“Appendix B to Part 364—Interagency Guidelines Establishing Information Security Standards,” accessed on 08/2013, www.fdic.gov/regulations/laws/rules/2000-8660.html.
“201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth,” official website of the Office of Consumer Affairs & Business Regulation (OCABR), accessed on 05/06/2013, www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf.
“Family Educational Rights and Privacy Act (FERPA),” official website of the US Department of Education, accessed on 05/2013, www.ed.gov/policy/gen/guid/fpco/ferpa/index.html.
“HIPAA Security Rule,” official website of the Department of Health and Human Services, accessed on 05/2013, www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/.
Allen, Julia, “Governing for Enterprise Security: CMU/SEI-2005-TN-023 2005,” Carnegie Mellon University, June 2005.
Bejtlich, Richard, “Risk, Threat, and Vulnerability 101,” accessed on 10/2013, http://taosecurity.blogspot.com/2005/05/risk-threat-and-vulnerability-101-in.html.
“Capability Maturity Model,” accessed on 10/2013, http://en.wikipedia.org/wiki/Capability_Maturity_Model.
DeMauro, John, “Filling the Information Security Officer Role within Community Banks,” accessed on 10/2013, www.practicalsecuritysolutions.com/articles/.
“Duty of Care,” Legal Information Institute, Cornell University Law School, accessed on 10/2013, www.law.cornell.edu/wex/duty_of_care.
Godes, Scott, Esq., and Kristi Singleton, Esq. “Top Ten Tips for Companies Buying Cyber Security Insurance Coverage,” accessed on 10/2013, www.acc.com/legalresources/publications/topten/tttfcbcsic.cfm.
“Information Security Governance: Guidance for Boards of Directors and Executive Management, Second Edition,” IT Governance Institute, 2006.
“In re Caremark International Inc. Derivative Litigation,” accessed on 10/2013, http://en.wikipedia.org/wiki/In_re_Caremark_International_Inc._Derivative_Litigation.
Matthews, Chris, “Cybersecurity Insurance Picks Up Steam,” Wall Street Journal/Risk & Compliance Journal, August 7, 2013, accessed on 10/2013, http://blogs.wsj.com/riskandcompliance/2013/08/07/cybersecurity-insurance-picks-up-steam-study-finds/.
“PCI DDS Requirements and Security Assessment Procedures, Version 2.0,” PCI Security Standards Council LLC, October 2010.
“Process & Performance Improvement,” Carnegie Mellon Software Engineering Institute, accessed on 10/2013, www.sei.cmu.edu/process/.
“Risk Management,” accessed on 10/2013, http://en.wikipedia.org/wiki/Risk_management#Potential_risk_treatments.
Scott, Todd, Alex Talarides, and Jim Kramer. “Do directors face potential liability for not preventing cyber attacks?” June 24, 2013, accessed on 10/2013, www.lexology.com/library.
Swenson, David, Ph.D., “Change Drivers,” accessed on 10/2013, http://faculty.css.edu/dswenson/web/Chandriv.htm.
“The Security Risk Management Guide,” Microsoft, 2006.
“What Is the Capability Maturity Model (CMM)?” accessed on 10/2013, www.selectbs.com/process-maturity/what-is-the-capability-maturity-model.