Get your highlighters ready – find a stack of Post-it notes – the FAIR Institute is putting on a summer book club to read and discuss the FAIR™ book, Measuring and Managing Information Risk by Jack Freund and Jack Jones, the authoritative guide to quantitative cyber risk analysis and risk management. The National Institute of Standards and Technology includes the FAIR model as a recommended resource in its Cybersecurity Framework (NIST CSF).
Now more than ever we need to encourage communication within our teams, combat the isolation of remote work, learn new skills or refresh old ones. We think tackling the FAIR book makes a perfect summer team project – it’s filled with fresh and accessible concepts that challenge assumptions about information and technology risk, as well as practical guidance your team can apply to improve the efficiency and effectiveness of your security or risk operation. Even if you’ve read the book before, this is an opportunity to get your team on the same page going forward.
Starting this week, and continuing every other week, we will add a new study guide to the FAIR Institute blog for you to download, each covering a group of chapters, 12 guides in all. The first guide covers Chapter 1, (Introduction), Chapter 2 (Basic Risk Concepts) and Chapter 3 (The FAIR Risk Ontology).
Download the guide to Chapters 1-3
Also, we’re hosting a discussion board in LINK, FAIR Institute’s community site, for further discussion or posting of questions – FAIR experts and community members will answer. (A FAIR Institute membership and signup for LINK is required to access the discussions. Turn your notifications on in your LINK profile settings to make sure that you receive updates to the discussions.)
Visit the FAIR book discussion board - here
What do you need to do to get started?
- Order the Measuring and Managing Information Risk book - here
- Find a group of coworkers or peers to join the book club
- Schedule a recurring meeting every other week (Friday’s are always nice), starting whenever you like.
- Subscribe to the FAIR Institute Blog so you get the updates and discussion topics
- Join the conversation on the Link Discussion Board – here.
- Bring up the discussion topic guide during your meetings and have FUN!
About the Book
Using the Factor Analysis of Information Risk (FAIR) methodology developed over ten years and adopted by organizations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.
Related: What Is FAIR?