What do you think?
Rate this book
Measuring and Managing Information Risk: A FAIR Approach
Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, "Measuring and Managing Information Risk" provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, " Measuring and Managing Information Risk" helps managers make better business decisions by understanding their organizational risk.
Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization.Carefully balances theory with practical applicability and relevant stories of successful implementation.Includes examples from a wide variety of businesses and situations presented in an accessible writing style.
Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization.Carefully balances theory with practical applicability and relevant stories of successful implementation.Includes examples from a wide variety of businesses and situations presented in an accessible writing style.
- GenresBusinessNonfiction
408 pages, Paperback
First published January 1, 2014
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 7 of 7 reviews
February 24, 2018
A very good book with great insights into where the information risk management community needs to evolve. Information security professionals will likely have boardroom attention for the next couple of years, and we need to make the most out of this opportunity. Applying the concepts and advice from this book will put you in a great position with C-level executives.
April 12, 2019
Excellent book on how to create qualitative risk analysis instead of just red, yellow, green. Definitely business oriented - not a book to take on vacation.
October 31, 2020
Excellent book on quantitative infosec risk management, FAIR method. Brilliantly written making this topic entertaining!
May 10, 2015
It is not often that I read a book that expands my mind as much as this. Being 42 and having been around the block a few times, it takes quite a bit to make me take notice. This is one of those books.
If you are involved in the management side of information security, cyber security, risk management, etc. you MUST read this book.
If you are involved in info/cyber security, but more as a practitioner in the trenches doing pentest, forensics, incident response, you might be able to skip this book, but I would still say that you should read it.
This book will expand your mind and make you think about information security in a new light. It will show you how to move away from the implicit risk management of just following a control framework and towards an explicit risk management approach where you decisions are meaningful, measurable and defensible.
Jack & Jack (the authors) where have you been all my career? I hope they publish some of the other things they mention in this book.
If you are involved in the management side of information security, cyber security, risk management, etc. you MUST read this book.
If you are involved in info/cyber security, but more as a practitioner in the trenches doing pentest, forensics, incident response, you might be able to skip this book, but I would still say that you should read it.
This book will expand your mind and make you think about information security in a new light. It will show you how to move away from the implicit risk management of just following a control framework and towards an explicit risk management approach where you decisions are meaningful, measurable and defensible.
Jack & Jack (the authors) where have you been all my career? I hope they publish some of the other things they mention in this book.
September 29, 2019
Factor Analysis of Information Risk is a very different approach to look at Information Risk as it doesn't look first at the control - but first looks at the assets to protect. The theories make total sense as I've read them and can't imagine why more companies aren't using this method.
I found the examples, charts, diagrams and detailed lists very helpful. There is so much I want to share with our IT group.
Now I will be looking for training to get a better grasp of the process to be able to speak to the process clearly and completely from our companies perspective.
I found the examples, charts, diagrams and detailed lists very helpful. There is so much I want to share with our IT group.
Now I will be looking for training to get a better grasp of the process to be able to speak to the process clearly and completely from our companies perspective.
June 3, 2016
This is the book that all cybersecurity professionals should read. Our profession is categorically bad at assessing risk. Jack and Jack describe the model, FAIR, that will make your life easier. This is the future. It is so important that the book was inducted into the Cybersecurity Canon in April 2016.
June 12, 2021
After reading this, I am almost convinced that risk management doesn't yield much value vs the amount of time/effort it needs.
Displaying 1 - 7 of 7 reviews