References
- Appari, A., & Johnson, M. E. (2010). Information security and privacy in healthcare: Current state of research. International Journal of Internet and Enterprise Management, 6(4), 279. https://doi.org/https://doi.org/10.1504/ijiem.2010.035624
- Breier, J., & Hudec, L. (2011). Risk analysis supported by information security metrics. Proceedings of the 12th International Conference on Computer Systems and Technologies, Vienna, Austria, 393–398. https://doi.org/https://doi.org/10.1145/2023607.2023673
- Brotby, K. W. (2006). Information security governance guidance for boards of directors and executive management (2nd ed.). The IT Governance Institute.
- Center for Internet Security. (2010). The CIS security metrics. The Center for Internet Security, 1.1.0(28), 175. http://benchmarks.cisecurity.org/
- Goel, S., & Chengalur-Smith, I. N. (2010). Metrics for characterizing the form of security policies. Journal of Strategic Information Systems, 19(4), 281–295. https://doi.org/https://doi.org/10.1016/j.jsis.2010.10.002
- Hinson, G., & Brotby, K. W. (2012). PRAGMATIC security metrics: Applying metametrics to information security. CRC Press.
- ISO 27000 Definitions. (n.d.). Praxiom Research Group Limited. http://www.praxiom.com/iso-27000-definitions.htm
- Key Elements of Information Security Policy. (n.d.). Infosec Resources. http://resources.infosecinstitute.com/key-elements-information-security-policy/#gref
- Kitchenham, B. (2004). Procedures for performing systematic reviews. Keele, UK, Keele University, 33(TR/SE–0401), 28.
- Kolomeec, M., Gonzalez-Granadillo, G., Doynikova, E., Chechulin, A., Kotenko, I., & Debar, H. (2017). Choosing models for security metrics visualization. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). https://doi.org/https://doi.org/10.1007/978-3-319-65127-9_7
- Le, N. T., & Hoang, D. B. (2017). Capability maturity model and metrics framework for cyber cloud security. Scalable Computing, 18(4), 277-290. https://doi.org/https://doi.org/10.12694/scpe.v18i4.1329
- Pironti, J. P. (2010). Developing an information security and risk management strategy. ISACA JOURNAL, 2(1), 1-8. https://www.isaca.org/resources/isaca-journal/past-issues/2010/developing-an-information-security-and-risk-management-strategy
- Security Policies and Standards. (n.d.). The New School. http://www.newschool.edu/information-technology/security/policies-and-standards/
- Siponen, M., Pahnila, S., & Mahmood, M. A. (2010). Compliance with information security policies: An empirical investigation. Computer, 43(2), 64–71. https://doi.org/https://doi.org/10.1109/MC.2010.35
- Slayton, R. (2015). Measuring risk: Computer security metrics, automation, and learning. IEEE Annals of the History of Computing, 37(2), 32–45. https://doi.org/https://doi.org/10.1109/MAHC.2015.30
- Standards vs Policies. (n.d.). TechTarget. http://searchsecurity.techtarget.com/answer/Standards-vs-policies
- Subramanian, S. (2011). Measure and monitor application security. ISACA JOURNAL, 4(1), 38-40. https://www.isacabogota.org/wp-content/uploads/2018/03/isacajournaljournal2011vol4-dl.pdf
- Tøndel, I. A., Line, M. B., & Jaatun, M. G. (2014). Information security incident management: Current practice as reported in the literature. Computers and Security, 45, 42–57. https://doi.org/https://doi.org/10.1016/j.cose.2014.05.003
- Volchkov, A. (2013). How to measure security from a governance perspective. ISACA JOURNAL, 5(1), 44–51. https://www.isaca.org/resources/isaca-journal/past-issues/2013/how-to-measure-security-from-a-governance-perspective
- Winkler, U., Fritzsche, M., Gilani, W., & Marshall, A. (2010). A model-driven framework for process-centric business continuity management. Proceedings - 7th International Conference on the Quality of Information and Communications Technology, QUATIC 2010,Porto, Portugal. https://doi.org/https://doi.org/10.1109/QUATIC.2010.46