J. Christopher, A. J. Alberts, and . Dorofee, Managing Information Security Risks: the OCTAVE Approach, 2002.

S. P. Bennett and M. P. Kailey, An application of qualitative risk analysis to computer security for the commercial sector, [1992] Proceedings Eighth Annual Computer Security Application Conference, pp.64-73, 1992.
DOI : 10.1109/CSAC.1992.228232

M. S. Ahmed, E. Alshaer, and L. Khan, A Novel Quantitative Approach for Measuring Network Security [21] NVD official web site: http://nvd.nist.gov/ [22] OpenSSH official web site, IEEE International Conference on Computer Communications INFOCOM, 2008.

. Pirovano, A Risk Propagation based Quantitative Assessment Methodology for Network Security ? Aeronautical Network Case Study European Telecommunications Standards Institute (ETSI), " Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4; Protocol Framework Definition; Methods and Protocols for Security; Part 1: Threat Analysis, 6th Conference on Network Architecture and Information Systems Security, 2003.

M. Schiffman, A Complete Guide to the Common Vulnerability Scoring System (CVSS), " in press, 2005.