@incollection{,
	
					
					
					2A656D648DE7F64EEB3A59644CDE2423
				,
	author={{Dr. UsmanMunir} and {IrfanManarvi} and {CASE}},
	journal={{Global Journal of Computer Science and Technology}},
	journal={{GJCST}}0975-41720975-435010.34257/gjcst,
	address={Cambridge, United States},
	publisher={Global Journals Organisation}10104455
}

@book{b0,
	
	
		,
	title={{ISO/ IEC FDIS 17799 -Information Technologysecurity techniques-Code of practice for information security management?}}
		
			,
	year={2005}
		
	

}

@book{b1,
	
	
		,
	title={{(E) -I nformation Technology-Security techniques-Information Security Management Systems-Requirements?}}
		ISO/ IEC FDIS 27001:2005
		
			
		
	

}

@book{b2,
	
	
		,
	title={{Thomas Nowey and Hannes Federath -Collection of Quantitative Data on Security Incidents? 0-7695-2775-2}}
		
			,
	year={2007}
			,
	publisher={IEEE}
		
	

}

@book{b3,
	
	
		,
	title={{Department of Information Technology Management, University of Hawaii -Strategic Planning for Information Security and Assurance?}}
		,
	author={{
			DanielPort
		} and {
			RickKazman
		} and {
			AnnTakenaka
		}}
		
		
		978-0-7695-3126-7/ 2008 IEEE
		
	

}

@book{b4,
	
	
		,
	title={{Liu -C onstructing Enterprise Information Network Security Risk Management Mechanism By Using Ontology? 0-7695-2847-3}}
		,
	author={{
			Fong-Hao
		}}
		
			,
	year={2007}
			,
	publisher={IEEE}
		
	

}

@book{b5,
	
	
		,
	title={{}}
		,
	author={{
			Ching-JiangChen
		} and {
			Ming-HwaLi -Secconfig
		}}
		
		978-0-7695-3322-3
		
			,
	year={2008}
			,
	publisher={IEEE}
		
	
	,
	note={A Pre-Active Information Security Protection Technique?}

}

@book{b6,
	
	
		,
	title={{Gereon Strauch and Christian Buddendick? Applications for IT-Risk Management -Requirements and Practical Evaluation?}}
		,
	author={{
			GrobHeinz Lothar
		}}
		DOI 0-7695-3102-4
		
			,
	year={2008}
			,
	publisher={IEEE}
		
	

}

@book{b7,
	
	
		,
	author={{
			HWade
		} and {
			LindaBaker
		} and {
			Wallace
		}}
		
		
		,
	title={{Is Information Security Under Control? Investigating Quality in Information Security Management?}}
				
			,
	publisher={IEEE}
			,
	year={2007}
			
		
	

}

@book{b8,
	
	
		
		,
	title={{R isk Management: Implementation principles and Inventories for Risk Management/Risk Assessment method and tools?}}
				
			,
	year={2006}
			
		
		
			ENISA (European Network and Information Security Agency
		
	

}

@book{b9,
	
	
		,
	title={{Ryan -Per formance Metrics for Information Security Risk Management? 1540-7993}}
		,
	author={{
			JCJulie
		} and {
			Ryan
		} and {
			JDanel
		}}
		
		
		
			,
	year={2008}
			,
	publisher={IEEE}
		
	

}

@book{b10,
	
	
		,
	title={{Inf ormation Security Risk Assessment Based On Analytic Hierarchy Process and Fuzzy Comprehensive? 978-0-7695-3402-2}}
		,
	author={{
			XiaoLong
		} and {
			QiYong
		} and {
			LiQianmu
		}}
		
		
		
			,
	year={2008}
			,
	publisher={IEEE}
		
	

}

@incollection{b11,
	
	
		,
	title={{-Towards a systematic approach for improving information security risk management methods?}}
		,
	author={{
			KPapadaki
		} and {
			DPolemi
		}}
		
	
	
		,
	booktitle={{Proc. 18th Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communication (PIMRC)}}
				18th Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communication (PIMRC)
		
			,
	year={2007}
		
	

}

@book{b12,
	
	
		,
	title={{Institute for Advance Management System Research(IAMSR) -A DSS for Information Security Analysis: Computer Support in a Company's Risk Management?0-7803-3280-6}}
		
			,
	year={1996}
			,
	publisher={IEEE}
		
		
			Thomas Finne, Abo Akademi University
		
	

}

@book{b13,
	
	
		,
	title={{IT Risk Management Report 2: Myths and Realities?}}
		,
	author={{
			Symantec
		}}
		
		
			,
	year={2008}
		
	

}

@incollection{b14,
	
	
		,
	title={{Know ledge and organization: A social-practice perspective?}}
		,
	author={{
			JBrown
		} and {
			PDuguid
		}}
		
	
	
		,
	journal={{Organization Science}}
		
			12
			
			,
	year={2001}
		
	

}

@incollection{b15,
	
	
		,
	author={{
			KCDesouza
		} and {
			YAwazu
		} and {
			P. -MBaloh
		} and {
			Anaging
		}}
		
		
		
	
	
		,
	booktitle={{Global Software Development Efforts: Issues and Practices?}}
				
			,
	year={2006}
			23
			
		
	

}

@book{b16,
	
	
		,
	author={{
			MEkstedt
		}}
		,
	title={{C onsistent Enterprise Software System Architecture for the CIO -A utility-Cost Approach?, Proceedings of the 37th annual Hawaii International Conference on System Sciences (HICSS)}}
				
			,
	year={2004}
		
	

}

@incollection{b17,
	
	
		,
	title={{Assess ment of EIS -An ATD Definition?}}
		,
	author={{
			EJohansson
		}}
	
	
		,
	booktitle={{the Proceedings of the 3rd Annual Conference on Systems Engineering Research (CSER)}}
				
			,
	year={March 23-25, 2005}
		
	

}

@incollection{b18,
	
	
		,
	title={{Asse ssment of Enterprise Information Security -The Importance of Prioritization?}}
		,
	author={{
			EJohansson
		}}
	
	
		,
	booktitle={{the Proceedings of the 9th IEEE International Annual Enterprise Distributed Object Computing Conference (EDOC)}}
				Enschede, The Netherlands
		
			,
	year={September 19-23, 2005}
		
	

}

@incollection{b19,
	
	
		,
	title={{The Need for Critical Thinking in Evaluation of Information?}}
		,
	author={{
			BEdvardsson
		}}
	
	
		,
	booktitle={{Proceedings of the 18th International Conference on Critical Thinking}}
				the 18th International Conference on Critical ThinkingRohnert Park, USA
		
			,
	year={1998}
		
	

}