IT Audit - The Institute Of Internal Auditors  


Reference Library: Risk Management Information and Organizations

Risk management resources, publications, and white papers.

Bank for International Settlements (BIS)
BIS is an international organization that fosters cooperation toward monetary and financial stability and serves as a central bank. provides the Branch Security Review Checklist and information resources, including e-business and, in the "Bankers Tools" section, an audit workbook and workpaper samples.
Basel Committee on Banking Supervision
Publications of the Basel Committee cover topics relevant to management, control, security, audit, and legal professions, and are available in English, French, German, and Italian.
BITS, the Technology Group for the Financial Services Roundtable is the strategic "brain trust" for the U.S. financial services industry in the e-commerce arena.
COSO Enterprise Risk Management—Integrated Framework
The Committee of Sponsoring Organizations of the Treadway Commission'S Enterprise Risk Management—Integrated Framework describes the essential components, principles, and concepts of ERM.
Fiscal Year 2001 Report to Congress on Federal Government Information Security Reform
The Fiscal Year 2001 Report summarizes the results of security evaluations reported to the U.S. Office of Management and Budget, including common weaknesses, challenges, and frequent questions. [PDF].
Global Continuity provides information on business risk and continuity planning, including daily news, reviews, and knowledge, as well as links to other appropriate sites.
Information Security Forum (ISF)
ISF is an independent association of organizations concerned with protecting business information and finding practical solutions to information security problems.
Institute of Internal Auditors (IIA)
The IIA is the world leader in internal auditing, governance, internal control, IT audit, education, risk management, and security.
Internet Security Alliance
Internet Security Alliance provides a forum for sharing information on information security issues and threats and works to identify and standardize security best practices and solutions.
Purdue University Center for Education and Research in Information Assurance and Security (CERIAS)
Purdue's CERIAS provides research, development, and education for the protection of information and information resources, and in the development and enhancement of expertise in information assurance and security. The site includes a hot list of security links.
Risk Management Guide for Information Technology Systems
This guide from the National Institute of Standards and Technology, addresses risk management, assessment, mitigation, and evaluation.
Risk.Net complements Risk magazine on financial risk management and the global derivatives markets by giving subscribers access to special reports, topical supplements, and a searchable archive.
Security Risk Analysis Directory
The Security Risk Analysis Directory explores the elements of risk and introduces the COBRA security risk assessment methodology and tool to help compliance with security policies, external standards, and legislation.
Sources of Failure in the Public Switched Telephone Network (PSTN)
This paper by D. Richard Kuhn of the National Institute of Standards and Technology, studies what makes a distributed system reliable and what caused failures in one of the largest distributed systems in existence.
U.S. Federal Emergency Management Agency (FEMA)
The mission of FEMA is to reduce loss of life and property and protect the U.S. critical infrastructure from all types of hazards through a risk-based emergency management program.
U.S. NIST Computer Security Resource Center (CSRC)
The National Institute for Standards and Technology's (NIST's) CSRC collects and disseminates computer security information and resources to help users, systems administrators, managers, and security professionals better protect their data and systems.
U.S. Partnership for Critical Infrastructure Security (PCIS)
PCIS is a collaboration of companies, associations, and government agencies that promotes the protection and assurance of communications and information services, energy, financial services, transportation, and vital human services such as health, safety, and water.