Get your highlighters ready – find a stack of Post-it notes – the FAIR Institute is bringing back our summer book club to read and discuss the FAIR™ book, Measuring and Managing Information Risk by Jack Jones and Jack Freund, the authoritative guide to quantitative cyber risk analysis and risk management.
The Summer Book Club launched in 2020--but with so many more FAIR followers added to the membership rolls of the FAIR Institute since then, it’s going to be new to many of you.
We think tackling the FAIR book makes a perfect summer team project – it’s filled with fresh and accessible concepts that challenge assumptions about information and technology risk, as well as practical guidance your team can apply to improve the efficiency and effectiveness of your security or risk operation. Even if you’ve read the book before, this is an opportunity to get your team on the same page going forward.
COMING SOON: Book Clubbers, show us your FAIR knowledge and we’ll award you prizes. Watch this blog for details!
Here’s how the FAIR Summer Book Club works:
We produced six downloadable guides, each designed to prompt discussion on several chapters in the book at one meeting of your book club. You can find them all below on this page. We will also publish a blog post every week linking to the next discussion guide in the sequence, as a reminder.
Also, we’re hosting a discussion board in LINK, FAIR Institute’s community site, for further discussion or posting of questions – FAIR experts and community members will answer. (A FAIR Institute membership and signup for LINK is required to access the discussions. Turn your notifications on in your LINK profile settings to make sure that you receive updates to the discussions.) Visit the FAIR book discussion board - here
What do you need to do to get started?
- Order the Measuring and Managing Information Risk book - here
- Find a group of coworkers or peers to join the book club
- Schedule a recurring meeting at your pace (Friday’s are always nice), starting whenever you like.
- Subscribe to the FAIR Blog so you get the updates and discussion topics
- Join the conversation on the Link Discussion Board – here.
- Share the discussion guides during your meetings and have FUN!
Here are the six FAIR study guides:
With thanks to author Rebecca Merritt, Senior Manager, Professional Services at RiskLens, the technical adviser to the FAIR Institute.
- Chapter 1, (Introduction), Chapter 2 (Basic Risk Concepts) and Chapter 3 (The FAIR Risk Ontology)
- Chapter 4 (FAIR Terminology) and Chapter 5 (Measurement)
- Chapter 6 (Analysis Process) and 7 (Understanding Results)
- Chapter 8 (Risk Analysis Examples) and Chapter 9 (Thinking about Risk Scenarios Using FAIR)
- Chapter 10 (Common Mistakes) and Chapter 11 (Controls)
- Chapter 12 (Risk Management), Chapter 13 (Information Security Metrics) and Chapter 14 (Implementing Risk Management)
About the FAIR Book
Using the Factor Analysis of Information Risk (FAIR) methodology developed over ten years and adopted by organizations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.
Related: What Is FAIR?