Appendix G: Select Bibliographies

Appendix G: Select Bibliographies

Select Bibliography from Carnegie Mellon University

URLs are valid as of the publication date of this document.

Alberts, Chris; Dorofee, Audrey; Killcrece, Georgia; Ruefle, Robin; & Zajicek, Mark. Defining Incident Management Processes for CSIRTs: A Work in Progress. CMU/SEI-2004-TR-015 ADA453378. Software Engineering Institute, Carnegie Mellon University. 2004. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=7153

Alberts, Chris; Dorofee, Audrey; Ruefle, Robin; & Zajicek, Mark. An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC). CMU/SEI-2013-TN-015.

Software Engineering Institute, Carnegie Mellon University. 2013. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=91452

Barker, William C. Guideline for Identifying an Information System as a National Security System (NIST Special Publication 800-59). 2003. https://doi.org/10.6028/NIST.SP.800-59

Cichonski, Paul; Millar, Tom; Grance, Tim; & Scarfone, Karen. Computer Security Incident Handling Guide (NIST Special Publication 800-61, Rev 2). 2012.https://csrc.nist.gov/pubs/sp/800/61/r2/final

Dempsey, Kelley; Sha Chawlaa, Nirali; Johnson, Arnold; Johnston, Ronald; Clay Jones, Alicia; Orebaugh, Angela; Scholl, Matthew; & Stine, Kevin. Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations (NIST Special Publication 800-137). 2010. https://csrc.nist.gov/pubs/sp/800/137/final

Department of Homeland Security. DHS Federal Continuity Directive 1: Federal Executive Branch National Continuity Program and Requirements: Annex C. 2008. http://www.fema.gov/pdf/about/org/ncp/fcd1.pdf

Department of Homeland Security. DHS Federal Continuity Directive 2: Federal Executive Branch Mission Essential Function and Primary Mission Essential Function Identification and Submission Process. 2008.

Department of Homeland Security. A Roadmap for Cybersecurity Research. 2009.

Department of Homeland Security. Department of Homeland Security Federal Network Security Branch. Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report (CAESARS). 2010.

Department of Homeland Security. Cybersecurity Capability Validation (CCV) Assessment Method and Process Guidance Version 1.1. U.S Department of Homeland Security. 2012.

Department of Homeland Security. IT Program Assessment: Department of Homeland Security (DHS) Analysis and Operations (A&O) Common Operating Picture (COP). U.S. Department of Homeland Security. 2012. http://www.dhs.gov/xlibrary/assets/mgmt/itpa-ao-cop2012.pdf

Dorofee, Audrey; Killcrece, Georgia; Ruefle, Robin; & Zajicek, Mark. Incident Management Capability Metrics, Version 0.1. CMU/SEI-2007-TR-008 ADA468688. Software Engineering Institute, Carnegie Mellon University. 2007.

ENISA. CSIRT A Step-by-Step Approach on How to Set Up a CSIRT. 2006.

ENISA. CSIRT Good Practice Guide for Incident Management. 2010. https://www.enisa.europa.eu/publications/good-practice-guide-for-incident-management

Federal Financial Institutions Examination Council (FFIEC). IT Examination Handbook InfoBase. 2006. http://ithandbook.ffiec.gov/

Grance, Tim; Nolan, Tamara; Burke, Kristin; & Good, Travis. Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities (NIST Special Publication 800-84). 2006. http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf

Hash, Joan; Bartol, Nadya; Rollins, Holly; Robinson, Will; Abeles, John; & Batdorff, Steve. Integrating IT Security into the Capital Planning and Investment Control Process (NIST Special Publication 800-65). 2005.

International Information Systems Security Certification Consortium (ISC)2. Certified Information Systems Security Professional (CISSP) Common Body of Knowledge (CBK). 2007.

Information Security Forum. The Standard of Good Practice for Information Security. 2012.

IT Governance Institute. Control Objectives for Information and related Technology (COBIT) 5. 2012. http://www.isaca.org/cobit

Johnson, Arnold; Dempsey, Kelley; Ross, Ron; Gupta, Sarbari; & Bailey, Dennis. Guide for Security-Focused Configuration Management of Information Systems (NIST Special Publication 800-128). 2011. http://csrc.nist.gov/publications/nistpubs/800-128/sp800-128.pdf

Kent, Karen & Souppaya, Murugiah. Guide to Computer Security Log Management (NIST Special Publication 800-92). 2006. http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf

Kent, Karen; Chevalier, Suzanne; Grance, Tim; & Dang, Hung. Guide to Integrating Forensic Techniques into Incident Response (NIST Special Publication 800-86). 2006. http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf

Killcrece, Georgia; Kossakowski, Klaus-Peter; Ruefle, Robin; & Zajicek, Mark. State of the Practice of Computer Security Incident Response Teams (CSIRTs). CMU/SEI-2003-TR-001, ADA421664. Software Engineering Institute, Carnegie Mellon University. 2003. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=6571

Killcrece, Georgia; Kossakowski, Klaus-Peter; Ruefle, Robin; & Zajicek, Mark. Organizational Models for Computer Security Incident Response Teams (CSIRTs). CMU/SEI-2003-HB-001, ADA421684. Software Engineering Institute, Carnegie Mellon University. 2003. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=6295

Killcrece, Georgia; Kossakowski, Klaus-Peter; Ruefle, Robin; & Zajicek, Mark. CSIRT Services. Software Engineering Institute, Carnegie Mellon University. 2002. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=53046

Mell, Peter; Waltermire, David; Feldman, Larry; Booth, Harold; Ragland, Zach; Ouyang, Alfred; & McBride, Timothy. CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture (Second Draft). 2012. http://csrc.nist.gov/publications/drafts/nistir-7756/Draft-NISTIR-7756_second-public-draft.pdf

Mell, Peter; Bergeron, Tiffany; & Henning, David. Creating a Patch and Vulnerability Management Program (NIST Special Publication 800-40, Version 2.0). 2005. http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

Mell, Peter; Kent, Karen; & Nusbaum, Joseph. Guide to Malware Incident Prevention and Handling (NIST Special Publication 800-83). 2005. http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf

The National Archives and Records Administration. General Records Schedule 24—Information Technology Operations and Management Records. 2010. https://www.archives.gov/files/records-mgmt/grs/grs24.pdf

National Institute of Standards and Technology. Standards for Security Categorization of Federal Information and Information Systems (FIPS PUB 199). 2004. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

National Institute of Standards and Technology. Minimum Security Requirements for Federal Information and Information Systems (FIPS PUB 200). 2006. http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf

National Institute of Standards and Technology, Joint Task Force Transformation Initiative. Recommended Security Controls for Federal Information Systems and Organizations (NIST Special Publication 800-53, Rev 3). 2009. http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf

National Institute of Standards and Technology. NIST Special Publications, 800 Series. 2009. http://csrc.nist.gov/publications/PubsSPs.html

National Institute of Standards and Technology, Joint Task Force Transformation Initiative. Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Lifecycle Approach (NIST Special Publication 800-37 Rev 1). 2010. http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf

National Institute of Standards and Technology, Joint Task Force Transformation Initiative. Guide for Assessing the Security Controls in Federal Information Systems (NIST Special Publication 800-53A Rev 1). 2010. http://csrc.nist.gov/publications/nistpubs/800-53A-rev1/sp800-53A-rev1-final.pdf

National Institute of Standards and Technology, Joint Task Force Transformation Initiative. Managing Information Security Risk: Organization, Mission, and Information System View (NIST Special Publication 800-39). 2011. http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf

National Institute of Standards and Technology. Computer Security Incident Handling Guide (Draft) (NIST Special Publication 800-61 Rev 2 DRAFT). 2012. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

National Institute of Standards and Technology. Security and Privacy Controls for Federal Information Systems and Organizations (NIST Special Publication 800-53 Rev 4). 2013. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

Network Working Group. Expectations for Computer Security Incident Response. 1998. http://www.ietf.org/rfc/rfc2350.txt

Office of Management and Budget. Safeguarding Against and Responding to the Breach of Personally Identifiable Information (memorandum). 2007. https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2007/m07-16.pdf

Reid, Gavin & Schieber, Dustin. CSIRT Case Classification (Example for Enterprise CSIRT). 2004. https://www.first.org/resources/guides/#CSIRT-Case-Classification-Example-for-enterprise-CSIRT

Scarfone, Karen & Mell, Peter. Guide to Intrusion Detection and Prevention Systems (IDPS) (NIST Special Publication 800-94). 2007. http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf

Scarfone, Karen; Souppaya, Murugiah; Cody, Amanda; & Orebaugh, Angela. Technical Guide to Information Security Testing and Assessment (NIST Special Publication 800-115). 2008. http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf

Scarfone, Karen & Hoffman, Paul. Guidelines on Firewalls and Firewall Policy (NIST Special Publication 800-41, Rev 1). 2009. https://csrc.nist.gov/publications/detail/sp/800-41/rev-1/final

Stine, Kevin; Kissel, Rich; Barker, William C.; Fahlsing, Jim; & Gulick, Jessica. Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories (NIST Special Publication 800-60 Rev 1). 2008. http://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol1-Rev1.pdf

Swanson, Marianne & Guttman, Barbara. Generally Accepted Principles and Practices for Securing Information Technology Systems (NIST Special Publication 800-14). 1996. http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf

Swanson, Marianne; Hash, Joan; & Bowen, Pauline. Guide for Developing Security Plans for Federal Information Systems (NIST Special Publication 800-18, Rev 1). 2006. http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf

Swanson, Marianne; Bowen, Pauline; Wohl Phillips, Amy; Gallup, Dean; & Lynes, David. Contingency Planning Guide for Federal Information Systems (NIST Special Publication 800-34, Rev 1). 2010. http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf

Tracy, Miles; Jansen, Wayne; Scarfone, Karen; & Butterfield, Jason. Guidelines on Electronic Mail Security (NIST Special Publication 800-45 Version 2). 2007. http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf[

West-Brown, Moira J.; Stikvoort, Don; Kossakowski, Klaus-Peter; Killcrece, Georgia; Ruefle, Robin; & Zajicek, Mark. Handbook for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-2003-HB-002, ADA413778). Software Engineering Institute, Carnegie Mellon University. 2003. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=6305

Wilson, Mark & Hash, Joan. Building an Information Technology Security Awareness and Training Program (NIST Special Publication 800-50). 2003. http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf

Select Bibliography from Cambridge University

Accenture Security. 2017 Cyber Threatscape Report: Midyear Cybersecurity Risk Review-Forecast and Remediation’s. Accenture Security, 2017.

Advisen. Information Security and Cyber Risk Management. Seventh Annual Survey, 2017. Akamai. State of the internet/security: Q2 2017 Report.

Allianz. A Guide to Cyber Risk. Allianz Global Corporate & Specialty White Paper, 2017.

Amazon (1). “Amazon Simple Storage Service (S3) — Cloud Storage — AWS”. Amazon Web Services, Inc. 2018. Amazon (2). “Amazon EC2”.

Aon. Global Cyber Market Overview, June 2017. BAE. “When cyber attacks meet financial crime”.

Barth, Bradley. “DDoS attacks delay trains, halt transportation services in Sweden”. SC Magazine. October 16, 2017. BBC (1). “Qatar Crisis: What you need to know.” July 19, 2017.

BBC (2). “Theresa May accuses Vladimir Putin of election meddling.” November 14, 2017. BBC (3). “NHS cyber-defender Marcus Hutchins to appear in U.S. court.” August 4, 2017. BBC (4). “Dark web markets boom after AlphaBay and Hansa Busts”. August 1, 2017.

BBC (5). “South Korean firm’s ‘record’ ransom payment”, June 20, 2017.

Berr, Jonathan. “’WannaCry’ ransomware attack losses could reach $4 billion”. CBS Moneywatch. May 16, 2017.

Beazley (1). “Ransomware attacks steal headlines, but accidental data breaches remain a major cause of loss”. August 1, 2017. Beazley (2). “Technology, Media & Business Services First Party Computer Claims”.

Blodget, Henry. “Amazon’s Cloud Crash Disaster Permanently Destroyed Many Customers’ Data”. Business Insider. April 28, 2011. Boey, Darren. “North Korean Hacker Group Linked to Taiwan Bank Cyber Heist.” Bloomberg Technology. October 17, 2017.

Brook, Chris. “DDOS Attacks Can Cost Businesses up to $2.5 Million per Attack, Report Says”. Threat Post. May 2, 2017. Burgess, M. “What is GDPR? WIRED explains what you need to know”. Wired, January 2, 2018.

Chappell, Bill. “’Petya’ Ransomware Hits at Least 65 Countries; Microsoft Trace it to Tax Software.” NPR. June 28, 2018. Cimpanu, Catalin. “95% of All Ransomware Payments were Cashed out via BTC-e Platform”. Bleeping Computer. July 27, 2017. Coles, Cameron. “Overview of Cloud Market in 2017 And Beyond”. Skyhigh.

Comptroller and Auditor General. Investigation: WannaCry cyber attack and the NHS. National Audit Office. Department of Health. October 27, 2017.

Council of Europe. International Co-operation under the Convention on Cybercrime. Project on Cybercrime. 18 August, 2017. Cybereason. Paying the Price of Destructive Cyber Attacks. Whitepaper, 2017.

EMVco. “EMVCo Reports 6.1 Billion EMV Chip Payment Cards in Global Circulation”. June 5, 2017. European Commission. “Protection of personal data”. Europa, 2017.

Europol. Internet Organised Crime Threat Assessment. 2017.

Field, Tom. “The Blurred Lines Between Criminals and Nation-States”. Bank Info Security. June 19, 2017. Forester, Conner. “NotPetya ransomware outbreak cost Merck more than $300M per quarter”. Tech Republic.

Finkle, Jim (1). “Your medical record is worth more to hackers than your credit card”. Reuters. September 24, 2014.

Finkle, Jim.(2) “Cybersecurity Firm: North Korea Was Likely Behind Cyber Heist In Taiwan”. Business Insider. October 16, 2017.

Gabel, Detlev and Hickman, Tim. K. Key definitions-Unlocking the EU General Data Protection Regulation. Whitecase publications, September 2017.

Gammons, Brianna. “6 Must-Know Cybersecurity Statistics for 2017”. Barkly (Blog), January, 2017. Gartner (1). “Gartner Says Worldwide Public Cloud Services Market to Grow 18% in 2017”. 2017.

Gartner (2). “Gartner Says Worldwide Information Security Spending Will Grow 7 Percent to Reach $86.4 Billion in 2017”.

August 16, 2017.

Gerstein, Josh. “Alleged leaker Reality Winner said she stuffed NSA report in her pantyhose”. Politico. September 27, 2017. Gibbs, Samuel (1). “Shadow Brokers threaten to unleash more hacking tools”. The Guardian. May 17, 2017.

Gibbs, Samuel (2). “Game of Thrones: HBO hackers threaten leak of season finale”. The Guardian. August 21, 2017. Gogan, Marcell. “Insider Threat as the Main Security Threat in 2017”. TRIPWIRE. April 11, 2017.

Google (1). “Google Cloud Computing, Hosting Services & Apis”. Google Cloud Platform. Google (2). “Cloud Locations”.

Graham, Chris. “NHS cyber attack: Everything you need to know about ‘biggest ransomware’ offensive in history”. The Telegraph.

May 20, 2017.

Gray, Alistair. “U.S. banks to introduce new anti-fraud measures after Equifax Hack”. Financial Times. October 15, 2017. Greenberg, Andy (1). “How An Entire Nation Became Russia’s Test Lab for Cyberwar.” Wired. June 19, 2017.

Greenberg, Andy (2). “The Biggest Dark Web Takedown Yet Sends Black Markets Reeling”. Wired. July 14, 2017. Greenberg, Andy (3). “No One Wants to Buy Those Stolen NSA-Linked ‘Cyberweapons’”. Wired. August 16, 2016.

Greenough, J. “The ‘Internet of Things’ Will Be The World’s Most Massive Device Market And Save Companies Billions Of Dollars”. Business Insider. November 18, 2014.

IBM. “IBM Blue Mix”. IBM.

IBM X-Force Research. The weaponization of IoT devices: Rise of the thingbots. New York: IBM, 2017.

IDC. “Worldwide Spending On Security Technology Forecast To Reach $81.7 Billion In 2017, According To New IDC Spending”.

Research Press Release. March 29, 2017.

Imperva. Global DDoS Threat Landscape Q1 2017. 2017

Information Commissioner’s Office. Guide to the General Data Protection Regulation. ICO, 2017.

Jolly, Jasper. “Massive hack at Equifax exposes personal records of Brits and 142m Americans”. CITY A.M. September 8, 2017. JLT. “Asia Moves Towards Tougher Data Breach Rules”. December 8, 2017.

Johnson, Tim. “Here’s one tally of the losses from WannaCry ransomware attack”. McClatchy.

Jun, Kwanwoo and Yousef, Nancy. “North Korea Suspected of Hacking U.S.- South Korean War Plans.” The Wall Street Journal. October 10, 2017.

Kan, Michael. “Yahoo uncovered breach after probing a black market sale”. CIO. September 22, 2016. Kar, Ian. “The chip card transition in the U.S. has been a disaster”. Quartz. July 29, 2016.

Kaspersky Lab (1). APT Trends Report Q2 2017. SECURELIST, 2017. Kaspersky Lab (2). KSN Report: Ransomware in 2016-2017. Security List,2017.

Khalimonenko, Alexander, Oleg Kupreev, and Timur Ibragimov. DDoS attacks in Q2 2017. SecureList DDOS Reports. Khandelwal, Swati. “Hackers Stole $32 Million in Ethereum; 3rd Heist in 20 days”. The Hacker News. July 19. 2017.

Kshetri, Nir and The Conversation. “Cryptocurrencies May Be a Dream Come True for Cyber-Extortionists”. Fortune. September 19, 2017.

Lin, Adela, and Ondaatjie, Anusha. “Sri Lanka Makes Arrests In $60 Million Taiwanese Bank Cyberheist”. Bloomberg. October 12, 2017. Lloyds. Bitcoin: Risk Factors for Insurance. London: Lloyd’s Innovation Series, 2015.

Ludwin, Adam. “How Anonymous is Bitcoin? A Backgrounder for Policymakers”. Coindesk. January 25, 2015.

Morgan, Steve. “Global ransomware damage costs predicted to exceed $5 billion in 2017, up from $325 million in 2015”. CSO. May 23, 2017.

McCrank (1), John. “Equifax says 15.2 million U.K. records exposed in cyber breach”. Reuters. October 10, 2017.

McCrank (2), John and Saxena, Aparajita. “Equifax clears executives who sold shares after hack”. Reuters. November 3, 2017. Michael, Casey. “The Kremlin’s California Dream.” Slate. May 4, 2017.

Microsoft Azure. “Cloud Locations”. Google Cloud Platform.

National Association of Insurance Commissioners. “The National System of State Regulation and Cybersecurity”. December 12, 2017. Nakashima, Ellen. “Prosecutors to seek indictment against former NSA contractor as early as this week”. The Washington Post. February 6, 2017.

National Audit Office. Investigation: WannaCry Cyber Attack and the NHS. Report by the Comptroller and Auditor General, Department of Health. HC 414 Session 2017–2019 October 27, 2017.

Newton, Casey. “How A Typo Took Down S3, The Backbone Of The Internet”. The Verge. March 2, 2017.

Nichols, Shaun. “AWS’s S3 Outage Was So Bad Amazon Couldn’t Get into Its Own Dashboard to Warn The World”. The Register.

March 1, 2017

O’Conner, Fred. “NotPetya Still Roils Company’s Finances, Costing Organizations $1.2 Billion In Revenue”. Cybereason. November 9, 2017.

Office of the Director of National Intelligence. “Assessing Russian Activities and Intentions in Recent U.S. Elections”. ICA, 2017- 01D. January 6, 2017.

Oliphant, Roland and McGoogan, Cara. “NATO warns cyber-attacks ‘could trigger article 5’ as world reels from Ukraine hack.”

The Telegraph. June 28, 2017.

Paganini, Pierluigi. “Imperva Report Q2 2017- Over 75% Of DDoS Targets Were Hit Multiple Times”. Security Affairs. October 3, 2017. Palmer, Danny. “A massive cyberattack is hitting organizations around the world”. ZD Net. June 27, 2017.

Perlroth, Nicole. “All 3 Billion Yahoo Accounts Were Affected by 2013 Attack”. New York Times. October 3, 2017.

Popper, Nathaniel and Ruiz, Rebecca. “2 Leading Online Black Markets Are Shut Down by Authorities”. New York Times. July 20, 2017.

PYMNTS. “Dark Web Down but Not Out”. August 21, 2017

Rayome, Alison. “33% of businesses hit by DDoS attack in 2017, double that of 2016”. Tech Republic. October 11, 2017. Right Scale. 2017. State Of the Cloud Report.

Riley, Michael (1), Anita Sharpe and Jordan Robertson. “Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed”. Bloomberg. September 18, 2017.

Riley, Michael (2), Jordan Robertson and Anita Sharpe. “The Equifax Hack Has the Hallmarks of State-Sponsored Pros”. Bloomberg. September 29, 2017.

Romanosky, Sasha, Lillian Ablonm Andreas Kuehn and Therese Jones. Content Analysis on Cyber Insurance. RAND Working Paper, September 2017.

Shepardson, David. “Equifax failed to patch security vulnerability in March: former CEO”. Reuters. October 2, 2017.

Shevchenko, Sergei, Hirman Muhammad bin Abu Bakar, and James Wong. “Taiwan Heist: Lazarus Tools and Ransomware”. BAE Threat Research (Blog). October 16, 2017.

Solon, Olivia and Siddiqui, Sabrina. “Russia-backed Facebook posts ‘reached 126m Americans’ during U.S. election.” The Guardian. October 31, 2017.

Sputnik News. “Chinese Phone App Leaks 2 Billion Private Numbers, High Officials’ Among Them”. May 14, 2017.

Stecklow, Steve, Alexandra Harney, Anna Irrera and Jemima Kelly. “Chaos and hackers stalk investors on cryptocurrency exchanges”. Reuters. September 29, 2017.

Symantec. Internet Security Threat Report. ISTR, 2017. Symantec. ISTR Ransomware 2017. July 2017.

Symantec. “Attackers target dozens of global banks with new malware”. Symantec Official Blog. February 12, 2017. Symantec. Internet Security Threat Report: Financial Threats Review 2017. 2017.

Symantec. “Attackers Target Dozens of Global Banks With New Malware”. Symantec Official Blog (Blog). The Conversation. “By concealing identities, cryptocurrencies fuel cybercrime”. Editorial. September 26, 2017. Thomson, Iain. “Virus (cough, cough Petya) goes postal at FedEx, shares halted”. The Register. June 28, 2017.

Turner, Karen. “The Equifax hacks are a case study in why we need better data breach laws”. Vox. September 14, 2017.

United State Department of the Treasury Financial Crimes Enforcement Network. “FinCEN Fines BTC-e Virtual Currency Exchange $110 Million for Facilitating Ransomware, Dark Net Drugs Sales”. FinCen. July 26, 2017.

Viner, K. “How technology disrupted the truth.” The Guardian. July 12, 2016. Wolff, Josephine. “The New Economics of Cybercrime”. The Atlantic. June 7, 2017.

Wolfram, Hedrick, Gerald Wong and Jaclyn Yeo. Cyber Risk in Asia-Pacific: The Case For Greater Transparency. OLIVER WYMAN, 2017.

Woo, G.; 2017; Counterfactual Analysis of WannaCry Malware Attack. RMS Webinar, Nov 2017; and blog ‘Reimagining the WannaCry Cyberattack’

Woodward, Matt. “How Much Does 1 Hour of Downtime Cost the Average Business?”. RAND Group.