1. Hansche S. Designing a security awareness progra m: Part 1, in-formation. Systems Security January/February 2001:14–22. 2. MartinsA, Eloff JHP.Measuringinformationsecurity, ;2001 [accessed August 2004]. 3. Stanton JM, Stam KR, Mastrangelo P, Jolton J. An alysis of end usersecurity behaviours. Computers and Securit y 2005; 24 (2):124–33. 4. Vargas LG, Dougherty JJ. The analytic hierarchy p rocess andmulticriterion decision making. American Journal of Mathe-matical and Management Sciences 1982; 19 (1):59 –92. 5. McKissak J, Hooper V, Hope B. An Organisational Model for Information Security Assessment. In:Brown I, edi tor. PROCEEDINGS OF THE INTERNATIONAL CONFE RENCE ON INFORMATIONMANAGEMENT AND EVA LUATION. Cape Town: Academic Publishing; 2010. pp. 21 8–227. 6. Patel SC, Graham JH, Ralston PAS. Quantitatively assessing the vulnerability of critical informationsystems: A new method for evaluating security enhancements. Int J Inf Manage. 2008; 28: 483–491. 7. Cokins G. Performance Management: Finding the Missing Pieces (to Close the Intelligence Gap).Hoboken: Wi ley; 2004. 8. Ribas CE, Burattini MN, Massad E, Yamamoto JF. Information Security Management System: A CaseStudy in a Brazilian Healthcare Organization. Proceedings of the Inter national Conference on HealthInformatics (HEALTHINF-20 12). Algarve: Science and Technology Publications; 2012. p p. 147–151. 9. Rhee HS, Ryu YU, Kim CT. Unrealistic optimism on information security management. Comput Secur.2012; 3 1: 221–232. 10. European Union Agency for Cybersecurity [ENIS A]. ENISA Threat Landscape Report 2017. 2018.

合作支持单位

数据库合作单位