Info Risk Recommended Reading List
The discipline of Information Risk Analysis combines practice and theory from three primary areas: Information Security, Data Science, and Decision Science. As such, a effective Information Risk Analysts should be well studied and versed with these concepts. Here is a short list of books/resources that we have on our bookshelf, and believe should be required reading for any Info Risk professional.
Risk Management / Information Risk Analysis
- Failure of Risk Management, by Doug Hubbard
- Measuring and Managing Information Risk, by Jack Freund and Jack Jones
- Data-Driven Security, by Jay Jacobs and Rob Rudis
- Thinking Fast and Slow, by Daniel Kahneman
- Predictably Irrational: The Hidden Forces That Shape our Decisions, by Dan Ariely
- The Art of Critical Decision Making (The Great Courses), by Michael Roberto
Probability / Uncertainty
- The Black Swan: The Impact of the Highly Improbable, by Nassim Taleb
- Fooled by Randomness: The Hidden Role of Chance in Life and in the Markets, by Nassim Taleb
- The Flaw of Averages, by Sam Savage
- Superforecasting: The Art and Science of Prediction, by Philip Tetlock and Dan Gardner
- How to Measure Anything: Finding the Value of 'Intangibles' in Business, by Doug Hubbard
If you get through these and want more, check out the Society of Information Risk Analysts (SIRA) reading list for more suggestions.