Agence nationale de la sécurité des systèmes d'information (2010):
EBIOS 2010 – Expression of Needs and Identification of Security Objectives.
In French.
H. Birkholz, S. Edelkamp, F. Junge & K Sohr (2010):
Efficient automated generation of attack trees from vulnerability databases.
International Organization for Standardization (2009):
ISO 31000 – Risk management – Principles and guidelines.
International Organization for Standardization / International Electrotechnical Commission (2005):
ISO/IEC 27001 – Information technology – Security techniques – Information security management systems – Requirements.
Barbara Kordy, Ludovic Pietre-Cambacedes & Patrick Schweitzer (2013):
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees.
CoRR abs/1303.7397.
Available at http://arxiv.org/abs/1303.7397.
Axel Van Lamsweerde, Simon Brohez, Renaud De Landtsheer & David Janssens (2003):
From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering.
In: Proc. of RHASÕ03,
pp. 49–56.
R. Lippmann & K. Ingols (2005):
An annotated review of past papers on attack graphs.
Technical Report ESC-TR-2005-054.
MIT Lincoln Laboratory.
Amenaza Technologies Ltd.:
SecurITree, Attack tree modelling.
Available at http://www.amenaza.com/.
Stéphane Paul & Olivier Delande (2011):
Integrability of design modelling solution.
SecureChange FP7 project deliverable D4.4b.
Stéphane Paul, Raphael Vignon-Davillier, Quentin Guil, Mickael Malka & André Leblond (2013):
Understanding attack trees in the context of security risk assessment studies: a state of the art.
Thales technical report.
Thales Research & Technology.
Industry-in-confidence.
W. Pieters, T. Dimkov & D. Pavlovic (2013):
Security Policy Alignment: A Formal Approach.
IEEE Systems Journal 7(2),
pp. 275–287,
doi:10.1109/JSYST.2012.2221933.