International Organization for Standardization. ISO 27002: code of practice for information security controls. ISO, 2013

International Organization for Standardization. ISO 27005: information security risk management. ISO, 2011

Federal Information Processing Standards. FIPS 65: guideline for automatic data processing risk analysis. US Department of Commerce, National Bureau of Standards, 1979

Radack S. Managing information security risk: organization, mission, and information system view. National Institute of Standards and Technology, 2011

Stoneburner G, Goguen A, Feringa A. Risk management guide for information technology systems. National Institute of Standards and Technology Special Publication, 2002

International Organization for Standardization. ISO 27001: information security management systems Requirements. ISO, 2013

Diehl M, Haimes Y. Influence diagrams with multiple objectives and tradeoff analysis. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, 2004, 34(3): 293–304

Haines J W, Lippmann R P, Fried D J, Zissman M M, Tran E, Boswell S. DARPA intrusion detection evaluation: design and procedures. Lincoln Lab Technical Report TR-1062, 2001

Gonzalez-Granadillo G, Ponchel C, Blanc G, Debar H. Combining technical and financial impacts for countermeasure selection. In: Proceedings of International Workshop on Advanced Intrusion Detection and Prevention. 2014, 1–14