, Introduction to the OCTAVE Approach, Carnegie Mellon Software Engineering Institute, 2003.
DOI : 10.21236/ADA634134
, A general, but readily adaptable model of information system risk, Communications of the Association for Information Systems, vol.14, pp.1-28, 2004.
, Empirical and statistical analysis of risk analysisdriven techniques for threat management, 2007.
, A classification scheme for risk assessment methods, SANDIA REPORT, pp.2004-4233, 2004.
, New Zealand Standards Comittee, Risk management ASNZ, vol.4360, 1999.
, Relating risk and reliability predictions to design and development choices, RAMS '06. Annual Reliability and Maintainability Symposium, 2006., pp.23-26, 2006.
DOI : 10.1109/RAMS.2006.1677422
, Mixing Internal and External Data for Managing Operational Risk, SSRN Electronic Journal, 2002.
DOI : 10.2139/ssrn.1032525
, From Risk Analysis to Security Requirements, Computers & Security, vol.20, issue.7, pp.577-584, 2002.
DOI : 10.1016/S0167-4048(01)00706-4
, Formalizing information security requirements, Information Management & Computer Security, vol.9, issue.1, pp.32-37, 2001.
DOI : 10.1108/09685220110366768
, A business approach to effective information technology risk analysis and management, Information Management & Computer Security, vol.4, issue.1, pp.19-31, 1996.
DOI : 10.1016/0167-4048(87)90030-7
, Developing secure networked web-based systems using model-based risk assessment and UMLsec, Tenth Asia-Pacific Software Engineering Conference, 2003., pp.10-12, 2003.
DOI : 10.1109/APSEC.2003.1254404
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.10.6372
, The Words of Risk Analysis, Risk Analysis, vol.1, issue.1, 1997.
DOI : 10.1016/0951-8320(92)90023-E
, Research opportunities in internal auditing -chapter 5 auditing risk assessment and risk management process. The Institute of Internal Auditors Research Foundation, 2003.
, A qualitative and quantitative risk assessment method in software security, Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on, pp.1-534, 2010.
, Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development, pp.541-555, 2008.
DOI : 10.1007/978-3-540-69534-9_40
, Self assessed risk management. Master's thesis, Fachhochschul- Masterstudiengang Sichere Informationssysteme, 2009.
, Information security management references, 2004.
, Risk Analysis for Information Technology, Journal of Management Information Systems, vol.6, issue.1, pp.129-147, 1991.
DOI : 10.1016/0167-4048(87)90032-0
, Literature review of security and risk assessment of SCADA and DCS systems, 2006.
, System Reliability Theory), chapter Risk Analysis An Introduction, 2004.
, Risk analysis - a subjective process, Engineering Management Journal, vol.12, issue.2, pp.91-96, 2002.
DOI : 10.1049/em:20020206
, An analysis of the traditional IS security approaches: implications for research and practice, European Journal of Information Systems, vol.6, issue.3, pp.303-315, 2005.
DOI : 10.1287/isre.6.4.376
, On risk: perception and direction, Computers & Security, vol.23, issue.5, pp.362-370, 2004.
DOI : 10.1016/j.cose.2004.05.003
, Making globalization work: Global financial markets in an era of turbulence, 2008.
, Model-based risk assessment ? the CORAS approach, NIK (2002) informatics conference, 2002.
, NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology (NIST), pp.20899-8930, 2002.
DOI : 10.6028/nist.sp.800-30
URL : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA396553
, A critical discussion of risk and threat analysis methods and methodologies, 2004.