R. Davidson and S. Lambert, “Applying the Australian and New Zealand Risk Management Standard to Information Systems in SMES”, AJIS, vol. 12, no. 1, Mar. 2004.