References
- ISO/IEC TR 13335 1부, IT보안 개념 및 모델(1996), 2부 보안관리 및 계획(1997)
- ISO/IEC TR 13335 3부 IT 보안관리 지침(1998) , 5부 네트워크 연결관리 지침(2000)
- BS-7799 British Standards Institution(BSI)
- IT Baseline Protect Manual - Standard security safeguards Bundesamt fur Sicherheit in der Informationstechnik
- Project, Systems Security Engineering Capability Maturity Model(SSE-CMM) - Model Description Document v.2 SSE-CMM
- KICO.KO-10.0047 전산망 보안을 위한 위험관리 지침서 정보통신부
- KISA 보고서 선진국 정보보호시스템의 평가제도에 관한 연구 이강수
- 정보보호학회지 국내외 정보보호 모델에 관한 연구 이강신,김학범,이홍섭
- Auditiong Computer Security - A Manual with Case Studies S.Vallabhaneni
- ISO/IEC 14598-1 IT-Software product evaluation, Part 1. General overview
- FIPS-65 Guidelines for Automatic Data Processing Risk Analysis
- FIPS-191 Specifications for Guideline for The Analysis Local Area Network Security
- NIST-SP-800-30 Risk Management Guide for Information Technology Systems NIST
- NISTIR-4387 Simplified Risk Analysis Guideline
- NISTIR-4325 Simplified Risk Analysis Guideline
- Case Study 1 , GAO/AIMD-00-33 Information Security Risk Assessment - Practices of Leading Organizations GAO
- Case Study 3 , GAO/AIMD-00-33 Information Security Risk Assessment - Practices of Leading Organizations GAO
- A Guide to Security Risk Management for IT Systems CSE
- TTAS.KO-12.007. 공공정보시스템 보안을 위한 위험분석 표준 - 개념과 모델 TTAS
- Carnegie Mellon Software Engineering Institute(2001.12) OCATVE Method Implementation Guide Version 2.0 OCATVE Criteria, Version 2.0 OCATVE
- A Practitioner's View of CRAMM CRAMM
- 정보보호학회지 v.6 no.1 보안관리를 위한 위협, 자산, 취약성의 분류 체계 김기윤;나관식;김종석
- Information Security Management Handbook(4th Ed.) Risk Analysis and Assessment Will Ozier
- 28'th Annual Computer Security Conference & Exhibition Data-driven Security: How to Target, Focus and Justify the Security Program C.Hamilton
- 1회 서울정보보안기술 국제컨퍼런스 시만텍사의 Expert 4.1 소개
- ETRI 연구보고서 위험 분석 도구 기초기술 개발에 관한 연구 김정덕(외)
- 한국전산원 연구보고서 정보시스템 보안을 위한 위험분석 소프트웨어 개발 송관호(외)
- 13'rd Computer Application Conference Risk Assessment for Large Heterogeneous Systems J.Freeman(et al.)
- 21'st National Information System Security Conference An Open Framework for Risk Management R.Craft(et al.)
- ISO/IEC 14598-5 IT-Software product evaluation. Part 5. Precess for evaluation
- ISO/IEC 14598-6 IT-Software product evaluation, Part 6. Documentation for evaluation modules
- ISO/IEC-9126 IT-Software product evaluation - Quality characteristics and guidelines for their use
- Software Engineering Economics B.Boehm
- 소프트웨어사업대가의 기준(2003)
- COCOMO 2.0 Software Cost Estimation Model Barry Boehm(et al.)
- Version 2.1, CCIMB-99-031 Common Criteria for Information Technology Security Evaluation CC
- Version 1.0 CEM-99/0.45 Common Evaluation Methodology CEM
- Information Technology Security Evaluation Criteria (ITSEC)(Ver. 1.2) European Community
- Information Technology Security Evaluation Criteria (ITSEM)(Ver. 1.0) European Community
- Department of Defense Trusted Computer System Evaluation Criteria(TCSEC) DoD
- The Canadian Trusted Computer Product Evaluation Criteria (CTCPED)(Ver.3e.) Canadian System Security Centre
- 정보통신부고시 1998-19호 정보통신망 침입차단시스템 평가기준 · 평가지침서
- NIST-SP-800-26 Security Self-Assessment Guide for Information Technology Systems M.Swanson
- NIST-SP-800-30 Risk Management Guide for Information Technology System G.Stonebumer(et el.)
- Vulnerability Assessment Framework 1.1 CIAO/VAF
- 20'th National Information Security Conference The Foundations of Risk Management D.Peeples
- Compsec Computer Security Conference'90 A Practical Approach to Risk Assessment M.Timms
- Guide to Auditing for Controls and Security: A System Development Lifecycle Approach Z.Ruthber(et al.)
- Software Process Modeling and Technology A.Finkelstein(ed.)(et al.)
- Software Process A.Furretta;A.Wolf(ed.)
- Software Project Management - Unified Framework W.Royce
- WISC-97 정보시스템 위험분석 모델에 관한 연구 이병만;윤정원;박승규
- Common Vulnerability and Exposure CVE