Alberts, C.J. & Dorofee, A.J. (June 2001). OCTAVE Method Implementation Guide Version 2.0. Carnegie Mellon University.
Alberts, C.J. & Dorofee, A.J. (June 2002). Managing Information Security Risks – The OCTAVE Approach. Pearson Education Ltd.
Baker & McKenzie. Global E-Commerce Law – Canada Security Legislation and Regulations. Available from: http://www.bmck.com/ecommerce/canada-s.htm#161 (Accessed 11 January 2004).
Baker & McKenzie. Global E-Commerce Security Law – US Federal Security Legislation and Regulations. Available from: http://www.bmck.com/ecommerce/fedlegis-s.htm (Accessed 11 January 2004).
Bjørn, A.G. (January 2002). CORAS, A Platform for Risk Analysis on Security Critical Systems – Model-based Risk Analysis Targeting Security. Presented at EWICS Symposium 22.01.2002. Available from: http://www.nr.no/coras (Accessed August 2003).
Cadbury,. The Committee on the Financial Aspects of Corporate Governance and Gee and Co. Ltd. (1992). The Financial Aspects of Corporate Governance. Gee.
Dimitrakos, T., Ritchie, B., Raptis, D. & Stølen, K. (2002). Model Based Security Risk Analysis for Web Applications: The CORAS Approach. EuroWeb 2002.
Insight Consulting. (2003). CRAMM Expert Walkthrough and Overview – Flash Presentation.
IT Governance Institute. (2001). Board Briefing on IT Governance. Available from: http://www.ITgovernance.org
IT Governance Institute. (July 2000). CobiT 3d Edition. The CobiT Steering Committee and the IT Governance Institute.
King Committee on Corporate Governance. (2002). King II Report – 2002. Institute of Directors (IOD), South Africa.
Labuschagne, L. (2003). Utilising the OCTAVE Methodology to Your Advantage by Reducing Information Security Risk and Vulnerability. Proceedings of the IT Risk Management Symposium (South Africa). Conducted by the Institute for International Research.
Parker, D.B. (2000). Why the Due Care security review method is superior to Risk Assessment. The Newsletter for Information Protection Professionals, Number 212, November 2000. Computer Security Institute.
Pritchard, S., Da Veiga, A. & KPMG International. (2003). CobiT – The New Frontier. Proceedings of the IT Risk Management Symposium (South Africa). Conducted by the Institute for International Research. Sarbanes-Oxley Act of 2002. (23 January 2002). United States Congress. (H.R. 3763).
Standards Australia. (1999). Risk Management – AS/NSW 4360:1999; Standards Australia/Standards New Zealand. The Institute of Chartered Accountants in England & Wales. (September 1999). Internal Control – Guidance for Directors on the Combined Code.