[1]Bassett G, Hylender C D, Langlois P, et al. Data breach investigations report[ROL]. New York: Verizon, 2022 [20230108]. https:www.verizon.combusinessengbresources2022databreachinvestigationsreportdbir.pdf[2]zkan S. CVE details: The ultimate security vulnerability datasource[EBOL]. [20221113]. https:www.cvedetails.com[3]IT Governance Institute. Information security governance: Guidance for boards of directors and executive management, 2nd edition[R]. Schaumburg, IL: ISACA, 2006[4]IT Governance Institute. Information security governance: Guidance for information security managers[R]. Schaumburg, IL: ISACA, 2008[5]Ahuja S, Chan Y E. IT security governance: A framework based on ISO 38500[EBOL]. 2015 [20230108]. https:aisel.aisnet.orgconfirm201527[6]Ohki E, Harada Y, Kawaguchi S, et al. Information security governance framework[C] Proc of the 1st ACM WISG’09. New York: ACM, 2009: 16[7]Volchkov A. Information Security Governance: Framework and Toolset for CISOs and Decision Makers[M]. Boca Raton, FL: CRC Press, 2018[8]严寒冰. 网络安全治理[J]. 信息安全研究, 2022, 8(8): 734735[9]De Bruin R, von Solms S H. Cybersecurity governance: How can we measure it[C] Proc of ISTAfrica Week Conf. Piscataway, NJ: IEEE, 2016: 19[10]Bodeau D, Boyle S, FabiusGreene J, et al. Cyber security governance: A component of MITRE’s cyber prep methodology[EBOL]. Washington: MITRE Corporation, 2010[20230108]. https:www.mitre.orgsitesdefaultfilespdf10_3710.pdf[11]HamouLhadj A, HamouLhadj A. A governance framework for building secure IT systems[J]. International Journal of Security and its Applications, 2009, 3(2):1519[12]ComplianceForge. ComplianceForge reference model: Hierarchical cybersecurity governance framework (HCGF)[EBOL]. 202202 [20230108]. https:www.complian ceforge.comreasonshierarchicalcybersecuritygovernanceframework[13]Landoll D J. Information Security Policies, Procedures, and Standards: A Practitioner’s Reference[M]. Boca Raton, FL: CRC Press, 2016[14]Ross R, Mcevilley M, Oren J C. NIST special publication 800160 vol.1 systems security engineering: Considerations for a multidisciplinary approach in the engineering of trustworthy secure systems[EBOL]. 2018 [20230108]. https:nvlpubs.nist.govnistpubsSpecialPublicationsNIST.SP.800160v1.pdf[15]ISOIEC JTC 1SC 27. ISOIEC 27014:2020 Information Security, Cybersecurity and Privacy Protection—Governance of Information Security[S]. Geneva: ISO, 2020[16]The Institute of Internal Auditors. The IIA’S three lines model: An update of the three lines of defense[EBOL]. 202007[20230108]. https:www.theiia.orgglobalassetssiteaboutusadvocacythreelinesmodelupdated.pdf[17]CROForum. The three lines model[EBOL].2021[20230108]. https:www.thecroforum.orgwpcontentuploads202105CROWGGovernance.pdf[18]The European Parliament and Council of European Union. Regulation (EU) 2019881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing regulation (EU) No 5262013 (Cybersecurity Act)[EBOL]. (20190607)[20230108]. https:eurlex.europa.euelireg2019881oj[19]Rashid A, Chivers H, Lupu E, et al. CyBOK: The cyber security body of knowledge, Version 1.1.0[EBOL]. (20210731)[20230108]. https:www.cybok.orgmediadownloadsCyBOK_v1.1.0.pdf[20]Stallings W. Effective Cybersecurity: A Guide to Using Best Practices and Standards[M]. Boston: AddisonWesley, 2018[21]Bowen P, Hash J, Wilson M. NIST Special Publication 800100 Information Security Handbook: A Guide for Managers[EBOL]. 2006[20230108]. https:nvlpubs.nist.govnistpubsLegacySPnistspecialpublication800100.pdf[22]Kiely L, Benzel T V. Systemic security management[J]. IEEE Security and Privacy Magazine, 2006, 4(6): 7477[23]Souppaya M, Scarfone K, Dodson D. Secure software development framework (SSDF) Version 1.1[EBOL]. 2022[20230108]. https:nvlpubs.nist.govnistpubsSpecialPublicationsNIST.SP.800218.pdf[24]ISOIEC JTC 1SC 7. ISOIECIEEE 247481: 2018 Systems and Software Engineering—Life Cycle Management—Part 1: Guidelines for Life Cycle Management[S]. Geneva: ISO, 2018[25]Zhong H. ZTE cybersecurity white paper[EBOL]. 2021[20230108]. https:reswww.zte.com.cnmediareszteFilesPDFwhite_book202110301221.pdf?la=en
|