• Gordon, Lawrence A. and Martin P. Loeb. Managing cybersecurity resources: a cost-benefit analysis, McGraw-Hill, 2006. Whitman, Michael E., and Herbert J. Mattord, Management of information security, 3rd Edition. Course Technology Ptr, 2010. Goodwin, Paul, and George Wright. Decision analysis for management judgment, 4th Edition. Wiley, 2009.:


  • Compilação de artigos científicos. - ISO 27005 Information Technology, Security Techniques, Information Security Risk Management - NP ISO 27001: 2013 (Norma Portuguesa) Information Technology, Security techniques, Information security management systems - NP ISO 31000: 2013 (Norma Portuguesa) Risk Management, Principles and Guidelines - Enisa (2012) Introduction to Return on Security Investment, European Network and Information Security  - Ross, R. S. et al. (2012). Guide for Conducting Risk Assessments (NIST SP-800-30rev1). The National Institute of Standards and Technology (NIST), Gaithersburg. - Gary Stoneburner, Alice Goguen and Alexis Feringa (2002) Risk Management-Guide for Information Technology Systems, NIST Special Publication 800-30, Recommendations of the National Institute of Standards and Technology