[1] 张晓丹. 商业银行信息科技风险管理理论分析与实践[J].中国金融电脑.2013,12: 57-64
[2] 杨峰.商业银行IT风险识别与评估研究(D). 四川:电子科技大学, 2012
[3] 张绍明.商业银行IT风险识别与评估研究[J]. 电子技术与软件工程, 2014,07:240-241
[4] 卢加元.信息化建设中的风险识别与控制[J]. 中国管理信息化, 2009,06: 59-61
[5] 雅科夫.Y.海姆斯. 风险建模、评估和管理[M]. 陕西:西安交通大学出版社,2007
[6] A Calder, SG Watkins. Information security risk management for ISO27001/ISO27002 Helvetica Chimica Acta[M]. New York:IT Governance Publishing, 2010
[7] COBIT for Risk Task Force. COBIT 5 for Risk [R]. Illinois: Information Systems Audit and Control Association,2010
[8] ISO/IEC JTC 1/SC 27 IT Security techniques. ISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk management [S]. Geneva: International Organization for Standardization,2011
[9] Joint Task Force Transformation Initiative. SP 800-30 Guide for Conducting Risk Assessments [S]. Maryland: National Institute of Standards and Technology,2012
[10] Joint Task Force Transformation Initiative. SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View [S]. Maryland: National Institute of Standards and Technology,2011
[11] 范红,吴亚非,李京春等. GB/T 20984-2007 信息安全技术 信息安全风险评估规范[S]. 北京:中国国家标准化管理委员会,2007