Risk management is project management for adults. Hall is associated with the SEI and presents an SEI oriented view of risk management. There are other views, but this is a good start.
The following reading list is my "working" materials for risk management. Risk management comes and goes in the literature, but some form of risk management is needed on every project.
Software Risk Management, Barry Boehm, IEEE Computer Society. This is the big volume risk management book. It contains many seminal papers on risk management. It is a bit dated, with courier type faces and facsimiles of documents, but still a good resource book.
Project and Program Risk Management: A Guide to Managing Project Risks and Opportunities, Max Wideman, 1998. Making Hard Decisions with Decision Tools, by Robert T. Clemen and Terence Reilly, Duxbury Press, 2001. Risk Management: Concepts and Guidance, 2nd edition, by Carl Pritchard, ESI International, 2001. Practical Risk Assessment for Project Management, by Stephen Grey, John Wiley&Sons, 1995. Project Risk Management: Processes, Techniques and Insights, by Chris Chapman and Stephen Ward, John Wiley & Sons, 1997. Managing Risk: Critical issue for survival and success into the 21st century, Alan Waring and A. Ian Glendon, Thompson Learning, 1998. Stop IT project failures through risk management, by Dan Remenyi, Butterworth Heinemann, 1999.
Managing the Software Process, Watts Humphrey, Addison Wesley. This is the foundation of the process improvement process. Humphery is the Chairman of the Software Engineering Institute and along with Barry Boehm are the fathers of the software engineering professional as practiced at TRW both in the height of the aerospace business and today. Other Humphrey books are worth reading as well.
Continuous Risk Management Guidebook. This is a bound version of the materials found at the SEI site. As the title says, it is a guidebook for managing risk in the software development domain. The processes described here can be used outside this domain as well. This book can be purchased from the Software Engineering Institute. If you're in the risk management business this is "must have" book, to be read cover to cover and used everyday.
Assessment and Control of Software Risks, Capers Jones. This is a primary source book from Capers Jones, who has many other publications relating to risk, metrics and general software management. This text is targeted at large complex project but contains many examples for smaller more agile development processes.
Software Engineering Risk Management: Finding Your Path Through the Jungle, Version 1.0, Dale Karolak, IEEE Computer Society. This is a book and software for general risk management. This is better than the Risk Radar from Software Program Managers Network, but it is also expensive ($150.00 or so for non-IEEE members).
"Large Scale Project Management is Risk Management," Robert N. Charette, IEEE Software, 13(4), July, 1996, pp. 110–117. Although targeted at large scale projects, the wisdom in this paper can be applied to nearly all projects.
Computer Related Risks, Peter Neumann, Addison Wesley, 1995. The book is based on a collection of mishaps and oddities relating to computer technology. It considers what has gone wrong in the past, what is likely to go wrong in the future, and what can be done to minimize the occurrence of further problems.
Risk Management for NASA/JPL Genesis Mission: A Case Study
Software Cost Risk Estimation and Management at JPL
Risk World journal
The following is a link to a useful bibliography on risk management, http://www.mc2consulting.com/riskmbib.htm.
Resources from R.S. Pressman and Associates for Risk Management part of the larger reference library
Probabilistic Risk Assessment
The Project Management Institute's Risk SIG
Center for Risk Management in Engineering Systems – UVa's internationally-recognized competence in "risk, uncertainty, and reliability" in engineering systems are central to the mission of our School of Engineering and Applied Science (SEAS) in two respects: (1) The assessment and management of risk, uncertainty, and reliability are critical to the success of any engineering venture today, including the strategic thrusts of SEAS. (2) In its own right, "risk, uncertainty, and reliability" is a significant, existing thrust of engineering research and education at UVa. Our development of theory and methodology at UVa in "risk, uncertainty, and reliability," and its transfer to engineering training and practice, is worthy and capable of continuing to increase the visibility and external support for the University's and SEAS's mission.
Reliability Engineering at the University of Maryland.
RiskWorld is a electronic magazine covering the news of risk management.
Risk Assessment and Risk Management at Sandia National Laboratories
RiskID Pro is a software risk management tool
NASA Continuous Risk Management
Center for Risk Management of Engineering Systems, University of Virginia
Basic Template for a Risk Management Plan, NASA Software Assurance Technology Center
Software Engineering Institute's Risk Management Site
Risk Doctor and Partners
Mitre Corporation's Risk Management site
NASA Risk Management Conferences
Software Assurance Technology Center - NASA Goddard Space Flight Center
System Risk Management Database – This database helps fulfill the goals and strategies of the NASA software strategic plan as put forth by the Software Working Group (SWG), and is based on the principles described in the SEI (Software Engineering Institute) Continuous Risk Management Guidebook.
Software Engineering Information Repository - Software Engineering Institute, Carnegie Mellon University. Registration required (no charge). Registered users have access to Software Risk Management section.
Software Reliability Engineering Information Center at the College of Engineering, University of Maryland.
Software Technology for Adaptable, Reliable Systems (STARS) - Defense Advanced Research Projects Agency (DARPA)
Center for Software Reliability - University of Newcastle, England
Continuous Risk Management (CRM) - Software Assurance Technology Center, Goddard Space Flight Center.
Risk Management - NASA Headquarters, Office of safety and Mission Assurance who assures the safety and enhances the success of all NASA activities through the development, implementation, and oversight of Agency–wide safety, reliability, maintainability, and quality assurance (SRM&QA) policies and procedures.
JPL Risk Management Guide - Jet Propulsion Laboratory is designed to educate, inform, and facilitate JPL engineers and managers in the use of Risk Management on JPL projects.
Life Cycle Risk Management - Johnson Space Center
NASA System Risk Management Database - Lewis Research Center helps fulfill the goals and strategies of the NASA software strategic plan as put forth by the Software Working Group (SWG), and is based on the principles described in the SEI (Software Engineering Institute) Continuous Risk Management Guidebook. The database in an Access 97 file that can be used to store system risk information and support the system risk management cycle.
NASA Goddard Space Flight Center Risk Management library
Program & Project Risk Management Resource Center - Ames Research Center is the host site for the Second Risk Management Colloquium which is an extension of the First Risk Management Colloquium hosted by NASA Ames. This colloquium has many good papers on the topic of risk management.
NASA Goddard Space Flight Center Office of Safety and Mission Assurance
Reliability & Maintainability Modeling - Power and Propulsion Office, Glenn Research Center ACARA (Availability, Cost, And Resource Allocation) is a program for analyzing availability, lifecycle cost (LCC), and resource scheduling for a system that undergoes periodic repair. It uses a combination of exponential and Weibull distributions to simulate the useful life of each system component. ACARA evaluates the availability of the system at each capacity level based upon a system block diagram representation. ACARA was developed by engineers at the NASA Lewis Research Center.
Reliability Engineering Office - Engineering and Mission Assurance Directorate (EMAD), Jet Propulsion Laboratory
Ames Program & Project Risk Management Ames Research Center (ARC)
NASA Program and Project Management and Requirements, NASA Policy Guideline 7120.5A
PMI Risk Management, Project Management Institute - Special Interest Group
SFOC Risk Management, United Space Alliance
RBAM site located at NASA GRC