Carl B. Jackson, Mark Carey: The Role of Information Security in the Enterprise Risk Management Structure. Information Security Management Handbook, 6th ed. 2007: 281-294