What are the must have resources for people new to operational and cyber risk? This list outlines what books I would recommend to new analyst or manager.
They’re not ranked by which book is best. Instead, I list them in the recommended reading order. Let’s take a look at the list.
#1 - The Failure of Risk Management: Why It’s Broken and How to Fix It (Douglas Hubbard)
In The Failure of Risk Management, Hubbard highlights flaws in the common approaches to risk management. His solutions are as simple as they are elegant. (Spoiler alert: the answer is quantitative risk analysis). The Failure of Risk Management shows up as #1 because it sets the tone for the others in the list. First, understand the problems. With the common problems in mind you can identify them on a regular basis. The next book provides approaches to modeling the problem.
With that foundation in place, they move on to the FAIR approach to risk analysis. Finally, they lay out foundational concepts for risk management.
This book is not an advanced perspective on analyzing or managing risk. Instead, it provides a systemic solution to our problems.
Books #1 and #2 lay the foundation to understand the common risk management and analysis problems. They also provide approaches for solving those problems. The next two books are critical to improving the execution of these approaches.
#3 - Superforecasting: The Art and Science of Prediction (Phillip Tetlock & Dan Gardner)
We require RiskLens consultants to read Superforecasting. Risk analysis is always about forecasting future loss (frequency and magnitude). As practitioners, it is critical to learn the problems with forecasting. Knowing is half the battle. Superforecasting takes the audience through the battlefield by offering a process for improvement.
If there is one book you could read out of order, it is Superforecasting. Yet, it shows up at #3 because it will hammer home forecasting as a skill once the other books open your eyes.
#4 - Expert Political Judgment: How Good Is It? How Can We Know? (Phillip Tetlock)
Yes, another book by Tetlock appears in our list. Published first, tackled second. His work in understanding forecasting is tremendously valuable. Superforecasting builds on the research that resulted in publishing Expert Political Judgment.
#5 - Thinking, Fast and Slow (Daniel Kahneman)
Rounding out the list is Thinking, Fast and Slow. Improving your understanding of thinking in general is the next best step. Take the time to read this book. Peel out nuggets of wisdom before tackling more advanced risk management and analysis concepts.
There it is...