[1]
|
The Office of the Government Chief Information Officer, “Security Risk Assessment and Audit Guidelines”, 2009. http://www.ogcio.gov.hk/eng/prodev/download/g51_pub
|
[2]
|
T. Even, “A Unified Framework For Risk and Vulnerability Analysis Covering Both Safety and Securi-ty”, Reliability Engineering and System Safety, Vol. 92, No. 6, 2007, pp. 745-754. doi:10.1016/j.ress.2006.03.008
|
[3]
|
G. Stoneburner, A. Goguen, A. Feringa, “Risk Management Guide for In-formation Technology Systems”, 2002. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30f
|
[4]
|
Homeland Security, “National Infrastructure Protection Plane Risk Management Framework”, (2009).
http://www.dhs.gov/xlibrary/assets/NIPP_RiskMgmt
|
[5]
|
M. D. Cavelty, “Critical Information Infrastructure: Vulnerabilities, Threats and Responses” Disarmament Forum ICTs and International Security, No. 3, 2007, pp. 15-22.
|
[6]
|
R. Olsson, “In Search of Opportunity Man-agement: Is the Risk Management Process Enough?” In-ternational Journal of Project Management, Vol. 25, No. 8, November 2007, pp. 745-752.
doi:10.1016/j.ijproman.2007.03.005
|
[7]
|
S. Posthumus, R. Solms, “A Framework for the Governance of Informa-tion Security”, Computer and Security, Vol. 23, No. 8, December 2004, pp. 638-646.
doi:10.1016/j.cose.2004.10.006
|
[8]
|
Akelainc, “What Risk and Vulnerability Assessment”, 2009. http://www.akelainc.com/pdf_files/What%20is%20risk%20and%20vulnerability%20assessment.pdf
|
[9]
|
Insight Networking, “Risk and Vulnerabilities Assessment”, 2009.
https://images01.insight.com/media/pdf/IN_RVA_Datasheet
|
[10]
|
S. Bajpai, A. Sachdeva, J. Gupta, “Security Risk Assessment: Applying the Concept of Fuzzy Logic”, Journal of Hazardous Materials, Vol. 173, No. 1-3, Jan-uary 2010, pp.258-264.
doi:10.1016/j.jhazmat.2009.08.078
|
[11]
|
A. Veiga, J. Eloff, “A Framework and Assessment for Information Security Culture”, Computer and Security, Vol. 29, No. 2, March 2010, pp. 196-207.
doi:10.1016/j.cose.2009.09.002
|
[12]
|
Dunn Myriam, “A Comparative Analysis of Cyber security Initiatives Worldwide”, WSIS Thematic Meeting on Cybersecurity, Geneva, 28 June-1 July 2005.
|
[13]
|
SpiceWorks Inc., “SpiceWorks, IT Is Everything”, April 14, 2010. http://www.spiceworks.com/
|