Engineering-risk Books

This book is a "must own" for anyone who is interested in conveying risk information to members of the public. It lays out a cohert framework -- and more or less step-by-step instructions -- for identifying what information will be of greatest value to members of a target audience. It is the most useful book I have found thus far to guide my efforts to communicate complex health information to members of various publics.

When I first read this book in 1997 I thought it was interesting, but quirky. When I recently re-read it I had the benefit of four more years of experience and more scars from grappling with many of the issues that this book addresses. The 12 chapters in this 225-page book cover a spectrum of issues and factors that most books on software engineering risk management only lightly touch upon or overlook completely.

The chapters are sequenced as follow: 1-Introduction, 2-Industrial Espionage, 3-Software Engineering, 4-Software Metrics, 5-Security, 6-Process Maturity Models, 7-Asset Valuations, 8-Security Threats, 9-Security Controls and Tests, 10-Safeguards, 11-Economic Analysis, and 12-Reiterative Processes.

Chapter 2, Industrial Espionage leaps out at you and tells you that this is not a run-of-the-mill SW risk book. If the risks are not obvious, consider the threats to intellectual property that can manifest themselves when development is contracted out or contract labor is used to augment an in-house development team. If this book goes into a second edition I hope the author also includes patent issues as well, because the book was published in 1996 and since them two significant legal cases (State Street Bank vs. Signature Finance Group, Inc. [1998] and AT&T vs. Excel Communications, Inc. [1999]have set precedents that add further to this particular category of risk, and may merit a separate chapter on patent risks.

Each of the other chapters exposes risks--some obvious, and some not-so-obvious--inherent in software engineering models and their associated processes. Bear in mind that while this book introduces quantitative methods, it is no substitute for a book on software engineering risk management if you are new to the topic. The reason is this book covers the subtleties and often overlooked aspects, but is not an introductory text on the subject.

My favorite chapters are 4 (software metrics), 67 (asset valuations) and 11 (economic analysis) because those are areas in which I am interested. I also liked chapter 6 (process maturity models) because it exposes risks that need to be considered if you are in the process of selecting or implementing one of the models (CMM, SPICE, etc.).

Overall, this is a useful and interesting book if you have a great deal of prior experience in software engineering, SQA or process implementation. My only complaint--and it's minor--is Chapter 5 (Security) should have been grouped with the related chapters (8, 9, and 10). If you fall into the audience I cited above you'll benefit greatly from this book.

a very good book for researcher on water resources. I want to buy one, but the money ......

Search on ISBN #1931332304 for the new edition of ROOT CAUSE ANALYSIS HANDBOOK, available June 15, 2005.

I am using this book to get started with Security Engineering research. I strongly recommend it if you want basic insights and a comprehensive approach to using security patterns. It is exceptionally clearly written and gives an excellent introduction to patterns, ontologies, other aspects, and how to put them together. They create many practical examples which also helps.

This book contains 170 information-packed pages that describe a comprehensive and effective approach to managing software development risks.

The approach is based on a just-in-time (JIT) strategy. Key elements of this strategy include (1) strategic planning and operational planning, the former is focused on product-line based software and makes a distinction between the software under development being the product itself or a part of the product, and the latter is focused on project planning and controls; (2) early risk identification, and (3) parallel development. When this book was first published parallel development was a complex goal; however, with component-based development strategies the approach is ideal. Perhaps the author was ahead of his time.

Some of the best chapters in this book are: Chapter 4 - provides excellent insights and advice on managing the strategic and operational elements of the JIT strategy, Chapter 5 - comprehensive list of software risk elements and Chapter 7 - another comprehensive list that covers risk metrics.

Chapter 8 describes the JIT method as it applies to each phase in the software development life cycle. This chapter contains valuable tables that can be used as checklists in your own project, and is full of useful information that can be applied to project risk management regardless of whether or not you implement the JIT approach described in this book. Chapter 9 shows how to apply the JIT approach to a project. This chapter is short is really a brief summary of the software engineering risk model (SERIM) from which the JIT approach was derived. Chapter 10 is a collection of JIT examples that can easily be recast into patterns. I especially like the way these examples clarify the information in preceding nine chapters. I recommend that you refer to this chapter as you read through the book because there will almost certainly be an example that will illustrate any fuzzy areas.

This is one of my favorite books on risk management in general and software risk management in particular. The information and approach are not limited to software engineering, although the book was obviously written for that technical domain. I have borrowed techniques from this book and have successfully applied them in other kinds of projects, as I am sure you will. I give it 5 stars and a strong recommendation.

The theme of this book is risk management as it relates to IT projects, and the focus is on IT development projects in particular. Most of the material at the beginning of the book is standard fare, with an overview of IT risk management, and a discussion of common risks associated with development projects. However, after the basics are presented the author's extensive knowledge and perspective surfaces, making this one of the better books on the subject.

Highlights of the book include in-depth material about financial analysis of risks and major risk drivers, an interesting (and valid) discussion of relationships and ripple effects showing how the manifestation of one risk can cascade into a disaster if risk mitigation and controls are absent from project plans.

Additionally this book shows how to establish and manage a risk program, and provides a case study to reinforce the approach and recommendations presented in the book. Among the aspects of this book I most like are the copious use of tables and checklists, and the focus on business issues. These characterize all of the author's books, most of which I've read, and like those books this one stands out as complete and well thought out on the subject.

This is an exceptionally clear and thoughtful transfer of concepts drawn from actuarial science to the project management domain. The mathematics are combined with well-written explanations and worked examples, so that concepts and techniques are accessible to readers from a wide variety of professional backgrounds. Each chapter includes definitions of terms, minicases, and exercises, with answers at the back of the text. Ideal text for project management or technology transfer course at upper division or Master's level, and extremely useful handbook for practioners.

This book, despite the editorial description on this page, is entirely about hardware/software integration as it pertains to managing acquisition risk for the buyer and the processes and procedures that need to be employed by the developer.

If you work within the framework of the FDA's General Principles of Software Validation or the FAA's DO-178B for safety-critical avionics the material is consistent with these governing documents, but is too outdated to be useful.

However, if you are working on integrated projects that are unregulated with respect to government controls you may find this book useful. It contains a wealth of useful guidelines for establishing and managing processes to support development of products that are based on embedded software or hardware/software integration, The core of this book is a collection of templates that were developed and proven in the DoD industry, and are designed to manage integrated testing, failure management and field feedback. Each element is applicable to commercial environments, especially for companies that are manufacturing intelligent network devices, data storage systems and specialty products such as digital control systems, sensors and other integrated hardware/software products.

The templates are introduced in Chapter 1, and each of the seven functional areas covered by the templates are discussed in separate chapters. These functional areas are: integrated testing, failure reporting, design limits, product life, test/analyze/fix process, uniform test reporting and field feedback. A chapter on applying these follows, but the material is slanted towards DoD issues. If you apply thought and imagination while reading this chapter you should get ideas on how to refactor the cases into your own environment.

Section 2 devotes three chapters to software design and test, which are based on the older waterfall development life cycle. However, this particular life cycle lends itself well to developing embedded systems, making this material valid and applicable to commercial environments.

Overall, this is a useful book for the intended audience I cited above if you can track down a copy. In particular, the checklists and overall framework are valuable, and much can be learned from the risk-based approach taken in the book.

This book about environmental decision making in governmental and private organizations presents over hundred and fifty tools, divided in eight functional categories, for identifying environmental values, characterizing the environmental, regulatory and judicial settings, understanding the socioeconomic and political settings, integrating geographic information, forecasting, assessing, refining and narrowing of options and post-decision assessment.

Each tool is defined, its use, its strengths and weaknesses are presented. Sidebars give practical examples. And the future needs for decision-aiding tools and their developments are discussed. Each chapter has been written by an expert. Key resources and detailed references are given. And after each chapter a decision-maker comments on the presentation of the expert.

This book is not only about tools, it's also about sound environmental decision making processes. The editors say it is addressed to all participants in environmental decision making. But I believe it is most welcome for people who have to prepare decisions, and not directly the decision-makers them-selves (it is to technical).

Even if you are a senior consultant, you will discover new tools and new processes to help prepare environmental decisions. It is not possible to be an expert in the use of all this tools, but having a good overview of all the possible tools and a general understanding the process of environmental decision making is essential. This book should definitely be part of the top 10 books for environmental consultants.