- The upcoming second edition of “Measuring and Managing Information Risk” provides a comprehensive guide to measuring and managing information risk using the FAIR methodology, suitable for varied organizational complexities.
- It combines theoretical insights with practical applications, helping managers make informed decisions based on structured risk assessment methods.
- The book introduces new chapters on aligning risk programs with standards, automating assessments, and modern quantitative risk techniques.
- And it offers insights and case studies from diverse industries, balancing accessible writing with expert commentary from industry professionals.
Measuring and Managing Information Risk: A FAIR Approach, Second Edition is a detailed resource for understanding and applying the Factor Analysis of Information Risk (FAIR) methodology, a trusted framework for measuring and managing information risk across various organizational contexts. With over a decade of development and practical application, FAIR has become a cornerstone for assessing risk in complex environments. This edition retains the fundamental concepts of risk measurement, offering a step-by-step approach to equip managers and IT professionals with the tools to make informed, risk-aware business decisions. Notably, the new edition addresses advancements in risk assessment techniques, integrating quantitative methods into security programs that now include the use of security telemetry, external data, and automated assessments.
In addition to a solid grounding in risk theory and calculation, the book covers critical aspects of risk modeling and effective communication within organizations, enabling risk insights to be clearly understood by decision-makers. New chapters expand on practical topics, such as aligning risk programs with regulatory standards, automating assessments, and identifying common red flags in risk measurement. This edition also introduces the FAIR-CAM standard and incorporates insights from industry experts, providing readers with multiple perspectives and case studies from various sectors. These additions make the book an invaluable resource not only for newcomers to the field but also for seasoned professionals seeking structured guidance in implementing or refining IT risk management programs.
Dr. Jack Freund, the book’s author, brings a wealth of experience in IT risk management, specializing in translating complex risk scenarios into accessible insights for business executives. His extensive career spans more than 16 years in technology roles within organizations such as TIAA-CREF, Nationwide Insurance, CVS/Caremark, and Sony Ericsson, where he has consistently focused on enhancing risk assessment processes. Dr. Freund holds a PhD in Information Systems and a variety of industry certifications, including CISSP, CISA, CISM, CRISC, CIPP, and PMP, attesting to his deep expertise in the field. As a Senior Member of organizations like ISSA, IEEE, and ACM, he actively contributes to the industry through writing, teaching, and serving on certification committees. Dr. Freund also authors a regular risk column and has been published in respected industry journals, making him a well-regarded thought leader in IT and risk management. This book reflects his commitment to advancing the field by providing readers with both foundational knowledge and insights into current industry practices.
Leave a Reply
You must be logged in to post a comment.