@manual(ebios,
 organization = "Agence nationale de la s\'{e}curit\'{e} des syst\`{e}mes d'information",
 year         = "2010",
 title        = "EBIOS 2010 -- Expression of Needs and Identification of Security Objectives",
 note         = "In French",
)
@misc(Birkholz10,
 author       = "H. Birkholz and S. Edelkamp and F. Junge and K Sohr",
 year         = "2010",
 title        = "Efficient automated generation of attack trees from vulnerability databases",
)
@manual(iso:31000,
 organization = "International Organization for Standardization",
 year         = "2009",
 title        = "{ISO} 31000 -- Risk management -- {P}rinciples and guidelines",
)
@manual(iso-iec:27001,
 organization = "International Organization for Standardization / International Electrotechnical Commission",
 year         = "2005",
 title        = "{ISO/IEC} 27001 -- {I}nformation technology -- {S}ecurity techniques -- {I}nformation security management systems -- {R}equirements",
)
@article(DBLP:journals/corr/abs-1303-7397,
 author       = "Barbara Kordy and Ludovic Pietre-Cambacedes and Patrick Schweitzer",
 year         = "2013",
 title        = "DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees",
 journal      = "CoRR",
 volume       = "abs/1303.7397",
 url          = "http://arxiv.org/abs/1303.7397",
)
@inproceedings(Lamsweerde03fromsystem,
 author       = "Axel Van Lamsweerde and Simon Brohez and Renaud De Landtsheer and David Janssens",
 year         = "2003",
 title        = "From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering",
 booktitle    = "Proc. of RHASÕ03",
 pages        = "49--56",
)
@misc(AttackTree,
 author       = "Isograph Ldt.",
 title        = "AttackTree+ for Windows¨, Version 1.0, Attack Tree Analysis",
 url          = "http://www.isograph.com/software/attacktree/",
)
@techreport(ESC-TR-2005-054,
 author       = "R. Lippmann and K. Ingols",
 year         = "2005",
 title        = "An annotated review of past papers on attack graphs",
 type         = "Technical Report ESC-TR-2005-054",
 institution  = "MIT Lincoln Laboratory",
)
@misc(SecurITree,
 author       = "Amenaza Technologies Ltd.",
 title        = "SecurITree, Attack tree modelling",
 url          = "http://www.amenaza.com/",
)
@misc(SCD4-4b,
 author       = "St\'{e}phane Paul and Olivier Delande",
 year         = "2011",
 title        = "Integrability of design modelling solution",
 howpublished = "SecureChange FP7 project deliverable D4.4b",
)
@techreport(62441619-179/7,
 author       = "St\'ephane Paul and Raphael Vignon-Davillier and Quentin Guil and Mickael Malka and Andr\'e Leblond",
 year         = "2013",
 title        = "Understanding attack trees in the context of security risk assessment studies: a state of the art",
 type         = "Thales technical report",
 institution  = "Thales Research \& Technology",
 note         = "Industry-in-confidence",
)
@article(eemcs23000,
 author       = "W. {Pieters} and T. {Dimkov} and D. {Pavlovic}",
 year         = "2013",
 title        = "Security Policy Alignment: A Formal Approach",
 journal      = "IEEE Systems Journal",
 volume       = "7",
 number       = "2",
 pages        = "275--287",
 doi          = "10.1109/JSYST.2012.2221933",
)