For the second year, we are reading and the FAIR™ book, Measuring and Managing Information Risk, the authoritative text on quantitative cyber risk analysis and risk management, with a series of short discussion guides to help FAIR summer book clubs spark conversations, at a pace of two book chapters per guide.
In Part 2, we’re covering Chapter 4 (on FAIR terminology) and Chapter 5 (on measurement), two key categories for both understanding the FAIR approach and generally clearing up the rampant confusion surrounding risk analysis. Can you define a “loss event” and describe how it would unfold at your organization? Discuss.
Also, we’re hosting a discussion board in LINK, the FAIR Institute’s community site, to contribute discussions points to the community or pose questions – FAIR experts and community members will answer. (A FAIR Institute membership and signup for LINK is required to access the discussions. Turn your notifications on in your LINK profile settings to make sure that you receive updates to the discussions.) Visit the FAIR book discussion board.
Here are the six FAIR study guides:
With thanks to author Rebecca Merritt, Senior Manager, Professional Services at RiskLens, the technical adviser to the FAIR Institute.
- Chapter 1, (Introduction), Chapter 2 (Basic Risk Concepts) and Chapter 3 (The FAIR Risk Ontology)
- Chapter 4 (FAIR Terminology) and Chapter 5 (Measurement)
- Chapter 6 (Analysis Process) and 7 (Understanding Results)
- Chapter 8 (Risk Analysis Examples) and Chapter 9 (Thinking about Risk Scenarios Using FAIR)
- Chapter 10 (Common Mistakes) and Chapter 11 (Controls)
- Chapter 12 (Risk Management), Chapter 13 (Information Security Metrics) and Chapter 14 (Implementing Risk Management)
About the FAIR Book
Using the Factor Analysis of Information Risk (FAIR) methodology developed over ten years and adopted by organizations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of 
any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.
Related: What Is FAIR?
