A. Wigert, I. Dunn, and M. , An inventory of 20 national and 6 international critical infrastructure protection policies, International CIIP Handbook, 2006.

. Autopsy, Autopsy forensic browser, http://www.sleuthkit.org/autopsy/index.php 6. Basel Committee on Banking Supervision: Sound practices for the management and supervision of operational risk, BSI, 2001.

M. Brunner, M. Dilaj, O. Herrera, P. Brunati, R. K. Subramaniam et al., Information systems security assessment framework (issaf) draft 0, 2006.

J. Clinch, Itil v3 and information security http://www.isaca.org 12. COBRA Methodology: Security risk analysis and assessment. http://www.riskworld.net/method.htm 13. CRAMM: Ccta risk analysis and management method, cramm version 5.2 information security toolkit, BS25999-1: Business continuity managementbest-managementpractice.com 11. COBIT4.1: It governance control framework. IT Governance Institute, 2003.

. Ebios, Expression des besoins et identification des objectifs de securite, 2004.

P. Herzog, Osstmm:introduction and sample to the open source security testing methodology manual (osstmm 3 lite) Institute for Security and Open Methodologies (ISECOM), 2008.

. Hping3, Httprint: http://net-square.com/httprint/ 29

I. Iec, Information technology -security techniques -evaluation criteria for it security ? part 1: Introduction and general model: Information technology -security techniques -code of practice for information security management, pp.15408-15409, 2005.

I. Iec, 27001: Information technology -security techniques -information security management systems -requirements, 2005.

I. Iec, 27002: Information technology -security techniques -code of practice for information security management, 2005.

A. Karantjias, T. Stamati, and D. Martakos, Advanced e-government enterprise strategies and solutions, International Journal of Electronic Governance, vol.3, issue.2, pp.170-188, 2010.
DOI : 10.1504/IJEG.2010.034094

K. Orrey and L. J. Lawson, Penetration testing framework(ptf) v0.21

K. Scarfone, M. Souppaya, A. Cody, and A. Orebaugh, Technical guide to information security testing and assessment. Special Publication 800-115
DOI : 10.6028/nist.sp.800-115

A. V. Stock, D. Lowery, D. Rook, D. Cruz, E. Keary et al., Owasp code review guide v1, 2008.

. Valit, Enterprise value: Governance of it investments-the val it framework 2.0, IT Governance Institute, 2008.

A. Vallecillo, Rm-odp: The iso reference model for open distributed processing ,dintel edition on software engineering, pp.69-99, 2001.

J. Wack, M. Tracy, and M. Souppaya, NIST SP800-42:Guideline on Network Security Testing -Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-42, W3AF: Web application attack and audit framework