Sanford Sherizen: The Business Case for Information Security. Information Security Management Handbook, 6th ed. 2007: 625-630