R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databases. In VLDB, pages 143-154, 2002.
Y. Asnar, P. Giorgini, F. Massacci, and N. Zannone. From trust to dependability through risk analysis. In Proc. of ARES'07. IEEE Press, 2007.
Basel Committee on Banking Supervision. International convergence of capital measurement and capital standards, June 2006.
S. M. Bellovin. On the brittleness of software and the infeasibility of security metrics. IEEE Security & Privacy, 4(4):96, July-August 2006.
P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone. Requirements engineering for trust management: Model, methodology, and reasoning. IJIS, 5(4):257-274, 2006.
M. Hafner, M. Breur, R. Breu, and A. Nowak. Modelling inter-organizational workflow security in a peer-to-peer environment. In Proceedings of the IEEE International Conference on Web Services, pages 533-540, Los Alamitos, CA, USA, 2005. IEEE Computer Society.
K. W. Hamlen, G. Morrisett, and F. B. Schneider. Computability classes for enforcement mechanisms. TOPLAS, 28(1):175-205, 2006.
M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter. A Policy Language for Distributed Usage Control. In Proc. ESORICS, pages 531-546, 2007.
International Systems Security Engineering Association. Systems Security Engineering - Capability Maturity Model, 2009. http://www.sse-cmm.org/index. html. Last document upload 2002.
ISACA. Cobit. www.isaca.org/cobit/, 2008.
IT Governance Institute. IT Control Objectives for BASEL II. The important of Goverance and Risk Management for Complience, 2007.
A. Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison-Wesley Professional, 2007.
Y. Karabulut, F. Kerschbaum, F. Massacci, P. Robinson, and A. Yautsiukhin. Security and trust in it business outsourcing: a manifesto. In Pro, of STM'06, ENTCS. Elsevier, 2006.
G. Karjoth, B. Pfitzmann, M. Schunter, and M. Waidner. Service-oriented Assurance - Comprehensive Security by Explicit Assurances. In Proc. of QoP'05, 2005.
K. Krukow, M. Nielsen, and V. Sassone. A framework for concrete reputation systems with applications to history based access control. In Proc. of CCS'05, 2005.
J. Ligatti, L. Bauer, and D. Walker. Edit Automata: Enforcement Mechanisms for Run-time Security Policies. Int. J. of Inform. Sec., 4(1-2):2-16, February 2005.
G. McGraw, B. Chess, and S. Migues. The building security in maturity model. http://www.bsi-mm.com/, June 2009.
N. Nagappan, T. Ball, and A. Zeller. Mining metrics to predict component failures. In Proceedings of the 27th International Conference on Software Engineering, New York, New York, USA, May 2005. ACM Press.
C. of Sponsoring Organizations. Coso internal control-integrated framework. www.sox-online.com/coso-2004-coso-framework.html, 2004.
J. Park and R. Sandhu. The UCON ABC Usage Control Model. ACM Transactions on Information and Systems Security, 7:128-174, 2004.
P. Samarati and S. D. C. di Vimercati. Access Control: Policies, Models, and Mechanisms. In FOSAD 2001/2002, volume 2946 of LNCS, pages 137-196. Springer-Verlag, 2001.
A. Schaad and J. Moffett. Delegation of Obligations. In Proc. of POLICY'02, pages 25-35. IEEE Press, 2002.
A. Shostack and A. Stewart. The New School of Information Security. Addison-Wesley Professional, 2008.
Software Engineering Institute. Capability Maturity Model Integration, 2009. http://www.sei.cmu.edu/cmmi/.
United States Code. Sarbanes-oxley act of 2002, pl 107-204, 116 stat 745. Codified in Sections 11, 15, 18, 28, and 29 USC, July 2002.
J. Wainer, P. Barthelmess, and A. Kumar. W-rbac: A workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems, 12(4):455-485, 2003.