Literature

Published under Risk Management

BASEL II

Basel Committee on Banking Supervision, Risk Management Principles for Electronic Banking, May 2001
[ http://www.bis.org ]

CC

ISO/IEC 15408-1:2005, Information technology - Security techniques - Evaluation criteria for IT security
[ http://www.iso.ch ]

Cobit

CobiT, Control Objectives for Information and related Technology, IT Governance Institute
[ http://www.isaca.org ]

EBIOS

Expression of Needs and Identification of Security Objectives PREMIER MINISTRE Secrétariat général de la défense nationale Direction centrale de la sécurité des systèmes d’information Sous-direction des opérations Bureau conseil
[ http://www.ssi.gouv.fr ]

Emerging Risk ENISA

ENISA Study on Emerging Risks: Security and Privacy Risks in Future IT (provisional title), ENISA, to appear in 2006

Emerging Risk IPTS

Final Report – Future Threats and Crimes In An Ambient Intelligent Everyday Environment, Dr J R Walton, 2005, supplied by QinetiQ and Transcrime for JRC / IPTS
[ http:// www.jrc.es ]

ENISA Regulation

REGULATION (EC) No 460/2004 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 10 March 2004 establishing the European Network and Information Security Agency
[ http://www.enisa.europa.eu ]

ENISA-BSI WS

“ENISA-BSI Information Security Management Days”, Bonn, Germany 10/11/2005

ENISA-WG

ENISA ad hoc Working Group on technical and policy aspects of Risk Assessment and Risk Management, June 2005 – March 2006
[ http://enisa.europa.eu/act/rm/working-group/wg-rmra-2005-2006 ]

Guide 73

ISO/IEC Guide 73:2002, Risk management - Vocabulary - Guidelines for use in standards
[ http://www.iso.ch ]

HAZOP

Neil Storey: Safety-critical computer systems; Addison-Wesley, 1996

ISO 13335-2

ISO/IEC TR 13335-2:1997, Information technology - Guidelines for the management of IT Security -
Part 2: Managing and planning IT Security
[ http://www.iso.ch ]

ISO 17799

ISO/IEC 17799:2005, Information technology - Security techniques - Code of practice for information security management
[ http://www.iso.ch ]

IT-Grund

BSI-Standard 100-1, 100-2, 100-3 BSI-Empfehlungen des zu Methoden, Prozessen und Verfahren sowie Vorgehensweisen und Maßnahmen mit Bezug zur Informationssicherheit
[ http://www.bsi.de ]

ITIL

IT Infrastructure Library, OGC – Office of Government Commerce, also released as:
ISO/IEC 20000:2005, Information technology - Service management
[ htpp://www.iso.ch ]

ITSEC

Information Technology Security Evaluation Criteria (ITSEC), Luxembourg: Office for Official Publications of the European Communities, 1991
[ http://www.ssi.gouv.fr/site_documents/ITSEC/ITSEC-uk.pdf ]

NIST

G. Stonebumer, A. Goguen, A Fringa, Risk Management Guide for Information Technology Systems, Recommendations of the National Institute of Standards and Technology, July 2002

OCTAVE

OCTAVE Method Implementation Guide Version 2.0, Carnegie Mellon University, June 2001
[ http://www.cert.org/octave ]

Ricchiuto

Arcangelo Ricchiuto, Diploma work: “ITIL and Risk Management process integration”, University of Applied Sciences Cologne, July 2005 (available in German)

RM-Article

Colin Dixon, CWSecurity Professionals, User Groups, How information risk management underpins good corporate governance, Monday 1st August 2005
[ http://www.computerweekly.com/articles/plist.aspx?NavigationID=203&sID=3100033 ]

SIZ-DE

SIZ Sicherer IT- Betrieb, Framework for security of the German Savings Banks Organization, 2006
[ http://www.siz.de/siz-produkte/sicherheitstechnologie/sicherer_it-betrieb/index.htm ]

SIZ-PP

Schutzprofil SIZ-PP, Schutzprofil Sicherheit für IT-Gesamtsysteme der Finanzdienstleister, SIZ-GbmH, Bonn, 1998/99/2000
[ http://www.bsi.de/zertifiz/zert/reporte/pp0001a.pdf ]

SOX

Sarbanes-Oxley Act of 2002, H.R. 3763, An Act to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes, 23 January 2002
[ http://www.sarbanes-oxley-act.biz/SarbanesOxleyAct.htm ]

WG-Deliverable 1

ENISA ad hoc working group on risk assessment and risk management, Inventory of risk assessment and risk management methods, Deliverable 1, Final version, Version 1.0, 2006
[ http://enisa.europa.eu/act/rm/files/deliverables/inventory-of-risk-assessment-and-risk-management-methods ]

WG-Deliverable 2

ENISA ad hoc working group on risk assessment and risk management, Risk Assessment and Risk Management Methods: Information Packages for Small and Medium Sized Enterprises (SMEs) Deliverable 2, Final version, Version 1.0, 2006
[ ... ]

WG-Deliverable 3

ENISA ad hoc working group on risk assessment and risk management, Road map, Deliverable 3, Final version, Version 1.0, 2006
[ ... ]

 

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more