Site Map - Risk Management

How Vulnerable Are We?

- A look at efforts to develop and conduct risk assessments for critical infrastructure in the United States.

What are the Chances?

- Are businesses using the right tools to tackle risk?

Workers' Compensation

- A Wal-Mart greeter will not receive workers’ compensation after tackling and handcuffing an alleged shoplifter, according to an appeals court, because both actions violated store policy.


- 30 The number of foreign companies inspected in 2007 by the Food and Drug Administration (FDA), out of the 3,249 that imported drugs into the United States. The FDA hopes to inspect 50 companies next year, an inadequate number according to the GAO.

A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance

- A helpful text for security professionals in need of  guidance when creating and maintaining business continuity plans.

Government Acts to Reduce Human-Error Train Accidents

- Human-factor-caused train accidents, such as a January 2005 accident in Graniteville, South Carolina, which killed nine people and resulted in the release of toxic chlorine gas, have increased in recent years. The Transportation Department has issued a regulation to reduce such accidents by emphasizing the need to follow operating procedures.

Security Metrics: Replacing Fear, Uncertainty, and Doubt

- Andrew Jaquith has provided IT security professionals with a comprehensive guide to capturing security metrics that will help them demonstrate return on investment to decision makers in the executive suite.

Reckoning IT Risks

- The first step toward information protection is defining the risks. 

IT Security Requirements of Sarbanes-Oxley.

- Section 404 of the Sarbanes-Oxley Act requires companies to include in their annual reports a report of management of the company's internal control over financial reporting. How IT risks and controls are affected is explained in a Q&A format in a new publication from risk-consulting company Protiviti. Link to the Protiviti paper, Guide to the Sarbanes-Oxley Act: IT Risks and Controls,

Rail security

- A bill (S. 2216) introduced by Sen. Ernest Hollings (D-SC) would require the Homeland Security Department to conduct risk assessments of rail security threats and then recommend additional measures to increase safety. The recommendations would consider infrastructure, facilities, terminals, tunnels, bridges, and any other high-risk areas. The bill would include funding of $515 million.

Buy, Lie, and Sell High: How Investors Lost Out on Enron and the Internet Bubble.

- Virtually everyone in the stock market in 2001 and 2002 was blindsided by the Internet bubble and various corporate frauds. How did it happen? Who is to blame? For insightful, authoritative answers, a good place to turn is to Harvard Business School Professor D. Quinn Mills's book .

A Model of Cost-Effectiveness

- Building owners and managers can always make their facilities safer, but at what cost? Three years after the United States learned how vulnerable its landmark facilities were, a new software tool is being released that can help building owners and managers calculate and compare life-cycle costs of various methods used to reduce terrorist risk at buildings. Due out in beta version in September, with version 1.0 promised for March 2005 and a final version a year after that, the software "will allow building owners and managers to make comparisons among several alternative risk mitigation measures under different user-defined disaster scenarios," according to a recent report by the National Institute of Standards and Technology (NIST). Read "Cost-Effective Responses to Terrorist Risks in Constructed Facilities"

Security Risk Assessment and Control

- The book had its genesis in an assignment to conduct a risk assessment on an (unnamed) international telecommunications company. The authors try to bring the reader into the process, but gaps interrupt a smooth narrative flow. One suspects overly aggressive editing, the result being that the book is neither easy nor enjoyable to read.

Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.