Avalincharsooghi, S. Doostari, M. Yazdianvarjani, A. & Mahdaviardestani, A. (2013). Use of artificial neural networks in the information security risk assessment. Journal of Electronic & Cyber Defense, 1(1): 1-14. (in Persian)
Biglarian, P. (2012). Compilation of information security evaluation criteria's (Case Study: Exchange Organization of Tehran). Master Thesis, Azahra, Iran.
Broderick, J. S. ISMS. (2006). security standards and security regulations. Information Security Technical Report.
BS 7799-2, BS ISO/IEC27001. (2005). Information technology-Security techniques-Information security management systems. Available in: http://www.iso.org /iso/catalogue_ detail?csnumber=42103.
BS ISO/IEC27005. (2008). Information technology-Security techniques-Information security risk management. Available in: http://www.iso.org/iso/catalogue_ detail? csnumber=42107.
Cheng, CH. & Hsue, Y. (2002). Evaluating the best mail battle tank using fuzzy decision theory. European Journal of Operational Research, 142 (1): 174-186.
Chin, K.S., Tang, D.W., Wong, Sh. Y., Wang, H. (2009). Assessing new product development project risk by Bayesian network with a systematic probability generation methodology. Expert Systems with Applications, 36 (6): 9879-9890.
Crossler, R., Johnston, A., Lowry, P., Warkentin, M., Baskerville, R. & Qing, H. (2013). Future directions for behavioural information security research. Computers & security, 32: 90-101.
Feng, N., Jiannan Wang, H. & Li, M. (2014). A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information Sciences, 256: 57-73.
GE Xiao, Y., Yuan,Y., & Lu Li, L. (2011). An Information Security Maturity Evaluation Model. Procedia Engineering, 24: 335 – 339.
Ghazanfari, M., Fathian, M. & Raeissafari, M. (2008). COBIT framework useful tool for measuring the maturity of IT governance in organizations (public banks in case study). The Association Information and Communication Technology of Iran, 1 (1&2): 55-64. (in Persian)
Houmb, S., Franqueira, V. & Erlend A. (2010). Quantifying security risk level from CVSS estimates of frequency and impact. The Journal of Systems and Software, 83(9): 1622-1634.
Iesavi, H. (2011). Evaluation of operational risks related to information security in the modern banking system. Master Thesis, Gilan, Iran. (in Persian)
IT Governance Institute, (2007). CobiT 4.1: Control Objectives, Management Guidelines, Maturity Models.
Jafarnejad, A. & yousefizenouz, R. (2008). The risk Ranking fuzzy Model in the drilling project of Petropars. Journal of Industrial Management of Tehran University, 1(1): 21-38. (in Persian)
Jamali, GH., Hashemi, M. (2012). Assessment of risk factors on the bank's IT projects Bushehr techniques using fuzzy Dematel. Journal of Information Technology Management, 3(9): 21-40. (in Persian)
Karimi, Z. (2006). Conceptual Model of information security risk assessment. (Case Study: Bank Sepah). Master Thesis, Azahra, Iran. (in Persian)
Lo, Ch. & Chen, W. (2012). Hybrid information security risk assessment procedure considering interdependences between controls. Expert Systems with Applications, 39: 247-257.
Malekalkalami, M. (2013). Evaluating the performance of information security management at the central libraries of public universities in Tehran, according to the international standard-ISO / IEC. Journal of Information Processing and Management, 28 (4): 895-916. (in Persian)
Mirbaha, M. (2008). IT Governance in Financial Services and Manufacturing, Industrial Information and Control Systems at the Royal Institute of Technology ITGI. Master Thesis, Stockholm, Sweden.
Mireskandari, M. (2010). Information Security Management System and the necessity of its use in organizations. Processor magazine. 11(107 ): 30-39.
Niekerk, J.F. & Solms, R. (2010). Information security culture: A management perspective. Computers & security, 29(4): 476 -486.
Ozkan, S. & Karabacak, B. (2010). Collaborative risk method for information security management practices: A case context within Turkey. International Journal of Information Management, 30: 567-572.
Saleh, M. & Alfantookh, A. (2011).A new comprehensive framework for enterprise information security risk management. Computing and Informatics, 9: 107-118.
Sanayeei, A. Ghazifard, A. & Sobhanmanesh, F. (2011). Factors affecting the development of identification technology by radio frequency in Electronic supply chain management. Journal of New Marketing Research, 1(1): 41-70. (in Persian)
Shafieinikabadi, M., Jafarian, A. & Jalilibolhasani, A. (2010). Impact of information security management on the integrity of organizational processes in the supply chain. Journal of Information Processing and Management, 27(2): 27-44. (in Persian)
Shahrivari, SH. (2011). Providing the model of information security governance maturity for supply chain management. Master Thesis, Tarbiyat modares, Iran. (in Persian)
Shaw, N. E., Burgess, T. F. & Mattos, C. D. (2005). Risk assessment of option performance for new product and process development projects in the chemical industry: A case study. Journal of Risk Research, 8(7-8): 693-711.
Standard Institute and Industrial Research of Iran. (2008). IT- security technologies- and information security management procedures. (in Persian)
Sungho, K, S., Jang, J.L. & Kim, S. (2007). Common defects in information security management system of Korean companies. The Journal of Systems and Software, 80(10):1631-1638.
Taghva,M., izadi,M. (2013). Security investigate in security system developed using service-oriented architecture. Journal of Information Technology Management of Tehran University, 5(3): 25-42. (in Persian)
Wu, DD., Kefan, X., Gang, C. & Ping, G. (2010). A risk analysis model in concurrent engineering product development. Journal of Risk Analysis, 30 (9): 1440-1453.
yuan, T. & Chen, P. (2012). Data Mining Applications in E-Government Information Security. Procedia Engineering, 29: 235–240.
Yue, W.T., Cakanyildirim, M., Ryu, Y.U., & Liu, D. (2007).Network externalities, layered protection and IT security risk management. Decision Support Systems
, 44(1): 1-16.