Carl B. Jackson: The Business Impact Assessment Process. Information Security Management Handbook, 6th ed. 2007: 1675-1691