diff --git a/Document/content/References.md b/Document/content/References.md new file mode 100644 index 0000000..a565330 --- /dev/null +++ b/Document/content/References.md @@ -0,0 +1,24 @@ +## References + +\[1\] National Institute of Standards and Technology (NIST). Artificial Intelligence Risk Management Framework (AI RMF 1.0). NIST Special Publication 1270\. Gaithersburg, MD: U.S. Department of Commerce, January 2023.Available from [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1270.pdf](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1270.pdf) +\[2\] International Organization for Standardization. ISO/IEC 42001:2022 Information technology, Artificial intelligence, Management system, Requirements. Geneva: ISO, 2022\. Available from [https://www.iso.org/standard/81230.html](https://www.iso.org/standard/81230.html) +\[3\] OWASP Foundation. OWASP Top 10 for Large Language Models (LLMs). OWASP Foundation, 2024\. Available from [https://owasp.org/www-project-top-ten-llms/](https://owasp.org/www-project-top-ten-llms/) +\[4\] International Organization for Standardization. ISO/IEC 23053:2021 Information Technology, Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML). Geneva: ISO, 2021\. Available from [https://www.iso.org/standard/74630.html](https://www.iso.org/standard/74630.html) +\[5\] OWASP Foundation. OWASP AI Exchange. OWASP Foundation, 2024\. Available from [https://owasp.org/www-project-ai-exchange/](https://owasp.org/www-project-ai-exchange/) +\[6\] NIST SP 800-115. National Institute of Standards and Technology (NIST). Technical Guide to Information Security Testing and Assessment. NIST Special Publication 800-115. Gaithersburg, MD: U.S. Department of Commerce, September 2008\. Available from [https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf) +\[7\] Institute for Security and Open Methodologies (ISECOM). OSSTMM 3: The Open Source Security Testing Methodology Manual. ISECOM, 2020\. Available from [https://www.isecom.org/research/osstmm/](https://www.isecom.org/research/osstmm/) +\[8\] OWASP Foundation. OWASP Web Security Testing Guide (WSTG) 4.2. OWASP Foundation, 2021\. Available from [https://owasp.org/www-project-web-security-testing-guide/](https://owasp.org/www-project-web-security-testing-guide/) +\[9\] UcedaVélez, T., & Morana, M. M. (2015). *Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis*. Wiley. ISBN 978-1118810040. Available from [https://www.wiley.com/en-us/Risk+Centric+Threat+Modeling%3A+Process+for+Attack+Simulation+and+Threat+Analysis-p-9781118810040](https://www.wiley.com/en-us/Risk+Centric+Threat+Modeling%3A+Process+for+Attack+Simulation+and+Threat+Analysis-p-9781118810040) +\[10\] Shostack, A. (2014). *Threat Modeling: Designing for Security*. Wiley. ISBN 978-1118809990. Available from [https://www.wiley.com/en-us/Threat%2BModeling%3A%2BDesigning%2Bfor%2BSecurity-p-9781118809990](https://www.wiley.com/en-us/Threat%2BModeling%3A%2BDesigning%2Bfor%2BSecurity-p-9781118809990) +\[11\] MITRE Corporation. (2023). *MITRE ATLAS™:* Adversarial Threat Landscape for Artificial-Intelligence Systems. Retrieved from [https://atlas.mitre.org/](https://atlas.mitre.org/) +\[12\] Wuyts, K., & Joosen, W. (2015). LINDDUN privacy threat modeling: A tutorial (CW Reports CW685). Department of Computer Science, KU Leuven. Retrieved from [https://linddun.org/publications/](https://linddun.org/publications/) +\[13\] Google. (2023). *Secure AI Framework (SAIF): A Conceptual Framework for Secure AI Systems*. Retrieved from [https://safety.google/cybersecurity-advancements/saif/](https://safety.google/cybersecurity-advancements/saif/) +\[14\] *OWASP AI Red Teaming Framework*. Open Worldwide Application Security Project (OWASP), 2024\. Available at: [https://owasp.org/www-project-ai-red-teaming/](https://owasp.org/www-project-ai-red-teaming/) +\[15\] Lewis, P., Perez, E., Piktus, A., Karpukhin, V., Goyal, N., Küttler, H., … & Riedel, S. (2021). *Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks*. In *NeurIPS 2021*. Available from [https://arxiv.org/abs/2005.11401](https://arxiv.org/abs/2005.11401) +\[16\] Angles of Attack Research Group. *Securing AI/ML Systems in the Age of Information Warfare*. Angles of Attack White Paper, 2024\. Available from [https://anglesofattack.io/Securing\_AIML\_Systems\_in\_IW\_Cox.pdf](https://anglesofattack.io/Securing_AIML_Systems_in_IW_Cox.pdf) +\[17\] Scarfone, K., Souppaya, M., Cody, A., & Orebaugh, A. (2008). *Technical Guide to Information Security Testing and Assessment* (NIST Special Publication 800-115). National Institute of Standards and Technology. Retrieved from [https://csrc.nist.gov/publications/detail/sp/800-115/final](https://csrc.nist.gov/publications/detail/sp/800-115/final) +\[18\] Herzog, P., & the Institute for Security and Open Methodologies (ISECOM). (2010). *Open Source Security Testing Methodology Manual (OSSTMM), Version 3*. ISECOM. Retrieved from [https://www.isecom.org/OSSTMM.3.pdf](https://www.isecom.org/OSSTMM.3.pdf) +\[19\] OWASP Foundation. (2023). *OWASP Web Security Testing Guide (WSTG), Version 4.2*. Open Worldwide Application Security Project. Retrieved from [https://owasp.org/www-project-web-security-testing-guide/](https://owasp.org/www-project-web-security-testing-guide/) +\[20\] Yu, S. (2023). *Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape.* Wiley. ISBN: 978-1119895183. Available from: [https://www.wiley.com/en-us/Cyber+Defense+Matrix%3A+The+Essential+Guide+to+Navigating+the+Cybersecurity+Landscape-p-9781119895183](https://www.wiley.com/en-us/Cyber+Defense+Matrix%3A+The+Essential+Guide+to+Navigating+the+Cybersecurity+Landscape-p-9781119895183) +\[21\] OWASP Agentic Security Initiative. (2025, February 17). *Agentic AI – Threats and Mitigations*. OWASP Generative AI Security Project. Retrieved from [https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/](https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/) +\[22\] OWASP Agentic Security Initiative. “Multi-Agentic System Threat Modeling Guide v1.0.” OWASP Generative AI Security Project. April 23, 2025\. [https://genai.owasp.org/resource/multi-agentic-system-threat-modeling-guide-v1-0/](https://genai.owasp.org/resource/multi-agentic-system-threat-modeling-guide-v1-0/)