[[1] Buszman K., Listewnik K., Sobczynski T., Sensitive and Classified Data Exchange and Handling in the EU. A Case Study, ‘Journal of Information System Security’, 2015, Vol. 11, No. 2, pp. 149-168, Information Institute Publishing, Washington DC, USA.]Search in Google Scholar
[[2] Council Decision of 31 March 2011 on the security rules for protecting EU classified information (2011/292/EU).]Search in Google Scholar
[[3] Directive 2009/81/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of procedures for the award of certain works contracts, supply contracts and service contracts by contracting authorities or entities in the fields of defence and security, and amending Directives 2004/17/EC and 2004/18/EC.]Search in Google Scholar
[[4] Elsea J. K., The Protection of Classified Information. The Legal Framework, Congressional Research Service 7-5700, Washington, 10 January 2013.]Search in Google Scholar
[[5] Information Security Risk Assessment. Practices of Leading Organizations, Accounting and Information Management Division Executive, GAO Guide on Information Security Management, 1999.]Search in Google Scholar
[[6] ISO/IEC 13335-1:2004, Information technology. Security techniques. Management of information and communications technology security, Part 1, Concepts and models for information and communications technology security management.]Search in Google Scholar
[[7] ISO/IEC 27001:2013, Information technology. Security techniques. Information security management systems. Requirements.]Search in Google Scholar
[[8] ISO/IEC 27002:2013, Information technology. Security techniques. Code of practice for information security controls.]Search in Google Scholar
[[9] ISO/IEC 27005:2011, Information technology. Security techniques. Information security risk management.]Search in Google Scholar
[[10] ISO/IEC 27005:2011, Information technology. Security techniques. Information security management system implementation guidance.]Search in Google Scholar
[[11] Monahan G., Enterprise Risk Management. A Methodology for Achieving Strategic Objectives, John Wiley & Sons, 2008.]Search in Google Scholar
[[12] NIST SP 800-30, Risk Management Guide for Information Technology System, Recommendations of the National Institute of Standards and Technology.]Search in Google Scholar
[[13] Taylor A., Alexander D., Finch A., Sutton D., Information Security Management Principles, The British Computer Society, 2008.]Search in Google Scholar
[[14] The Treaty of Rome, 25 March 1957.]Search in Google Scholar
[[15] http://www.eda.europa.eu/info-hub/data-protection [access 27.08.2016]]Search in Google Scholar
[[16] https://www.enisa.europa.eu/activities/risk-management [access 27.08.2016].]Search in Google Scholar
