FAIR Institute Blog

3 More Must-Read Books to Jumpstart Your Career in Risk Management

[fa icon="calendar"] Jun 15, 2017 10:52:47 AM / by Isaiah McGowan

Isaiah McGowan

3-more-must-read-books-to-jumpstart-your-career-risk-management.jpgThis time last year we provided you with a list of five must-have resources to delve into risk. If you haven’t invested 30 hours into these books, there’s no better time than now!

  1. The Failure of Risk Management - Douglas Hubbard highlights flaws in the common approaches to risk management.
  2. Measuring and Managing Information Risk: A FAIR Approach - The source of the FAIR model for measuring and managing risk tackles critical concepts often overlooked by risk practitioners.
  3. Superforecasting - The authors step through problems with forecasting and provide a process for improvement.
  4. Expert Political Judgment - Philip E. Tetlock seeks to improve the reader's ability to identify and understand errors of judgment.
  5. Thinking, Fast and Slow - Daniel Kahneman teaches you more than you want to know about managing your thinking and intuition, critical skills for analysts.

With these under your belt it is time to tackle three more resources (reading times in parens). The following books help you hone your analyst talents: critical thinking, calibration, and probabilistic thinking. WARNING: you will get max value from these books if your comfort level with numbers is at least above ‘ew, yuk’. 



how-to-measure-anything-cybersecurity-risk-cover.png#1 - How To Measure Anything In Cybersecurity Risk

Douglas W. Hubbard & Richard Seiersen

(4 hours and 18 minutes) 

Many of the techniques we leverage as FAIR analysts are rooted in awareness brought by Douglas Hubbard. ‘Dangerous risk management methods abound’; Hubbard seeks to dispel them and provide solutions.

Sample chapters: 

  • Risk Matrices, Lie Factors, Misconceptions, and other Obstacles to Measuring Risk
  • Calibrated Estimates. How Much Do You Know Now
    • A Call to Action. How to Roll Out Cybersecurity Risk Management

     

    #2 - A Field Guide To Lies: Critical Thinking in the Information AgeField-Guide-to-Lies.png

    Daniel J. Levitin

    (4 hours and 18 minutes) 

    As an analyst, your spidey senses tingle when you’re faced with quantitative arguments that seem incongruent. Embark on a sightseeing tour with Levitin as he points out problems with facts you encounter.

    Sample chapters: 

    • Highjinks with How Numbers Are Reported
    • Overlooked, Undervalued Alternative Explanations
    • How Science Works

proofiness-how-youre-being-fooled-by-the-numbers.png#3 - Proofiness: How You're Being Fooled by the Numbers

Charles Seife

(4 hours and 32 minutes) 

You don’t have to be a mathematician to recognize that mountains of metrics in risk management are abused regularly. Proofiness will illuminate problems in other spaces which will tune your ability to spot and expose them in cybersecurity risk.

Sample chapters: 

  • Phony Facts, Phony Figures
  • Rorschach's Demon
  • Propaganda by the Numbers

If you are looking for the shortcut through the first 5 books then I recommend An Executive's Guide to Cyber Risk Management, the new eBook by Jack Jones, author of the FAIR book. You will get a passing level of awareness of the problem space prior to delving into the books above.
 
Reading times calculated by howlongtoreadthis.com 

Topics: Risk Management

Isaiah McGowan

Written by Isaiah McGowan

Get your FAIR Book to learn all about FAIR