The FAIR Book

Measuring and Managing Information Risk:
A FAIR Approach

The Award-winning FAIR Book provides a practical and credible model for understanding, measuring and analyzing information risk of any size and complexity.

  • It shows how to deliver financially derived results tailored for enterprise risk management.
  • It is intended for organizations that need to build a risk management program from the ground up or to strengthen an existing one.
  • It covers key areas such as risk theory, risk calculation, scenario modeling and risk communication within the organization.

'Measuring and Managing Information Risk' is an essential tool for information risk officers of the digital age who want to help their organizations make smarter and more effective business decisions.


Some Readers' Reviews:


In a world where seemingly everything is oversold, this is the rare exception that is undersold. The title succinctly states, without drama, the authors’ broad ambit. They over-deliver. The book is nothing less than a manifesto for quantitative management of information security risk.

The CISO Bible

A must read for security professionals and risk analysts.


This text is backbone reference for the development or improvement of a corporate information risk management program.