1Bodin L D,Gordon L A,Loeb M EEvaluating information security investments using the analytic hierarchy process[J].Communications of the ACM, 2005,48 (2) : 78-83.
2Gordon L,Loeb M.Budgeting process for information security expenditures[J].Communications of the ACM, 2006, 49 (1) : 121-125.
3Xu X Z.The SIR method:A superiority and inferiority ranking method for multiple criteria decision making[J].European Journal of Operation Research, 2001 ( 131 ) : 587-602.
4Anderson R.Why information security is hard:An economic perspective[C]//Proceedings of the 17th Annual Computer Security Applications Conference,New Orleans,LA,2001:559-566.
5Gordon L,Loeb M,Lucyshyn W.Sharing information on computer systems security:An economic analysis[J].Acc Public Policy, 2003,22(6) :461-485.
6Mercuri R T.Security watch:Analyzing security costs[J].Communications of the ACM,2003,46(6) : 15-18.
7Bistarelli S, Fioravanti F, Peretti RDefense trees for economic evaluation of security investments[C]//Proceedings of the First International Conference on Availability,Reliability and Security, Vienna, 2006: 416-423.
8Cremonini M, Martini EEvaluating information security investments from attackers perspective: The Return-On-Attack (ROA) [C]// Proceedings of the Fourth Workshop on the Economics of Information Security,2005.
9Butler S A.Security attribute evaluation method: A cost-benefit approach[C]//Proc of International Conference on Software Engineering, 2002 : 232-240.
10Hoo K J S.How much is enough? A risk management approach to computer security[D].Stanford University,2000.