This time last year we provided you with a list of five must-have resources to delve into risk. If you haven’t invested 30 hours into these books, there’s no better time than now!
- The Failure of Risk Management - Douglas Hubbard highlights flaws in the common approaches to risk management.
- Measuring and Managing Information Risk: A FAIR Approach - The source of the FAIR model for measuring and managing risk tackles critical concepts often overlooked by risk practitioners.
- Superforecasting - The authors step through problems with forecasting and provide a process for improvement.
- Expert Political Judgment - Philip E. Tetlock seeks to improve the reader's ability to identify and understand errors of judgment.
- Thinking, Fast and Slow - Daniel Kahneman teaches you more than you want to know about managing your thinking and intuition, critical skills for analysts.
With these under your belt it is time to tackle three more resources (reading times in parens). The following books help you hone your analyst talents: critical thinking, calibration, and probabilistic thinking. WARNING: you will get max value from these books if your comfort level with numbers is at least above ‘ew, yuk’.
#1 - How To Measure Anything In Cybersecurity Risk
Douglas W. Hubbard & Richard Seiersen
(4 hours and 18 minutes)
Many of the techniques we leverage as FAIR analysts are rooted in awareness brought by Douglas Hubbard. ‘Dangerous risk management methods abound’; Hubbard seeks to dispel them and provide solutions.
Sample chapters:
- Risk Matrices, Lie Factors, Misconceptions, and other Obstacles to Measuring Risk
- Calibrated Estimates. How Much Do You Know Now
- A Call to Action. How to Roll Out Cybersecurity Risk Management
#2 - A Field Guide To Lies: Critical Thinking in the Information Age,
Daniel J. Levitin
(4 hours and 18 minutes)
As an analyst, your spidey senses tingle when you’re faced with quantitative arguments that seem incongruent. Embark on a sightseeing tour with Levitin as he points out problems with facts you encounter.
Sample chapters:
- Highjinks with How Numbers Are Reported
- Overlooked, Undervalued Alternative Explanations
- How Science Works
#3 - Proofiness: How You're Being Fooled by the Numbers
Charles Seife
(4 hours and 32 minutes)
You don’t have to be a mathematician to recognize that mountains of metrics in risk management are abused regularly. Proofiness will illuminate problems in other spaces which will tune your ability to spot and expose them in cybersecurity risk.
Sample chapters:
- Phony Facts, Phony Figures
- Rorschach's Demon
- Propaganda by the Numbers