Method engineering paper review table Read the paper, and rate the criteria below as strong / satisfactory / weak (please check the cell that applies). Please add comments to clarify. Topic: IS risk analysis based on a business model Author: Vincent Boekholtz Reviewer: Vincent Blijleven Weak SatisStrong Criteria factory Overall x Are the basic sections (intro, example, etc.) adequate? If not, what is missing? x Are there any grammatical or spelling problems? Reader’s comments The author provides an elaborate introduction and a good overview of the four stages. I recommend avoiding the usage of words such as “they’re” or “it’s” as this is unscientific. Try to rewrite the relevant sentences . The first letter of the first words of each stage should be capitalized. Stage 1: the organizational investigation Stage 1: The organizational investigation. In addition, what about creating subsections for each stage? Such as 2.1 The organizational investigation, 2.2 Asset identification and evaluation, et cetera? I recommend to make better use of commas. For instance this sentence in the related literature: “Risk analyses usually consists of several techniques, such as the Delphi technique, brainstorming, threat scenario approach and a statistical approach, which are described by Rainer, Snyder and Carr (1991), a paired comparison, Analytic Hierarchy Process (AHP), reviewing, interviewing and the divide and conquer approach.” The slight overkill of commas makes it difficult to read. Perhaps the author could divide this sentence in two parts . x Is the writer's writing style clear? x Are the figures created by the author him/herself? x Is the example understandable and informative? In the related literature: “They do however mention …” “The authors do however mention …”. The usage of they to refer to authors is not scientific. The author has a clear writing style. I would suggest, however, to make use of indents when starting a new ‘subparagraph’. For instance in the introduction: “The Information System (IS) risk analysis … of the business.” A small indent should be placed in front of the next sub-paragraph “In the traditional risk …”. As far as I can tell, yes. The author provides an elaborate example. It contains the most essential information (not too long & not too short), clearly getting to the point. The author also makes good use of references to other work, such as Ciechanowicz (1997). This shows the author possesses the relevant knowledge of the topic discussed to give a proper example. x Do the authors provide one or more usable templates with the example? x Is the PDD properly formatted? I would however mention the role identified in this method, to know the risk analyst. This was also explicitly asked for in the assignment. Yes. Yes. However, I recommend not merging the flows between THREAT, ASSET and ANNUAL LOSS EXPECTANCY. The reason for this is as I am not sure whether the cardinalities (1..*, 0..* & 1..*) are always applicable, regardless of whether you e.g. look at ANNUAL LOSS EXPECTANCY from a THREAT or ASSET perspective. All activities are properly formatted, the same goes for the concepts. x Does the PDD have a good level of detail? x Are the activity and concept table informative? I have one question regarding the role, to know the ‘risk analyst’. Considering this is the only role present in this method, perhaps this role could be removed and solely mentioned in the beginning of the third section (PDD), which is what the author has already done. In other words: why include information in the PDD if it doesn’t really make a contribution . I do not possess a significant amount of knowledge to decide whether this PDD contains all the required activities and deliverables, but as far as I can tell it looks solid. Good capitalization of concepts in both tables. Proper references in the tables. I strongly recommend to use either shades of gray or plain white as colours for the table. The blue colour does not really contribute to readability. The concept table looks how it is supposed to be, namely starting each definition with “The MISSION …” or “An ASSET …”. x x Does the writer cite sources adequately and appropriately? Note any incorrect formatting. Are there enough references to other sources? Are the references properly formatted? Nice draft! Good luck with your final version . I spotted several mistakes: (Suh and Han, 2003) (Suh & Han, 2003) The minimal amount of references (10) is given, but suffices for the method described. I am not sure how much related literature is available on this topic,