Andress, Mandy: Surviving Security: How to Integrate People, Process, and Technology. Security Policies and Procedures. Sams. July 2001. ISBN: 0672321297
Carnegie Mellon Software Engineering Institute. “Operationally Critical Threat, Asset, and Vulnerability Evaluation.” http://www.sei.cmu.edu/publications/documents/99.reports/99tr017/99tr017abstract.html
CIT. “Security Policies, Guidelines, and Regulations.” http://irm.cit.nih.gov/security/sec_policy.html
ISO. “Information Technology—Code of practice for Information Security Management.” http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=33441&ICS1=35&ICS2=40&ICS3=
ISS. “Xforce Professional Security Services.” http://www.iss.net/products_services/professional_services ...