Andersen, Erling S., Kristoffer V. Grude, and Tor Haug. “Global Planning—Milestone Planning.” In Goal Directed Project Management: Effective Techniques and Strategies, 3rd ed., 67–94. Kogan Page Limited, 2004.

Armstrong, Michael. Handbook of Management Techniques. 3rd ed rev. Kogan Page Limited, 2006.

Biegelman, Martin T., and Daniel R. Biegelman. Building a World-Class Compliance Program: Best Practices and Strategies for Success. John Wiley & Sons, 2008.

Bosworth, Seymour, M. E. Kabay, and Eric Whyne, eds. Computer Security Handbook. 5th ed. John Wiley & Sons, 2009.

Burtles, Jim. Principles and Practice of Business Continuity: Tools and Techniques. Rothstein Associates, 2007.

Carnegie Mellon University’s Software Engineering Institute, Computer Emergency Response Team (CERT). “CSIRT Frequently Asked Questions (FAQ).” Accessed June 7, 2014. https://resources.sei.cmu.edu/asset_files/WhitePaper/2017_019_001_485654.pdf.

Centers for Disease Control and Prevention. “Health Insurance Portability and Accountability Act of 1996 (HIPAA). Accessed May 4, 2020. https://www.cdc.gov/phlp/publications/topic/hipaa.html.

Chun, Samuel, Ken Dunham, Paul Henry, Michael Mackrill, Christopher Nowell, C. Karen Stopford, and Christopher Trautwein. Official (ISC)² Guide to the SSCP CBK. 2nd ed. Auerbach Publications, Taylor & Francis Group, 2011.

Correll, Sean-Paul, and Luis Corrons. “The Business of Rogueware: Analysis of the New Style of Online Fraud.” Accessed June 7, 2014. http://www.pandasecurity.com/img/enc/The%20Business%20of%20Rogueware.pdf.

Defense Information Systems Agency (DISA). “DoD 8510.1.” Accessed June 7, 2014. https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/851001p.pdf?ver=2019-02-26-101520-300.

Department of Homeland Security (DHS). “Threats.” Accessed May 3, 2020. https://www.us-cert.gov/us-cert-tip-categories/threats.

Dinsmore, Paul C., and Jeannette Cabanis-Brewin, eds. The AMA Handbook of Project Management. 2nd ed. AMACOM, 2006.

Dolewski, Richard. System i Disaster Recovery Planning. MC Press, 2008.

Federal Communications Commission. “Children’s Internet Protection Act (CIPA).” September 9, 2009. Accessed June 7, 2014. http://www.fcc.gov/guides/childrens-internet-protection-act.

Federal Trade Commission. “Children’s Online Privacy Protection Rule (COPPA).” Accessed May 4, 2020. https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.

Federal Trade Commission. “Gramm-Leach-Bliley Act.” Accessed June 7, 2014. http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act

Federal Trade Commission. “Bureaus & Offices.” Accessed June 7, 2014. http://www.ftc.gov/about-ftc/bureaus-offices.

Foster, James, C. Vitaly Osipov, and Nish Bhalla. “Buffer Overflows: The Essentials.” In Buffer Overflow Attacks: Detect, Exploit, Prevent, 3-23. Syngress Publishing, 2005.

Gibson, Darril. “SQL Injection Attacks.” In SQL Server 2005 Database Developer All-in-One Exam Guide, 473–77. McGraw-Hill, 2008.

Gregory, Peter. IT Disaster Recovery Planning for Dummies. John Wiley & Sons, 2008.

Harris, Shon. All-in-One CISSP Exam Guide. 4th ed. McGraw-Hill, 2008.

Hiles, Andrew, ed. The Definitive Handbook of Business Continuity Management. 2nd ed. John Wiley & Sons, 2007.

Hiles, Andrew N. Enterprise Risk Assessment and Business Impact Analysis: Best Practices. Rothstein Associates, 2002.

INFOSEC. “Quantitative Risk Analysis.” Accessed May 4, 2020. https://resources.infosecinstitute.com/quantitative-risk-analysis/#gref.

Intersoft Consulting. “General Data Protection Regulation (GDPR).” Accessed May 4, 2020. https://gdpr-info.eu.

ISACA. COBIT 2019. Accessed May 4, 2020. https://www.isaca.org/resources/cobit.

ISACA. Cybercrime Incident Response and Digital Forensics. ISACA, 2005.

IT Certification Lounge. “What’s Your Certification Worth?” Accessed May 27, 2020. https://itclounge.wordpress.com/2010/02/12/whats-your-certification-worth/.

Krasner, H. “The Cost of Poor Quality Software in the US: A 2018 Report.” Accessed May 4, 2020. https://www.it-cisq.org/the-cost-of-poor-quality-software-in-the-us-a-2018-report/The-Cost-of-Poor-Quality-Software-in-the-US-2018-Report.pdf.

Krutz, Ronald L., and Russell Dean Vines. The CISSP and CAP Prep Guide: Platinum Edition. John Wiley & Sons, 2007.

Leverage. Produced by Dean Devlin. Aired 2008–2012, on TNT. https://en.wikipedia.org/wiki/List_of_Leverage_episodes.

Manley, Anthony D. Security Manager’s Guide to Disasters: Managing Through Emergencies, Violence, and Other Workplace Threats. Auerbach Publications, 2009.

Microsoft. “Use Remote Access Monitoring and Accounting.” Accessed May 4, 2020. https://docs.microsoft.com/en-us/windows-server/remote/remote-access/ras/monitoring-and-accounting/use-remote-access-monitoring-and-accounting.

MITRE Corporation. “Risk Management Toolkit.” Accessed May 4, 2020. http://www.mitre.org/work/sepo/toolkits/risk/index.html.

National Institute of Standards and Technology. “Federal Information Security Modernization Act.” Accessed June 7, 2014. http://csrc.nist.gov/drivers/documents/FISMA-final.pdf.

National Institute of Standards and Technology. “SP 800-30 Rev. 1, Guide for Conducting Risk Assessments.” United States Department of Commerce, 2012.

National Institute of Standards and Technology. “SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems.” United States Department of Commerce, 2010.

National Institute of Standards and Technology. “SP 800-37 Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems.” United States Department of Commerce, 2010.

National Institute of Standards and Technology. “SP 800-40 Rev. 3, Guide to Enterprise Patch Management Technologies.” United States Department of Commerce, 2013.

National Institute of Standards and Technology. “SP 800-51 Rev. 1, Guide to Using Vulnerability Naming Schemes.” United States Department of Commerce, 2011.

National Institute of Standards and Technology. “SP 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations.” United States Department of Commerce, 2020.

National Institute of Standards and Technology. “SP 800-61 Rev. 2, Computer Security Incident Handling Guide.” United States Department of Commerce, 2012.

National Institute of Standards and Technology. “SP 800-63B, Digital Identity Guidelines.” United States Department of Commerce, 2017.

National Institute of Standards and Technology. “SP 800-83 Rev. 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops.” United States Department of Commerce, 2013.

National Institute of Standards and Technology. “SP 800-84, Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities.” United States Department of Commerce, 2016.

National Institute of Standards and Technology “SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII).” United States Department of Commerce, 2009.

National Institute of Standards and Technology. “SP 800-150, Guide to Cyber Threat Information Sharing.” United States Department of Commerce, 2016.

National Institute of Standards and Technology. “SP 800-153, Guidelines for Securing Wireless Local Area Networks (WLANS).” United States Department of Commerce, 2012.

National Institute of Standards and Technology. “SP 800-154, Guide to Data-Centric System Threat.” United States Department of Commerce, 2016.

National Institute of Standards and Technology. “SP 800-183, Network of ‘Things.’” United States Department of Commerce, 2016.

PCI Security Standards Council. “PCI Quick Reference Guide.” Accessed June 7, 2014. https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf.

Peltier, Thomas R., Justin Peltier, and John A. Blackley. Managing a Network Vulnerability Assessment. Auerbach Publications, 2003.

Perrin, Richard. Real World Project Management: Beyond Conventional Wisdom, Best Practices and Project Methodologies. John Wiley & Sons, 2008.

Rollins, Steven C., and Richard Lanza. Essential Project Investment Governance and Reporting: Preventing Project Fraud and Ensuring Sarbanes-Oxley Compliance. J. Ross Publishing, 2004. Chapters 1, 2, and 24.

SANS Institute. “Disaster Recovery Plan: Strategies and Processes.” Accessed June 7, 2014. http://www.sans.org/reading_room/whitepapers/recovery/disaster-recovery-plan-strategies-processes_564.

Sarbanes-Oxley Act. Accessed June 7, 2014. https://www.govinfo.gov/content/pkg/COMPS-1883/pdf/COMPS-1883.pdf.

Schweitzer, Douglas. Incident Response: Computer Forensics Toolkit. Wiley Publishing, 2003.

Sharpe, Cat, ed. How to Conduct a Cost-Benefit Analysis. ASTD Press, 1998.

Sisco, Mike. IT Asset Management. MDE Enterprises, Inc., 2002.

Snedaker, Susan. The Best Damn IT Security Management Book Period. Syngress Publishing, 2007.

Sophos. “Security Threat Report 2013: New Platforms and Changing Threats.” Accessed June 7, 2014. http://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf.

Swiderski, Frank, and Window Snyder. “Why Threat Modeling?” In Threat Modeling. Microsoft Press, 2004.

Tipton, Harold F., and Kevin Henry, eds. Official (ISC)² Guide to the CISSP CBK. Auerbach Publications, 2007.

Tipton, Harold F., and Micki Krause. Information Security Management Handbook. 6th ed. Auerbach Publications, 2007.

U.S. Department of Education. “Legislative History of Major FERPA Provisions.” Accessed June 7, 2014. https://www2.ed.gov/policy/gen/guid/fpco/pdf/ferpaleghistory.pdf.

U.S. Department of Health and Human Services. “Health Insurance Portability and Accountability Act of 1996.” Accessed June 7, 2014. http://aspe.hhs.gov/admnsimp/pl104191.htm.

U.S. Department of Health and Human Services, Centers for Disease Control and Prevention. “Business Continuity Plan (BCP) Format Guide Version 1.0.” Accessed June 7, 2014. http://csrc.nist.gov/groups/SMA/fasp/documents/incident_response/BCP_Format_Guide_07112007.doc.

U.S. Department of Justice. “Justice Department Announces New Intellectual Property Task Force as Part of Broad IP Enforcement Initiative.” Accessed June 7, 2014. http://www.justice.gov/opa/pr/2010/February/10-ag-137.html.

U.S. Office of Management and Budget. “Appendix III to OMB Circular No. A-130, Security of Federal Automated Information Resources.” Accessed June 7, 2014. http://www.whitehouse.gov/omb/circulars_a130_a130appendix_iii/.

Vacca, John R., ed. Computer and Information Security Handbook. Morgan Kaufmann Publishers, 2009.

Wrobel, Leo A., ed. Business Resumption Planning. 2nd ed. Auerbach Publications, Taylor & Francis Group, 2009.