| Books
on Risk Software
& Computer Risks |
|
| 2005 |
|
|
| Handbook of Integrated Risk
Management for E-Business: Measuring, Modeling, and Managing Risk |
| by Abderrahim
Labbi, Editor; April 2005; ISBN 193215907X |
This ground-breaking professional reference
integrates converging views of e-business processes and offers ways to
manage their inherent risks with advanced modeling techniques.
Contributors from leading academic and business organizations explore
state-of-the-art adaptive risk analysis systems that support business
processes in project portfolio management, operations management, supply
chain management, inventory control, data mining for customer relationship
management, information technology security, finance, e-banking, and more.
Today’s new business environments are characterized by increasing
sources of uncertainty and variability which challenge current
decision-making processes. Handbook of Integrated Risk Management for
E-Business: Measuring, Modeling, and Managing Risk provides a roadmap for
identifying and mitigating the primary risks associated with each critical
e-business process. It also shows you how to transform your processes by
empowering decision-making systems and how to design appropriate risk
management systems for decision support. |
| Buy
from Amazon |
|
|
| Information Security Risk
Analysis |
| by Thomas R. Peltier; April 2005; ISBN
0849333466 |
| This book introduces risk analysis techniques
that can be used to identify and quantify both accidental and malicious
threats to computer systems within an organization. The author walks
through the qualitative risk analysis process using such techniques as the
practical application of risk analysis (PARA) and the facilitated risk
analysis process (FRAP). A case study of a truck rental company
illustrates application of the method. The appendices provide a
questionnaire and sample process forms. |
| Buy
from Amazon |
|
|
| Internet Discourse and Health
Debates : A Linguistic Approach to Health Risk Debates |
| by Kay Richardson; March 2005; ISBN 1403914834 |
| Applying multimodal textual analysis to the
languages and images of online communication forms, this book shows, from
an applied linguistic perspective, how the Internet is being used for
global, interactive communication about public health risks. Detailed case
studies of the possible risks posed by SARS, by mobile phones and by the
vaccination of babies against childhood diseases are situated within the
context of research on computer-mediated communication, as well as within
the broader social context of globalization and discourses of risk and
trust. |
| Buy
from Amazon |
|
|
| Reliability and Risk Models :
Setting Reliability Requirements |
| by Michael Todinov; June 2005; ISBN 0470094885 |
| Presenting a radically new approach and
technology for setting reliability requirements, this superb book also
provides the first comprehensive overview of the M/F-FOP philosophy and
its applications. Each chapter covers probabilistic models, statistical
and numerical procedures, applications and/or case studies. The book comprehensively
examines a new methodology for problem solving in the context of real
reliability engineering problems. All models have been implemented in C++.
The algorithms and programming code supplied can be used as a software
toolbox for setting MFFOP. Case studies are taken from the nuclear,
automotive and offshore industry to provide 'real-world' applications. |
| Buy
from Amazon |
|
|
| Risk Management for Computer
Security : Protecting Your Network and Information Assets |
| by Andy Jones and Debi Ashenden; March 2005;
ISBN 0750677953 |
The information systems security (InfoSec)
profession remains one of the fastest growing professions in the world
today. With the advent of the Internet and its use as a method of
conducting business, even more emphasis is being placed on InfoSec.
However, there is an expanded field of threats that must be addressed by
today's InfoSec and information assurance (IA) professionals.
Operating within a global business environment with elements of a virtual
workforce can create problems not experienced in the past. How do you
assess the risk to the organization when information can be accessed,
remotely, by employees in the field or while they are traveling
internationally? How do you assess the risk to employees who are not
working on company premises and are often thousands of miles from the
office? How do you assess the risk to your organization and its assets
when you have offices or facilities in a nation whose government may be
supporting the theft of the corporate "crown jewels" in order to
assist their own nationally owned or supported corporations? If your risk
assessment and management program is to be effective, then these issues
must be assessed.
Personnel involved in the risk assessment and management process face a
much more complex environment today than they have ever encountered
before.
This book covers more than just the fundamental elements that make up a
good risk program. It provides an integrated "how to" approach
to implementing a corporate program, complete with tested methods and
processes; flowcharts; and checklists that can be used by the reader and
immediately implemented into a computer and overall corporate security
program. The challenges are many and this book will help professionals in
meeting their challenges as we progress through the 21st Century. |
| Buy
from Amazon |
|
|
| 2004 |
|
| Bioinformatics Software
Engineering : Delivering Effective Applications |
| by Paul Weston; November 2004; ISBN 0470857722 |
| This volume will be useful to anyone who wants
to understand how successful software can be developed in a rapidly
changing environment.
A handbook, not a textbook, it is not tied to any particular operating
system, platform, language, or methodology. Instead it focuses on
principles and practices that have been proven in the real world. It
is pragmatic, emphasizing the importance of what the author calls Adaptive
Programming - doing what works in your situation, and it is concise,
covering the whole software development lifecycle in one slim volume. At
each stage, it describes common pitfalls, explains how these can be
avoided, and suggests simple techniques which make it easier to deliver
better solutions. |
| Buy
from Amazon |
|
|
| Corporate Financial Risk
Management : A Computer-Based Guide for Nonspecialists |
| by Roy L. Nersesian;
February 2004; ISBN 1567205844 |
| What if you could
understand financial risk management without immersing yourself in
high-level mathematics? In this straightforward, readable guide, which
requires only a working familiarity with financial spreadsheets, the
author explains what financial risk management is, describes its various
forms, and shows how to anticipate and cope with it. |
| Buy
from Amazon |
|
|
| Exploiting Software: How to
Break Code |
| by Greg Hoglund and Gary
McGraw; February 2004; ISBN 0201786958 |
| Intended for software
security professionals, this guide explains the techniques used by
malicious hackers against software, describes specific attack patterns,
and shows how to uncover new software vulnerabilities. The authors discuss
the difference between implementation bugs and architectural flaws,
reverse engineering tools, the weaknesses in server and client software,
malicious input attacks, buffer overflows, and the construction of a
simple Windows XP kernel rootkit that can hide processes and directories. |
| Buy
from Amazon |
|
|
| Managing Security with Snort
and IDS Tools |
| by Christopher Gerg and
Kerry J. Cox, Editors; August 2004; ISBN 0596006616 |
| Intrusion detection is not
for the faint at heart. But, if you are a network administrator chances
are you're under increasing pressure to ensure that mission-critical
systems are safe--in fact impenetrable--from malicious code, buffer
overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI
attacks, and other network intruders.
Designing a reliable way to detect intruders before they get in is a
vital but daunting challenge. Because of this, a plethora of complex,
sophisticated, and pricy software solutions are now available. In terms of
raw power and features, SNORT, the most commonly used Open Source
Intrusion Detection System, (IDS) has begun to eclipse many expensive
proprietary IDSes. In terms of documentation or ease of use, however,
SNORT can seem overwhelming. Which output plugin to use? How do you to
email alerts to yourself? Most importantly, how do you sort through the
immense amount of information Snort makes available to you?
Many intrusion detection books are long on theory but short on
specifics and practical examples. Not Managing Security with Snort and IDS
Tools. This new book is a thorough, exceptionally practical guide to
managing network security using Snort 2.1 (the latest release) and dozens
of other high-quality open source other open source intrusion detection
programs.
Managing Security with Snort and IDS Tools covers reliable methods for
detecting network intruders, from using simple packet sniffers to more
sophisticated IDS (Intrusion Detection Systems) applications and the GUI
interfaces for managing them. A comprehensive but concise guide for
monitoring illegal entry attempts, this invaluable new book explains how
to shut down and secure workstations, servers, firewalls, routers, sensors
and other network devices.
Step-by-step instructions are provided to quickly get up and running
with Snort. Each chapter includes links for the programs discussed, and
additional links at the end of the book give administrators access to
numerous web sites for additional information and instructional material
that will satisfy even the most serious security enthusiasts.
Managing Security with Snort and IDS Tools maps out a proactive--and
effective--approach to keeping your systems safe from attack. |
| Buy
from Amazon |
|
|
| Nessus Network Auditing |
| by Haroon Meer, Roelof
Temmingh, Charl Van Der Walt and Jay Beale (Editor); August 2004; ISBN
1931836086 |
| This book focuses on
installing, configuring and optimizing Nessus, which is a remote security
scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based,
has a GTK interface, and performs over 1200 remote security checks. It
allows for reports to be generated in HTML, XML, LaTeX, and ASCII text,
and suggests solutions for security problems. As with many open source
programs, Nessus is incredibly popular, incredibly powerful, and
incredibly under-documented. There are many Web sites (including
nessus.org) where thousands of users congregate to share tips, tricks, and
hints, yet no single, comprehensive resource exists. This book, written by
Nessus lead developers, will document all facets of deploying Nessus on a
production network. |
| Buy
from Amazon |
|
|
| Network Security Assessment |
| by Chris McNab; March 2004;
ISBN 059600611X |
| If you're a network
administrator, you're under pressure to defend your systems from attack.
But short of devoting your life to becoming a security expert, what can
you do to ensure the safety of your mission critical systems? Using steps
laid out by professional security analysts and consultants to identify and
assess risks, this book offers an efficient testing model you can adopt,
refine, and reuse to create proactive defensive strategies to protect your
systems from the threats that are out there, as well as those still being
developed. This thorough and insightful guide covers offensive
technologies by grouping and analyzing them at a higher level--from both
an offensive and defensive standpoint--helping administrators design and
deploy networks that are immune to offensive exploits, tools, and scripts.
If you need to develop and implement a security assessment program, you'll
find everything you're looking for in this time-saving new book. |
| Buy
from Amazon |
|
|
| Network Security Hacks |
| by Andrew Lockhart; April
2004; ISBN 0596006438 |
| This information-packed
book provides over 100 quick, practical, and clever things to do to help
make your Linux, UNIX, or Windows networks more secure today. It goes
beyond securing TCP/IP-based services by providing intelligent, host-based
security techniques. Loaded with concise but powerful examples of applied
encryption, intrusion detection, logging, trending, and incident response,
Network Security Hacks demonstrates effective methods for defending
your servers and networks from a variety of devious and subtle attacks.
Learn how to detect the presence (and track every keystroke) of network
intruders, new methods for protecting your network and data using strong
encryption, and even techniques for laying traps for would-be system
crackers. Important security tools are presented, as well as clever
methods for using them to reveal real, timely, useful information about
what is happening on your network. The devilishly effective security hacks
in this book will keep your 12-hour days from becoming all-nighters. |
| Buy
from Amazon |
|
|
| Security Warrior |
| by Cyrus Peikari and Anton
Chuvakin; February 2004; ISBN 0596005458 |
| When it comes to network
security, many users and administrators are running scared, and
justifiably so. The sophistication of attacks against computer systems
increases with each new Internet worm.
What's the worst an attacker can do to you? You'd better find out,
right? That's what this book teaches you. Based on the principle that the
only way to defend yourself is to understand your attacker in depth, this
book reveals how your systems can be attacked. Covering everything from
reverse engineering to SQL attacks, and including topics like social
engineering, antiforensics, and common attacks against UNIX and Windows
systems, this book teaches you to know your enemy and how to be prepared
to do battle.
This book places particular emphasis on reverse engineering. RE is a
fundamental skill for the administrator, who must be aware of all kinds of
malware that can be installed on his machines -- trojaned binaries, "spyware"
that looks innocuous but that sends private data back to its creator, and
more. This is the only book to discuss reverse engineering for Linux or
Windows CE. It's also the only book that shows you how SQL injection
works, enabling you to inspect your database and web applications for
vulnerability. It is a comprehensive and up-to-date book covering the art
of computer war: attacks against computer systems and their defenses. |
| Buy
from Amazon |
|
|
| The Shellcoder's Handbook :
Discovering and Exploiting Security Holes |
| by Jack Koziol, David
Litchfield, Dave Aitel, Chris Anley, Sinan "noir" Eren, Neel
Mehta, and Riley Hassell; March 2004; ISBN 0764544683 |
| This book examines where security holes come
from, how to discover them, how hackers exploit them and take control of
systems on a daily basis, and most importantly, how to close these
security holes so they never occur again. A unique author team, a blend of
industry and underground experts, explain the techniques that readers can
use to uncover security holes in any software or operating system. The
book shows how to pinpoint vulnerabilities in popular operating systems
(including Windows, Linux, and Solaris) and applications (including MS SQL
Server and Oracle databases), and it also details how to deal with
discovered vulnerabilities, sharing some previously unpublished advanced
exploits and techniques. |
| Buy
from Amazon |
|
|
| 2003 |
|
| Computer Systems Validation:
Concepts and Case Studies |
| by Guy Wingate; June 2003;
ISBN 0849318718 |
| This invaluable reference
discusses good laboratory, clinical, manufacturing, and distribution
practices and explains the latest regulatory developments for the US FDA
and other regulatory authorities. Practical examples and checklists appear
throughout the book, together with an exploration of the role of quality
assurance and risk management as key components of pragmatic regulatory
compliance. It reviews over twenty case studies from renowned industry
experts who examine different types of computer systems. |
| Buy
from Amazon |
|
|
| Software Development Failures |
| by Kweku Ewusi-Mensah;
September 2003; ISBN 0262050722 |
| Failed or abandoned
software development projects cost the US economy alone billions of
dollars a year. This book offers an empirically grounded study that
suggests why these failures happen and how they can be avoided. It has
been estimated that one-third of software development projects fail or are
abandoned outright, because of cost overruns, delays, and reduced
functionality. Some consider this an acceptable risk factor--that it is
simply the cost of doing business. The author argues that understanding
the factors involved in development failures will help developers and
businesses bring down the rate of software failure and abandoned projects.
The book explores the reasons software development projects are vulnerable
to failure and why issues of management and organization are at the core
of any failed project. It examines these projects not from a
deterministically technical perspective, but as part of a complex
technical and social process; it proposes a framework of factors that
contribute to the decision to abandon a project and enumerates the risks
and uncertainties inherent in each phase of a project’s life cycle.
Examining the multiplicity of factors that make software development
risky, the book presents empirical data that is reinforced by analyses of
the reported cases. It emphasizes the role of the user in the development
process, and considers the effect of organizational politics on a project.
Finally, it considers what lessons can be learned from past failures and
how software development practices can be improved. |
| Buy
from Amazon |
|
|
| Waltzing With Bears: Managing
Risk on Software Projects |
| by Tom Demarco and Timothy
Lister; March 2003; ISBN 0932633609 |
| The authors, consultants in
risk and management, show how to identify and embrace worthwhile risks in
software development and offer strategies for common risks that software
projects face, such as schedule flaws, requirements inflation, and
specification breakdown. |
| Buy
from Amazon |
|
|
| 2001 |
| Security
& Privacy for E-Business |
| by Anup
K. Ghosh; February 2001; ISBN 0471384216 |
| Anup Ghosh, an expert in
electronic commerce security and the director of security research at
software risk management solutions provider Cigital, Inc., has written a
second book on e-commerce, which focuses on protecting e-businesses from
external threats and protecting the privacy of e-customers. This book
includes topics such as software risk management and secure e-business
system and engineering and testing; denial-of-service attacks, buffer
overruns, worms, Web server exploits, and cyber threats to all components
of e-business systems; software risks in wireless PDAs, WAP-enabled
phones, and e-commerce applications; and why online privacy is good
business. His first book is E-Commerce
Security - Weak Links, Best Defenses. |
| Buy
from Amazon |
|
| 2000 |
| Safe
and Sound: Artificial Intelligence in Hazardous Applications |
| by John Fox and Subrata Das; MIT Press; July 2000; ISBN 0262062119 |
| This book describes an artificial intelligence technology for
supporting medical decision making and safe patient management that can
also be applied to AI systems in other hazardous settings. It also
covers general AI problems, such as knowledge representation and
expertise modeling, reasoning and decision making under uncertainty,
planning and scheduling, and the design and implementation of
intelligent agents. |
| Buy from Amazon |
|
| Simulation Modeling Using @RISK: Updated for Version 4 |
| by Wayne L. Winston; October 2000; ISBN 053438059X |
| With its understandable explanations of Monte Carlo and step-by-step instructions for Excel, Lotus, and @Risk software,
this text/software package offers both the instruction and the practice learners need to begin solving complex business
problems. |
| Buy from Amazon |
|
| 1999 |
| Computer
Security: Businesses at Risk |
| by R. R. C. Penfold; June 1999; ISBN:
0709062532 |
| Buy
from Amazon |
|
| Electronic
Commerce : Security, Risk Management and Control |
| edited by Marilyn Greenstein; June 1999; ISBN
007229289X |
| The field of electronic commerce has grown
rapidly over the past few years. Major corporations and even small
businesses are using electronic commerce as a channel of distribution.
Companies such as Amazon.com are part of a growing segment of business
that use electronic commerce as their sole method for transacting with
customers. This textbook is written to provide business students with the
knowledge and understanding of electronic commerce from a security risk
management and control perspective. |
| Buy
from Amazon |
|
| Managing
Software Quality and Business Risk |
| Software development failures are invariably
caused by a combination of circumstances - circumstances that are rarely
technical in origin. Increasingly, standard risk management practices used
in other industries are being applied to software development projects. At
the same time, the software industry has worked to manage the quality of
the software that is delivered to clients. In this book, readers will
learn three principle techniques: risk planning, quality planning, and
cost resource planning. These techniques are presented in an orderly and
stepwise fashion which will help factor in both risk and quality during
the development of a software project. |
| by Martyn A. Ould; October 1999: ISBN:
047199782X |
| Buy
from Amazon |
|
| Statistical
Methods in Software Engineering : Reliability and Risk |
| by Nozer D. Singpurwalla, Simon P. Wilson;
August 1999; ISBN: 0387988238 |
| Buy
from Amazon |
|
| 1998 |
| E-Commerce
Security - Weak Links, Best Defenses |
| by Anup K. Ghosh; January 1998;
ISBN 0471192236 |
| Anup Ghosh, an expert in electronic commerce
security and the director of security research at software risk
management solutions provider Cigital, Inc., has written what is
considered to be the first definitive guide to e-commerce security.
The book includes discussions of how actual security failures
occurred and can be prevented from recurring and a systematic look
at areas of risk. He has also written Security
& Privacy for E-Business. |
| Buy
from Amazon |
|
| Introduction
to Simulation and Risk Analysis |
| by James R. Evan, David Louis Olson, James R. Evans;
May 1998; ISBN 0136216080 |
| This book provides an introduction to the concepts, methodologies,
and applications of simulation in business, specifically. Key Topics: Spreadsheets are used as
the principal means to illustrate simulation models and computational issues -- providing readers
with a solid foundation for learning to use the more advanced commercially available simulation
software. The value of simulation is demonstrated through the use of real applications throughout. Market: For readers interested in simulation or simulations modeling. |
| Buy
from Amazon |
|
| Managing
Risk: Methods for Software Systems Development |
| by Elaine M. Hall Ph.D., Elaine M. Hall;
February 1998; ISBN 0201255928 |
Risk is inherent in the development of any large software system. A
common approach to risk in software development is to ignore it and
hope that no serious problems occur. Leading software companies use quantitative risk management
methods as a more useful approach to achieve success. Written for busy professionals charged with
delivering high-quality products on time and within budget, Managing Risk is a comprehensive guide
that describes a success formula for managing software risk. The book is divided into five parts
that describe a risk management road map designed to take you from crisis to control of your software
project. Highlights include: Six disciplines for managing product development. Steps to
predictable risk-management process results. How to establish the infrastructure for a risk-aware
culture. Methods for the implementation of a risk management plan. Case studies of people in
crisis-and in control.
About the Author: Elaine M. Hall is founder of Level 6 Software, a leading consulting
group in discovery methods for software engineering. She conducts training seminars and supports
the implementation of software risk management for both government and industry clients worldwide.
Dr. Hall is chair of the risk management working group for the International Council on Systems
Engineering. She has nearly 20 years of experience in software systems engineering and
management. |
| Buy
from Amazon |
|
| Risk
Analysis |
| edited by J. L. Rubio, C. A. Brebbia, J.-L. Uso; September 1998;
ISBN 1853126047 |
| This book contains the proceedings of the First International
Conference on Computer Simulation in Risk Analysis and Hazard
Mitigation, which was held in Valencia, Spain, October 8-8, 1998.
The Papers in the proceedings came from experts from around the
world and covered latest research into computational methods. The
book shows how the quantification and simulation of the effects of
hazards is achieving greater scope and accuracy. |
| Buy
from Amazon |
|
| 1997 |
| Risk Management Processes for Software Engineering Models |
| by Marian Myerson; January
1997; ISBN 0890066353 |
| This book is intended for software managers, developers, and practitioners, this volume describes how the application of risk management strategies
can help the development process run on time and on budget. Covers the identification of potential threats associated with software
development; establishing an effective risk management program; applying risk management; the pros and cons of software and
organizational maturity; software metrics approaches used to measure software quality; and procedures for implementing a successful
metrics program. |
| Buy
from Amazon |
|
| 1996 |
| Simulation Modeling Using @RISK |
| by Wayne L. Winston; July
1996; ISBN 0534264921 |
This book shows how to use Monte Carlo simulation to model and solve complex business problems in finance operations and
marketing using @RISK. The book's timely applications include simulating the risk of derivatives hedging with futures analyzing
investment portfolios modeling market share calculating optimal maintenance policies and many others. |
| Buy
from Amazon |
|
| Software Engineering Risk Management |
| by Dale Walter Karolak and
N. Karolak; 1996; ISBN 0818671947 |
Explores software and risk management both from a technology and a business perspective. Provides many different concepts, strategies,
and tools that can make the management of your next software development project less of a guess and more predictable. |
| Buy
from Amazon |
|
| 1995 |
| Computer-Related Risks |
| by Peter G. Neumann; January 1995; ISBN 020155805X |
| Based on data gathered by the author as part of ACM's International Risks Forum,
this book contains accounts of mishaps attributed to computers and the people using them--some humorous,
and some tragic. Neumann characterizes different kinds of computer-related risks, discusses risk causes and effects,
and considers their implications. He also suggests ways to minimize risks in the future. |
| Buy
from Amazon |
|
| 1994 |
| Assessment and Control of Software Risks (Yourdon Press Computing) |
| by Capers Jones;
February 1994; ISBN 0137414064 |
This handbook summarizes more than 50 of the major problems of building and maintaining software projects, and outlines the
prevention/control therapies available. Considers in depth the
software-related risks in the domains of methodologies, tools, organization
structures, skills and specialization, client relations, and sociological issues. For software managers and software
professionals in software engineering, software quality assurance, and related software areas. |
| Buy
from Amazon |
|
