Home |
Abstract
| Model |
Organisational Model |
Questionnaire | Links | More Links
| Logbook |
Contact
Links |
Return On Information Security Investment |
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
BUY THE BOOK! Most of the sites listed in this page were referenced in the dissertation. A big thanks goes to the authors mentioned in this page, without which this work would never have been published.
The dissertation contains a comprehensive reference of works that is used in the text.
Another big thanks goes to Lulu for prividing the resources necessary to publish the BOOK.
NEW! NEW! Read the recently published book - Information Security for Decision Makers . The book treats the subject of information security from a layman's viewpoint and aids the information security decision maker to make a good quality investment.
http://www.infosecwriters.com/index.php [Information security papers; including my recently published paper]
http://www.noticebored.com/html/general.html [Excellent Site]
http://www.veridion.net/iso27001 [Veridion is an information security training and consulting firm specializing in ISO 27001, ISO 17799 / 27002 and ISMS training and consulting services.]
http://www.gtisc.gatech.edu/SecureWorld.PPT
http://itresearch.forbes.com/rlist/920045790_12/Network-Security-Software.html
http://www.mcandl.com/computer-security.pdf
http://vig.prenhall.com/catalog/academic/product/1,4096,0130355488,00.html [See sample chapters!]
http://ted.see.plym.ac.uk/nrg/presentations.htm [Links]
http://www.uscib.org/docs/information_security_biac_icc.pdf
http://www.anu.edu.au/people/Roger.Clarke/EC/IntroSecy.html [GOOD INTRODUCTION]
http://www.counterpane.com/literature.html
http://mixter.void.ru/papers.html
http://mixter.void.ru/protecting.html [Paper]
http://www.zdnet.co.uk/search/?collection=whitepapers&query=Security+Standards [Many good links]
http://www.nap.edu/books/NI000361/html/ [BOOKS]
http://books.nap.edu/books/0309043883/html/index.html [Computers at Risk]
http://www.sims.berkeley.edu/~tygar/papers.htm
http://www.sandstorm.net/security/resources?cid=88374
http://www.cs.nps.navy.mil/people/faculty/irvine/publications.html
http://www.cccure.org/Documents/HISM/ewtoc.html
http://www.notablesoftware.com/secwatch.html
http://business.att.com/insight/
http://www.research.att.com/~smb/papers/ [Many Resources]
http://veerle.duoh.com/index.php?id=P253 [Security the Reality]
http://www.techdirectory.ws/Computer_Security/default.aspx [Computer Security]
http://www.tpub.com/content/istts/14222/index.htm
http://www.cimu.gov.mt/htdocs/section.asp?s=76 [CIMU]
http://infosecuritymag.techtarget.com/ [Many Links]
http://infosecuritymag.techtarget.com/archives2001.shtml [Many Links]
http://www.computer.org/security/V2n5/bas.htm [More than CIA]
http://www.ezrisk.co.uk/Info_Sec.html [Security Definition]
http://www.rand.org/publications/R/R609.1/R609.1.html
http://csrc.nist.gov/publications/history/#paperlist
http://csrc.nist.gov/publications/history/ande72.pdf [Very good]
http://csrc.nist.gov/publications/fips/ [Important - FIPS 31,87,65(obsolete)]
http://mixter.void.ru/is-evol.html
http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper005/ncsc96.pdf
http://csrc.nist.gov/cc/CC-v2.1.html
http://www.iwar.org.uk/comsec/resources/standards/itsec.htm
http://www.commoncriteriaportal.org/public/consumer/index.php?menu=1 [Common Criteria]
http://www.packetstormsecurity.org/docs/rainbow-books/ [Very Good]
http://reform.house.gov/UploadedFiles/Best%20Practices%20Bibliography.pdf [Many Links]
http://adt.curtin.edu.au/theses/available/adt-WCU20020522.151935/ [Thesis]
http://www.library.uow.edu.au/adt-NWU/public/adt-NWU20031126.142250/ [Thesis]
https://www.qualys.com/docs/yankee-whitepaper.pdf [BEST Practices]
http://www.issa.org/PDF/research-BSA-ISSA.pdf [SURVEY]
http://technologyreports.net/securityinnovator/index.html?articleID=3339
http://technologyreports.net/securityinnovator/?articleID=3234
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss407_art814,00.html
http://www.securitydocs.com/links/2128 [Evolution of Security Mindset]
http://citeseer.ist.psu.edu/16678.html
http://www.ieee-security.org/cfp.html
http://all.net/journal/netsec/index.html [Management of Network Security]
http://www.dti.gov.uk/bestpractice/technology/security.htm (Very Good site)
http://www.dti.gov.uk/bestpractice/assets/hardfacts.pdf
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://www.nytimes.com/library/financial/columns/060100econ-scene.html#1
http://www.foundstone.com/ [Very Good Link: Contact Mc Afee: yaniv_alfi@mcafee.com]
http://www.techdirectory.ws/Business_Software/Project_Management/Risk_Analysis/default.aspx [Risk Analysis]
http://www.analytics-solutions.com/resources.html [Risk Measurement]
http://www.active-information.co.uk/findoutmore.htm [Risk Analysis, Cobra]
http://www.gloriamundi.org/picsresources/jjjr.pdf [Methodology for Risk Assessment]
http://all.net/journal/netsec/1998-12.html [Balancing Risk]
http://csrc.nist.gov/nissc/1997/proceedings/331.pdf [Risk Analysis]
http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper012/nissc96.pdf [Risk Assessment]
http://www.riskreports.com/htdocs/publications.html [Risk Management Resources]
http://www.oit.nsw.gov.au/pdf/4.4.16.IS1.pdf [Security Risk Management]
http://www.ptatechnologies.com [Practical Threat Analysis for Securing Computerized Systems]
http://csrc.nist.gov/asset/ [Automated Security Self Assessment Tool]
http://csrc.nist.gov/publications/nistpubs/500-174/sp174.txt [Guide for Risk tools]
http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf [Self Assessment Tool]
http://www.sandstorm.net/security/resources?cid=5428 [Various Tools]
http://www.cs.kau.se/IFIP-summerschool/preceedings/Jung.pdf [Risk analysis Tools]
http://scolar.vsc.edu:8004/VSCCAT/ACB-0689 [Decision Analysis]
http://www.sans.org/rr/papers/5/83.pdf [Risk analysis Tools]
http://www.cs.ucl.ac.uk/staff/W.Emmerich/lectures/3C05-01-02/aswe3.pdf
http://www.microsoft.com/technet/security/guidance/secrisk/default.mspx [Microsoft Security Risk Management Guide]
http://www.informationweek.com/698/98iursk.htm [Acceptable Risk]
http://www.devicelink.com/mddi/archive/97/06/017.html
http://www.risksig.com/members/resources/risks.htm
http://www.eas.asu.edu/~sdm/merrill/riskman.html
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
http://www.3com.co.uk/promotions/roi/
http://answers.google.com/answers/threadview?id=222921
http://www.itsecurity.com/asktecs/oct3201.htm
http://riskmgmt.biz/mysite/calculating-return-on-investment.html [General ROI Links]
http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=16280&TEMPLATE=/ContentManagement/ContentDisplay.cfm [Cash Flow Appraisal of Information Security Investment, NPV, IRR]
http://whitepapers.zdnet.co.uk/0,39025942,60064781p,00.htm [ROSI]
http://www.sbq.com/sbq/rosi/ [ROSI]
http://www.eecs.harvard.edu/~stuart/papers/fc03.pdf [Harvard Paper]
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/econ.pdf
http://www.dtc.umn.edu/weis2004/
http://www.dtc.umn.edu/weis2004/agenda.html [Ultra Recent!]
http://www.cl.cam.ac.uk/users/rja14/econsec.html [Very Good Link]
http://www.cl.cam.ac.uk/users/rja14/econws.html [Basis of history in literature review]
http://itresearch.forbes.com/detail/RES/1057858077_908.html
http://www.intel.com/network/connectivity/emea/eng/solutions/security/roi.htm
http://csrc.nist.gov/roi/proceedings.html
http://csrc.nist.gov/roi/wksps0603-notes/NIST-Wkshp-bothsessions.pdf [Good argument with respect to ROI & NPV]
http://infosecuritymag.techtarget.com/2002/jul/curmudgeons_corner.shtml
http://www.umiacs.umd.edu/partnerships/ltsdocs/Gordon-Loeb%2003%20NSA_presentation.pdf [Economic aspects]
http://www.rainbow.com/library/8/EconomicsAspectsOfInformationSecurity.pdf [Contact authors for extra material]
http://www.cio.com/archive/021502/security.html
http://www.cio.com/archive/021502/security_sidebar.html
http://imailab-www.iis.u-tokyo.ac.jp/Members/kanta/CEF2003.pdf
http://www.whitehouse.gov/omb/inforeg/infopoltech.html [Spending]
http://www.eecs.harvard.edu/~stuart/papers/thesis.pdf [PhD thesis]
http://citeseer.ist.psu.edu/578826.html
http://ideas.repec.org/s/sce/scecf3.html
http://www.umiacs.umd.edu/partnerships/ltsdocs/Gordon-Loeb%2003%20NSA_presentation.pdf
http://www.umiacs.umd.edu/docs/umiacspresentation.pdf
http://www.financetech.com/utils/printableArticle.jhtml?articleID=18901266
http://www.secure-biz.net/Spring2004/speaker_presentation/Lawrence%20Gordon.ppt
http://www.secure-biz.net/Spring2004/presentations.htm
http://www.cpppe.umd.edu/rhsmith3/agenda.htm [2nd Annual Workshop]
http://www.dtc.umn.edu/weis2004/agenda.html [3rd Annual Workshop]
http://www.fsl.cs.sunysb.edu/docs/cost-acm_ccs/acm_ccs.html
http://students.depaul.edu/~gmahjub/ [THESIS DRAFT]
http://www.computerworld.com/managementtopics/roi/story/0,10801,83450,00.html
http://www.securityfocus.com/infocus/1608 [ROI of IDS]
http://www.nai.com/us/promos/corp/article2.asp [ROI of IDS]
http://www.continuitycentral.com/news0312.htm [IDS Market Failure]
ROIT White Paper [Return on Information Technology]
Economics of Cyber Crime [NPV approach]
http://www.oict.nsw.gov.au/content/7.1.15.ROSI.asp
http://www.corsaire.com/articles/030317-rosi.html
http://comment.cio.com/talkback/021502.html [ROSI]
http://www.software602.com/products/ls/roi.html [ROI for Spam]
Vulnerability and Information Security Investment [Interesting Empirical Proof]
http://www.cimu.gov.mt/htdocs/content.asp?c=764 [Dr. Albert Caruana, CIMU]
http://news.com.com/2010-1071-966448.html [Is IT Overspending in Security?]
http://www.sims.berkeley.edu/~hal/Papers/mattioli/mattioli.pdf
http://comment.cio.com/comments/8408.html
http://keith.mccammon.org/docs/loss_expectancy.php
http://comment.cio.com/comments/8408.html
http://citeseer.ist.psu.edu/george98practical.html [Assurance, mention of ALE]
http://citeseer.ist.psu.edu/392822.html
http://www.cccure.org/Documents/HISM/229-230.html
http://www.linuxjournal.com/article.php?sid=5567
http://www.riskinfo.com/cyberisk/Watersupply/SCADA-thesis.html [Origin of ALE???]
http://csrc.nist.gov/publications/fips/fips31/fips31.pdf [First mention of ALE]
http://www.cs.kau.se/~albin/Documents/F18-RiskAnalysis.pdf
http://www.spybusters.com/SS0202.html
http://www.drj.com/new2dr/w3_030.htm
http://linuxsecurity.org/feature_stories/feature_story-98.html [Good article]
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
http://www.securitymetrics.org/content/
http://www.foundstone.com/resources/downloads/webcast-121903/Developing_Security_Risk_Metrics.pdf [DONE]
http://www.netcordia.com/tools/whitepapers.html
http://www.notablesoftware.com/Papers/SecCost.html
http://www.itl.nist.gov/fipspubs/fip191.htm
http://infosecuritymag.techtarget.com/articles/1999/enough.shtml [Budgets]
http://infosecuritymag.techtarget.com/articles/1999/chart2.shtml [Expenditure]
http://www.cic.uiuc.edu/groups/ITSecurityWorkingGroup/archive/Report/ICAMPReport2.pdf
http://www.counterstrike.com/sscostjs.html [Very good link]
http://www.siemens-consultsupport.com/en/archive/ci/2003_04/coninf_iv_06.htm [Excellent link]
http://citeseer.ist.psu.edu/camp00pricing.html
http://citeseer.ist.psu.edu/577738.html
http://citeseer.ist.psu.edu/schechter02quantitatively.html
http://citeseer.ist.psu.edu/578826.html
http://infosecuritymag.techtarget.com/2002/aug/securitymarket.shtml
http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2004.pdf
http://www.csoonline.com/csoresearch/report35.html
http://www.security-survey.gov.uk/
http://www.cs.um.edu.mt/~csaw/Proceedings/00.pdf [Very Recent Survey re: e-commerce]
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss486_art1005,00.html [Comparison of antivirus suppliers support]
http://www.pbs.org/wgbh/pages/frontline/shows/hackers/risks/csi-fbi2000.pdf [FBI Survey]
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
http://www.stormingmedia.us/74/7426/A742604.html
http://www.tisp.org/files/pdf/criticalinfreport.pdf [Critical Infrastructure]
http://www.ecommercetimes.com/perl/section/security/ [Security in e-commerce]
http://www.giac.org/practical/GSEC/Jeff_Herbert_GSEC.pdf
http://www.giac.org/practical/GSEC/Anna_Smears_GSEC.pdf
http://www.dmst.aueb.gr/dds/pubs/jrnl/1999-IMCS-Soft-Risk/html/soho.html
http://www.cio.com.au/index.php?id=119118373&fp=2&fpid=2%20
http://www.cisco.com/global/DK/docs/print/sikkerhedsseminar_2003_idc.pdf [Security & SME]
http://www.securityfocus.com/infocus/1777
http://www.economist.com/surveys/displayStory.cfm?story_id=1389553 [See other links in page]
http://www.kevinmitnick.com/news-030300-senatetest.html
http://www.humanfirewall.org/default.asp [Human Firewall]
http://www.humanfirewall.org/SMIReport/SMIReport2003.pdf [Survey]
http://ted.see.plym.ac.uk/nrg/presentations/Security_Training.htm [Awareness]
http://news.com.com/2009-1001-843375.html
http://www.computer.org/security/V2n5/gei.htm [Usability]
http://infosecuritymag.techtarget.com/articles/1999/buck.shtml [Salaries]
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
http://www.information-security-policies-and-standards.com/download.htm
http://crpit.com/confpapers/CRPITV21AFung.pdf
http://www.e-mountaincorp.com/securitylinks.html
http://www.itgovernance.co.uk/page.home
http://www.theiia.org/eSAC/pdf/BLG0331.pdf
http://www.isaca.org.pl/PIR/POLCACS2001/williams1_eng.pdf
http://infosecuritymag.techtarget.com/2002/mar/iso17799.shtml
http://www.dti-bestpractice-tools.org/healthcheck/
http://www.itsmf.org.za/Presentations/CobiT%20ITIL%20and%20BS7799.pdf
http://www.all.net/books/audit/bs7799.html
http://www.riskwatch.com/index.php?option=com_content&task=view&id=32&Itemid=53
http://www.securityrisk.co.uk/bs7799/cobdown.htm
http://www.infosyssec.net/infosyssec/secpol1.htm
http://www.giac.org/practical/GSEC/Marc_Vaughan_GSEC.pdf
http://emea.bsi-global.com/InformationSecurity/Overview/WhatisanISMS.xalter
http://www.securityauditor.net/iso17799/
http://www.dnv.no/Binaries/BS7799_brochure_tcm28-9012.pdf
http://www.netlab.hut.fi/opetus/s38153/k2004/Lectures/ISO17799L_Overview_TKK.pdf
http://assetz.com/AssetzConsulting/dloads/BS7799_CRAMM_Explained_Assetz11-02.pdf
http://www.gammassl.co.uk/bs7799/The%20Newly%20Revised%20Part%202%20of%20BS%207799ver3a.pdf
http://www.hkcert.org/ppt/event106/isms.pdf
http://www.sans.org/score/checklists/ISO_17799_checklist.pdf
http://www.pelttech.com/issa/Preparing%20for%20ISO%2017799.pdf
http://www.lucent.com/livelink/209341_Whitepaper.pdf
http://www.software.org/pub/externalpapers/UnderstandingISO17799.pdf
http://www.software.org/pub/externalpapers/UsingISO17799.pdf
http://www.itsc.org.sg/standards_news/2003-03/introduction_to_ISMSWG_status_update.pdf
http://www.imonline.co.uk/aboutthefirm/downloads/pages_from_BG_review_march_04.pdf
http://www.netegrity.com/PDFS/REGULATORY/BS7799%20Sheet.PDF
http://www.guidancesoftware.com/corporate/whitepapers/downloads/ISO17799.pdf
http://www.phi-solutions.com/documents/ISO17799_SSE_CMM_comparison.pdf
http://www.iso-17799.com/evaluate.htm
http://www.itsc.org.sg/synthesis/2001/itsc-synthesis2001-thowchang-siewmun-alvinfoo-isms.pdf
http://documents.iss.net/marketsolutions/ISOMatrix.pdf
http://www.oecd.org/document/42/0,2340,en_2649_34255_15582250_1_1_1_1,00.html
http://www.oecd.org/dataoecd/16/22/15582260.pdf [latest OECD guidelines]
http://www.oecd.org/document/19/0,2340,en_2649_34255_1815059_1_1_1_1,00.html [Original OECD guidelines]
http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html [1980 OECD guidelines]
http://webdomino1.oecd.org/COMNET/STI/IccpSecu.nsf?OpenDatabase [OECD - Towards a culture of security]
http://europa.eu.int/eur-lex/en/com/cnc/2001/com2001_0298en01.pdf
http://europa.eu.int/information_society/eeurope/2005/doc/all_about/csirt_handbook_v1.pdf
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
http://www.cl.cam.ac.uk/users/gd216/redblue.pdf
http://www.redcar-cleveland.gov.uk/pdf/Data-Protection.pdf
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
http://csrc.nist.gov/CryptoToolkit/dss/ecdsa/NISTReCur.pdf [Elliptical Curves]
http://news.com.com/2100-7345-5180510.html?part=dht&tag=ntop [XML]
http://www.infoworld.com/article/04/02/16/07NNforum_1.html [XML Firewall]
http://www.nwfusion.com/newsletters/dir/2004/0614id1.html
http://www.itsecurity.com/asktecs/may901.htm
http://www.net-security.org/press.php?id=1805
http://www.scanalert.com/Technical
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns413/networking_solutions_package.html
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
http://www.economist.com/science/tq/displayStory.cfm?story_id=1841081
http://www.cesg.gov.uk/ [Information assurance]
OPEN SOURCE
http://www.cl.cam.ac.uk/ftp/users/rja14/toulousebook.pdf
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
ASSETS
http://unix.knowledgestorm.com/ksunix/search/viewabstract/70569/index.jsp [Protecting Enterprise Information Assets]
https://www.nascio.org/washwatch/FlyIn07-03.pdf [Protecting Government's Information Assets]
http://www.sans.org/rr/whitepapers/basics/594.php [Protection of Information Assets]
FAILURE/VULNERABILITIES
http://www.cl.cam.ac.uk/users/rja14/wcf.html
http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-471.pdf
http://www.research.att.com/~smb/papers/ipext.pdf [TCP/IP]
http://www.deter.com/unix/papers/dragons_bellovin.pdf [Tools]
http://www4.gartner.com/ps/asset_61048_1535.jsp
http://www.tracking-hackers.com/papers/berferd.pdf
THREATS
http://www.securityfocus.com/infocus/1768 [SQL injection]
http://www.all.net/journal/ntb/cause-and-effect.html [Threats, Attacks]
INSIDER THREATS
http://www.symantec.com/region/reg_ap/smallbiz/library/insider.html
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
INTERNATIONAL SECURITY
http://artilect.org/altman/moy.pdf [Information Warfare]
http://www.dodccrp.org/publications/pdfs.htm [Ultra Important - Information Warfare]
http://www.mors.org/meetings/oa_nco/oa_bibliography.htm
http://www.fas.org/irp/congress/1996_hr/s960605l.htm
e-GOVERNMENT
http://www.integralis.com/downloads/english/case_studies/southampton.pdf
EU
http://www.eema.org/static/isse/index.htm#
http://www.euractiv.com/cgi-bin/cgint.exe?204&OIDN=1507413&-tt=me
http://www.eubusiness.com/imported/2002/12/98660
http://europa.eu.int/comm/enterprise/ict/studies/publications.htm
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
BOOKS AND RESOURCES
http://www.cccure.org/modules.php?name=Downloads
http://www.econbooks.com/Against_the_Gods_The_Remarkable_Story_of_Risk_0471295639.html [Risk]
http://www.ams.org/notices/199901/rev-zabell.pdf [Risk]
http://www.net-security.org/dl/newsletter/pdf/issue184.pdf [Links]
Papers to Obtain
http://www.cpppe.umd.edu/rhsmith3/papers/Final_session2_cavusoglu.raghunathan.mishra.pdf
http://www.cpppe.umd.edu/rhsmith3/papers/Final_session2_farahmand.navathe.sharp.enslow.pdf
http://www.cpppe.umd.edu/rhsmith3/papers/Final_session7_galor.ghose.pdf
http://www.rainbow.com/library/8/EconomicsAspectsOfInformationSecurity.pdf
Orlikowski, W.J. & Baroudi, J.J. "Studying Information Technology in Organizations: Research Approaches and Assumptions", Information Systems Research (2) 1991, pp. 1-28.
http://portal.acm.org/citation.cfm?id=35201&coll=portal&dl=GUIDE [Case Study research]
http://www.misq.org/archivist/vol/no27/Issue4/Dube.html [Case Study research]
http://harvardbusinessonline.hbsp.harvard.edu/b01/en/common/item_detail.jhtml;jsessionid=IKYV1NU1GFUOOCTEQENR5VQKMSARUIPS?id=5933&referral=8835&_requestid=10132 [Balanced Score Card]
http://www.sciamdigital.com/browse.cfm?sequencenameCHAR=item2&methodnameCHAR=resource_getitembrowse&interfacenameCHAR=browse.cfm&ISSUEID_CHAR=07C2E454-8DC1-46F7-BE85-4068FD11960&ARTICLEID_CHAR=0214DB35-E43D-4BD4-8E92-621BC11A4ED&sc=I100322 [How Computer Security Works]
CAREERS
http://www2.norwich.edu/mkabay/infosecmgmt/careers.pdf
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
http://www.cfoweb.com.au/stories/19990601/5500.asp
http://www.paladion.net/resources/in_the_news/standards_information_security.htm
http://itknowledgebank.idg.com.hk/data/detail?id=1048530273_810&type=RES&src=TRM_TOPN
http://www.entiretyservices.com/Security%20White%20Paper.pdf
http://www.express-computer.com/20020506/security.shtml
http://www.gartner.com/DisplayDocument?doc_cd=102488
http://techrepublic.com.com/5100-6298-5078279.html
http://discovery.bits-pilani.ac.in/dlpd/courses/ec1/sszg513.pdf
QUICK LINKS: Basics | Risk | ROI/ALE | Data | Contexts | Policies &Guidelines | Privacy | Methods | Assurance | Corporate (Model) | External | Publications
[NEXT: Economist Intelligence Unit, Managing Business Risks in the Information Age (New York:
The Economist Intelligence Unit, Ltd., 1998).]