivalent, Proceedings of the First international conference on Decision and game theory for security, GameSec'10, pp.245-256, 2010.
DOI : 10.1007/978-3-642-17197-0_17

A. Mosleh, E. R. Hilton, and P. S. Browne, Bayesian probabilistic risk analysis, ACM SIGMETRICS Performance Evaluation Review, vol.13, issue.1, 1985.
DOI : 10.1145/1041838.1041839

N. N. Taleb, The Black Swan. The Impact of the Highly Improbable, 2008.

I. J. Martinez-moyano, E. Rich, S. Conrad, D. F. Andersen, and T. R. Stewart, A behavioral theory of insider-threat risks, ACM Transactions on Modeling and Computer Simulation, vol.18, issue.2, 2008.
DOI : 10.1145/1346325.1346328

S. Kaplan and B. J. Garrick, On The Quantitative Definition of Risk, Risk Analysis, vol.165, issue.3, 1980.
DOI : 10.1111/j.1539-6924.1981.tb01350.x

L. , D. Valle, and P. Giudici, A bayesian approach to estimate the marginal loss distributions in operational risk management, Comput. Stat. Data Anal, vol.52, issue.6, pp.3107-3127, 2008.

C. Alexander, Bayesian methods for measuring operational risk, Discussion Papers in Finance, 2000.
DOI : 10.2139/ssrn.248148

N. Poolsappasit, Towards an Efficient Vulnerability Analysis Methodology for better Security Risk Management, 2010.