Literature
BASEL II
Basel Committee on Banking Supervision, Risk Management Principles for Electronic Banking, May 2001
[ http://www.bis.org ]
CC
ISO/IEC 15408-1:2005, Information technology - Security techniques - Evaluation criteria for IT security
[ http://www.iso.ch ]
Cobit
CobiT, Control Objectives for Information and related Technology, IT Governance Institute
[ http://www.isaca.org ]
EBIOS
Expression of Needs and Identification of Security Objectives PREMIER MINISTRE Secrétariat général de la défense nationale Direction centrale de la sécurité des systèmes d’information Sous-direction des opérations Bureau conseil
[ http://www.ssi.gouv.fr ]
Emerging Risk ENISA
ENISA Study on Emerging Risks: Security and Privacy Risks in Future IT (provisional title), ENISA, to appear in 2006
Emerging Risk IPTS
Final Report – Future Threats and Crimes In An Ambient Intelligent Everyday Environment, Dr J R Walton, 2005, supplied by QinetiQ and Transcrime for JRC / IPTS
[ http:// www.jrc.es ]
ENISA Regulation
REGULATION (EC) No 460/2004 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 10 March 2004 establishing the European Network and Information Security Agency
[ http://www.enisa.europa.eu ]
ENISA-BSI WS
“ENISA-BSI Information Security Management Days”, Bonn, Germany 10/11/2005
ENISA-WG
ENISA ad hoc Working Group on technical and policy aspects of Risk Assessment and Risk Management, June 2005 – March 2006
[ http://enisa.europa.eu/act/rm/working-group/wg-rmra-2005-2006 ]
Guide 73
ISO/IEC Guide 73:2002, Risk management - Vocabulary - Guidelines for use in standards
[ http://www.iso.ch ]
HAZOP
Neil Storey: Safety-critical computer systems; Addison-Wesley, 1996
ISO 13335-2
ISO/IEC TR 13335-2:1997, Information technology - Guidelines for the management of IT Security -
Part 2: Managing and planning IT Security
[ http://www.iso.ch ]
ISO 17799
ISO/IEC 17799:2005, Information technology - Security techniques - Code of practice for information security management
[ http://www.iso.ch ]
IT-Grund
BSI-Standard 100-1, 100-2, 100-3 BSI-Empfehlungen des zu Methoden, Prozessen und Verfahren sowie Vorgehensweisen und Maßnahmen mit Bezug zur Informationssicherheit
[ http://www.bsi.de ]
ITIL
IT Infrastructure Library, OGC – Office of Government Commerce, also released as:
ISO/IEC 20000:2005, Information technology - Service management
[ htpp://www.iso.ch ]
ITSEC
Information Technology Security Evaluation Criteria (ITSEC), Luxembourg: Office for Official Publications of the European Communities, 1991
[ http://www.ssi.gouv.fr/site_documents/ITSEC/ITSEC-uk.pdf ]
NIST
G. Stonebumer, A. Goguen, A Fringa, Risk Management Guide for Information Technology Systems, Recommendations of the National Institute of Standards and Technology, July 2002
OCTAVE
OCTAVE Method Implementation Guide Version 2.0, Carnegie Mellon University, June 2001
[ http://www.cert.org/octave ]
Ricchiuto
Arcangelo Ricchiuto, Diploma work: “ITIL and Risk Management process integration”, University of Applied Sciences Cologne, July 2005 (available in German)
RM-Article
Colin Dixon, CWSecurity Professionals, User Groups, How information risk management underpins good corporate governance, Monday 1st August 2005
[ http://www.computerweekly.com/articles/plist.aspx?NavigationID=203&sID=3100033 ]
SIZ-DE
SIZ Sicherer IT- Betrieb, Framework for security of the German Savings Banks Organization, 2006
[ http://www.siz.de/siz-produkte/sicherheitstechnologie/sicherer_it-betrieb/index.htm ]
SIZ-PP
Schutzprofil SIZ-PP, Schutzprofil Sicherheit für IT-Gesamtsysteme der Finanzdienstleister, SIZ-GbmH, Bonn, 1998/99/2000
[ http://www.bsi.de/zertifiz/zert/reporte/pp0001a.pdf ]
SOX
Sarbanes-Oxley Act of 2002, H.R. 3763, An Act to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes, 23 January 2002
[ http://www.sarbanes-oxley-act.biz/SarbanesOxleyAct.htm ]
WG-Deliverable 1
ENISA ad hoc working group on risk assessment and risk management, Inventory of risk assessment and risk management methods, Deliverable 1, Final version, Version 1.0, 2006
[ http://enisa.europa.eu/act/rm/files/deliverables/inventory-of-risk-assessment-and-risk-management-methods ]
WG-Deliverable 2
ENISA ad hoc working group on risk assessment and risk management, Risk Assessment and Risk Management Methods: Information Packages for Small and Medium Sized Enterprises (SMEs) Deliverable 2, Final version, Version 1.0, 2006
[ ... ]
WG-Deliverable 3
ENISA ad hoc working group on risk assessment and risk management, Road map, Deliverable 3, Final version, Version 1.0, 2006
[ ... ]