C. J. Alberts and J. Davey, OCTAVE criteria version 2.0, 2004.

B. Barber and J. Davey, The use of the CCTA risk analysis and management methodology CRAMM in health information systems, 7th International Congress on Medical Informatics (MEDINFO'92, pp.1589-1593, 1992.

G. Braendeland, A. Refsdal, and K. Stølen, Modular analysis and modelling of risk scenarios with dependencies, Journal of Systems and Software, vol.83, issue.10, pp.1995-2013, 2010.
DOI : 10.1016/j.jss.2010.05.069

M. Breu, R. Breu, and S. Löw, MoVEing forward: Towards an architecture and processes for a Living Models infrastructure, International Journal On Advances in Life Sciences, vol.3, issue.12, pp.12-22, 2011.
DOI : 10.1109/icsea.2010.51

F. Innerhofer-oberperfler and R. Breu, Using an enterprise architecture for IT risk management, Information Security South Africa Conference (ISSA'06), 2006.

O. S. Ligaarden, A. Refsdal, and K. Stølen, Using indicators to monitor security risk in systems of systems: How to capture and measure the impact of service dependencies on the security of provided services, IT Security Governance Innovations: Theory and Research. IGI Global, 2012.

M. S. Lund, B. Solhaug, and K. Stølen, Evolution in Relation to Risk and Trust Management, Computer, vol.43, issue.5, pp.49-55, 2010.
DOI : 10.1109/MC.2010.134

M. S. Lund, B. Solhaug, and K. Stølen, Model-Driven Risk Analysis ? The CORAS Approach, 2011.

M. S. Lund, B. Solhaug, and K. Stølen, Risk Analysis of Changing and Evolving Systems Using CORAS, Foundations of Security Analysis and Design VI (FOSAD VI)
DOI : 10.1109/TOOLS.2000.891363

F. Massacci, J. Mylopoulos, and N. Zannone, Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology, Advances in Intelligent Information Systems Studies in Computational Intelligence, pp.147-174, 2010.
DOI : 10.1007/978-3-642-05183-8_6

T. R. Peltier, Information Security Risk Analysis, 2005.