1[1]Information technology --Guidelines for the management of IT Security --Part 3:Techniques for the management of IT Security [S],ISO/IEC TR 13335 -3:1998 (E),1998.
2[2]The International Organization for Standardization.Information Technology-Code of Practice for Information Security Management [S],ISO/IEC 17799:2000 (E),2000.
3[3]The International Organization for Standardization.Common Criteria for Information Technology Security Evaluation-Part 3:Security Assurance Requirements[S],ISO/IEC 15408-3:1999 (E),1999.
4[4]Carlos Villarrubia,Eduardo Fern'andez-Medina,Mario Piattini.Analysis of ISO/IEC 17799:2000 to be used in Security Metrics.http://www.scom.hud.ac.uk/scomzl/conference.2005.2.2.