Introduction to the OCTAVE Approach, Carnegie Mellon Software Engineering Institute, 2003. ,
DOI : 10.21236/ADA634134
A general, but readily adaptable model of information system risk, Communications of the Association for Information Systems, vol.14, pp.1-28, 2004. ,
Empirical and statistical analysis of risk analysisdriven techniques for threat management, 2007. ,
A classification scheme for risk assessment methods, SANDIA REPORT, pp.2004-4233, 2004. ,
New Zealand Standards Comittee, Risk management ASNZ, vol.4360, 1999. ,
Relating risk and reliability predictions to design and development choices, RAMS '06. Annual Reliability and Maintainability Symposium, 2006., pp.23-26, 2006. ,
DOI : 10.1109/RAMS.2006.1677422
Mixing Internal and External Data for Managing Operational Risk, SSRN Electronic Journal, 2002. ,
DOI : 10.2139/ssrn.1032525
From Risk Analysis to Security Requirements, Computers & Security, vol.20, issue.7, pp.577-584, 2002. ,
DOI : 10.1016/S0167-4048(01)00706-4
Formalizing information security requirements, Information Management & Computer Security, vol.9, issue.1, pp.32-37, 2001. ,
DOI : 10.1108/09685220110366768
A business approach to effective information technology risk analysis and management, Information Management & Computer Security, vol.4, issue.1, pp.19-31, 1996. ,
DOI : 10.1016/0167-4048(87)90030-7
Developing secure networked web-based systems using model-based risk assessment and UMLsec, Tenth Asia-Pacific Software Engineering Conference, 2003., pp.10-12, 2003. ,
DOI : 10.1109/APSEC.2003.1254404
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.10.6372
The Words of Risk Analysis, Risk Analysis, vol.1, issue.1, 1997. ,
DOI : 10.1016/0951-8320(92)90023-E
Research opportunities in internal auditing -chapter 5 auditing risk assessment and risk management process. The Institute of Internal Auditors Research Foundation, 2003. ,
A qualitative and quantitative risk assessment method in software security, Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on, pp.1-534, 2010. ,
Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development, pp.541-555, 2008. ,
DOI : 10.1007/978-3-540-69534-9_40
Self assessed risk management. Master's thesis, Fachhochschul- Masterstudiengang Sichere Informationssysteme, 2009. ,
Information security management references, 2004. ,
Risk Analysis for Information Technology, Journal of Management Information Systems, vol.6, issue.1, pp.129-147, 1991. ,
DOI : 10.1016/0167-4048(87)90032-0
Literature review of security and risk assessment of SCADA and DCS systems, 2006. ,
System Reliability Theory), chapter Risk Analysis An Introduction, 2004. ,
Risk analysis - a subjective process, Engineering Management Journal, vol.12, issue.2, pp.91-96, 2002. ,
DOI : 10.1049/em:20020206
An analysis of the traditional IS security approaches: implications for research and practice, European Journal of Information Systems, vol.6, issue.3, pp.303-315, 2005. ,
DOI : 10.1287/isre.6.4.376
On risk: perception and direction, Computers & Security, vol.23, issue.5, pp.362-370, 2004. ,
DOI : 10.1016/j.cose.2004.05.003
Making globalization work: Global financial markets in an era of turbulence, 2008. ,
Model-based risk assessment ? the CORAS approach, NIK (2002) informatics conference, 2002. ,
NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology (NIST), pp.20899-8930, 2002. ,
DOI : 10.6028/nist.sp.800-30
URL : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA396553
A critical discussion of risk and threat analysis methods and methodologies, 2004. ,