In this time of increased threats of terrorist attacks, are IT professionals really facing a new type of danger resulting from these activities? In our opinion, the answer is both yes and no. Let us explain. Major information system users, such as government agencies, military installations, major banks, and so forth, were and are prepared for handling such attacks. The destruction of part of the Pentagon in Washington, D.C. did not stop the U.S. Department of Defense from functioning, nor did the collapse of the Twin Towers create a permanent crisis on Wall Street. The fact is, however, that trading on the New York Stock Exchange was suspended for some time, and many small companies with offices in the Twin Towers did not survive the disaster. But no long-term nationwide disruption was triggered, in an economical sense. Similar attacks have happened to other large corporations, and their consequences have been minimized through redundancy implementations and considerable resources. On the other hand, most businesses are small to medium sized and, as such, may not be prepared to handle terrorist threats due to the lack of resources (i.e., specialized skill sets, facilities, etc.).