Freund J., Jones J. Measuring and managing information risk: a FAIR approach

Butterworth-Heinemann, Elsevier Inc., 2015. — 390 p. — ISBN: 0127999329, 0124202314, 9780124202313, 9780127999326Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.
Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization.Carefully balances theory with practical applicability and relevant stories of successful implementation.Includes examples from a wide variety of businesses and situations presented in an accessible writing style.Preface by Jack Jones
Preface by Jack FreundBasic Risk Concepts
The FAIR Risk Ontology
FAIR Terminology
Measurement
Analysis Process
Interpreting Results
Risk Analysis Examples
Thinking about Risk Scenarios Using FAIR
Common Mistakes
Controls
Risk Management
Information Security Metrics
Implementing Risk Management