Risk Management and Related Resources Compiled by: Nancy Y. McGovern, Anne R. Kenney Last revised (links checked): January 2002 Notable Web sites The Canadian Treasury Board’s Common Look and Feel for the Internet (http://www.cio-dpi.gc.ca/clf-upe/) Carnegie Mellon’s CERT® Coordination Center (http://www.cert.org/stats/cert_stats.html) Department of Justice, A Guide to Disability Rights Laws, August 2001 (http://www.usdoj.gov/crt/ada/cguide.htm) National Cancer Institute’s Web Design and Usability Guidelines (http://www.usability.gov/guidelines/index.html) National Library of Australia: Safeguarding Australia’s web resources: guidelines for creators and publishers (http://www.nla.gov.au/guidelines/2000/webresources.html) Safekeeping Project (with sponsors) (http://www.nla.gov.au/padi/safekeeping/safekeeping.html) W3C guidelines (http://www.w3.org/TR/WCAG10/) Domain Web site examples Insurance Providers: Global Risk Management Network (GRMN) (http://www.grmn.com/pages/default.asp) International Risk Management Institute (IRMI) (http://www.irmi.com) Healthcare Providers: Risk Management Foundation: Harvard Medical Institutions (http://www.rmf.harvest.edu/bodycme.htm) American Society for Healthcare Risk Management (ASHRM) of the American Hospital Association (http://www.ashrm.org/asp/home/home.asp) Nonprofit Organizations: Public Risk Management Association (PRIMA): Nonprofit Risk Management Center and Public Entity Risk Institute (http://www.primacentral.org/index.htm) Nonprofit Risk Organization (http://www.nonprofitrisk.org) Environmental Monitoring: National Risk Management Research Laboratory (NRMRL) (http://www.epa.gov/ORD/NRMR) Financial Investors: Global Association of Risk Professionals (GARP) (http://www.garp.com/index-b.htm) Risk Management Association (RMA) (http://www.rmahq.org) White Papers, articles, technical reports and other documents Bailar, Gregor. “Nasdaq Lessons Learned from Sept. 11.” (http://www.cio.com/online/102401_nasdaq.html.) BindView Corporation. “Risk Management: The New IT Challenge.” March 2000. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=417&scid=88) Blundon, William. “Security is in the eye of the beholder.” (http://www.javaworld.com/javaworld/jw-09-1997/jw-09-blundon_p.htm) Bridgewater Systems. “Policies and Profiles: The Keys to Success in Mobile Data Services.” 2001. (http://www.bridgewatersystems.com/products/netprofile/carrier/np_ce_wp.pdf) Byrnes, Christian. “Information Risk Management: Why Now?” (http://www.trusecure.com/html/tspub/whitepapers/irm.pdf) Chapple, Mike. “SQL Server Disaster Recovery.” (http://databases.about.com/library/weekly/aa031101a.htm) Cohen, Fred. “Managing Network Security: Attack and Defense Strategies.” July 1999. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=3583&scid=88) Computer Sciences Corporation. “Information Risk Management Program (IRMP): An Overview.” April 2000. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=24732&scid=88) Cooper, Michael D. “Design Considerations in Instrumenting and Monitoring Web-based Information Retrieval Systems.” Journal of the American Society for Information Science, 49 (10):903-919, 1998. (http://beachmat.sims.berkeley.edu/~mike/Articles/JASISDesign1998.pdf) Davis, Philip. “The Effect of the Web on Undergraduate Citation Behavior—a year 2000 update.” forthcoming College and Research Libraries (January 2002) Edupage. “President Forms Cyberterrorism Panel.” Educause, October 17, 2001. Elsevier Science. “Information on Electronic Back Files, Access and Archiving.” (http://www.elsevier.com/inca/publications/misc/ni2164.pdf) Flecker, Dale. “Preserving Scholarly E-Journals.” D-Lib Magazine, September 2001 (Volume 7, Number 9). (http://www.dlib.org/dlib/september01/flecker/09flecker.html) Geer, Daniel, E., Jr. “Risk Management is Where the Money Is.” Reprint of an address before the Digital Commerce Society of Boston, November 3, 1998. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=14911&scid=88) Global Information Security Services (GISS). “Information Risk Management Program (IRMP): AN Overview.” April 2001. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=24732&scid=88) Hamilton, Caroline R. “New Trends in Risk Assessment.” 1998. (http://www.riskwatch.com/whitepaper/newt.html) Harral, William M., “The Roles and Inter-relationships of Risk Management and Quality Management Systems Auditing.” 1998. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=1682&scid=88) Herman, Melanie L. and Barbara B. Oliver. “Teambuilding: Rx for Crisis Survival.” 10 September 2001. (http://www.nonprofitrisk.org/nwsltr/current/n1901_1.htm) Horgan, Daniel. “Five thoughts about Cyberterrorism.” http://www.darwinmag.com/read/thoughts/ “Is your company’s website vulnerable?” Computer Times, December 5, 2001 (http://computertimes.asiaone.com.sg/v2/issu02.shtml) Kabay, M.E. “ICSA White Paper on Computer Crime Statistics.” 1998. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=10094&scid=88) Kirschbaum, Dennis M. “Six Tips for Playing it Safe: At Work, At Home, on the Web.” (http://www.nonprofitrisk.org/nwsltr/archive/nl101_4.htm) Kleindorfer, Paul R. “Industrial Ecology and Risk Analysis.” Handbook of Industrial Ecology, L. Ayres and R. Ayres (eds). Forthcoming Elsevier, 2001. Kloman, H. Felix. “Rethinking Risk Management.” Geneva Papers, July 1992 and Risk Management Reports, March 1998. (http://www.riskreports.com) Kovacs, Paul and Howard Kunreuther. “Managing Catastrophic Risk: Lessons from Canada.” Institute for Catastrophic Loss Reduction Research Paper. (http://grace.wharton.upenn.edu/risk/downloads/01-09-HK.pdf) Kunreuther, Howard, Patricia Grossi, Nano Seeber and Andrew Smyth. “A Framework for Evaluating the Cost-Effectiveness of Mitigation Measures.” Paper Presented at the Bogazici University /Columbia University Workshop. (http://grace.wharton.upenn.edu/risk/downloads/01-18-HK.pdf) Kunreuther, Howard. Bruna de March, ed. “Incentives for Mitigation Investment and More Effective Risk Management: The Need for Public-Private Partnerships.” Special Issue on Risk and Governance, Journal of Hazardous Materials, 2001. (http://grace.wharton.upenn.edu/risk/downloads/01-13-HK.pdf) Kunreuther, Howard, and Patricia Grossi. “The Role of Uncertainty on Alternative Disaster Management Strategies.” April 2001. (http://grace.wharton.upenn.edu/risk/downloads/01-15HK.pdf) Kunreuther, Howard (coordinating author), Chris Cyr, Patricia Grossi and Wendy Tao. “Using CostBenefit Analysis to Evaluate Mitigation – Measures for Lifelines.” April 2001. (http://grace.wharton.upenn.edu/risk/downloads/01-14-HK.pdf) Kunreuther, Howard and Christian Schade. “Worry and Mental Accounting with Protective Measures.” February 2001. (http://grace.wharton.upenn.edu/risk/downloads/01-19-HK.pdf) Lawrence, H. Andrew. “Digital Insurance for Information at Risk: A Strategic Overview of Digital Preservation.” Eastman Kodak Company, 2000. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=21017&scid=169) Long, Marian H. “Business Interruption Risk Assessment: A Multidisciplinary Approach.” 1997. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=23794&scid=88) Luh, James C. “No Bots Allowed.” Interactive Week, April 12, 2001. (http://www.zdnet.com/zdnn/stories/news/0,4586,2707542,00.html) Marvell, Simon. “Business Continuity Management in the 21st Century.” (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=9801&scid=88) McClure, Charles R. and J. Timothy Sprehe. Guidelines For Electronic Records Management On State And Federal Agency Websites, an NHPRC-funded research project conducted in 1997. (http://istweb.syr.edu/~mcclure/guidelines.html) McClure, Sprehe and Kristen Eschenfelder. Performance Measures for Federal Agency Websites, 2000. ( http://www.defenselink.mil/webmasters/measures/) McNamee, David. “Assessing Risk Assessment.” Management Control Concepts. (http://www.mc2consulting.com/riskart2.htm) Meinel, Carolyn. “Code Red for the Web.” Scientific American, October 2001: 42-51. Miccolis, Jerry. “ERM and September 11.” Tillinghast-Towers Perrin, November 2001 (http://www.irmi.com/expert/articles/miccolis005.asp) Miller, Jean C. “Risk Management for Your Web Site.” Anita Schoenfeld, ed. International Risk Management Institute, September 2000. (http://www.irmi.com/expert/articles/schoenfeld003.asp) Mulcahy, Ryan, compiler. “’First Alert’ system sought for Internet, Feds Discuss Data Sharing, and More.” CIO Magazine, October 25, 2001. (http://64.28.79.79/online/102501_report.html) Nonprofit Risk Organization: “Beyond the Bend in the Road: The Nonprofit Risk Management Center Offers Predictions for the Year Ahead” (http://www.nonprofitrisk.org/nwsltr/archive/nl100_4.htm) “eNoculation” (http://www.nonprofitrisk.org/nwsltr/current/nl200_1.htm) Full Speed Ahead: Managing Technology Risk in the Nonprofit World (http://www.nonprofitrisk.org/nwsltr/pubs/full_spd.htm) “Making Net Gains: Staying Safe While Making a Name for Your Nonprofit on the Internet” (http://www.nonprofitrisk.org/nwsltr/current/nl901_3.htm) Protecting Your Nonprofit and the Board (http://www.nonprofitrisk.org/nwsltr/current/nl99_1.htm) “Risk Assessment Tool Offers Customized Help” (http://www.nonprofitrisk.org/nwsltr/archive/n1300_1.htm) Vital Signs: Anticipating, Preventing and Surviving a Crisis in a Nonprofit (http://www.nonprofitrisk.org/pubs/vital.htm) OECD, Chemical Accident Risk Assessment Thesaurus (CARAT™) (http://www1.oecd.org/EHS/CARAT/v3.0/htm/default.htm) Paperwork Reduction Act, 1995 (http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=104_cong_public_laws&docid=f:publ13.104.pdf) Paul, Brooke. “Risk-Assessment Strategies”, CMP Media, white paper, October 30, 2000. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=14014&scid=88) Rivard, Catherine L. and Michael A. Rossi. “Is Computer Data ‘Tangible Property’ or Subject to ‘Physical Loss or Damage’?” Part 1 and Part 2, Insurance Law Group, Inc. August 2001, November 2001 (http://www.irmi.com/expert/articles/rossi008.asp, http://www.irmi.com/expert/articles/rossi009.asp) Rosenthal, Ira, Al Ignatowski, C. Kirchsteiger. “A Generic Standard for the Risk Assessment Process:..” Discussion on a proposal made by the program committee of JC-J, RC Workshop on ‘Promotion of Technical Harmonization of Risk-Based Decision Making,’ September 2001. (http://grace.wharton.upenn.edu/risk/downloads/01-01-IR.pdf) Scalet, Sarah D. “Cyberterrorism Is Everyone’s War.” CIO Magazine, October 11, 2001. (http://www.cio.com/research/security/edit/a101101_cyber.html) Scall, Eric. “Liability Trends for Nonprofit Organizations.” (http://www.nonprofitrisk.org/nwsltr/archive/nl300_6.htm) Semantic Enterprise Solutions. “A Comprehensive Risk Management Guide.” June 2000. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=2348&scid=88) Vaknin, Sam. “Bright Planet, Deep Web.” (http://www.trendsetters.com/article1009.html) Vaknin, Sam. “Internet: A Medium or a Message? – Part 1.” (http://www.trendsetters.com/article1019.html) Vaknin, Sam. “Internet: A Medium or a Message? – Part 2.” (http://www.trendsetters.com/article1020.html) VeriSign, Inc. “Journey to the Right of the Dot: ICANN’s New Web Extensions.” May 9, 2001. (http://www.verisignap.com/cn/download/Journey(Eng).pdf) Wood, Angus. “Integrating Risk Assessment into the Enterprise Information Management Strategy.” Paper presented at the 6th International Pipeline Reliability Conference, November 19-22, 1996, Houston, Texas. (http://www.itpapers.com/cgi/PSummaryIT.pl?paperid=8433&scid=88)