This are some of the books on Risk Assessment or Risk Management that we've found
useful or interesting.
Disaster Recovery Planning
Roopendra Jeet Sandhu, Premier Press
A good introduction to the process of Disaster Recovery Planning, explaining the
key activities involved. Apart from the occasional introduction of
irrelevant supporting tables and statistics (does the fact that flooding cost $32 billion
dollars of losses in 1900 in Galveston, Texas really help you?)
quite a readable book.
Fooled By Randomness: The Hidden Role of Chance in the Markets and in Life
Nassim Nicholas Taleb, Thomson Texere
This book contains musings on random events and its effects on the market (and life
in general) by a professional trader, Nassim Taleb. There are thoughts here which
I found quite profound concerning the nature of inductive logic (reasoning from
events to rules), as well as interesting examples and explanations of how we allow
ourselves to be fooled by random phenomena.
Taleb is particlarly fascinated by what he describes as the Black Swan Problem.
We see lots of swans. All of them are white. We infer that all swans are white.
Unfortunately we have never been to Australia, where the swans are black as well. If
we build our trading systems on such principles will the appearance of a black swan
wipe us out?
The style of writing here is collection of literate musings and digressions which
I rather liked but, judging by Amazon reviews, it appears to irk some readers.
The Backup Book: Disaster Recovery from Desktop to Data Center
Dorian J. Cougias, E.L. Eiberger, Karsten Koop, Laurie O'Connel (ed.), Schaser-Varian Books
Don't let the title The Backup Book fool you (like it nearly did me). This isn't a boring guide on how to backup your computer: it is a good guide to modern techniques in a data center to ensure effective and cost-effective recovery from hardware or software failures.
Backup is no longer a question of racks of tape. Modern techniques, enabled by reduced disk and communication costs, make recovery with minimum disruption or data loss possible (if you have the budget).
Topics covered include making hardware more reliable (RAID, clustering, power conditioning), basic rules for network services (always have two ISPs!) , asynchronous and synchronous replication, recovery sites, internet backup and more.
Although this book strays a little from its main subject area (into areas such as network design), and gives perhaps a little too much weight to the authors' favorite products, there is little here that anyone responsible for running a server farm or a data center will not find interesting or relevant. A good read (and reference) if you need to understand modern backup and data recovery techniques.
CISSP: Certified Information Systems Security Professional Study Guide
Ed Tittel, Mike Chapple, James M Stewart, Sybex
Even if you're not a security professional studying for CISSP exams,
this study guide gives a broad overview of computer security
("a mile wide and an inch deep") which is useful background
for anyone concerned with business continuity or disaster recovery planning.
Manager's Guide to Contingency Planning for Disasters: Protecting Vital Facilities and Critical Operations
Kenneth N. Myers, Wiley
Myers has plenty of good advice about how to generate a good
disaster recovery plan at low cost. He draws an important distinction
which is rarely emphasized enough: there is a difference between
recovering a business system and recovering a computer system. It is
the business system that ultimately matters. Too much
emphasis on computer systems can lead to plans which are
expensive to develop and maintain, and give little
advantage over less comprehensive plans if the probability
of a disaster is taken into account.
Catastrophe: Risk and Response
Richard A. Posner, Oxford University Press
There are disasters that affect the individual. There are disasters that affect an organization. And then there are disasters that affect the human race. It is this third type of disaster that interests Posner: more specifically, disasters that can wipe out the entire human species. The author discusses the possible causes of such catastrophes (natural and man-made), and the possible regulatory frameworks required to prevent or mitigate disaster. The difficulties of using cost/benefit analysis with low-probability very high consequence events are also covered.
A general interest book unless you are concerned with national (or international) policy.
Risk: A Practical Guide for Deciding What's Really Safe and What's Dangerous in the World Around You
David Ropeik, George Gray, Houghton Mifflin
This book aims to give balanced information
on the fifty most talked about hazards in daily life. Each risk is presented along with background information and a discussion of the consequences and likelihood of exposure.
Although you may not agree with all their risk assessments, the information is presented in sufficient detail (along with references) that you can reach your own conclusions.
Although aimed at personal risks rather than business risks, this book presents excellent examples of how to analyze and report a risk.
Note that (as the authors clearly state) this is a book about the most talked about risks, not necessarily the ones which are most likely to kill you. Interesting tables in the Appendix correct this deficiency. Did you know that in the USA your lifetime odds of being killed in a car accident are 1 in 88? Or that a truck driver is about six times more likely to be killed on the job as a police officer?
The Polar Bear Strategy
John F. Ross, Perseus Books
A collections of musings on risk in everyday life. The title comes from the author's jumping-off point: an expedition in the arctic which discovers that there is a risk of meeting a polar bear, but has never encountered one before. How should the unknown risk be assessed?
It has been said that a picture is worth a thousand words. Unfortunately Ross provides the thousand words in place of the picture or diagram. Some of the discussions are therefore more difficult to follow than they should be, and the presentation of data in prose rather than tabular format is often irksome.
Some interesting discussions on the complexity of risk nonetheless.