“ A methodology to implement an information security management system ” (2005) Journal of Information Systems and Technology Management, 2(2), pp. 121–136. doi:10.4301/S1807-17752005000200002.