Web Sites:

• rmFamily: Great Web site which features a multitude of risk management resources
• Aon: Identifies risk management insights and issues
• Carnegie Mellon Software Engineering Institute: Risk management issues associated with software engineering and more
• Risk World: Publications and news articles
• Society For Risk Analysis: Newsletters, journals and other risk management resources
• Hazmat Risk Management: Risk management process for hazardous material
• The Risk Digest: UK web site which illustrates risk for computers and other related systems
• Security Focus: Security related issues and resources
• Computer Security Resource Center: Security issues, tools, best practices, and standards and guidelines
• US-CERT: United States Computer Emergency Readiness Team: Information to protect computer systems; includes a common vulnerabilities and exposure list
• Process Control Systems Forum (PCSF)
• Nmap Hackers Pick Top 100 Security Tools
• Process Control Systems Forum (PCSF)
• Algorithmics: Helps the way banks, asset managers and corporations measure risk.-
• Consultants in Risk Management: Large list of risk management consulting firms
• Crisisnavigator: International internet guide to crisis management-
• Environmental Support Solutions Inc: Helps organizations maintain world class regulatory compliance programs-
• Envision Technology Solutions: Advanced risk management information systems software-
• eRisks.com: Enterprise Risk Solutions-
• FinanceWise Risk Management Special Report: Search engine special report on risk management-
• Global Association of Risk Professionals: Non-profit, independent organization of financial risk management practitioners and researchers-
• globalcontinuity.com: Business continuity management portal on the internet, this site provides issues and links on business risk and disaster recovery-
• IFCI Risk Watch: International Finance and Commodities Institute, basis in financial risk management-
• Institute for Operations Research and the Management Sciences: Serves the scientific and professional needs of investigators, scientists, students,educators,managers and institutions in the fields of operations research and management sciences-
• International Risk Management Institute, Inc: Focus on research in important risk and insurance issues-
• ISEC,Inc: Three groups who focus on analyses and risk assessments-
• Measurisk: Leading full time provider in risk management-
• Mynd Corporation: Producer of RISKMASTER software-
• Public Entity Risk Institute: Non-profit, tax-exempt organization that serves public, private and nonprofit organizations with practical enhancement of risk management-
• Risk and Insurance Management Society, Inc: Risk management association who provides products, services, and information to manage all forms of business-
• RMA- The Risk Management Association: Trade association that provides effective and prudent risk management best practice for institutions of all sizes-

Publications and Articles

• Risk Management Guide for Information Technology System: Useful guide (NIST Special Publication 800-30) when evaluating IT systems
• National Strategy For Homeland Security: Various publication addressing national issues through risk management
• Introduction To Information Risk Assessment
• Security Program Management And Risk
• Risk-Eye For The IT Security Guy
• Security Docs Numerous network security papers
• Enterprise Risk And Technology Management
• Intrusion Detection: Reducing Network Security Risk
• ZDNet White Papers: Numerous IT white papers
• InformationWeek White Papers: Numerous IT and business white papers
• IT Toolbox White Papers: IT vulnerabilities
• CERT: Home Network Security: Documentation on security risks and countermeasures for cable and DSL Internet connectivity
• NIST Special Publications.

Books:

• Allen, S. L.  (2003) Financial Risk Management: a Practitioner’s Guide to Managing Market and Credit Risk.  New York:  Wiley.
• Ashenden, D. & Jones, A.  (2005)  Risk Management for Computer Security:  Protecting Your Network and Information Assets.  New York:  Butterworth-Heinemann.
• Barton, T. L., Shenkir, W. G., & Walker, P. L.  (2002) Making Enterprise Risk Management Payoff:  How Leading Companies Implement Risk Management.  New
  York:  FT Press.
• Chapman, C., & Ward, S.  (2003) Project Risk Management:  Processes, Techniques, and Insights.  New York:  Wiley.
• Compulink Systems Ltd.  (2006) Compulink Project Risk Management.  New York:  Compulink Systems Ltd.
• Crouhy, M., Galai, D. & Mark, R.  (2005) the Essentials of Risk Management.  New York: McGraw-Hill.
• Culp, C. L.  (2001)  Risk Management Process:  Business Strategy and Tactics.  New York:  Wiley.
• Doherty, N.  (2000)  Integrated Risk Management:  Techniques and Strategies for Managing Corporate Risk.  New York:  McGraw-Hill.
• Harrington, S. E., Niehaus, G.  (2003) Risk Management and Insurance.  New York:  McGraw-Hill/Irwin
• Haslett, M. J.  (1999)  Probability for Risk Management.  New York:  ACTEX Publications.
• Heldman, K.  (2005)  Project Manager’s Spotlight on Risk Management.  New York:  Jossey-Bass
• Hull, J. C.  (2006) Risk Management and Financial Institutions.  New York:  Prentice Hall.
• Kendrick, T.  (2003)  Identifying and Managing Project Risk:  Essential Tools for Failure-Proofing Your Project.  New York:  AMACOM/American Management Association.
• Lam, J.  (2003) Enterprise Risk Management:  From Incentives to Controls.  New York:  Wiley.
• McNeil, A. J., Frey, R., & Embrechts, P.  (2005) Quantitative Risk Management:  Concepts, Techniques, and Tools.  New York:  Princeton University Press.
• Michel, C., Galai, D. & Mark, R.  (2000) Risk Management. New York:  McGraw-Hill.
  Mulcahy, R.  (2003) Risk Management:  Tricks of the Trade for Project Managers.  New York:  RMC Publications, Inc.
• Pickett, K. H. S.  (2006)  Enterprise Risk Management: a Manager’s Journey.  New York:  Wiley.
• Pritchard, C. L.  (2001) Risk Management:  Concept and Guidance.  New York:  E S I Intl.
• Rejda, G. E.  (2004) Principles of Risk Management and Insurance. New York:  Addison Wesley
• Roper, C.  (1999)  Risk Management for Security Professionals.  New York:  Butterworth-Heinemann.
• Tarlow, P. E.  (2002)  Event Risk Management and Safety.  New York:  Wiley.
• Trieschmann, J. S., Hoyt, R., & Sommer, D.  (2004) Risk Management and Insurance.  New York:  South-Western College Pub.

News Articles:

• Homeland Security
• Federal Computer Week
• Enterprise News and Reviews

Risk Assessment White Papers

• The High Stakes of Security: Protecting Your Brand
• Podcast: There's a Hole in Your Network -- Vulnerability Management Is No Mystery
• Top Information Leakage Threats Facing Today's Financial Service Industry
• Understanding the Real Risk for Asset Intensive Industries: Demystifying the Myths
• Enterprise Data Management Maturity Model
• Risk and Policy Management
• Magic Quadrant for Email Security Boundary
• Policy and IT Controls Compliance Challenges and Solutions
• Building a Comprehensive Endpoint Security Strategy
• The Power of Integration: Security Risk Management
• Identity + Compliance: Driving a New Strategic Business Process for the Enterprise
• Network Assurance & Regulatory Compliance: Closing the Gap between Policies & Defenses
• Mitigate Business Intelligence Project Risks With Rule-Based Audits and Proofs-of-Concept
• Best Practices: Are Backups a Waste of Time?
• Open Source Software in the Enterprise:Commercial considerations when using Open Source Software
• Embracing Microsoft Vista for Enhanced Network Security
• Bridge the Gap: Don't Let Security Get Stuck at the Planning Phase
• Minimizing Business Risk - Getting Your Security on Track
• Mapping the Compliance Landscape
• Business-Class Security and Compliance for On-Demand Instant Messaging
• On-demand vs. On-premise Enterprise Instant Messaging
• Instant Messaging Tough Enough for Business: No Server Required
• A Practical Approach to Host-based Intrusion Prevention Systems (HIPS) Webcast
• The Art of Frequent Penetration (Testing): Figuring Out What's Really At Risk
• SOA: A Perspective on Implementation Risks