C. Alberts, A. Dorofee, J. Stevens, and C. Woody, Introduction to the OCTAVE Approach, Carnegie Mellon Software Engineering Institute, 2003.
DOI : 10.21236/ADA634134

S. Alter and S. Sherer, A general, but readily adaptable model of information system risk, Communications of the Association for Information Systems, vol.14, pp.1-28, 2004.

K. Buyens, B. Dewin, and W. Joosen, Empirical and statistical analysis of risk analysisdriven techniques for threat management, 2007.

P. Campbell and J. Stamp, A classification scheme for risk assessment methods, SANDIA REPORT, pp.2004-4233, 2004.

. Australian, New Zealand Standards Comittee, Risk management ASNZ, vol.4360, 1999.

M. Feather and S. Cornford, Relating risk and reliability predictions to design and development choices, RAMS '06. Annual Reliability and Maintainability Symposium, 2006., pp.23-26, 2006.
DOI : 10.1109/RAMS.2006.1677422

A. Frachot and T. Roncalli, Mixing Internal and External Data for Managing Operational Risk, SSRN Electronic Journal, 2002.
DOI : 10.2139/ssrn.1032525

. M. Gerber and R. Von-solms, From Risk Analysis to Security Requirements, Computers & Security, vol.20, issue.7, pp.577-584, 2002.
DOI : 10.1016/S0167-4048(01)00706-4

M. Gerber, R. Von-solms, and P. Overbeek, Formalizing information security requirements, Information Management & Computer Security, vol.9, issue.1, pp.32-37, 2001.
DOI : 10.1108/09685220110366768

S. Halliday, K. Badenhorst, and R. Von-solms, A business approach to effective information technology risk analysis and management, Information Management & Computer Security, vol.4, issue.1, pp.19-31, 1996.
DOI : 10.1016/0167-4048(87)90030-7

S. Houmb and J. Jürjens, Developing secure networked web-based systems using model-based risk assessment and UMLsec, Tenth Asia-Pacific Software Engineering Conference, 2003., pp.10-12, 2003.
DOI : 10.1109/APSEC.2003.1254404

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

S. Kaplan, The Words of Risk Analysis, Risk Analysis, vol.1, issue.1, 1997.
DOI : 10.1016/0951-8320(92)90023-E

W. Kinney, Research opportunities in internal auditing -chapter 5 auditing risk assessment and risk management process. The Institute of Internal Auditors Research Foundation, 2003.

Y. Zhang, S. Jiang, Y. Cui, B. Zhang, and H. Xia, A qualitative and quantitative risk assessment method in software security, Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on, pp.1-534, 2010.

R. Matulevius, N. Mayer, H. Mouratidis, E. Dubois, P. Heymans et al., Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development, pp.541-555, 2008.
DOI : 10.1007/978-3-540-69534-9_40

J. Pöttinger, Self assessed risk management. Master's thesis, Fachhochschul- Masterstudiengang Sichere Informationssysteme, 2009.

A. Putnam, C. Kreitner, and M. Rasmussen, Information security management references, 2004.

R. Rainer, C. Snyder, and H. Carr, Risk Analysis for Information Technology, Journal of Management Information Systems, vol.6, issue.1, pp.129-147, 1991.
DOI : 10.1016/0167-4048(87)90032-0

P. Ralston, J. Graham, and S. Patel, Literature review of security and risk assessment of SCADA and DCS systems, 2006.

M. Rausand, System Reliability Theory), chapter Risk Analysis An Introduction, 2004.

F. Redmill, Risk analysis - a subjective process, Engineering Management Journal, vol.12, issue.2, pp.91-96, 2002.
DOI : 10.1049/em:20020206

M. Siponen, An analysis of the traditional IS security approaches: implications for research and practice, European Journal of Information Systems, vol.6, issue.3, pp.303-315, 2005.
DOI : 10.1287/isre.6.4.376

A. Stewart, On risk: perception and direction, Computers & Security, vol.23, issue.5, pp.362-370, 2004.
DOI : 10.1016/j.cose.2004.05.003

J. Stiglitz, Making globalization work: Global financial markets in an era of turbulence, 2008.

K. Stølen, F. Den-braber, T. Dimitrakos, R. Fredriksen, B. A. Gran et al., Model-based risk assessment ? the CORAS approach, NIK (2002) informatics conference, 2002.

G. Stoneburner, A. Goguen, and A. Feringa, NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology (NIST), pp.20899-8930, 2002.
DOI : 10.6028/nist.sp.800-30

URL : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA396553

S. Vidalis, A critical discussion of risk and threat analysis methods and methodologies, 2004.