ARL Logo Albion Research Ltd.
Threat and Risk Analysis guiding Business Continuity		  
Home -> Recommended Books -> Risk Management Business Continuity | R&D | Products | Contact Us
 

Mike's Recommended Books on Risk Assessment and Risk Management

This are some of the books on Risk Assessment or Risk Management that I've found useful or interesting.

  • Disaster Recovery Planning
    Roopendra Jeet Sandhu, Premier Press, 2002.

    A good introduction to the process of Disaster Recovery Planning, explaining the key activities involved. Apart from the occasional introduction of irrelevant supporting tables and statistics (does the fact that flooding cost $32 billion dollars of losses in 1900 in Galveston, Texas really help you?) quite a readable book.

    Other Reviews

  • Fooled By Randomness: The Hidden Role of Chance in the Markets and in Life
    Nassim Nicholas Taleb, Thomson Texere, 2001.

    This book contains musings on random events and its effects on the market (and life in general) by a professional trader, Nassim Taleb. There are thoughts here which I found quite profound concerning the nature of inductive logic (reasoning from events to rules), as well as interesting examples and explanations of how we allow ourselves to be fooled by random phenomena.

    Taleb is particlarly fascinated by what he describes as the Black Swan Problem. We see lots of swans. All of them are white. We infer that all swans are white. Unfortunately we have never been to Australia, where the swans are black as well. If we build our trading systems on such principles will the appearance of a black swan wipe us out?

    The style of writing here is collection of literate musings and digressions which I rather liked but, judging by Amazon reviews, it appears to irk some readers.

    Other Reviews

  • The Backup Book: Disaster Recovery from Desktop to Data Center
    Dorian J. Cougias, E.L. Eiberger, Karsten Koop, Laurie O'Connel (ed.), Schaser-Varian Books, 2003.

    Don't let the title The Backup Book fool you (like it nearly did me). This isn't a boring guide on how to backup your computer: it is a good guide to modern techniques in a data center to ensure effective and cost-effective recovery from hardware or software failures.

    Backup is no longer a question of racks of tape. Modern techniques, enabled by reduced disk and communication costs, make recovery with minimum disruption or data loss possible (if you have the budget).

    Topics covered include making hardware more reliable (RAID, clustering, power conditioning), basic rules for network services (always have two ISPs!) , asynchronous and synchronous replication, recovery sites, internet backup and more.

    Although this book strays a little from its main subject area (into areas such as network design), and gives perhaps a little too much weight to the authors' favorite products, there is little here that anyone responsible for running a server farm or a data center will not find interesting or relevant. A good read (and reference) if you need to understand modern backup and data recovery techniques.

    Other Reviews

  • CISSP: Certified Information Systems Security Professional Study Guide
    Ed Tittel, Mike Chapple, James M Stewart, Sybex, 2003.

    Even if you're not a security professional studying for CISSP exams, this study guide gives a broad overview of computer security ("a mile wide and an inch deep") which is useful background for anyone concerned with business continuity or disaster recovery planning.

    Other Reviews

  • Manager's Guide to Contingency Planning for Disasters: Protecting Vital Facilities and Critical Operations
    Kenneth N. Myers, Wiley, 1999.

    Myers has plenty of good advice about how to generate a good disaster recovery plan at low cost. He draws an important distinction which is rarely emphasized enough: there is a difference between recovering a business system and recovering a computer system. It is the business system that ultimately matters. Too much emphasis on computer systems can lead to plans which are expensive to develop and maintain, and give little advantage over less comprehensive plans if the probability of a disaster is taken into account.

    Other Reviews

  • Catastrophe: Risk and Response
    Richard A. Posner, Oxford University Press, 2004.

    There are disasters that affect the individual. There are disasters that affect an organization. And then there are disasters that affect the human race. It is this third type of disaster that interests Posner: more specifically, disasters that can wipe out the entire human species. The author discusses the possible causes of such catastrophes (natural and man-made), and the possible regulatory frameworks required to prevent or mitigate disaster. The difficulties of using cost/benefit analysis with low-probability very high consequence events are also covered.

    A general interest book unless you are concerned with national (or international) policy.

    Other Reviews

  • Risk: A Practical Guide for Deciding What's Really Safe and What's Dangerous in the World Around You
    David Ropeik, George Gray, Houghton Mifflin, 2002.

    This book aims to give balanced information on the fifty most talked about hazards in daily life. Each risk is presented along with background information and a discussion of the consequences and likelihood of exposure.

    Although you may not agree with all their risk assessments, the information is presented in sufficient detail (along with references) that you can reach your own conclusions.

    Although aimed at personal risks rather than business risks, this book presents excellent examples of how to analyze and report a risk.

    Note that (as the authors clearly state) this is a book about the most talked about risks, not necessarily the ones which are most likely to kill you. Interesting tables in the Appendix correct this deficiency. Did you know that in the USA your lifetime odds of being killed in a car accident are 1 in 88? Or that a truck driver is about six times more likely to be killed on the job as a police officer?

    Other Reviews

  • The Polar Bear Strategy
    John F. Ross, Perseus Books, 1999.

    A collections of musings on risk in everyday life. The title comes from the author's jumping-off point: an expedition in the arctic which discovers that there is a risk of meeting a polar bear, but has never encountered one before. How should the unknown risk be assessed?

    It has been said that a picture is worth a thousand words. Unfortunately Ross provides the thousand words in place of the picture or diagram. Some of the discussions are therefore more difficult to follow than they should be, and the presentation of data in prose rather than tabular format is often irksome.

    Some interesting discussions on the complexity of risk nonetheless.

    Other Reviews

Note

If any of the book links take you to the wrong country (or continent) try using Albion BookLink to choose your preferred destination.

Michael Z. Bell

[Other Recommended Books]
© Albion Research Ltd. 2010