[1] CIO Magazine, Calculating Return on Security Investment, http://www.cio.com/archive/021502/security_sidebar.html,2002.
[2] CERT Statistics, http://www.cert.org/stats/cert_stats.html.
[3] Darrell M. West, Global E-Government Full Report, (HTML file), http://www.insidepolitics.org/egovt02int.html, 2002.
[4] David P. Gilliam, “Security Risks: Management and Mitigation in the Software Life Cycle”, Proceedings of the 13th IEEE International Workshops on Enabling Technologies,p.3,2004.
[5] D. Ferraiolo and R. Kuhn, “Role-based access control”, 15th NIST-NCSC National Computer Security Conference, 1992.
[6] Eric Maiwald, Network Security:A Beginner's Guide,2nd ed., McGraw-Hill, New York, 2004.
[7] Ernst & Yong LLP, Global Information Security Survey 2003, http://www.ey.com, 2003.
[8] Gary Stoneburner, Alice Goguen, Alexis, “Feringa Recommendations of the National Institute of Standards and Technology”,2002.
[9] ISO, ISO/IEC 13335-1:2004, Information technology — Security techniques — Management of information and communications technology security — Part1: Concepts and models for information and communications technology security management, 2004.
[10] ISO, ISO/IEC 17799:2005 – Information technology – Code of Practice for Information Security Management, 2005.
[11] ISO, ISO/IEC 27001 Information technology – Security techniques – Information Security Management Systems – Requirements, 2005.
[12] ISO/IEC Guide 73:2002, Risk management – Vocabulary – Guidelines for use in Standards, ISO, 2002.
[13] Karin Hone, J.H.P. Eloff, “Informaton Security Policy – What Do International Information Security Standards Say?”, Computers and Security, Volume 21, Number 5, pp.402-409, 2002.
[14] McDaniel, George, ed., IBM Dictionary of Computing, McGraw-Hill, New York, 1994.
[15] Microsoft Corporation, The Security Risk Management Guide, http://www.microsoft.com/technet/security/guidance/secrisk/default.mspx, 2004.
[16] U.S Symantec Corporation, IT Risk Management Report, Volume 1, February, pp.16-17, 2007.
[17] Wes Sonnenreich, Jason Albanese and Bruce Stout, “Return On Security Investment (ROSI): A Practical Quantitative Model”, International Workshop on Security in Information Systems WOSIS 2005, 2005.
[18] BS7799 導論,上海信息化培訓中心,http://www.information.sh.cn,2005.
[19] Datapro Research Corporation,中小型企業客製化資安維護系列專輯之七-資訊安全的最大威脅-人員安全,https://www.i-security.tw/topic/topic_sg.asp?id=29.
[20] ISO 27001資訊安全管理驗證服務SGS,http://www.tw.sgs.com/zh_tw/iso_27001_2005_information_security_management_system_certification?serviceId=10015755&lobId=27209.
[21] ISO/IEC TR 13335,資訊技術-資訊安全管理的指導原則,經濟部標準檢驗局,2002。
[22] Kaspersky Corporation,網路威脅,http://www.kaspersky.com.tw/.
[23] Microsoft Corporation,Windows Server Update Services (WSUS) 技術文件庫,http://technet2.microsoft.com/windowsserver/zh-cht/library.
[24] TANet 與資訊安全,賴溪松,http://crypto.ee.ncku.edu.tw.
[25] Trend Micro Corp,ESO Weekly Report for enterprise,2005.
[26] Trend Micro Corporation, OfficeScan Client/Server ,http://tw.trendmicro.com/tw/products/enterprise/officescan-client-server-edition.
[27] Trend Micro Corporation ,安全威脅資源中心,http://tw.trendmicro.com/tw/threats/vinfo/general/virus/.
[28] TWCERT,台灣電腦網路危機處理中心, http://www.cert.org.tw/about/.
[29] U. S CA Corporation,CA Global Security Advisor,http://www.ca.com/tw/.
[30] U. S McAfee Corporation,Global Threat Condition,http://www.mcafee.com/tw/.
[31] U.S Symantec Corporation ,網路風險指數,http://www.symantec.com/zh/tw.
[32] 行政院主計處,95 年資訊經費全年支出結構概況報告,http://www.dgbas.gov.tw/public/Attachment/792617263171.xls,2006。
[33] 行政院主計處,95 年遭遇資通安全事件概況報告,http://www.dgbas.gov.tw/public/Attachment/792617281371.xls,2006。
[34] 邱師璇, BS7799 加溫LA人員漸增,資安人科技網,http://www.isecutech.com.tw/feature/view.asp.
[35] 洪國興、趙榮耀,資訊安全管理理論之探討,資管評論,第12期,頁17-47,2002。
[36] 淡江大學資訊管理系,資訊安全,http://mail.im.tku.edu.tw/~yantsung/is.ppt.
[37] 陳兆祺,「導入BS7799 標準對建立資訊安全文化影響之經驗研究-以Y 公司為例」,大同大學資訊經營研究所碩士論文,2004。[38] 經濟部工業局,風險管理與風險評估概述,http://proj.moeaidb.gov.tw/cpnet/tools/risk_main.htm,2004.
[39] 經濟部標檢局,資訊安全管理系統要求,http://www.bsmi.gov.tw.
[40] 劉聰德、蔡舜智、謝沛宏、劉瑄儀、陳彥豪、許乃文、王靜音,剖析我國資通安全現況及挑戰~資通安全關鍵議題研究,NARL 國家實驗研究室,http://www.narl.org.tw/tw/topic/topic.php?topic_id=19,2004。
[41] 蒲樹盛,組織管理必備技能-風險管理,http://risk.rdec.gov.tw/Upload/A09/CaseFile/33.doc.
[42] 鄭東昇,「資訊安全管理系統與企業網路安全實作探討」,交通大學資訊管理研究所碩士論文,2005。[43] 趨勢科技2007年資安威脅報告中,趨勢科技,http://tw.trendmicro.com/tw/about/news/pr/article/20071106102537.html,2007。
[44] 樊國楨,ISMS 之驗證、稽核,資安人科技網,http://www.isecutech.com.tw/feature/view.asp?fid=149,2005。
[45] 樊國楨,林樹國,鄭東昇,資訊安全保證框架標準初探:根基於ISO/IEC 17799:2005之12.6.1節,http://ics.stpi.org.tw/Treatise/doc/4.pdf,2005。
[46] 謝惠玲,「資訊安全機制規劃及建置之現況調查與分析-以國內大學校園系統為例」,靜宜大學資訊管理研究所碩士論文,2007。
[47] 瞿鴻斌,「資訊安全風險評估驗證系統」,世新大學資訊管理研究所碩士論文,2005。[48] 賽迪網,廿年破壞力前十大病毒排名,http://hi.baidu.com/websecurity/blog/item/e9bc71d97f113ae939012f16.html.