Todd Fitzgerald: Information Security Governance. Information Security Management Handbook, 6th ed. 2007: 15-34