|
Journal papers [1] Arrow, H.J., Aspects of the Theory of Risk Bearing. Helsini: Yrïö Jahnssonis Säätio, 1965. [2] Bedford, T. and Cooke, R., “Probabilistic risk analysis: foundations and methods”, UK, Cambridge University Press, 2001.New York, NY, USA. [3] Chiclana, F., Herrera, F. and Herrera-Viedma E., “A classification method of alternatives for multiple preference ordering criteria based on fuzzy majority,” J. Fuzzy Math., Vol. 34, pp.224 –229 ,1996. [4] Chiclana, F., Herrera, F. and Herrera-Viedma E., “ Integrating three representation models in fuzzy multipurpose decision making based on fuzzy preference relations”, Fuzzy Sets and Systems 97, pp.33-48, 1998. [5] Carroll, J. M., “Decision support for risk analysis, “Computers & Security, Vol. 2, Issue 3, pp.230-236, Nov. 1983. [6] Chen, S-M, “Fuzzy group decision making for evaluating the rate of aggregative risk in software development,” Fuzzy set and Systems, Vol. 118, pp.75-88, 2001. [7] Chen, S-M, Measures of similarity between vague sets, Fuzzy Sets and Systems, Vol.74, pp.217-223, 1995. [8] Chen, S-J and Chen, S-M, “Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers,” IEEE Trans on fuzzy sysytems, Vol. 11, No. 11, Feb 2003. [9] Davies, P. C., “Design issues in neural network development”, NEUROVEST Journal, pp.21-25, 1994. [10] Filev, D. and Yager, R.R., “On the Issue of Obtaining OWA Operator Weights,” Fuzzy set and Systems, Vol.94, pp.157-169, 1998. [11] Guan, B.C. Lo, C.C., Wang, P., Hwang, J. S, Evaluation of information security related risks of an organization- The application of multi-criteria decision-making method, IEEE 37th International Carnahan Conference on Security Technology (ICCST), 2003. [12] Gau, W.L. and Buehrer, D.j., “Vague sets,” IEEE Trans Systems Man Cybernet. Vol.23, pp.610-614, 1993. [13] Gary, S. et al., “Risk Management Guide for Information Technology Systems”, Special Publication 800-300, National Institute of Standards and Technology, 2001. [14] Herrera, F. et al,. “A Rational Consensus Model in Group Decision Making Using Linguistic Assessments”, Fuzzy set and Systems, Vol.88, pp.31-49, 1997. [15] Halliday, S. et al, ”A Business Approach to Effective Information Technology Risk Analysis and Management”, Information Management & Computer Security, Vol.4, pp. 27-28, 1996. [16] Kacprzyk, J. and Fedrizzi, M., “Multiperson decision making using fuzzy sets and possibility”, pp.231-241, Kluwer Academic Publishers, Netherlands, 1990. [17] Kacprzyk, J. and Fedrizzi, M., “A soft’ measurement of consensus in the setting of partial (fuzzy) preference,” European Journal of Operational Research, Vol.34, pp.316-326, 1988. [18] Kangari, R. and Riggs, L.S., “Construction risk assessment by linguistics,” IEEE Transactions on Engineering Management, Vol.36, Issue: 2, pp.126-131, May 1989. [19] Lee, H.M., “Group decision making using fuzzy sets theory for evaluating the rate of aggregative risk in software development,” Fuzzy Sets and Systems, Vol. 80, Issue 3, pp.261-271, June 1996. [20] Luca, A. Le and Termini, S. “A Definition of nonprobabilistic entropy in the setting of fuzzy Theory,” Inform. and Control, Vol. 20, pp. 301-312, 1972. [21] Li, D. and Cheng, C., “New similarity measures of intuitionistic fuzzy sets and application to pattern recognition,” Pattern Recognition, Letter.23, pp.221 –225, 2002. [22] Lichtenstein, S., “Factors in the selection of a risk assessment method”, Information Management & Computer Security, Vol.4, No.4, pp.20-25, 1996. [23] Mon D.L., Cheng C.H. and Lin J. C., “Evaluating Weapon System Using Fuzzy Analytical Hierarchy Process Based on Entropy Weight”, Fuzzy Sets and Systems, Vol. 62, pp.117-134, 1994. [24] Mann, L. and Tan, C., ”The Hassled Decision Maker: The Effects of Perceived Time Pressure on Information Processing in Decision Making.” Australian Journal of Management. Vol.18, No2, pp.197-210, 1993. [25] March, J.G. and Shapira, Z., “Managerial perspectives on risk and risk taking,” Management Science, Vol. 33, No. 11, Nov. 1987. [26] Orlovski, S.A., “Decision-making with a fuzzy preference relation,” Fuzzy Sets and Systems, Vol.1, pp.155-167, 1978. [27] Rudas, I J. and Kaynak, M. O., “Entropy-based operations on fuzzy sets, “ IEEE Trans. Fuzzy Systems, Vol. 6, pp.33 – 40, Feb. 1998. [28] Subhash Sharma, “Applied multivariate technologies, ” John Wiley & Sons, 1996. [29] Szmidt, E. and Kacprzyk, J., “Evaluation of agreement in a group of experts via distance between intuitionistic fuzzy preference,” International IEEE Symposium “intelligent systems” Sep, 2002. [30] Szmidt, E. and Kacprzyk, J., Distances between intuitionistic fuzzy sets, Fuzzy Sets and Systems, Vol. 114, pp.505 –518, 2000. [31] Satty, T.L., The analytic Process, McGraw Hill, New York, 1980. [32] Smolikova, R. and Wachowiak, M.P., “Aggregation operators for selection problems”, Fuzzy Sets and Systems, Vol. 131, pp.23-34, 2002. [33] Tsaur, S-H, Tzeng, G-H, and Wang, K-C, “Evaluation Tourist Risks from Fuzzy Perspectives,” Annual of Tourism Research, Oct. 1997. [34] Tanino, T., “Fuzzy preference ordering in group decision making,” Fuzzy set and Systems, Vol. 12, pp.117-131, 1984. [35] Weber, D.P., “Fuzzy fault tree analysis,” IEEE World Congress on Comp. Intelligence, Proceedings of the Third IEEE Conference on Fuzzy Systems, Vol.3, pp.1899-1904, June 1994. [36] Ward, S. C., “Assessing and managing important risks,”International Journal of Project Management, Vol. 17, No 6, pp.331, 1999. [37] Yager, R.R., “On ordered weighted averaging aggregation operators in multi criteria decision making,” IEEE Trans. Systems Man Cybernet.Vol.18, pp.183-190, 1988. [38] Yager, R.R., “On the measure of fuzziness and negation, Part I: membership in unit interval”, Internat. J. General Systems, Vol. 5, pp.221-229, 1979. [39] Yager, R.R., “Modeling prioritized multi-criteria decision making”, IEEE Trans. Systems, Man and Cybernetics-Part B, Vol. 34, pp. 2396– 2404, Dec. 2004. [40] Yacov, Y. H., Risk Modeling, Assessment and Management, John Wiley publication, 1998. [41] Zimmermann, H.J. and Zysno, P., “Decision and evaluations by hierarchical aggregation of information”, Fuzzy Sets and Systems, Vol.10, pp.243-260, 1983. [42] Zadeh, L.A., “A computational approach to fuzzy quantifiers in natural languages,” Comput. Math.Appl. 9, pp.149-184, 1983. [43] Zwick, R., Carlstein, E. and Budescu, D.V., “Measures of similarity among fuzzy concepts: A comparative analysis”, Internat. J. Approximate Reasoning, Vol. 1, pp.221-242, 1987.
Internet data [44] 2004 CSI/FBI Computer Crime and Security Survey, http://www.visionael.com/ products/security_audit/ FBI_CSI_2004.pdf. [45]http://reliability.sandia.gov/Reliability/Fault_Tree_Analysis/fault_tree_analysis.html [46] http://www.iee.org/Policy/Areas/Health/hsb26c.pdf. [47] http://www.analex.com/html/aero_fmeca.html [48] http://pie.che.ufl.edu/guides/hazop/ [49] http://coras.sourceforge.net/ [50] http://www.ercim.org/publication/Ercim_News/enw49/dimitrakos.html [51]http://www.microsoft.com/technet/archive/itsolutions/ecommerce/maintain/operate/aspsec.mspx
English Books: [52] BS7799-2:1999, Information security management - part 2:Specification for information security management systems. [53] BS7799-2:2002, Information security management systems - Specification with guidance for use. [54] CRMES (Center of Risk Management of Engineering System), Ranking of Space Shuttle FMEA/CIL items: the Risk Ranking and Filtering (RRF) method, university of Virginia, Charlottesville, 1991. [55] Hwang, C.L. and Yoon, K., Multiple Attribute Decision Making: Methods and Applications, Springer-Verlag, Berlin, Heidelberg, New York, pp. 41-58, pp.153-154, 1981. [56] ISO/IEC 17799:2000, Information technology - Code of practice for information security management. [57] ISO/IEC TR13355-1, Guidelines for the Management of IT Security – Part 1: The concept and model of IT security. [58] ISO/IEC Guide 73:2002, Risk Management Vocabulary Guidelines for use in standards. [59] Kaufmann, A. and Gupta, M. M., Introduction to Fuzzy Arithmetic Theory and Application, New York, 1991. [60] Koller, G. R., “Risk assessment and decision making in business and industry: a practical guide,” CRC press LLC, 2000. [61] Klir, G. L. and Yuan, B., Fuzzy sets and fuzzy logic, Prentice Hall, Singapore, 1988, pp.259-277. [62] Zeleny, M., Multiple Criteria Decision Making, McGraw-Hill, 1982, pp. 185-198. [63] Chen, S-H, and Hwang, C.L., “Fuzzy Multiple Attribute Decision Making Methods and Applications,” Springer-Verlag, Berlin, Heidelberg, New York,1992, pp. 491-493.
中文資料 [64] 劉永禮,陳啟光,「以BS7799資訊安全管理規範建構組織資訊安全風險管理模式之研究」,元智大學,工業工程與管理學系,碩士論文,2002年。 [65] 李慶民,莊謙亮,"以BS 7799為基建構資訊安全評選模式之研究—以虛擬私有網路系統為例",國防大學資訊研究所碩士論文,民國90年5月,頁24-49。 [66] 溫鳳祺譯,風險管理-詞彙-標準使用指引(ISO/IEC Guide 73:2002(E/F))。 [67] 賴溪松,「資訊安全國家標準」,資訊安全通訊,第四卷,第四期,29頁,1998年。 [68] 張真誠、婁德權,「資訊系統安全之對策」,資訊與教育,第59期,41-47頁,1995年。 [69] 樊國楨,「資訊及相關技術之控管目的與應用簡介」,資訊安全通訊,第五卷,第三期,1-7頁,1999年。 [70] 范淼,中科院「專案風險管理技術開發」課程,2002年7月。 [71] 柯輝耀,預防性失效分析-FMECA & FTA之應用,中華民國品質學會,2001。
|