The following references were used as references for the catalog of practices:
Julia H. Allen. The CERT Guide to System and Network Security Practice. New York: Addison-Wesley, 2001.
British Standards Institution. Information Security Management, Part 1: Code of Practice for Information Security Management of Systems (BS7799: Part 1: 1995). London: British Standards Institution, February 1995.
Gramm-Leach-Bliley Act of 1999
"Interagency Guidelines Establishing Standards for Safeguarding Customer Information and Rescission of Year 2000 Standards for Safety and Soundness; Proposed Rule." Federal Register, vol. 65, no. 123. (June 2000), 39471–39489.
Health Insurance Portability and Accountability Act (HIPAA) of 1996
"Security Standards and Electronic Signature Standards; Proposed Rule." Federal Register, vol. 63, no. 155. (August 1998), 43242–43280.
NIST Principles and Practices
Marianne Swanson and Barbara Guttman, "Generally Accepted Principles and Practices for Securing Information Technology Systems" (NIST SP 800-14). National Institute of Standards and Technology, Department of Commerce, Washington, DC, 1996.