REFERENCES
- Butler , Shawn . . Security attribute evaluation method: A cost-benefit approach . Proceedings of the 24th International Conference on Software Engineering . May 19–25 2002 , Orlando, FL. pp. 232 – 240 . New York : ACM Press .
- Committee on National Security Systems (CNSS). (June 2006). National Information Assurance (IA) Glossary, Instruction No. 4009. Ft. Meade, MD: CNSS Secretariat http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf
- Colbert , Edward and Yu , Dani . . Costing secure systems workshop report.” . 21st International Forum on COCOMO and Software Cost Modeling . October 29–November 2 2006 , Herndon, VA. Los Angeles, CA : Center for Systems and Software Engineering .
- Cornford, Steven L., Feather, Martin S., & Hicks, Kenneth A. (2004). DDP—A tool for life-cycle risk management http://ddptool.jpl.nasa.gov/docs/f344d-slc.pdf
- Haimes , Yacov Y. 2004 . Risk Modeling, Assessment, and Management , 2nd , Hoboken, NJ : John Wiley and Sons, Inc .
- ISO/IEC 15026 (1998). Information Technology—System and Software Integrity Levels, International Standards Organization http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=26236
- ISO27001 Security, ISO/IEC 27034 Information technology—Security techniques—Guidelines for application security (draft). (2008). Retrieved May 2008 from http://www.iso27001security.com/html/27034.html
- Kaplan , Robert S. and Norton , David P. 1992 . The balanced scorecard: Measures that drive performance . Harvard Business Review , 7 ( 1 ) January–February : 71 – 79 .
- Lipson, Howard F., Mead, Nancy R., Moore, Andrew P. (2001). A Risk-Management Approach to the Design of Survivable COTS-Based Systems. http://www.cert.org/research/isw/isw2001/papers/Lipson-29-08-a.pdf
- McConnell, Steve. (2005). The business case for software development. Construx Software Builders Inc http://www.igda.org/qol/IGDA_2005_QoLSummit_Business-Case.pdf
- McGraw , Gary and Potter , Bruce . 2004 . Software security testing . IEEE Security and Privacy , 2 ( 5 ) : 81 – 85 .
- Mead, N. R. (2002). Survivable systems analysis method http://www.cert.org/archive/html/analysis-method.html
- Moore, James. (2007). Report on Standards Activities ISO/IEC JTC 1/SC 7 and SC 22 and associated IEEE activities. Presentation to Task Lead Strategy Session, Department of Homeland Security, December.
- National Security Agency (NSA). (2004). INFOSEC assessment methodology http://www.iatrp.com/iam.cfm
- Redwine , S. T. , Baldwin , R. O. , Polydys , M. L. , Shoemaker , D. P. , Ingalsbe , J. A. and Wagoner , L. D. October 2007 . Software Assurance: A Curriculum Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software , October , Washington, DC : Department of Homeland Security .
- Royce , W. W. . Managing the development of large software systems: Concepts and techniques . Proceedings WESCON . Los Alamitos, CA : IEEE Computer Society Press .
- Stoneburner, Gary, Goguen, Alice, & Feringa, Alexis. (2002). Risk Management Guide for Information Technology Systems (Special Publication 800-30). Gaithersburg, MD: National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
- U.S. General Accounting Office (GAO) . 1999 . Information Security Risk Assessment: Practices of Leading Organizations, A Supplement to GAO's May 1998 Executive Guide on Information Security Management , Washington, DC : U.S. General Accounting Office .