Bibliografia

Principal

  • Gordon, Lawrence A. and Martin P. Loeb. Managing cybersecurity resources: a cost-benefit analysis, McGraw-Hill, 2006. Whitman, Michael E., and Herbert J. Mattord, Management of information security, 3rd Edition. Course Technology Ptr, 2010. Goodwin, Paul, and George Wright. Decision analysis for management judgment, 4th Edition. Wiley, 2009.:
  • Whitman, M., & Mattord, H. (2013). Management of information security. Cengage Learning.  Whitman, M., Mattord, H., & Green, A. (2013). Principles of incident response and disaster recovery. Cengage Learning.  Gordon, L. A., & Loeb, M. P. (2006). Managing cybersecurity resources: a cost-benefit analysis. New York: McGraw-Hill.  ISO/IEC 27005:2011, Information Technology, Security Techniques, Information Security Risk Management.  NP ISO 31000:2013, Gestão do risco:
  • Princípios e linhas de orientação. NIST, 2012, Guide for Conducting Risk Assessments - SP-800-30rev1, USA. NIST, 2012, Computer Security Incident Handling Guide -SP-800-61-Revision 2, USA. Guidelines ENISA.:

Secundária

  • Compilação de artigos científicos. - ISO 27005 Information Technology, Security Techniques, Information Security Risk Managementhttp://www.27000.org/iso-27005.htm - NP ISO 27001: 2013 (Norma Portuguesa) Information Technology, Security techniques, Information security management systems - NP ISO 31000: 2013 (Norma Portuguesa) Risk Management, Principles and Guidelineshttp://www.iso.org/iso/home/standards/iso31000.htm - Enisa (2012) Introduction to Return on Security Investment, European Network and Information Security Agency.www.enisa.europa.eu  - Ross, R. S. et al. (2012). Guide for Conducting Risk Assessments (NIST SP-800-30rev1). The National Institute of Standards and Technology (NIST), Gaithersburg.http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf - Gary Stoneburner, Alice Goguen and Alexis Feringa (2002) Risk Management-Guide for Information Technology Systems, NIST Special Publication 800-30, Recommendations of the National Institute of Standards and Technology http://www.security-science.com/pdf/risk-management-guide-for-information-technology-systems.pdf: