[1] Alberts, C. J., Dorofee, A., Managing Information Security Risks: The OCTAVE Approach, 22, Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA, 2002
[2] Blakley, B., et al., "Information security is information risk management", Proceedings of the 2001 workshop on New security paradigms, Cloudcroft, New Mexico, 2001
[3] Boltz, J., et al., "Information security risk assessment-practices of leading organizations", GAO/AIMD-00-33, US Washington, DC: GAO (United States General Accounting Office)-Accounting and Information Management Division, 1999
[4] C&A Systems Security Limited, Consultative, Objective and Bi-functional Risk Analysis: COBRA Tools, ISO/IEC 17799 Compliance and Security Risk Analysis Approach, 2005, from http://www.security-risk-analysis.com/
[5] Carroll, J. M., "Decision support for risk analysis", Computers & Security, 2, 3, pp. 230-236, 1983
[6] Chang, S.-L., et al., "Applying fuzzy linguistic quantifier to select supply chain partners at different phases of product life cycle", International Journal of Production Economics, 100, 2, pp. 348-359, 2006
[7] Chiu, Y., et al., "Marketing strategy based on customer behaviour for the LCD-TV", International Journal of Management and Decision Making, 7, 2, pp. 143-165, 2006
[8] Filev, D., Yager, R. R., "Analytic properties of maximum entropy OWA operators", Information Sciences, 85, 1-3, pp. 11-27, 1995
[9] Filev, D., Yager, R. R., "On the issue of obtaining OWA operator weights", Fuzzy Sets and Systems, 94, 2, pp. 157-169, 1998
[10] FIPS, "Federal Information Processing Standards publications 200 Minimum Security Requirements for Federal Information and Information Systems", 2006
[11] Fontela, E., Gabus, A., The DEMATEL observer, DEMATEL 1976 report, 95, Battelle Geneva Research Center, Switzerland, Geneva, 1976
[12] Gabus, A., Fontela, E., World problems, an invitation to further thought within the framework of DEMATEL, 93, Battelle Geneva Research Center, Switzerland Geneva, 1972
[13] Gabus, A., Fontela, E., Perceptions of the world problematique: Communication procedure, communicating with those bearing collective responsibility (DEMATEL report), 1, 94, Battelle Geneva Research Centre, Switzerland Geneva, 1973
[14] Herrera, F., et al., "A sequential selection process in group decision making with a linguistic assessment approach", Information sciences, 85, 4, pp. 223-239, 1995
[15] Herrera, F., et al., "Direct approach processes in group decision making using linguistic OWA operators", Fuzzy Sets and Systems, 79, 2, pp. 175-190, 1996
[16] Hori, S., Shimizu, Y., "Designing methods of human interface for supervisory control systems", Control Engineering Practice, 7, 11, pp. 1413-1419, 1999
[17] Huang, C. Y., et al., "Reconfiguring the innovation policy portfolios for Taiwan's SIP Mall industry", Technovation, 27, 12, pp. 744-765, 2007
[18] Huang, J. J., et al., "Multidimensional data in multidimensional scaling using the analytic network process", Pattern Recognition Letters, 26, 6, pp. 755-767, 2005
[19] In, H. P., et al., "A Security Risk Analysis Model for Information Systems", pp. 505-513, 2005
[20] ISO/IEC, "ISO 27001:2005 Information technology -- Security techniques -- Information security management systems -- Requirements", 2005
[21] Jacobson, R. V., "CORA Cost-of-Risk Analysis", Painless Risk Management for Small Systems. International Security Technology, Inc., 96, 1996
[22] Kacprzyk, J., "Group decision making with a fuzzy linguistic majority", Fuzzy Sets and Systems, 18, 2, pp. 105-118, 1986
[23] Karabacak, B., Sogukpinar, I., "ISRAM: information security risk analysis method", Computers & Security, 24, 2, pp. 147-159, 2005
[24] Karsak, E. E., et al., "Product planning in quality function deployment using a combined analytic network process and goal programming approach", Computers & industrial engineering, 44, 1, pp. 171-190, 2003
[25] Lee, J. W., Kim, S. H., "Using analytic network process and goal programming for interdependent information system project selection", Computers and Operations Research, 27, 4, pp. 367-382, 2000
[26] Lin, Y.-H., et al., "The study of applying ANP model to assess dispatching rules for wafer fabrication", Expert Systems with Applications, 34, 3, pp. 2148-2163, 2008
[27] Liou, J. J. H., et al., "Airline safety measurement using a hybrid model", Journal of Air Transport Management, 13, 4, pp. 243-249, 2007
[28] Liu, F., et al., "Research on Fuzzy Group Decision Making in Security Risk Assessment", pp. 1114-1121, 2005
[29] Meade, L. M., Presley, A., "R&D project selection using the analytic network process", Engineering Management, IEEE Transactions on, 49, 1, pp. 59-66, 2002
[30] O'Hagan, M., "Aggregating template rule antecedents in real-time expert systems with fuzzy set logic", the 22nd Annual IEEE Asilomar Conference on Signals, Systems and Computers, pp. 681-689, 1988
[31] O’Hagan, M., "Using maximum entropy-ordered weighted averaging to construct a fuzzy neuron", pp. 618–623, 1990
[32] Peltier, T. R., Information Security Risk Analysis, 12, Auerbach Pub, 2005
[33] Richardson, R., CSI Computer Crime and Security survey, 2007, from http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pdf
[34] Richardson, R., CSI Computer Crime and Security survey, 2008, from http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf
[35] Ross, R., et al., "Recommended Security Controls for Federal Information Systems(Special Publication 800-53 Revision 2)", 2007
[36] Saaty, R., Saaty, T., "Decision making in complex environment: the analytic hierarchy process (AHP) for decision making and the analytic network process (ANP) for decision making with dependence and feedback", Pittsburgh, PA: Creative Decisions Foundation, 2003
[37] Saaty, T. L., "The analytic hierarchy process", 1980
[38] Saaty, T. L., Decision making with dependence and feedback: the analytic network process., 68, RWS Publications Pittsburgh, PA, 1996
[39] Saaty, T. L., Theory and Applications of analytic network process, 102, RWS publications Pittsburgh, PA, 2005
[40] Seyed-Hosseini, S. M., et al., "Reprioritization of failures in a system failure mode and effects analysis by decision making trial and evaluation laboratory technique", Reliability Engineering & System Safety, 91, 8, pp. 872-881, 2006
[41] Shang, J. S., et al., "A Unified framework for multicriteria evaluation of transportation projects", IEEE Transactions on Engineering Management, 51, 3, pp. 300-313, 2004
[42] Stolen, K., et al., Model-based risk assessment–the CORAS approach, 2002, from http://www.nik.no/2002/Stolen.pdf
[43] Stoneburner, G., et al., Risk Management Guide for Information Technology Systems, 11, National Institute of Standards and Technology, 2002
[44] Suh, B., Han, I., "The IS risk analysis based on a business model", Information and Management 41, 2, pp. 149-158, 2003
[45] Tsai, W.-H., Chou, W.-C., "Selecting management systems for sustainable development in SMEs: A novel hybrid model based on DEMATEL, ANP, and ZOGP", Expert Systems with Applications, 36, 2, Part 1, pp. 1444-1458, 2009
[46] Tzeng, G. H., et al., "Evaluating intertwined effects in e-learning programs: A novel hybrid MCDM model based on factor analysis and DEMATEL", Expert Systems with Applications, 32, 4, pp. 1028-1044, 2007
[47] United Kingdom Central Computer and Telecommunications Agency, "CCTA risk analysis and management method, CRAMM user guide", 2001
[48] Wang, P., et al., "A fuzzy outranking approach in risk analysis of web service security", Cluster Computing, 10, 1, pp. 47-55, 2007
[49] Wu, W.-W., "Choosing knowledge management strategies by using a combined ANP and DEMATEL approach", Expert Systems with Applications, 35, 3, pp. 828-835, 2008
[50] Yager, R. R., "On ordered weighted averaging aggregation operators in multicriteria decisionmaking", Systems, Man and Cybernetics, IEEE Transactions on, 18, 1, pp. 183-190, 1988
[51] Yager, R. R., "Families of OWA operators", Fuzzy Sets and Systems, 59, 2, pp. 125-148, 1993
[52] Zadeh, L., "A computational approach to fuzzy quantifiers in natural languages", International series in modern applied mathematics and computer science, 5, pp. 149-184, 1983
[53] 紀岱玲, "供應商績效評估研究-結合ANP及DEMATEL之應用",碩士論文, 2006