George G. McBride: Enterprise Security Management Program. Information Security Management Handbook, 6th ed. 2007: 261-270