Articles

Anish Bhinami. Securing the commercial internet. Communications of the ACM, 39(6):29–35, June 1996.
Huseyin Cavusoglu, Birendra Mishra, and Srinivasan Raghunathan. Model for evaluating security investments. Communications of the ACM, 47(7):87–92, July 2004.
Commission of the European Communities. Glossary of information systems security. DGXIII, INFOSEC Programme/S2001, 1993.
Commission of the European Communities. Risk analysis methods database. DGXIII, INFOSEC Programme/S2014, 1993.
United Kingdom Central Computer and Telecommunication Agency, United Kingdom. CCTA Risk Analysis and Management Method: User Manual., version 3.0 edition, 1996. HMSO.
Eric Dubois and Suchun Wu. A framework for dealing with and specifying security requirements in information systems. In Sokratis K. Katsikas and Dimitris Gritzalis, editors, Information Systems Security: Facing the information society of the 21st century, pages 88–99. Chapman & Hall, 1996.
C. Ellison and B. Schneier. Ten risks of pki: What you're not being told about public key infrastructure. Computer Security Journal, 16(1):1–7, 2000.
J. H. P. Eloff, L. Labuschagne, and K. P. Badenhorst. A comparative framework for risk analysis methods. Computers & Security, 12(6):597–603, October 1993.
M. E. Kabay. The NCSA Guide ot Enterprise Security: Protecting Information Assets. McGraw-Hill, 1996.
Ravi Sandhu, Edward Coyne, Hal Feinstein, and Charles Youman. Role-based access control: A multi-dimensional view. In 10th Annual Computer Security Applications Conference, pages 54–62. IEEE Computer Society Press, 1994.
Richard G. Wilsher and Helmut Kurth. Security assurance in information systems. In Sokratis K. Katsikas and Dimitris Gritzalis, editors, Information Systems Security: Facing the information society of the 21st century, pages 74–87. Chapman & Hall, 1996.