| Reference: | 參考文獻
英文部份:
[1] GAO, Information Security Risk Assessment Practices of Leading Organizations, GAO/AIMD-00-33, 1999
[2] ITSEC, Information Technology Security Evaluation Creiteria), Version 1.2, The European Commission, 1991
[3] Maiwald E., Network Security: A Buginner’s Guide, The McGraw-Hill Companies, Inc., 2001
[4] NIST, Risk Management Guide for Information Technology Systems, Special Publication 800-300, 2001
[5] OECD, OECD Guidelines for the Security of Information System and Networks: Toward a Culture of Security, 2002
[6] Peliter R. T., Information Security Risk Analysis, AUERBACH, 2001
[7] Rada R., HIPAA @ IT Reference: Health Information Transactions, Privacy, and Security, Hypermedia Solutions Limited, 2003
[8] Vesely W. E. and Goldberg F. F. and Roberts N. H., Fault Tree Handbook, University of Washington, 1981
[9] Bertino E., “Data Security,” Data & Knowledge Engineering 25, 1998
[10] BSI BS 7799-2, “Information Security Management-Part 2: Specification for Information Security Management Systems,” 2002
[11] Clements P. L., “Fault Tree Analysis,” JACOBS SVERDRUP, 4th Edition, 2002
[12] CSI/FBI, “Computer Crime and Security Survey,” 2002
[13] Faber Prof. M. F., “Logical Tree in Risk Analysis an Introduction,” 2001
[14] Fussel J.B. and Vesely W. E., “A New Methodology for Obtaining Cut Sets for Fault Trees,” American Nuclear Society Transactions, 1972
[15] Helmer G. et al., “A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System,” 2000
[16] Irvine C. and Levin T., “Toward a Taxonomy and Costing Method for Security Services,” 1999
[17] ISO/IEC TR13335-3, “Information Technology – Guidelines for the management of IT Security – Part3: Techniques for management of IT Security,” 1998
[18] Knorr K. and Rohrig S., “Security Requirements of E-Business Process,” 2001
[19] Moberg F., “Security Analysis of an Information System Using an Attack Tree-based Methodology”, 2000
[20] Olovsson T., “A Structured Approach to Computer Security,” 1992
[21] Opplgier R. and Hogrefe D., “Security Concepts for Corporate Networks,” 2002
[22] Wang C. and Wulf W., “Towards a Framework for Security Measurement,” 1995
[23] “Introduction to Security Risk Analysis and Security Risk Assessment,” http://www.security-risk-analysis.com/
中文部份:
[1] 中國國家標準,「CNS17799資訊技術-資訊安全管理之作業要點」,經濟部標準檢驗局印行,2002年12月
[2] 中國國家標準,「CNS17800資訊技術-資訊安全管理系統規範」,經濟部標準檢驗局印行,2002年12月
[3] 李乾銘,「可靠度技術的執行與策略」,財團法人中衛發展中心,2002年8月
[4] 張盛益、許美玲譯,「電腦安全的威脅與對策」,資訊工業策進會,1995年1月
[5] 鈴木順二郎、牧野鐵治、石坂茂樹著,先鋒可靠度研究小組譯,「FMEA、FTA實施法」,先鋒企業管理發展中心,2000年6月
[6] 鄧永基,「BS7799 part1 and part2-2002」,台北:BSiPacific台灣分公司,2002年
[7] 謝財源、張忠孝、鐘清章、邱柏松、王英一等譯,「可靠度管理手冊」,中華民國品質管制學會,1990年四月
[8] 古政元、蔡逢裕,「軟體開發之風險評估系統」,第三屆產業資訊管理暨新興科技學術研討會,2002年
[9] 林勤經、樊國楨、方仁威、徐士坦,「網際網路發展與應用環境之安全標準芻議」,國防通信電子及資訊季刊第2期,2002
[10] 葉明哲、廖耕億,「資訊系統風險分析方法之現況與展望」,第三屆產業資訊管理暨新興科技學術研討會,2002年
[11] 林雅惠,「FEMA與FTA技術於可靠度應用之研究」,國立台灣科技大學管理技術研究所工業管理學程碩士論文,1999年6月
[12] 曾淑惠,「以BS7799為基礎評估銀行業的資訊安全環境」,私立淡江大學資訊管理系碩士論文,2002年6月
[13] 劉永禮,「以BS7799資訊安全管理規範建構組織資訊安全風險管理模式之研究」,元智大學工業工程與管理研究所碩士論文,2002年6月 |
