商业银行IT风险识别与评估研究
|
摘要
商业银行是信息化应用水平高、经营业务对信息科技应用高度依赖的企业。截止2010年上半年,国内商业银行各IT系统承载运营的金融资产总额达到八十多万亿元。2009年平均每天经国内商业银行IT系统处理的金融业务交易量达4亿多笔。
信息技术是一把“双刃剑”!信息技术在给商业银行带来业务创新和变革的同时,也给商业银行的业务运作带来了极大的风险和安全隐患。据“中国银行业监督管理委员会”2009年度的统计资料,全国各银行支撑重要业务的IT系统全年共发生系统服务中断事件近3000次之多。信息技术已经成为影响我国商业银行经营稳健、信息安全和客户及公众正常经济活动的重要风险要素。
科学、准确的IT风险评估,是IT风险管理工作中重要工作,也是IT风险管理工作中的难点。而有效、全面的IT风险识别和科学、合理、有效的IT风险评估指标体系构建,是做好IT风险评估的基础。
本文正是针对商业银行IT风险评估的三个关键性问题:(1)商业银行IT风险识别、(2)商业银行IT风险评估指标体系构建、(3)商业银行IT风险定量评估,进行了探索性和创新性的研究,主要的研究内容包括:
(1)针对商业银行IT风险因素来源广、难以有效识别的现状,IT风险因素具有复杂性和不确定性的特点,研究了商业银行IT风险识别方法,提出了将情景分析法、SWOT分析法应用于商业银行IT风险识别的方法,并以案例的形式阐述了其方法应用的可行性和有效性。研究中发现,IT风险识别是一项难以准确把握和识别的工作,必须结合商业银行自身的IT应用和管理环境以及企业的业务环境,运用多种方法,方可有效识别其IT风险因素。
(2)应用思维导图工具,研究了商业银行“IT风险形成机理”,构建了“IT风险要素关系模型”。以商业银行IT风险形成机理为出发点,研究和分析了商业银行IT风险的识别与构成来源,从八个方面(IT治理类、IT人员类、信息安全类、应用软件类、物理安全类、网络安全性、外包服务类、系统变更类)对IT风险进行了分类和识别。
(3)在对商业银行IT风险识别与分类研究的成果基础上,研究了商业银行IT风险评估指标体系的构建。以调查问卷为研究工具,以西南某省15家商业银行为调研对象,运用SPSS统计学软件定量分析了关键IT风险因素,构建了商业银行IT风险定量评估指标体系。
(4)对商业银行IT风险定量评估方法和其应用进行了研究。运用所构建的商业银行IT风险定量评估指标体系,以某一家商业银行为例,应用了“云模型”理论和云重心评判法对该商业银行IT风险进行了定量评估,给出了评估模型和方法、整个工作思路以及实施的过程描述。
除此之外,本文还对商业银行IT风险管理的相关问题进行了研究,包括:
(5)归纳和梳理了已有的有关风险及IT风险的研究文献与理论研究成果、IT风险管理标准与框架及行业的最佳实践指南等研究成果,对其相关研究的内容及研究成果进行了全面的分析和总结。对风险和IT风险的内涵与外延进行了界定和分析,分析了风险的特征和IT风险与其他风险的区别,为后续的研究工作做了理论上的铺垫和准备。
(6)基于COSO的ERM整合框架和IT全生命周期理论,从商业银行IT风险管理的需求和IT风险管理的内部环境因素分析着手,给出了IT风险控制基线的模型和框架,探讨了IT风险控制基线的组成要素和构建方法。将IT风险控制基线模型应用到商业银行的IT风险管理工作之中,使其成为企业IT风险管理强有力的工具和手段。
Commercial banks are of the high level information application, and their businesses highly depend on information technology application. By the first half year of2011, the total financial assets operated by IT systems in home commercial banks have reached RMB80billion. In2009, the trades of financial business operated by commercial banks have been more than400million.
Information technology is a "double-edged sword"! It brings commercial banks not only business innovation and changes, but brings the business operation risks and safety hazards. According to the statistical data in2009from China Banking Regulatory Commission, the system service of important IT systems in various home banks broke off for more than3000times in2009. Information technology has become an important factor influencing the steady operation, information safety and normal economic activities of clients and the public in our home commerical banks.
Assessing IT risks scientifically and precisely is the important as well as tough work in IT risk management. However, effective and comprehensive IT risk recognition as well as the establishement of a scientific, reasonable and effective IT risk assessment index system are the foundation of IT risk assessment.
The paper addresses three key issues about commercial bank IT risk assessment:(1) commercial bank IT risk recognition,(2) construction of commercial bank IT risk assessment system,(3) IT risk quantitative assessment of commercial bank. The explorable and innovative researches include:
(1) The present situation is that IT risks are hard to recognize and their source is wide. The factors of IT risks are complicated and uncertain. After studying commercial bank IT risk recognition methods, the paper applies scenario analysis and SWOT analysis into commercial bank IT risk recognition. Samples are also used to describe the feasibility and effectiveness of the application analysis. The research found that IT risk recognition is difficult to handle and recognize, IT application, management environment and business environment of the enterprise should be combined, meanwhile, multiple methods are adopted in order to effectively recognize IT risk factors.
(2) Mind map tools are used to study commercial bank "IT risk formation mechanism" and construct "IT risk factors relation model". Commercial bank IT risk formation mechanism is regarded as the starting point to study the recognition and source of commerical bank IT risks; the IT risks are classified and recognized from8aspects:IT governance, IT staff, information safety, application software, physical safety, network security, outsourcing service and system variation.
(3) Based on the studies of commercial bank IT risk recognition and classification, the construction of commercial bank IT risk assessment index system is studied. Questionares are used as researching tool;15commercial banks in a south-western province are used as the research targets. Meanwhile, SPSS statistical software is used to quantitatively analyze key IT risk factors in order to construct commercial bank IT risk quantitative assessment index system.
(4) The commercial bank IT risk quantitative assessment methods and their application are studied. The constructed commercial bank IT risk quantitative assessment index system is used to analyze one commercial bank. The IT risks of this commercial bank are quantitatively assessed by using cloud model and membership cloud gravity center (MCGC). Then the assessment model, methods, working thoughts and implementation process are described.
In addition, the paper also studies related issues about IT risk management of commercial bank:
(5) The paper summarizes the risk or IT risk related research literature, results of theoretical studies, IT risk management standards and framework, practice guide of the industry, etc. The content of the research and the research results have been analyzed and summarized comprehensively. The connotation and denotation of risk and IT risk are defined and analyzed. The paper analyzes features of risks, as well as the difference between IT risk and other risks, laying a foundation for other related researches.
(6) According to the ERM integration framework based on COSO and IT life cycle theory, the paper gives the model and framework of IT risk control baseline and discusses its constituents and construction methods, from the angle of IT risk management demands of commercial bank and inner environmental factors of IT risk management. The IT risk control baseline model is applied in IT risk management in commercial bank, making itself a strong tool in enterprise IT risk management.
信息技术是一把“双刃剑”!信息技术在给商业银行带来业务创新和变革的同时,也给商业银行的业务运作带来了极大的风险和安全隐患。据“中国银行业监督管理委员会”2009年度的统计资料,全国各银行支撑重要业务的IT系统全年共发生系统服务中断事件近3000次之多。信息技术已经成为影响我国商业银行经营稳健、信息安全和客户及公众正常经济活动的重要风险要素。
科学、准确的IT风险评估,是IT风险管理工作中重要工作,也是IT风险管理工作中的难点。而有效、全面的IT风险识别和科学、合理、有效的IT风险评估指标体系构建,是做好IT风险评估的基础。
本文正是针对商业银行IT风险评估的三个关键性问题:(1)商业银行IT风险识别、(2)商业银行IT风险评估指标体系构建、(3)商业银行IT风险定量评估,进行了探索性和创新性的研究,主要的研究内容包括:
(1)针对商业银行IT风险因素来源广、难以有效识别的现状,IT风险因素具有复杂性和不确定性的特点,研究了商业银行IT风险识别方法,提出了将情景分析法、SWOT分析法应用于商业银行IT风险识别的方法,并以案例的形式阐述了其方法应用的可行性和有效性。研究中发现,IT风险识别是一项难以准确把握和识别的工作,必须结合商业银行自身的IT应用和管理环境以及企业的业务环境,运用多种方法,方可有效识别其IT风险因素。
(2)应用思维导图工具,研究了商业银行“IT风险形成机理”,构建了“IT风险要素关系模型”。以商业银行IT风险形成机理为出发点,研究和分析了商业银行IT风险的识别与构成来源,从八个方面(IT治理类、IT人员类、信息安全类、应用软件类、物理安全类、网络安全性、外包服务类、系统变更类)对IT风险进行了分类和识别。
(3)在对商业银行IT风险识别与分类研究的成果基础上,研究了商业银行IT风险评估指标体系的构建。以调查问卷为研究工具,以西南某省15家商业银行为调研对象,运用SPSS统计学软件定量分析了关键IT风险因素,构建了商业银行IT风险定量评估指标体系。
(4)对商业银行IT风险定量评估方法和其应用进行了研究。运用所构建的商业银行IT风险定量评估指标体系,以某一家商业银行为例,应用了“云模型”理论和云重心评判法对该商业银行IT风险进行了定量评估,给出了评估模型和方法、整个工作思路以及实施的过程描述。
除此之外,本文还对商业银行IT风险管理的相关问题进行了研究,包括:
(5)归纳和梳理了已有的有关风险及IT风险的研究文献与理论研究成果、IT风险管理标准与框架及行业的最佳实践指南等研究成果,对其相关研究的内容及研究成果进行了全面的分析和总结。对风险和IT风险的内涵与外延进行了界定和分析,分析了风险的特征和IT风险与其他风险的区别,为后续的研究工作做了理论上的铺垫和准备。
(6)基于COSO的ERM整合框架和IT全生命周期理论,从商业银行IT风险管理的需求和IT风险管理的内部环境因素分析着手,给出了IT风险控制基线的模型和框架,探讨了IT风险控制基线的组成要素和构建方法。将IT风险控制基线模型应用到商业银行的IT风险管理工作之中,使其成为企业IT风险管理强有力的工具和手段。
Commercial banks are of the high level information application, and their businesses highly depend on information technology application. By the first half year of2011, the total financial assets operated by IT systems in home commercial banks have reached RMB80billion. In2009, the trades of financial business operated by commercial banks have been more than400million.
Information technology is a "double-edged sword"! It brings commercial banks not only business innovation and changes, but brings the business operation risks and safety hazards. According to the statistical data in2009from China Banking Regulatory Commission, the system service of important IT systems in various home banks broke off for more than3000times in2009. Information technology has become an important factor influencing the steady operation, information safety and normal economic activities of clients and the public in our home commerical banks.
Assessing IT risks scientifically and precisely is the important as well as tough work in IT risk management. However, effective and comprehensive IT risk recognition as well as the establishement of a scientific, reasonable and effective IT risk assessment index system are the foundation of IT risk assessment.
The paper addresses three key issues about commercial bank IT risk assessment:(1) commercial bank IT risk recognition,(2) construction of commercial bank IT risk assessment system,(3) IT risk quantitative assessment of commercial bank. The explorable and innovative researches include:
(1) The present situation is that IT risks are hard to recognize and their source is wide. The factors of IT risks are complicated and uncertain. After studying commercial bank IT risk recognition methods, the paper applies scenario analysis and SWOT analysis into commercial bank IT risk recognition. Samples are also used to describe the feasibility and effectiveness of the application analysis. The research found that IT risk recognition is difficult to handle and recognize, IT application, management environment and business environment of the enterprise should be combined, meanwhile, multiple methods are adopted in order to effectively recognize IT risk factors.
(2) Mind map tools are used to study commercial bank "IT risk formation mechanism" and construct "IT risk factors relation model". Commercial bank IT risk formation mechanism is regarded as the starting point to study the recognition and source of commerical bank IT risks; the IT risks are classified and recognized from8aspects:IT governance, IT staff, information safety, application software, physical safety, network security, outsourcing service and system variation.
(3) Based on the studies of commercial bank IT risk recognition and classification, the construction of commercial bank IT risk assessment index system is studied. Questionares are used as researching tool;15commercial banks in a south-western province are used as the research targets. Meanwhile, SPSS statistical software is used to quantitatively analyze key IT risk factors in order to construct commercial bank IT risk quantitative assessment index system.
(4) The commercial bank IT risk quantitative assessment methods and their application are studied. The constructed commercial bank IT risk quantitative assessment index system is used to analyze one commercial bank. The IT risks of this commercial bank are quantitatively assessed by using cloud model and membership cloud gravity center (MCGC). Then the assessment model, methods, working thoughts and implementation process are described.
In addition, the paper also studies related issues about IT risk management of commercial bank:
(5) The paper summarizes the risk or IT risk related research literature, results of theoretical studies, IT risk management standards and framework, practice guide of the industry, etc. The content of the research and the research results have been analyzed and summarized comprehensively. The connotation and denotation of risk and IT risk are defined and analyzed. The paper analyzes features of risks, as well as the difference between IT risk and other risks, laying a foundation for other related researches.
(6) According to the ERM integration framework based on COSO and IT life cycle theory, the paper gives the model and framework of IT risk control baseline and discusses its constituents and construction methods, from the angle of IT risk management demands of commercial bank and inner environmental factors of IT risk management. The IT risk control baseline model is applied in IT risk management in commercial bank, making itself a strong tool in enterprise IT risk management.
引文
[1]ISO. ISO 31000:2009. Risk management—Princiles and guidelines.2009.
[2]安泰环球技术委员会.管理风险创造价值——深度解读IS031000:2009标准.北京:人民邮电出版社,2010.
[3]薛晓源,周战超.全球化与风险社会.北京:社会科学文献出版社,2005.
[4]马步云.现代化风险初探:[博士学位论文].上海:复旦大学,2006.
[5]刘雯.科技风险、灾难与负面效应的实证研究:[博士学位论文].合肥:中国科学技术大学,2008.
[6]百度百科.风险[EB/OL].[2011-08-09].http://baike.baidu.com/view/156901.htm.
[7]Gove, Phillip Babcock, Editor. Webster's Third New International Dictionary:Unabridged. Springfield,1981, MA:Merrian-Webster.
[8]方德英.IT项目风险管理理论与方法研究:[博士学位论文].天津:天津大学,2003.
[9]郭晓亭,蒲勇健,林略.风险概念及其数量刻画.数量经济技术经济研究,2004,(02):111-1]5.
[10]A.H.Mowbray, R.H.Blanchard, C.A.Williams. Insurance.4th ed. New York:McGraw-Hill, 1995.
[11]CA.Williams, R.M.Heins. Risk Management and Insurance. New York:McGraw-Hill,1985.
[12]J.S.Rosenbloom. A Case Study in Risk Management. Prentice Hall,1972.
[13]F.G.Crane. Insurance Principles and Practices.2nd ed. New York:Wiley,1984.
[14]王明涛.证券投资风险计量、预测与控制.上海:上海财经大学出版社,2003.
[15]叶青.中国证券市场风险的度量与评价.北京:中国统计出版社,2001.
[16]胡宣达,沈厚才.风险管理学基础——数理方法.南京:东南大学出版社,2001.
[17]Frank J.Fabozzi投资管理学(周刚等).北京:经济科学出版社,1999.
[18]朱淑珍.金融创新与金融风险——发展中的两难.上海:复旦大学出版社,2002.
[19]叶青,易丹辉.中国证券市场风险分析基本框架的研究.金融研究,2000,(6):65-70.
[20]Group of Thirty Global Derivatives study Group. Derivatives Practices and Principles. Washington D.C,1993.
[21]P. Jorion. Value at Risk. New York:McGraw-Hill,1997.
[22]杨建平,杜端甫.项目风险的一种模糊分析方法.北京航空航天大学学报,1998,24(1): 71-74.
[23]卢有杰,卢家仪.项目风险管理.北京:清华大学出版社,1998.
[24]周慧玲.风险管理学.武汉:武汉测绘科技大学出版社,1999.
[25]陈阳.产品创新项目风险评估方法及应用研究:[博士学位论文].长沙:国防科学技术大学,2007.
[26]Yong Jin Kim, G. Lawrence Sanders. Strategic actions in information technology investment based on real option theory. Decision Support Systems,2002, (33):1-11.
[27]Hamdy A. Taha. Operations Research:An Introduction (8th Edition). New York:Macmillan, 2006.
[28]Software Engineering Institute. The SEI Approach to Managing Software Technical Risks. Bridge:Software Engineering Institute,1992,19-21.
[29]Kontio, Jyrki. Software Engineering Risk Management:A Method, Improvement Framework, and Empirical Evaluation. A doctoral dissertation from Helsinki University of Technology, 2001.
[30]Karl E. Wiegers. Know your enemy:Software Risk Management, www.processimpact.com, Software Development,1998.
[31]王求真.基于两阶段风险的定制类信息系统开发项目绩效模型研究:[博士学位论文].杭州:浙江大学,2006.
[32]冯楠.软件项目风险管理理论与模型研究:[博士学位论文].天津:天津大学,2007.
[33]刘钧.风险管理概论.北京:清华大学出版社,2008.
[34](美)COSO制定发布.企业风险管理——整合框架(方红星王宏).大连:东北财经大学出版社,2008.
[35]中华人民共和国国家质量监督检验检疫总局,中国国家标准化管理委员会GB/T 23694-2009/ISO/IEC Guide 73:2002风险管理术语.北京:中国标准出版社,2009.
[36]程建华.信息安全风险管理、评估与控制研究:[博士学位论文].长春:吉林大学,2008,17-18.
[37](英)巴里·巴恩斯著.局外人看科学(鲁旭东).北京:东方出版社,2002.
[38](英)Ernie Jordan Luke Silcock. IT风险——基于IT治理的风险管理之道(汤大马).北京:清华大学出版社,2006,.54-66.
[39]中国银行业监督管理委员会.银行业金融机构信息系统风险管理指引.2006.
[40]张同健.国有商业银行信息技术风险控制绩效测评模型研究——基于Cobit理论和Ursit框架视角的实证检验.武汉科技大学学报(社会科学版),2008,10(1):39-45.
[41]George J. A transactions cost approach to the theory of f inancial intermediation. Journal of Finance,2001(9):77-83.
[42]中国银监会.商业银行信息科技风险管理指引.2009.
[43]中国银行业从业人员资格认证办公室编.风险管理.北京:中国金融出版社,2007,2-8,37,44,57-58.
[44](美)COSO企业风险管理——应用技术(张宜霞).大连:东北财经大学出版社,2005.
[45]李怀祖.管理研究方法论.西安:西安交通大学出版社,2004,71-80.
[46]杨娘商业银行信息系统风险评估模型的设计与实现:[硕士学位论文].长沙:湖南大学,2006.
[47]覃正,郝晓玲,方一舟.IT操作风险管理理论与实务.北京:清华大学出版社,2009.
[48]ITGITM. COBIT(?) 4.1. USA,2007.
[49]Steven Alter, Michael Ginzberg. Managing uncertainty in MIS implementation. Sloan Management Review,1978,20(1):23-31.
[50]Boehm B. W. Software Risk Management. IEEE Washington D.C:Computer Society Press, 1989.
[51]Boehm B. W. Software risk management:principles and practices. IEEE Software,1991,8(1): 32-41.
[52]Barki H., Rivard S., Talbot, J. Toward an assessment of software development risk. Journal of Management Information Systems,1993,10(2):203-225.
[53]Marvin J. Carr, S. L. Konda, I. Monarch, F. C. Ulrich, C. F. Walker. Taxonomy-Based Risk Identification. SEI Technical Report SEI-93-TR-006, Pittsburgh, PA:Software Engineering Institute, (SEI internal report),1993.
[54]Jones T. C. Assessment and control of software risks. Englewood Cliffs:Yourdon Press,1994.
[55]Haimes Y.Y. Hierarchical holographic modeling. IEEE Transaction on System, Man, and Cybernetis,1981,11 (9),606-617.
[56](美)雅科夫.Y.海姆斯.风险建模、评估和管理(胡平等).西安:西安交通大学出版社,2007,83-90.
[57]Haimes Y.Y, Lambert J., Duan Li, Schooff R., Tulsiani V. Hierarchical holographic modeling for risk identification in complex systems. Systems, Man and Cybernetics,1995. Intelligent Systems for the 21st Century, IEEE International Conference on,1995, Volume:2,1027-1032.
[58]James H. Lambert, Haimes Y.Y., Duan Li, Richard M. Schooff, Vijay Tulsiani.Identification, ranking and management of risks in a major system acquisition. Reliability Engineering and System Safety,2001,72,315-325.
[59]Moynihan T. How Experience Project Managers Assess Risk. IEEE Software,1997, May/June, 35-42.
[60]Schmidt Roy, Lyytinen Kalle, Keil Mark, Cule Paul. Identifying Software Project Risks:An International Delphi Study. Journal of Management Information Systems,2001,17(4):5-36.
[61]王寓辰,张金隆,卢新元,陈艳.全生命周期下IT项目风险识别研究.管理学报,2005,(2):5-9.
[62]杨静.软件项目风险识别及评价模型研究:[硕士学位论文].南京:东南大学.2006.
[63]何苇杭,周红梅,魏双盈.论信息系统项目开发的风险识别.武汉理工大学学报,2006,28(10):134-137.
[64]古夫兰.基于机会发现的软件项目风险识别研究.:[硕士学位论文].哈尔滨:哈尔滨工程大学,2007.
[65]刘丽萍,于海龙.基于ISELC的信息系统风险识别与分析.中国管理信息化,2008,11(7):74-79.
[66]冯楠,李敏强,方德英.基于遗传算法的软件项目风险辨识研究.计算机工程与应用,2008,44(9):7-9.
[67]涂伟,张金隆.企业IT治理中的风险识别与规避.统计与决策.2008,4,175-177.
[68]陈天平,郑连清,张新源HHM在信息系统风险识别中的应用.中国安全生产科学技术,2008,4(6):98-100.
[69]杨峰.基于SWOT分析法的信息系统风险识别的应用研究.第四届(2009)中国管理学年会——信息管理分会场论文集,2009,北京,24-30.
[70]邓建高,卞艺杰,田泽,徐绪堪.ERP系统实施风险识别模型构建.情报杂志,2010,29(4):142-145.
[71]黄琨.信息技术外包项目全生命周期的风险识别.湖北社会科学,2010,11,97-101.
[72]梁志顺.信息安全外包风险识别与评估模型研究.石家庄铁道大学学报(社会科学版),2011,5(2):40-43.
[73]顾同飞.基于粗糙集的IT项目风险识别的学习与实践:[硕士学位论文].北京:中国地质大学,2011.
[74]赵冬梅.信息安全风险评估量化方法研究:[博士学位论文].西安:西安电子科技大学,2007.
[75]Miles MB, Huberman AM. Qualitative data analysis,2nd ed. Newbury Park, Cal:Sage,1994.
[76]Anselm L strauss. Qualitative analysis for social scientists, New York:Cambridge University Press,1987.
[77]Yang Y, Boehm B, Clark B. Assessing COTS integration risk using cost estimation inputs. Proceeding of the 28th international conference on Software engineering, Shanghai, China, ACM press,2006,431-438.
[78]冯登国,张阳,张玉清.信息安全风险评估综述.通信学报,2004,25(7):10-18.
[79]Soh BC, Dillon TS, County P. Quantitative risk assessment of computer virus attacks on computer networks. Computer Networks and ISDN Systems, ACM Press,1995.
[80]Shoemaker D.A quantitative risk assessment model for the management of software projects. Practicing software engineering in the 21st century, Idea Group Publishing,2003,97-115.
[81]K. Kansala. Software Project Risk Assessment Based on Generic Experience of Companies.3rd Escom Conf., ESCOM, Walstead, UK,1992.
[82]Roger S. Pressman. A Manager's Guide to Software Engineering, McGraw-Hill,1993.
[83]Dale, Walter Karolak. Software Engineering Risk Management. IEEE Computer Society Press, 1996.
[84]Barki. H., Riverd. S., Talbot. J. Toward an assessment of software development risk.Journal of Management Information Systems,1993,10(2):203-225.
[85]Jyrki Kontio, Victor R. Basili. Empirical Evaluation of a Risk Management Method. SEI Conference on Risk Management,1997, Atlantic City, NJ.
[86]Kontio, J. Risk management in software development:A technology overview and the Riskit method. Software Engineering. Proceedings of the 1999 International Conference on,1999, 679-680.
[87]Yacoub SM, Ammar H.H., Robinson. A methodology for architectural-level risk assessment using dynamic metrics.11th International Symposium On Software Reliability Engineering, Proceedings,2000,210-221.
[88]Smolucha J. Software simulation tools minimize risk.WESCON/97-Conference Proceedings, 1997,323-328.
[89]Dan X. Houston, Gerald T. Mackulak, James S. Collofello. Stochastic simulation of risk factor potential effects for software development risk management. The Journal of Systems and Software,2001,59,247-257.
[90]Norman Fenton, Martin Neil. Software Metrics and Risk. FESMA 99,2nd European Software Measurement Conference,1999.
[91]Sunita Chulani, Barry Boehm, Bert Steece. Bayesian Analysis of Empirical software Engineering Cost Models. Software Engineering, IEEE Transactions on,1999,25(4):573-583.
[92]SCULLY. Scaling up Bayesian Nets for Software Risk Assessment. SCULLY Version 1.0,12 July 1999.
[93]Juite Wang. A fuzzy project scheduling approach to minimize schedule risk for product development. Fuzzy Sets and Systems,2002,127:99-116.
[94]H.H. Ammar, T. Nikzadeh, J.B. Dugan. An Example of Risk Assessment of Software Systems Specifications. Software Reliability Engineering,1997. Proceedings., The Eighth International Symposium on,1997,156-167.
[95]H. Ammar, T. Nikzadeh, J.B. Dugan. A Methodology for Risk Assessment of Functional Specifications using Colored Petri Nets. In proceeding of the Fourth International Software Metrics Symposium (Metrics'97), IEEE Comp. Soc.,1997.
[96]Hany H. Ammar, Tooraj Nikzadeh, Joanne Bechta Dugan. Risk assessment of software-system specifications. IEEE Transactions On Reliability,2001,50(2):171-183.
[97]Judson Williford, Andrew Chang. Modeling the FedEx IT division:a system dynamics approach to strategic IT planning. The Journal of Systems and Software 46,1999,203-211.
[98]Briand. L., El Eman. K., Bomarius. F. A hybrid method for Software Cost Estimation and Risk Assessment. Appear in proceedings of International Conference on Software Engineering (ICSE)'98, IEEE,1998.
[99]Madachy. R.J. Heuristic risk Assessment using Cost Factors. IEEE Software,1997,51-59.
[100]Chin-Feng Fan, Yuan-Chang Yu. BBN-based software project risk management.The Journal of Systems and Software,2004,73:193-203.
[101]Huey-Ming Lee. Group decision making using fuzzy set theory for evaluating the rate of aggregative risk in software development. Fuzzy Sets and Systems,1996,80:261-271.
[102]E.W.T.Ngai,F.K.T.Wat. Fuzzy decision support system for risk analysis in e-commerce development. Decision Support Systems,2005,40:235-255.
[103]Tah J.H.M,Carr V. A proposal for construction project risk assessment using fuzzy logic. Journal of construction Management and Economics,2000,18:491-500.
[104]Daniel Bilar. Quantitative Risk Analysis of Computer Networks:[博士学位论文]. Dartmouth College, Hanover, New Hampshire, England,2003.
[105]Jerald Dawkins. Heuristics for Scalable Compound Exposure Analysis:A Foundation for a Comprehensive Security Risk Assessment:[博士学位论文]. the University of Tulsa.2005.
[106]钱钢,达庆利.基于系统安全工程能力成熟模型的信息系统风险评估.管理工程学报, 2001,15(4):58-60.
[107]李随成,陈敬东,赵海刚.定性决策指标体系评价研究.系统工程理论与实践,2001,9:22-28.
[108]张李义.信息系统开发的动态风险模糊估测方法.系统工程理论与实践,2001,10:88-92.
[109]钱钢.信息系统风险的组合评估方法.计算机科学,2002,29(9):134-136.
[110]吴仁群.IT项目投资期权及其风险管理.北京理工大学学报,2003,4:81-84.
[111]吴仁群,韩伯棠.期权理论在IT项目风险管理中的应用.北京邮电大学学报,2003,1:29-33.
[112]吴仁群.期权理论在IT项目投资评估中的应用.石油大学学报,2003,6:45-47.
[113]闫强,陈钟,段云所,王立福.信息系统安全度量与评估模型.电子学报,2003,31(9):1351-1355.
[114]方德英.基于实物期权的IT项目开发风险决策方法.中国软科学,2004,2:151-155.
[115]陈蔚珠,陈禹.以复杂适应系统理论探析企业信息系统项目风险.复杂系统与复杂性科学,2004,1(2):80-86.
[116]张曼,屠梅曾,王为人.PaR一大型项目风险管理新方法.上海交通大学学报,2004,3:446-451.
[117]张曼,屠户=梅曾,王为人.大型项目融资风险动态管理方法.系统工程理论与实践,2004,60-65.
[118]王祯学,戴宗坤,肖龙,王标.信息系统风险评估的数学方法.四川大学学报(自然科学版),2004,41(5):991-994.
[119]张金隆,谢刚,卢新元.一种基于VPRS的IT项目投标风险要素评价方法.管理学报,2004,1(2):192-194.
[120]肖龙,戴宗坤,杨炜.基于VPRS的信息系统风险分析.计算机应用,2005,25(7):1596-1597.
[121]王英梅,刘增良,程湘云.信息系统风险评估与管理的定量化方法研究.计算机工程与应用,2005,22:8-10.
[122]冯楠,李敏强,寇纪淞,方德英.基于人工神经网络的IT项目风险评价模型.计算机工程与应用,2006,06:24-26.
[123]杨红,杨德礼.基于未确知测度的信息系统风险评估模型.计算机工程,2006,32(16):120-129.
[124]王奕,费洪晓,蒋蘋FAHP方法在信息安全风险评估中的研究.计算机工程与科学,2006,28(9):4-12.
[125]胡勇,漆刚,陈麟,杨炜.信息系统风险量化评估指标体系.四川大学学报(自然科学版),2006,43(5):1048-1052.
[126]卢新元,张金隆.基于粗糙集和贝叶斯理论的IT项目风险规则挖掘.计算机工程与应用,2006.22:12-15.
[127]张平,谷利泽,杨义先.灰色聚类评估模型在安全评估中的应用.北京邮电大学学报,2006,29(z):93-95.
[128]张永铮,方滨兴,迟悦,云晓春.用于评估网络信息系统的风险传播模型.软件学报,2007,18(1):137-145.
[129]董铁牛,杨乃定,晏鹏宇,姜继娇.基于生命周期理论的软件项目投标风险评估.计算机工程与应用,2007,43(9):18-21.
[130]刘汕,张金隆,陈涛,丛国栋.企业IT项目风险评估与规避策略研究.管理学报,2008,5(4):498-504.
[131]陈涛,张金隆,刘汕.不确定环境下基于实物期权的IT项目风险与价值综合评估方法.系统工程理论与实践,2009,29(2):30-37.
[132]陈涛,丛国栋,于本海,张金隆.基于风险管理的软件开发过程模型及其复合实物期权分析.管理工程学报,2010,24(2).
[133]胡勇,贺晓娟,黄嘉星,容振邦,谢康.软件项目风险的神经网络预测模型.管理学报,2010,7(3):391-394.
[134]吴溥峰,胡啸兵.中国网上银行信息系统安全管理模糊综合评估.统计与信息论坛,2011,26(1):55-59.
[135]杨涛.商业银行信息科技风险评估研究.统计与信息论坛,26(5):77-81.
[136]Dempster A P. Upper and low probabilities induced by a multi-valued mapping. Annuals of Mathematical Statistics,1967, (38):325-339.
[137]杨风暴,王肖霞.D-S证据理论的冲突证据合成方法.北京:国防工业出版社,2010.
[138]鞠彦兵,冯允成,姚李刚.基于证据理论的软件开发风险评估方法.系统工程理论方法应用,2003,12(3):218-223.
[139]鞠彦兵,王爱华.基于证据理论的风险收益评价模型及其应用.数学的实践与认识,2006,36(12):19-28.
[140]杨善林,陆文星,梁昌勇.基于证据理论的IT项目风险因素评估方法.合肥工业大学学报,2006,29(12):1485-1488.
[141]高会生,朱静.基于D-S证据理论的网络安全风险评估模型.计算机工程与应用,2008,44(6):157-159.
[142]朱静.基于D-S证据理论的网络安全风险评估模型:[硕士学位论文].保定:华北电力大学,2008.
[143]朱静,高会生,李聪聪.基于D-S证据理论的信息安全风险评估.华北电力大学学报,2008,35(4):102-108.
[144]单晓红,蒋国瑞,黄梯云.证据理论在软件项目风险分析中的应用.计算机工程与应用,2008,44(35):76-79.
[145]顾孟钧.基于D-S证据理论的信息系统风险评估方法研究:[硕士学位论文].杭州:浙江工业大学,2008.
[146]闰中海.基于证据理论的多属性风险决策研究:[硕士学位论文].厦门:厦门大学,2008.
[147]赵仁君.基于模糊层次和证据理论的信息系统风险评估方法研究:[硕士学位论文].长沙:湖南大学,2009.
[148]王侃.基于证据理论的移动商务交易风险评估与控制决策研究:[博士学位论文].武汉:华中科技大学,2009.
[149]陈明晶,姚建荣.基于D-S证据理论的C2C交易风险评估模型.数学的实践与认识,2010,40(12):111-117.
[150]方阳.基于层次分析法和D-S证据理论的电信网网络安全风险评估模型的研究与应用:[硕士学位论文].北京:北京邮电大学,2010
[151]冯楠,解晶.多重不确定环境下基于证据理论的NIS安全风险评估模型.管理学报,2011,8(4):614-620,627.
[152]宋明哲.现代风险管理.北京:中国纺织出版社,2003.
[153]Project Management Institute, Inc. A GUIDE TO THE PROJCET MANAGEMENT BODY OF KNOWLEDGE (PMBOK(?) Guide)—Fourth Edition. United States of America,2008, 273-312.
[154]杨律青.面向风险管理的企业应用软件项目实施模型与方法研究:[博士学位论文].武汉:华中科技大学,2008.
[155]楼渐君.软件项目风险因素与项目产出的关系研究:[博士学位论文].杭州:浙江大学,2004.
[156]张成虎,李淑彪,信息技术风险监管——银行监管的新领域.中国金融电脑,2002,(9):20-23.
[157]汪锦丽,沈林楠,美国银行信息技术风险监管经验及借鉴.华南金融电脑,2004,7:20-22.
[158]王金凤.现代风险导向审计下风险评估的SWOT分析法.财会月刊(综合版),2006,(9):58-59.
[159]王冰风险基础审计在中国审计实践中应用的SWOT分析.科技资讯,2006,(10):176-177.
[160]金丽丽黄琦田兵权SWOT分析法在项目风险管理中的应用.科技与经济,2007,20(115):55-58.
[161]刘力.运用SWOT分析法识别项目的机遇和风险.2008年全国项目管理工程硕士教育论文集,2008:6-10.
[162]张力.我国生物制药风险投资的SWOT分析及对策.高科技与产业化,2005,(5):13-15.
[163]鲍学英,柏琼SWOT技术在房地产投资风险管理中的应用研究.兰州交通大学学报,2008,27(1):8-10.
[164]锁永军,高燕.安徽发展风险投资的SWOT模型分析.中国集体经济,2008,(5):28-29.
[165]刘娜.基于SWOT分析法的图书馆事业风险规避.图书与情报,2007,(6):28-32.
[166]刘光维,赵庆华,刘丽萍SWOT分析法在NICU护理风险管理中的应用.重庆医学,2009,(38):263-264.
[167]全海英,孔维峰.我国女子蹦床运动员参赛风险的评估与SWOT矩阵分析.北京体育大学学报,2008(31):1287-1289.
[168]陆际恩,谭宇胜,彭波等.基于SWOT理论的AHP法在工程风险管理中的应用.施工技术,2008,(37增刊):419-421.
[169]陆际恩,谭宇胜,彭波,籍存德,郝瑞珍,张波.基于SWOT理论的工程项目风险管理的模糊决策.科技风,2009,(16):54-55.
[170]梁驰,宋金杰.河北省风险投资SWOT分析与对策思考.财会通讯,2011,(01):10-12.
[171]阚华峰SWOT分析法在工程项目风险识别中的应用研究.现代商贸工业,2010,(21):59-60.
[172]梁华.风险企业SWOT价值评估法:[硕士学位论文].厦门:厦门大学,2009.
[173]黄琨.基于SWOT模型的石油企业跨国经营风险规避战略.社会科学,2011,(11):40-46.
[174]杨秋妹.基于SWOT法的企业环境管理风险评估问题研究:[硕士学位论文].青岛:中国海洋大学,2009.
[175]李晨曦.用SWOT模型分析我国商业银行声誉风险管理问题China's Foreign Trade,2011, (10):2-,4.
[176]David Wood. Where we are going:SWOT analysis aids risk assessment. Oil & Gas Journal, 2005,103(6):54-58.
[177](美)小瑞芒德.麦克劳德 乔治.谢尔.管理信息系统——管理导向的理论与实践(第8版)(张成洪),北京:电子工业出版社,2002.
[178]欧立雄,宋乐,梁萍,黄柯鑫.基于QFD的IT项目风险管理方法研究.科学技术与工程,2008,8(1):287-291.
[179]Boehm B W, Demarco T. Software Risk Management. IEEE Software, May/June,1997,17-19.
[180]Marvin J C,Suresh L K, Ira M. Taxonomy-based Risk Identification (SEI-93-TR-006). Pittsburgh, PA:SEI,1993,30-37.
[181]Haimes, Yacov Y. Risk Filtering, Ranking and Management Framework Using Hierarchical Holographic Modeling. Risk Analysis,2002,22(2):383-397.
[182]Lambert, James H. Integration of Risk Identification with Business Process Models. Systems Engineering,2006,9(3):187-198.
[183]Kang C C, Feng C M. Risk Measurement and Risk Identification for BOT Projects:A Multi-attribute Utility Approach. Mathematical and Computer Modeling,2009,49(9): 1802-1815.
[184]Skorupka, Dariusz. Identification and Initial Risk Assessment of Construction Projects in Poland. Journal of Management in Engineering,2008,24(3):120-127.
[185]Kahn H, A. Winer A J. The Year 2000, A Framework for Speculation. New York:MacMillan Publishing,1967.
[186]张学才,郭瑞雪.情景分析方法综述.理论月刊,2005,8:125-126.
[187]岳珍,赖茂生.国外“情景分析”方法的进展.情报杂志,2006,7:59-60,64.
[188]彼得.施瓦茨(美).情景规划(石中国,李天柱).北京:华夏出版社,2008.
[189]MLLER K D., WALLER H. G. Scenarios, Real Options Integrated Risk Management. Long Range Planning,2003,36(1):93-107.
[190]Schoemaker, P J H. When and How to Use Scenario:A Heuristic Approach with Illustration. Journal of Forecasting,1991,10(06):549-564.
[191]Van der Heijden K, Ron Bradfield, et. The Six Sense:Accelerating Organizational Learning with Scenarios. New York:John Wiley & Sons,2002.
[192]Steil G J, and Gibbons-Carr M. Large Group Scenario planning:Scenario Planning With the Whole System in the room. The Journal of Applied Behavioral Science,2005,41(03):15-29.
[193]Mens E, Patrick R, Ospina L, West N. Scenario Planning:A Tool to Manage Future Water Utility Uncertainty. American Water Works Association Journal,2005,97(10):68-76.
[194]Schwartz P. The Art of the Long View:Planning for the Future in an Uncertain World. New York:Currency Doubleday,1996.
[195]Wack P. Scenarios:uncharted waters ahead. Harvard Business Review,1985,63(5):73-89.
[196]Wack P. Scenarios:shooting the rapids. Harvard Business Review,1985,63(6):139-150.
[197]Schoema Ker P J H. When and how to use scenario:a heuristic approach with illustration. Journal of Forecasting,1991,10(6):549-564.
[198]Godet M. The art of scenarios and strategic planning:tools and pitfalls. Technological Forecasting and Social Change,2000,65:3-22.
[199]Van Der Heijden K, Bradfieid R, Burt G, etal. The Six Sense:Accelerating Organizational Learning with Scenarios. New York:John Wiley & Sons,2002.
[200]钟宁,孙薇,石香妍.供应链风险的情景分析与管理.物流科技,2006,29(135):56-60.
[201]宁钟,王雅青.基于情景分析的供应链风险识别——某全球性公司案例分析.工业工程与管理,2007,(2):88-94.
[202]龚明雷.基于情景分析的供应链风险管理研究:[硕士学位论文].上海:上海交通大学,2008.
[203]孙斌.基于情景分析的战略风险管理研究:[硕士学位论文].上海:上海交通大学,2009.
[204]谢晓雪.情景分析在操作风险计量中的应用研究.投资研究,2009,(12):25-29.
[205]范洪波,刘培国.情景分析在商业银行风险管理中的应用.金融论坛,2010,(5):43-48.
[206]王艳艳,梅青,程晓陶.流域洪水风险情景分析技术简介及其应用.水利水电科技进展,2009,29(2):56-60,65.
[207]王义成,丁志雄,李蓉.基于情景分析技术的太湖流域洪水风险动因与响应分析研究初探.中国水利水电科学研究院学报,2009,7(1):7-14.
[208]Schoemaker, P J H. Scenario Planning:a tool for strategic thinking. Sloan Management Review,1995,36(2):25-40.
[209]A. Lee Gilbert. Using Multiple Scenario Analysis to Map the Competitive Futurescape:A Practice-based Perspective. Competitive Intelligence Review,2000; 11 (2):12-19.
[210]Fink A, Schlake O. Scenario Management An Approach for Strategic Foresight. Competitive Intelligence Review,2000,11(1):37-45.
[211]ISACA. The Risk IT Framework Excerpt. the United States of America,2009.
[212]马缨.科技发展与科技风险管理.中国科技论坛,2005,(1):33-36.
[213]杨涛.商业银行信息科技风险量化与管理研究.信息安全与技术,2010,(06):66-70.
[214]杨涛.商业银行的信息科技风险及其防范.金融论坛,2010,(11):66-70.
[215]Starr C. Social benefit versus technological risk. Science,1969,165:1232-1238.
[216]刘彤.构造复杂信息系统安全基线的研究.中国管理科学,2000,(8):636-644.
[217]李晨,王伟.安全基线控制在风险管理过程中的应用.网络安全技术与应用,2009(9): 4-7.
[218]桑梓勤.电信运营企业的安全基线与等级保护.电信网技术,2007,(9):4-7.
[219]吕欣.电子政务信息系统安全分级方法与基线保障策略.信息网络安全,2006(9):34-36.
[220]马广宇,沈菁.如何更好地发挥通信网络安全基线的作用.电信技术,2011(5):11-14.
[221]彭霄.安全基线风险评估技术的研究:[硕士学位论文].北京:北京邮电大学,2010.
[222]位华WindowsXp安全基线评估技术研究:[硕士学位论文]..上海:复旦大学,2008.
[223]于宏霞,陈凯,白英彩.基线技术在软件配置管理过程中的应用.计算机应用与软件,2006,23(2):43-45.
[224]林震.基于需求基线的软件配置管理研究:[硕士学位论文].成都:西南交通大学,2002.
[225]陈起.软件开发中的基线管理.金融电子化,2009(6):62-64.
[226]林霞.基于需求基线的软件配置管理系统.福建电脑,2009(10):117-118.
[227]曹化工,王涛,卢正鼎.计算机支持的协同工作环境中的基线管理.华中理工大学学报,1995,23(7):59-63.
[228]百度百科.基线[EB/OL]. [2011-08-05]. http://baike.baidu.com/view/350200.htm.
[229]百度百科Snapshot[EB/OL]. [2011-08-05]. http://baike.baidu.com/view/677611.htm.
[230]刘爱贵.快照(Snapshot)技术发展综述[EB/OL]. (2009-08-28)[2011-08-05]. http://blog.csd n.net/liuben/article/details/4494555.
[231]卢加元.信息系统风险管理.北京:清华大学出版社,2011.
[232]刘士峰.银行业务与信息化系统分析.北京:中国建材工业出版社,2011.
[233]郭勇.银行数据大集中后的风险分析与防范:[硕士学位论文].北京:北京邮电大学,2009.
[234]王建.中国银行贵州省分行信息系统风险评估研究:[硕士学位论文].长沙:湖南大学,2008.
[235]汤志伟.信息系统开发与管理.北京:科学出版社,2011,263-265.
[236]邵培基.管理信息系统.成都:电子科技大学出版社,2008.
[237]Ropponen, a., Lyytinen, K. Components of Software Development Risk:How to Addre ssThem? A Project Manager Survey. IEEETransactions On Software Engineering,2000, 26(2):98-112.
[238]蒋国萍.软件项目风险管理的贝叶斯网络模型研究:[博士学位论文].长沙:国防科学技术大学,2005.
[239]钱鸿生.基于风险管理的软件生命周期模型研究:[博士学位论文].上海:同济大学,2006.
[240](美)彼得.维尔,珍妮.W罗斯.IT治理——一流绩效企业的IT治理之道(杨波).北京:商务 印书馆,2005,10.
[241]郝海,踪家峰.系统分析与评价方法.北京:经济科学出版社,2007.
[242]李德毅,孟海军,史雪梅.隶属云和隶属云发生器.计算机研究与发展,1995,32(6):15-20.
[243]李德毅,杜鹢.不确定性人工智能.北京:国防工业出版社,2005.
[244]王德鲁,宋学锋.基于云模型关联规则的企业转型战略风险预警.中国管理科学,2009,17(2):152-159.
[245]冷宏伟,周宗放.基于云重心评判法的风险投资项目风险评估.管理学家学术版,2010(3):56-64.
[246]缪胜光,陈国宏.产业集群企业技术创新能力研究——基于云理论.技术经济,2011,30(5):1-5.
[247]张目,周宗放.改进的云重心评判法在高技术企业信用评价中的应用.数学的实践与认识,2010,40(19):37-44.
[248]杨柳,吕英华.基于云模型的网络风险评估技术研究.计算机仿真,2010,27(10):95-98.
[249]覃德泽.云重心理论在网络安全风险评估中的应用.计算机仿真,2011,28(3):174-177.
[250]覃德泽.一种基于云模型的网络安全风险综合评价法.网络安全技术与应用,2011(7):29-32.
[251].覃德泽,蒙军全.基于云重心理论的校园网安全风险评估.贺州学院学报,2010,26(4):133-138.
[252].覃德泽.云重心理论对网络安全风险评估层次分析法改进的研究.制造业自动化,2010,33(12):59-61.
[253]邢莉燕,邵朝红.云视角下的工程造价风险评价.山东建筑大学学报,2010,25(4):429-433.
[254]秦湘灵,居勇,曾鸣,赵徽,马博.基于云模型的供电企业人力资源风险评价.技术经济与管理研究,2009,(6):61-63.
[255]刘小龙,邱菀华.项目工程风险评估云判别模型设计.北京航空大学学报,2008,34(12):1445-1447.
[256]温秀峰,李燕青,谢庆.电力系统风险评估云模型建模的研究.中国高等学校电力系统及其自动化专业第二十四届学术年会论文集,北京:北京农业大学出版社,2008,2336-2339.
[257]辛晶,夏登友,庞西磊,韩俊玲,张峰.基于云理论的高层建筑火灾风险评估.消防科学与技术,2011,30(3):258-261.
[258]苗鑫,西宝.基于云理论的路网可靠性评估方法.公路交通科技,2008,25(8):132-141.
[259]范艳峰,杨志晓,杨红卫.基于云理论的粮食品质检测不确定性研究.河南工业大学学报(自然科学版),2011.32(2):54-58.
[260]杜红梅,刘明盛.基于云模型的风险评估方法研究.陈宗海.2009系统仿真技术及其应用学术会议论文集,2009.
[261]李晓松,王成志,陈庆华.基于云推理模型的武器装备研制风险评估研究.运筹与管理,2011.20(3):111-145.
[262].张目,周宗放.云重心评判法在防空兵作战能力评估中的应用.计算机测量与控制,2010.18(8):1928-1930.
[263].焦跃,李德毅,杨朝晖.一种评价C31系统效能的新方法.系统工程理论与实践,1998,18(12):68-73.
[264]陈晨,王强,王晓恩.基于云重心评价法的空袭目标威胁程度评估.计算机测量与控制,2009,17(2):354-356.
[265]程凡超,马连敏,吴静.地空导弹武器系统效能评估方法.计算机测量与控制,2008,16(2):218-220.
[266]唐克,张罗政,魏琪.基于云重心法评估复杂电磁环境下炮兵信息化作战能力.运筹与管理,2008,17(2):121-124
[267]武文军,成洪俊,曹宁.云重心理论在防空兵作战能力评估中的运用.火力与指挥控制,2005,30(4):82-84.
[268]谢志伟,王强,胡建军.云重心评判法在防空群作战指挥效能评估中的应用.现代防御技术,2007,35(5):81-85.
[269]林培光,汤世平,余正涛.基于云理论的数据属性约简.计算机应用,2006,26(12):154-156.
[270]杜栋,庞庆华,吴炎.现代综合评价方法与案例精选.北京:清华大学出版社,2008.
[2]安泰环球技术委员会.管理风险创造价值——深度解读IS031000:2009标准.北京:人民邮电出版社,2010.
[3]薛晓源,周战超.全球化与风险社会.北京:社会科学文献出版社,2005.
[4]马步云.现代化风险初探:[博士学位论文].上海:复旦大学,2006.
[5]刘雯.科技风险、灾难与负面效应的实证研究:[博士学位论文].合肥:中国科学技术大学,2008.
[6]百度百科.风险[EB/OL].[2011-08-09].http://baike.baidu.com/view/156901.htm.
[7]Gove, Phillip Babcock, Editor. Webster's Third New International Dictionary:Unabridged. Springfield,1981, MA:Merrian-Webster.
[8]方德英.IT项目风险管理理论与方法研究:[博士学位论文].天津:天津大学,2003.
[9]郭晓亭,蒲勇健,林略.风险概念及其数量刻画.数量经济技术经济研究,2004,(02):111-1]5.
[10]A.H.Mowbray, R.H.Blanchard, C.A.Williams. Insurance.4th ed. New York:McGraw-Hill, 1995.
[11]CA.Williams, R.M.Heins. Risk Management and Insurance. New York:McGraw-Hill,1985.
[12]J.S.Rosenbloom. A Case Study in Risk Management. Prentice Hall,1972.
[13]F.G.Crane. Insurance Principles and Practices.2nd ed. New York:Wiley,1984.
[14]王明涛.证券投资风险计量、预测与控制.上海:上海财经大学出版社,2003.
[15]叶青.中国证券市场风险的度量与评价.北京:中国统计出版社,2001.
[16]胡宣达,沈厚才.风险管理学基础——数理方法.南京:东南大学出版社,2001.
[17]Frank J.Fabozzi投资管理学(周刚等).北京:经济科学出版社,1999.
[18]朱淑珍.金融创新与金融风险——发展中的两难.上海:复旦大学出版社,2002.
[19]叶青,易丹辉.中国证券市场风险分析基本框架的研究.金融研究,2000,(6):65-70.
[20]Group of Thirty Global Derivatives study Group. Derivatives Practices and Principles. Washington D.C,1993.
[21]P. Jorion. Value at Risk. New York:McGraw-Hill,1997.
[22]杨建平,杜端甫.项目风险的一种模糊分析方法.北京航空航天大学学报,1998,24(1): 71-74.
[23]卢有杰,卢家仪.项目风险管理.北京:清华大学出版社,1998.
[24]周慧玲.风险管理学.武汉:武汉测绘科技大学出版社,1999.
[25]陈阳.产品创新项目风险评估方法及应用研究:[博士学位论文].长沙:国防科学技术大学,2007.
[26]Yong Jin Kim, G. Lawrence Sanders. Strategic actions in information technology investment based on real option theory. Decision Support Systems,2002, (33):1-11.
[27]Hamdy A. Taha. Operations Research:An Introduction (8th Edition). New York:Macmillan, 2006.
[28]Software Engineering Institute. The SEI Approach to Managing Software Technical Risks. Bridge:Software Engineering Institute,1992,19-21.
[29]Kontio, Jyrki. Software Engineering Risk Management:A Method, Improvement Framework, and Empirical Evaluation. A doctoral dissertation from Helsinki University of Technology, 2001.
[30]Karl E. Wiegers. Know your enemy:Software Risk Management, www.processimpact.com, Software Development,1998.
[31]王求真.基于两阶段风险的定制类信息系统开发项目绩效模型研究:[博士学位论文].杭州:浙江大学,2006.
[32]冯楠.软件项目风险管理理论与模型研究:[博士学位论文].天津:天津大学,2007.
[33]刘钧.风险管理概论.北京:清华大学出版社,2008.
[34](美)COSO制定发布.企业风险管理——整合框架(方红星王宏).大连:东北财经大学出版社,2008.
[35]中华人民共和国国家质量监督检验检疫总局,中国国家标准化管理委员会GB/T 23694-2009/ISO/IEC Guide 73:2002风险管理术语.北京:中国标准出版社,2009.
[36]程建华.信息安全风险管理、评估与控制研究:[博士学位论文].长春:吉林大学,2008,17-18.
[37](英)巴里·巴恩斯著.局外人看科学(鲁旭东).北京:东方出版社,2002.
[38](英)Ernie Jordan Luke Silcock. IT风险——基于IT治理的风险管理之道(汤大马).北京:清华大学出版社,2006,.54-66.
[39]中国银行业监督管理委员会.银行业金融机构信息系统风险管理指引.2006.
[40]张同健.国有商业银行信息技术风险控制绩效测评模型研究——基于Cobit理论和Ursit框架视角的实证检验.武汉科技大学学报(社会科学版),2008,10(1):39-45.
[41]George J. A transactions cost approach to the theory of f inancial intermediation. Journal of Finance,2001(9):77-83.
[42]中国银监会.商业银行信息科技风险管理指引.2009.
[43]中国银行业从业人员资格认证办公室编.风险管理.北京:中国金融出版社,2007,2-8,37,44,57-58.
[44](美)COSO企业风险管理——应用技术(张宜霞).大连:东北财经大学出版社,2005.
[45]李怀祖.管理研究方法论.西安:西安交通大学出版社,2004,71-80.
[46]杨娘商业银行信息系统风险评估模型的设计与实现:[硕士学位论文].长沙:湖南大学,2006.
[47]覃正,郝晓玲,方一舟.IT操作风险管理理论与实务.北京:清华大学出版社,2009.
[48]ITGITM. COBIT(?) 4.1. USA,2007.
[49]Steven Alter, Michael Ginzberg. Managing uncertainty in MIS implementation. Sloan Management Review,1978,20(1):23-31.
[50]Boehm B. W. Software Risk Management. IEEE Washington D.C:Computer Society Press, 1989.
[51]Boehm B. W. Software risk management:principles and practices. IEEE Software,1991,8(1): 32-41.
[52]Barki H., Rivard S., Talbot, J. Toward an assessment of software development risk. Journal of Management Information Systems,1993,10(2):203-225.
[53]Marvin J. Carr, S. L. Konda, I. Monarch, F. C. Ulrich, C. F. Walker. Taxonomy-Based Risk Identification. SEI Technical Report SEI-93-TR-006, Pittsburgh, PA:Software Engineering Institute, (SEI internal report),1993.
[54]Jones T. C. Assessment and control of software risks. Englewood Cliffs:Yourdon Press,1994.
[55]Haimes Y.Y. Hierarchical holographic modeling. IEEE Transaction on System, Man, and Cybernetis,1981,11 (9),606-617.
[56](美)雅科夫.Y.海姆斯.风险建模、评估和管理(胡平等).西安:西安交通大学出版社,2007,83-90.
[57]Haimes Y.Y, Lambert J., Duan Li, Schooff R., Tulsiani V. Hierarchical holographic modeling for risk identification in complex systems. Systems, Man and Cybernetics,1995. Intelligent Systems for the 21st Century, IEEE International Conference on,1995, Volume:2,1027-1032.
[58]James H. Lambert, Haimes Y.Y., Duan Li, Richard M. Schooff, Vijay Tulsiani.Identification, ranking and management of risks in a major system acquisition. Reliability Engineering and System Safety,2001,72,315-325.
[59]Moynihan T. How Experience Project Managers Assess Risk. IEEE Software,1997, May/June, 35-42.
[60]Schmidt Roy, Lyytinen Kalle, Keil Mark, Cule Paul. Identifying Software Project Risks:An International Delphi Study. Journal of Management Information Systems,2001,17(4):5-36.
[61]王寓辰,张金隆,卢新元,陈艳.全生命周期下IT项目风险识别研究.管理学报,2005,(2):5-9.
[62]杨静.软件项目风险识别及评价模型研究:[硕士学位论文].南京:东南大学.2006.
[63]何苇杭,周红梅,魏双盈.论信息系统项目开发的风险识别.武汉理工大学学报,2006,28(10):134-137.
[64]古夫兰.基于机会发现的软件项目风险识别研究.:[硕士学位论文].哈尔滨:哈尔滨工程大学,2007.
[65]刘丽萍,于海龙.基于ISELC的信息系统风险识别与分析.中国管理信息化,2008,11(7):74-79.
[66]冯楠,李敏强,方德英.基于遗传算法的软件项目风险辨识研究.计算机工程与应用,2008,44(9):7-9.
[67]涂伟,张金隆.企业IT治理中的风险识别与规避.统计与决策.2008,4,175-177.
[68]陈天平,郑连清,张新源HHM在信息系统风险识别中的应用.中国安全生产科学技术,2008,4(6):98-100.
[69]杨峰.基于SWOT分析法的信息系统风险识别的应用研究.第四届(2009)中国管理学年会——信息管理分会场论文集,2009,北京,24-30.
[70]邓建高,卞艺杰,田泽,徐绪堪.ERP系统实施风险识别模型构建.情报杂志,2010,29(4):142-145.
[71]黄琨.信息技术外包项目全生命周期的风险识别.湖北社会科学,2010,11,97-101.
[72]梁志顺.信息安全外包风险识别与评估模型研究.石家庄铁道大学学报(社会科学版),2011,5(2):40-43.
[73]顾同飞.基于粗糙集的IT项目风险识别的学习与实践:[硕士学位论文].北京:中国地质大学,2011.
[74]赵冬梅.信息安全风险评估量化方法研究:[博士学位论文].西安:西安电子科技大学,2007.
[75]Miles MB, Huberman AM. Qualitative data analysis,2nd ed. Newbury Park, Cal:Sage,1994.
[76]Anselm L strauss. Qualitative analysis for social scientists, New York:Cambridge University Press,1987.
[77]Yang Y, Boehm B, Clark B. Assessing COTS integration risk using cost estimation inputs. Proceeding of the 28th international conference on Software engineering, Shanghai, China, ACM press,2006,431-438.
[78]冯登国,张阳,张玉清.信息安全风险评估综述.通信学报,2004,25(7):10-18.
[79]Soh BC, Dillon TS, County P. Quantitative risk assessment of computer virus attacks on computer networks. Computer Networks and ISDN Systems, ACM Press,1995.
[80]Shoemaker D.A quantitative risk assessment model for the management of software projects. Practicing software engineering in the 21st century, Idea Group Publishing,2003,97-115.
[81]K. Kansala. Software Project Risk Assessment Based on Generic Experience of Companies.3rd Escom Conf., ESCOM, Walstead, UK,1992.
[82]Roger S. Pressman. A Manager's Guide to Software Engineering, McGraw-Hill,1993.
[83]Dale, Walter Karolak. Software Engineering Risk Management. IEEE Computer Society Press, 1996.
[84]Barki. H., Riverd. S., Talbot. J. Toward an assessment of software development risk.Journal of Management Information Systems,1993,10(2):203-225.
[85]Jyrki Kontio, Victor R. Basili. Empirical Evaluation of a Risk Management Method. SEI Conference on Risk Management,1997, Atlantic City, NJ.
[86]Kontio, J. Risk management in software development:A technology overview and the Riskit method. Software Engineering. Proceedings of the 1999 International Conference on,1999, 679-680.
[87]Yacoub SM, Ammar H.H., Robinson. A methodology for architectural-level risk assessment using dynamic metrics.11th International Symposium On Software Reliability Engineering, Proceedings,2000,210-221.
[88]Smolucha J. Software simulation tools minimize risk.WESCON/97-Conference Proceedings, 1997,323-328.
[89]Dan X. Houston, Gerald T. Mackulak, James S. Collofello. Stochastic simulation of risk factor potential effects for software development risk management. The Journal of Systems and Software,2001,59,247-257.
[90]Norman Fenton, Martin Neil. Software Metrics and Risk. FESMA 99,2nd European Software Measurement Conference,1999.
[91]Sunita Chulani, Barry Boehm, Bert Steece. Bayesian Analysis of Empirical software Engineering Cost Models. Software Engineering, IEEE Transactions on,1999,25(4):573-583.
[92]SCULLY. Scaling up Bayesian Nets for Software Risk Assessment. SCULLY Version 1.0,12 July 1999.
[93]Juite Wang. A fuzzy project scheduling approach to minimize schedule risk for product development. Fuzzy Sets and Systems,2002,127:99-116.
[94]H.H. Ammar, T. Nikzadeh, J.B. Dugan. An Example of Risk Assessment of Software Systems Specifications. Software Reliability Engineering,1997. Proceedings., The Eighth International Symposium on,1997,156-167.
[95]H. Ammar, T. Nikzadeh, J.B. Dugan. A Methodology for Risk Assessment of Functional Specifications using Colored Petri Nets. In proceeding of the Fourth International Software Metrics Symposium (Metrics'97), IEEE Comp. Soc.,1997.
[96]Hany H. Ammar, Tooraj Nikzadeh, Joanne Bechta Dugan. Risk assessment of software-system specifications. IEEE Transactions On Reliability,2001,50(2):171-183.
[97]Judson Williford, Andrew Chang. Modeling the FedEx IT division:a system dynamics approach to strategic IT planning. The Journal of Systems and Software 46,1999,203-211.
[98]Briand. L., El Eman. K., Bomarius. F. A hybrid method for Software Cost Estimation and Risk Assessment. Appear in proceedings of International Conference on Software Engineering (ICSE)'98, IEEE,1998.
[99]Madachy. R.J. Heuristic risk Assessment using Cost Factors. IEEE Software,1997,51-59.
[100]Chin-Feng Fan, Yuan-Chang Yu. BBN-based software project risk management.The Journal of Systems and Software,2004,73:193-203.
[101]Huey-Ming Lee. Group decision making using fuzzy set theory for evaluating the rate of aggregative risk in software development. Fuzzy Sets and Systems,1996,80:261-271.
[102]E.W.T.Ngai,F.K.T.Wat. Fuzzy decision support system for risk analysis in e-commerce development. Decision Support Systems,2005,40:235-255.
[103]Tah J.H.M,Carr V. A proposal for construction project risk assessment using fuzzy logic. Journal of construction Management and Economics,2000,18:491-500.
[104]Daniel Bilar. Quantitative Risk Analysis of Computer Networks:[博士学位论文]. Dartmouth College, Hanover, New Hampshire, England,2003.
[105]Jerald Dawkins. Heuristics for Scalable Compound Exposure Analysis:A Foundation for a Comprehensive Security Risk Assessment:[博士学位论文]. the University of Tulsa.2005.
[106]钱钢,达庆利.基于系统安全工程能力成熟模型的信息系统风险评估.管理工程学报, 2001,15(4):58-60.
[107]李随成,陈敬东,赵海刚.定性决策指标体系评价研究.系统工程理论与实践,2001,9:22-28.
[108]张李义.信息系统开发的动态风险模糊估测方法.系统工程理论与实践,2001,10:88-92.
[109]钱钢.信息系统风险的组合评估方法.计算机科学,2002,29(9):134-136.
[110]吴仁群.IT项目投资期权及其风险管理.北京理工大学学报,2003,4:81-84.
[111]吴仁群,韩伯棠.期权理论在IT项目风险管理中的应用.北京邮电大学学报,2003,1:29-33.
[112]吴仁群.期权理论在IT项目投资评估中的应用.石油大学学报,2003,6:45-47.
[113]闫强,陈钟,段云所,王立福.信息系统安全度量与评估模型.电子学报,2003,31(9):1351-1355.
[114]方德英.基于实物期权的IT项目开发风险决策方法.中国软科学,2004,2:151-155.
[115]陈蔚珠,陈禹.以复杂适应系统理论探析企业信息系统项目风险.复杂系统与复杂性科学,2004,1(2):80-86.
[116]张曼,屠梅曾,王为人.PaR一大型项目风险管理新方法.上海交通大学学报,2004,3:446-451.
[117]张曼,屠户=梅曾,王为人.大型项目融资风险动态管理方法.系统工程理论与实践,2004,60-65.
[118]王祯学,戴宗坤,肖龙,王标.信息系统风险评估的数学方法.四川大学学报(自然科学版),2004,41(5):991-994.
[119]张金隆,谢刚,卢新元.一种基于VPRS的IT项目投标风险要素评价方法.管理学报,2004,1(2):192-194.
[120]肖龙,戴宗坤,杨炜.基于VPRS的信息系统风险分析.计算机应用,2005,25(7):1596-1597.
[121]王英梅,刘增良,程湘云.信息系统风险评估与管理的定量化方法研究.计算机工程与应用,2005,22:8-10.
[122]冯楠,李敏强,寇纪淞,方德英.基于人工神经网络的IT项目风险评价模型.计算机工程与应用,2006,06:24-26.
[123]杨红,杨德礼.基于未确知测度的信息系统风险评估模型.计算机工程,2006,32(16):120-129.
[124]王奕,费洪晓,蒋蘋FAHP方法在信息安全风险评估中的研究.计算机工程与科学,2006,28(9):4-12.
[125]胡勇,漆刚,陈麟,杨炜.信息系统风险量化评估指标体系.四川大学学报(自然科学版),2006,43(5):1048-1052.
[126]卢新元,张金隆.基于粗糙集和贝叶斯理论的IT项目风险规则挖掘.计算机工程与应用,2006.22:12-15.
[127]张平,谷利泽,杨义先.灰色聚类评估模型在安全评估中的应用.北京邮电大学学报,2006,29(z):93-95.
[128]张永铮,方滨兴,迟悦,云晓春.用于评估网络信息系统的风险传播模型.软件学报,2007,18(1):137-145.
[129]董铁牛,杨乃定,晏鹏宇,姜继娇.基于生命周期理论的软件项目投标风险评估.计算机工程与应用,2007,43(9):18-21.
[130]刘汕,张金隆,陈涛,丛国栋.企业IT项目风险评估与规避策略研究.管理学报,2008,5(4):498-504.
[131]陈涛,张金隆,刘汕.不确定环境下基于实物期权的IT项目风险与价值综合评估方法.系统工程理论与实践,2009,29(2):30-37.
[132]陈涛,丛国栋,于本海,张金隆.基于风险管理的软件开发过程模型及其复合实物期权分析.管理工程学报,2010,24(2).
[133]胡勇,贺晓娟,黄嘉星,容振邦,谢康.软件项目风险的神经网络预测模型.管理学报,2010,7(3):391-394.
[134]吴溥峰,胡啸兵.中国网上银行信息系统安全管理模糊综合评估.统计与信息论坛,2011,26(1):55-59.
[135]杨涛.商业银行信息科技风险评估研究.统计与信息论坛,26(5):77-81.
[136]Dempster A P. Upper and low probabilities induced by a multi-valued mapping. Annuals of Mathematical Statistics,1967, (38):325-339.
[137]杨风暴,王肖霞.D-S证据理论的冲突证据合成方法.北京:国防工业出版社,2010.
[138]鞠彦兵,冯允成,姚李刚.基于证据理论的软件开发风险评估方法.系统工程理论方法应用,2003,12(3):218-223.
[139]鞠彦兵,王爱华.基于证据理论的风险收益评价模型及其应用.数学的实践与认识,2006,36(12):19-28.
[140]杨善林,陆文星,梁昌勇.基于证据理论的IT项目风险因素评估方法.合肥工业大学学报,2006,29(12):1485-1488.
[141]高会生,朱静.基于D-S证据理论的网络安全风险评估模型.计算机工程与应用,2008,44(6):157-159.
[142]朱静.基于D-S证据理论的网络安全风险评估模型:[硕士学位论文].保定:华北电力大学,2008.
[143]朱静,高会生,李聪聪.基于D-S证据理论的信息安全风险评估.华北电力大学学报,2008,35(4):102-108.
[144]单晓红,蒋国瑞,黄梯云.证据理论在软件项目风险分析中的应用.计算机工程与应用,2008,44(35):76-79.
[145]顾孟钧.基于D-S证据理论的信息系统风险评估方法研究:[硕士学位论文].杭州:浙江工业大学,2008.
[146]闰中海.基于证据理论的多属性风险决策研究:[硕士学位论文].厦门:厦门大学,2008.
[147]赵仁君.基于模糊层次和证据理论的信息系统风险评估方法研究:[硕士学位论文].长沙:湖南大学,2009.
[148]王侃.基于证据理论的移动商务交易风险评估与控制决策研究:[博士学位论文].武汉:华中科技大学,2009.
[149]陈明晶,姚建荣.基于D-S证据理论的C2C交易风险评估模型.数学的实践与认识,2010,40(12):111-117.
[150]方阳.基于层次分析法和D-S证据理论的电信网网络安全风险评估模型的研究与应用:[硕士学位论文].北京:北京邮电大学,2010
[151]冯楠,解晶.多重不确定环境下基于证据理论的NIS安全风险评估模型.管理学报,2011,8(4):614-620,627.
[152]宋明哲.现代风险管理.北京:中国纺织出版社,2003.
[153]Project Management Institute, Inc. A GUIDE TO THE PROJCET MANAGEMENT BODY OF KNOWLEDGE (PMBOK(?) Guide)—Fourth Edition. United States of America,2008, 273-312.
[154]杨律青.面向风险管理的企业应用软件项目实施模型与方法研究:[博士学位论文].武汉:华中科技大学,2008.
[155]楼渐君.软件项目风险因素与项目产出的关系研究:[博士学位论文].杭州:浙江大学,2004.
[156]张成虎,李淑彪,信息技术风险监管——银行监管的新领域.中国金融电脑,2002,(9):20-23.
[157]汪锦丽,沈林楠,美国银行信息技术风险监管经验及借鉴.华南金融电脑,2004,7:20-22.
[158]王金凤.现代风险导向审计下风险评估的SWOT分析法.财会月刊(综合版),2006,(9):58-59.
[159]王冰风险基础审计在中国审计实践中应用的SWOT分析.科技资讯,2006,(10):176-177.
[160]金丽丽黄琦田兵权SWOT分析法在项目风险管理中的应用.科技与经济,2007,20(115):55-58.
[161]刘力.运用SWOT分析法识别项目的机遇和风险.2008年全国项目管理工程硕士教育论文集,2008:6-10.
[162]张力.我国生物制药风险投资的SWOT分析及对策.高科技与产业化,2005,(5):13-15.
[163]鲍学英,柏琼SWOT技术在房地产投资风险管理中的应用研究.兰州交通大学学报,2008,27(1):8-10.
[164]锁永军,高燕.安徽发展风险投资的SWOT模型分析.中国集体经济,2008,(5):28-29.
[165]刘娜.基于SWOT分析法的图书馆事业风险规避.图书与情报,2007,(6):28-32.
[166]刘光维,赵庆华,刘丽萍SWOT分析法在NICU护理风险管理中的应用.重庆医学,2009,(38):263-264.
[167]全海英,孔维峰.我国女子蹦床运动员参赛风险的评估与SWOT矩阵分析.北京体育大学学报,2008(31):1287-1289.
[168]陆际恩,谭宇胜,彭波等.基于SWOT理论的AHP法在工程风险管理中的应用.施工技术,2008,(37增刊):419-421.
[169]陆际恩,谭宇胜,彭波,籍存德,郝瑞珍,张波.基于SWOT理论的工程项目风险管理的模糊决策.科技风,2009,(16):54-55.
[170]梁驰,宋金杰.河北省风险投资SWOT分析与对策思考.财会通讯,2011,(01):10-12.
[171]阚华峰SWOT分析法在工程项目风险识别中的应用研究.现代商贸工业,2010,(21):59-60.
[172]梁华.风险企业SWOT价值评估法:[硕士学位论文].厦门:厦门大学,2009.
[173]黄琨.基于SWOT模型的石油企业跨国经营风险规避战略.社会科学,2011,(11):40-46.
[174]杨秋妹.基于SWOT法的企业环境管理风险评估问题研究:[硕士学位论文].青岛:中国海洋大学,2009.
[175]李晨曦.用SWOT模型分析我国商业银行声誉风险管理问题China's Foreign Trade,2011, (10):2-,4.
[176]David Wood. Where we are going:SWOT analysis aids risk assessment. Oil & Gas Journal, 2005,103(6):54-58.
[177](美)小瑞芒德.麦克劳德 乔治.谢尔.管理信息系统——管理导向的理论与实践(第8版)(张成洪),北京:电子工业出版社,2002.
[178]欧立雄,宋乐,梁萍,黄柯鑫.基于QFD的IT项目风险管理方法研究.科学技术与工程,2008,8(1):287-291.
[179]Boehm B W, Demarco T. Software Risk Management. IEEE Software, May/June,1997,17-19.
[180]Marvin J C,Suresh L K, Ira M. Taxonomy-based Risk Identification (SEI-93-TR-006). Pittsburgh, PA:SEI,1993,30-37.
[181]Haimes, Yacov Y. Risk Filtering, Ranking and Management Framework Using Hierarchical Holographic Modeling. Risk Analysis,2002,22(2):383-397.
[182]Lambert, James H. Integration of Risk Identification with Business Process Models. Systems Engineering,2006,9(3):187-198.
[183]Kang C C, Feng C M. Risk Measurement and Risk Identification for BOT Projects:A Multi-attribute Utility Approach. Mathematical and Computer Modeling,2009,49(9): 1802-1815.
[184]Skorupka, Dariusz. Identification and Initial Risk Assessment of Construction Projects in Poland. Journal of Management in Engineering,2008,24(3):120-127.
[185]Kahn H, A. Winer A J. The Year 2000, A Framework for Speculation. New York:MacMillan Publishing,1967.
[186]张学才,郭瑞雪.情景分析方法综述.理论月刊,2005,8:125-126.
[187]岳珍,赖茂生.国外“情景分析”方法的进展.情报杂志,2006,7:59-60,64.
[188]彼得.施瓦茨(美).情景规划(石中国,李天柱).北京:华夏出版社,2008.
[189]MLLER K D., WALLER H. G. Scenarios, Real Options Integrated Risk Management. Long Range Planning,2003,36(1):93-107.
[190]Schoemaker, P J H. When and How to Use Scenario:A Heuristic Approach with Illustration. Journal of Forecasting,1991,10(06):549-564.
[191]Van der Heijden K, Ron Bradfield, et. The Six Sense:Accelerating Organizational Learning with Scenarios. New York:John Wiley & Sons,2002.
[192]Steil G J, and Gibbons-Carr M. Large Group Scenario planning:Scenario Planning With the Whole System in the room. The Journal of Applied Behavioral Science,2005,41(03):15-29.
[193]Mens E, Patrick R, Ospina L, West N. Scenario Planning:A Tool to Manage Future Water Utility Uncertainty. American Water Works Association Journal,2005,97(10):68-76.
[194]Schwartz P. The Art of the Long View:Planning for the Future in an Uncertain World. New York:Currency Doubleday,1996.
[195]Wack P. Scenarios:uncharted waters ahead. Harvard Business Review,1985,63(5):73-89.
[196]Wack P. Scenarios:shooting the rapids. Harvard Business Review,1985,63(6):139-150.
[197]Schoema Ker P J H. When and how to use scenario:a heuristic approach with illustration. Journal of Forecasting,1991,10(6):549-564.
[198]Godet M. The art of scenarios and strategic planning:tools and pitfalls. Technological Forecasting and Social Change,2000,65:3-22.
[199]Van Der Heijden K, Bradfieid R, Burt G, etal. The Six Sense:Accelerating Organizational Learning with Scenarios. New York:John Wiley & Sons,2002.
[200]钟宁,孙薇,石香妍.供应链风险的情景分析与管理.物流科技,2006,29(135):56-60.
[201]宁钟,王雅青.基于情景分析的供应链风险识别——某全球性公司案例分析.工业工程与管理,2007,(2):88-94.
[202]龚明雷.基于情景分析的供应链风险管理研究:[硕士学位论文].上海:上海交通大学,2008.
[203]孙斌.基于情景分析的战略风险管理研究:[硕士学位论文].上海:上海交通大学,2009.
[204]谢晓雪.情景分析在操作风险计量中的应用研究.投资研究,2009,(12):25-29.
[205]范洪波,刘培国.情景分析在商业银行风险管理中的应用.金融论坛,2010,(5):43-48.
[206]王艳艳,梅青,程晓陶.流域洪水风险情景分析技术简介及其应用.水利水电科技进展,2009,29(2):56-60,65.
[207]王义成,丁志雄,李蓉.基于情景分析技术的太湖流域洪水风险动因与响应分析研究初探.中国水利水电科学研究院学报,2009,7(1):7-14.
[208]Schoemaker, P J H. Scenario Planning:a tool for strategic thinking. Sloan Management Review,1995,36(2):25-40.
[209]A. Lee Gilbert. Using Multiple Scenario Analysis to Map the Competitive Futurescape:A Practice-based Perspective. Competitive Intelligence Review,2000; 11 (2):12-19.
[210]Fink A, Schlake O. Scenario Management An Approach for Strategic Foresight. Competitive Intelligence Review,2000,11(1):37-45.
[211]ISACA. The Risk IT Framework Excerpt. the United States of America,2009.
[212]马缨.科技发展与科技风险管理.中国科技论坛,2005,(1):33-36.
[213]杨涛.商业银行信息科技风险量化与管理研究.信息安全与技术,2010,(06):66-70.
[214]杨涛.商业银行的信息科技风险及其防范.金融论坛,2010,(11):66-70.
[215]Starr C. Social benefit versus technological risk. Science,1969,165:1232-1238.
[216]刘彤.构造复杂信息系统安全基线的研究.中国管理科学,2000,(8):636-644.
[217]李晨,王伟.安全基线控制在风险管理过程中的应用.网络安全技术与应用,2009(9): 4-7.
[218]桑梓勤.电信运营企业的安全基线与等级保护.电信网技术,2007,(9):4-7.
[219]吕欣.电子政务信息系统安全分级方法与基线保障策略.信息网络安全,2006(9):34-36.
[220]马广宇,沈菁.如何更好地发挥通信网络安全基线的作用.电信技术,2011(5):11-14.
[221]彭霄.安全基线风险评估技术的研究:[硕士学位论文].北京:北京邮电大学,2010.
[222]位华WindowsXp安全基线评估技术研究:[硕士学位论文]..上海:复旦大学,2008.
[223]于宏霞,陈凯,白英彩.基线技术在软件配置管理过程中的应用.计算机应用与软件,2006,23(2):43-45.
[224]林震.基于需求基线的软件配置管理研究:[硕士学位论文].成都:西南交通大学,2002.
[225]陈起.软件开发中的基线管理.金融电子化,2009(6):62-64.
[226]林霞.基于需求基线的软件配置管理系统.福建电脑,2009(10):117-118.
[227]曹化工,王涛,卢正鼎.计算机支持的协同工作环境中的基线管理.华中理工大学学报,1995,23(7):59-63.
[228]百度百科.基线[EB/OL]. [2011-08-05]. http://baike.baidu.com/view/350200.htm.
[229]百度百科Snapshot[EB/OL]. [2011-08-05]. http://baike.baidu.com/view/677611.htm.
[230]刘爱贵.快照(Snapshot)技术发展综述[EB/OL]. (2009-08-28)[2011-08-05]. http://blog.csd n.net/liuben/article/details/4494555.
[231]卢加元.信息系统风险管理.北京:清华大学出版社,2011.
[232]刘士峰.银行业务与信息化系统分析.北京:中国建材工业出版社,2011.
[233]郭勇.银行数据大集中后的风险分析与防范:[硕士学位论文].北京:北京邮电大学,2009.
[234]王建.中国银行贵州省分行信息系统风险评估研究:[硕士学位论文].长沙:湖南大学,2008.
[235]汤志伟.信息系统开发与管理.北京:科学出版社,2011,263-265.
[236]邵培基.管理信息系统.成都:电子科技大学出版社,2008.
[237]Ropponen, a., Lyytinen, K. Components of Software Development Risk:How to Addre ssThem? A Project Manager Survey. IEEETransactions On Software Engineering,2000, 26(2):98-112.
[238]蒋国萍.软件项目风险管理的贝叶斯网络模型研究:[博士学位论文].长沙:国防科学技术大学,2005.
[239]钱鸿生.基于风险管理的软件生命周期模型研究:[博士学位论文].上海:同济大学,2006.
[240](美)彼得.维尔,珍妮.W罗斯.IT治理——一流绩效企业的IT治理之道(杨波).北京:商务 印书馆,2005,10.
[241]郝海,踪家峰.系统分析与评价方法.北京:经济科学出版社,2007.
[242]李德毅,孟海军,史雪梅.隶属云和隶属云发生器.计算机研究与发展,1995,32(6):15-20.
[243]李德毅,杜鹢.不确定性人工智能.北京:国防工业出版社,2005.
[244]王德鲁,宋学锋.基于云模型关联规则的企业转型战略风险预警.中国管理科学,2009,17(2):152-159.
[245]冷宏伟,周宗放.基于云重心评判法的风险投资项目风险评估.管理学家学术版,2010(3):56-64.
[246]缪胜光,陈国宏.产业集群企业技术创新能力研究——基于云理论.技术经济,2011,30(5):1-5.
[247]张目,周宗放.改进的云重心评判法在高技术企业信用评价中的应用.数学的实践与认识,2010,40(19):37-44.
[248]杨柳,吕英华.基于云模型的网络风险评估技术研究.计算机仿真,2010,27(10):95-98.
[249]覃德泽.云重心理论在网络安全风险评估中的应用.计算机仿真,2011,28(3):174-177.
[250]覃德泽.一种基于云模型的网络安全风险综合评价法.网络安全技术与应用,2011(7):29-32.
[251].覃德泽,蒙军全.基于云重心理论的校园网安全风险评估.贺州学院学报,2010,26(4):133-138.
[252].覃德泽.云重心理论对网络安全风险评估层次分析法改进的研究.制造业自动化,2010,33(12):59-61.
[253]邢莉燕,邵朝红.云视角下的工程造价风险评价.山东建筑大学学报,2010,25(4):429-433.
[254]秦湘灵,居勇,曾鸣,赵徽,马博.基于云模型的供电企业人力资源风险评价.技术经济与管理研究,2009,(6):61-63.
[255]刘小龙,邱菀华.项目工程风险评估云判别模型设计.北京航空大学学报,2008,34(12):1445-1447.
[256]温秀峰,李燕青,谢庆.电力系统风险评估云模型建模的研究.中国高等学校电力系统及其自动化专业第二十四届学术年会论文集,北京:北京农业大学出版社,2008,2336-2339.
[257]辛晶,夏登友,庞西磊,韩俊玲,张峰.基于云理论的高层建筑火灾风险评估.消防科学与技术,2011,30(3):258-261.
[258]苗鑫,西宝.基于云理论的路网可靠性评估方法.公路交通科技,2008,25(8):132-141.
[259]范艳峰,杨志晓,杨红卫.基于云理论的粮食品质检测不确定性研究.河南工业大学学报(自然科学版),2011.32(2):54-58.
[260]杜红梅,刘明盛.基于云模型的风险评估方法研究.陈宗海.2009系统仿真技术及其应用学术会议论文集,2009.
[261]李晓松,王成志,陈庆华.基于云推理模型的武器装备研制风险评估研究.运筹与管理,2011.20(3):111-145.
[262].张目,周宗放.云重心评判法在防空兵作战能力评估中的应用.计算机测量与控制,2010.18(8):1928-1930.
[263].焦跃,李德毅,杨朝晖.一种评价C31系统效能的新方法.系统工程理论与实践,1998,18(12):68-73.
[264]陈晨,王强,王晓恩.基于云重心评价法的空袭目标威胁程度评估.计算机测量与控制,2009,17(2):354-356.
[265]程凡超,马连敏,吴静.地空导弹武器系统效能评估方法.计算机测量与控制,2008,16(2):218-220.
[266]唐克,张罗政,魏琪.基于云重心法评估复杂电磁环境下炮兵信息化作战能力.运筹与管理,2008,17(2):121-124
[267]武文军,成洪俊,曹宁.云重心理论在防空兵作战能力评估中的运用.火力与指挥控制,2005,30(4):82-84.
[268]谢志伟,王强,胡建军.云重心评判法在防空群作战指挥效能评估中的应用.现代防御技术,2007,35(5):81-85.
[269]林培光,汤世平,余正涛.基于云理论的数据属性约简.计算机应用,2006,26(12):154-156.
[270]杜栋,庞庆华,吴炎.现代综合评价方法与案例精选.北京:清华大学出版社,2008.