| 期刊論文1. | Gordon, L. A.、Loeb, M. P.(200211)。The Economics of Information Security Investment。ACM Transactions on Information and System,5(4),438-457。 | 2. | Cavusoglu, H.、Mishra, B.、Raghunathan, S.(2004)。The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers。International Journal of Electronic Commerce,9(1),69-104。 | 3. | Karabacak, B.、Sogukpinar, I.(2005)。ISRAM: information security risk analysis method。Computers & Security,24(2),147-159。 | 4. | Brooke, P. J.、Paige, R. F.(2003)。Fault trees for security system design and analysis。Computers & Security,22(3),256-264。 | 5. | Eloff, J. H. P.、Labuschagne, L.、Badenhorst, K. P.(1993)。A comparative framework for risk analysis method。Computers & Security,12(6),597-603。 | 會議論文1. | Anderson, A. M.(1991)。Comparing risk analysis methodologies。The IFIP TC11, Seventh International Conference on Information Security。Elsevier。301-311。 | 2. | Borman, W. G.、Labuschagne, L.(2004)。A comparative framework for evaluating information security risk management methods。SAICIT。 | 3. | Garrabrants, W. M.、Ellis, A. W.、Hoffman, L. J.、Kamel, M.(1990)。CERTS: A Comparative Evaluation Method for Risk Management Methodologies and Tools。The 6th Annual Computer Security Applications Conference。IEEE Computer Society Press。251-257。 | 4. | Hoffman, L. J.(1986)。Risk Analysis and Computer Security: Bridging the Cultural Gap。The 1986 National Computer Security Conference。National Computer Security Center。157。 | 5. | Vorster, A.、Labuschagne, L.(2005)。A Framework for comparing different information security risk analysis methodologies。South African Institute of Computer Scientists and Information Technologists,95-103。 | 研究報告1. | SIEMENS(2005)。The Logic behind CRAMM's Assessment of Measures of Risk and Determination of Appropriate Countermeasures。 | 2. | Vraalsen, F.、den Braber, Folker、Hogganvik, I.、Lund, M. S.、Stolen, K.(2004)。The CORAS Tool- Supported Methodology for UML-Based Security Analysis。 | 學位論文1. | Hoo, K. J. S.(2000)。How Much Is Enough? A Risk-Management Approach to Computer Security(博士論文)。Stanford University School of Engineering。 | 圖書1. | Alberts, C.、Dorofee, A.、Stevens, J.、Woody, C.(2003)。Introduction to the OCTAVE Approach。Pittsburgh, PA:Carnegie Mellon University。 | 2. | Chen, P.-Y.、Kataria, G.、Krishnan, R.(2005)。Software diversity for information security。Cambridge:Harvard University。 | 3. | IT Governance Institute(2005)。COBIT 4.0。ITGI Publication。 | 4. | Microsoft Corporation(2006)。The Security Risk Management Guide v1.2。 | 5. | Stonebumer, F.、Goguen, A.、Feringa, A.(2002)。Risk Management Guide for Information Technology Systems, Recommendations of the National Institute of Standards and Technology。 | 6. | U.S. Dept. of Commerce(1979)。Guidelines for automatic data processing risk analysis。National Bureau of Standards。 | 其他1. | ISO/IEC(2005)。Information technology--Security techniques--Information security management systems--Requirements(FIDS 27001)。,http://www.iso.org/iso/catalogue_detail?csnumber=42103, 2012/01/01。 | 2. | (2006)。九十五年度資通安全外部稽核(自我評審)表,http://www.dgbas.gov.tw/public/Attachment/ 681717225771.pdf。 延伸查詢 | 3. | BSI(2006)。Information security management systems--Part 3: Guidelines for information security risk management(BSI British Standard BS7799-3)。 | 4. | ISO/IEC(2000)。Information technology-Security techniques-Management of information and communications technology security--Part 4: Selection of Safeguards(IS013335-4)。 | 5. | ISO/IEC(2004)。Information technology-Security techniques-Management of information and communications technology security--Part1: Concepts and models for information and communications technology security management(IS013335-1)。,ISO/IEC。 | 6. | ISO/IEC(2005)。Information Technology-Security Techniques-Information Security Management Systems--Code of practice for information security management(ISO/IEC 17799)。 | 7. | U. S. Congress(1988)。Computer security act of 1987. U.S. Public Law 100-235 (H.R. 145),http://www.epic.org/crypto/csa/esa.html。 | 8. | Committee of Sponsoring Organizations of the Treadway Commission(2004)。Enterprise Risk Management--Integrated Framework,https://www.coso.org/Documents/COSO-ERM-Executive-Summary.pdf。 | |