
Collection of awesome projects, blog posts, books, and talks on quantifying risk - veeralpatel979
https://github.com/veeral-patel/awesome-risk-quantification
======
mathie25
Good ressources. I've been following Ryan Mcgeehan for a few years, and he's
really dedicated to the development of simple risk management techniques. Risk
management can be really difficult to grasp.

Additional interesting ressources: \- Implementing Enterprise Risk Management
by James Lam [https://www.amazon.ca/Implementing-Enterprise-Risk-
Managemen...](https://www.amazon.ca/Implementing-Enterprise-Risk-Management-
Applications/dp/0471745197/ref=sr_1_3?keywords=enterprise+risk+management&qid=1585660164&sr=8-3)
\- Protivi Guide to Enterprise Risk Management
[https://www.protiviti.com/sites/default/files/protivitierm_f...](https://www.protiviti.com/sites/default/files/protivitierm_faqguide.pdf)

------
rubidium
This is an interesting approach for information security. A lot better than
doing nothing, but the blog post states Netflix has 2 full time engineers
thinking just about risk.

But they’ve kinda just recreated a simplified traditional DFMEA... with some
questionable choices on process and math.

Odd that they didn’t reference p/DFMEA or what failures they saw with that
approach. Normally you’d model the risk of failure with a weibell curve. The
Monte Carlo approach they use is ok but assumes all risks are equally weighted
in time for a distribution. You then look at pre-mitigation and post
mitigation risk to determine which actions to take.

That said, maybe they’ve never heard of the traditional dfmea process?
Unlikely I would hope but possible.

~~~
BOOSTERHIDROGEN
do you have any recommendations on books/references about this dfmea ?

~~~
rubidium
[https://en.m.wikipedia.org/wiki/Failure_mode_and_effects_ana...](https://en.m.wikipedia.org/wiki/Failure_mode_and_effects_analysis)

Will give you a starting point. But there’s a lot of experienced engineers who
know more. It’s something you learn mostly by doing as it needs to be adopted
for each project type.

------
DyslexicAtheist
one of my favorite thinkers is Taleb:
[https://twitter.com/nntaleb](https://twitter.com/nntaleb)

Taleb books: [https://www.amazon.com/Nassim-Nicholas-
Taleb/e/B000APVZ7W](https://www.amazon.com/Nassim-Nicholas-Taleb/e/B000APVZ7W)

also the USCSB youtube channel has post-mortems on industrial engineering
accidents and disasters which I find really insightful
[https://www.youtube.com/channel/UCXIkr0SRTnZO4_QpZozvCCA](https://www.youtube.com/channel/UCXIkr0SRTnZO4_QpZozvCCA)

any books / resources about a) complexity and b) D/FMEA!

also avoid clueless academics and Steven Pinker or anyone invited to Davos/WEE
like the plague!

~~~
goodmachine
>"clueless academics"

Spoken like a true cult member, that's one of Taleb's personal favourite
sayings. For everyone else, why you should ignore him

[https://www.linkedin.com/content-
guest/article/antifragility...](https://www.linkedin.com/content-
guest/article/antifragility-fragile-concept-casey-rosenthal)

------
bobm_kite9
Can I mention Risk-First? All about applying risk to software development.

[https://riskfirst.org](https://riskfirst.org)

------
kriro
"""Risk quantification attempts to assign numeric values to risks, instead of
qualitative labels such as "Critical" and "High"."""

Nitpicky...but...

Shouldn't risk always be quantified? I thought that's what sets it apart from
uncertainty. Also I'd argue that "critical", "hight" etc. is also
quantification (ordinal scale). I guess the argument is that it should be
quantified on a nominal scale?

That being said, love the list :)

~~~
josephkern
Quantification of risk from natural language is handled in the first 10
minutes of the video 'Forecasting, Browsers, and “In The Wild” Exploitation by
Ryan McGeehan (2019)' in the OP link.

~~~
veeralpatel979
Yes, specifically this is what Ryan discusses:

[https://en.wikipedia.org/wiki/Words_of_estimative_probabilit...](https://en.wikipedia.org/wiki/Words_of_estimative_probability)

