$58.95
In stock
$$58.95 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$58.95
Subtotal
Initial payment breakdown
Delivery cost, delivery date and order total (including tax) shown at checkout.
Ships from
Amazon AU
Ships from
Amazon AU
Sold by
Amazon AU
Sold by
Amazon AU
Returns
Eligible for change of mind returns within 30 days of receipt
Eligible for change of mind returns within 30 days of receipt
This item can be returned in its original condition within 30 days of receipt for change of mind. If this item is damaged or defective, you may be entitled to a remedy after 30 days. Visit Returning Faulty Items for more information.
Read our returns policies
Returns
Eligible for change of mind returns within 30 days of receipt
This item can be returned in its original condition within 30 days of receipt for change of mind. If this item is damaged or defective, you may be entitled to a remedy after 30 days. Visit Returning Faulty Items for more information.
Read our returns policies
Payment
Secure transaction
Your transaction is secure
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Payment
Secure transaction
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet or computer—no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera, scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the authors

Jack Jones
Follow
Jack Freund
Follow
Something went wrong. Please try your request again later.

Measuring and Managing Information Risk: A FAIR Approach Paperback – 22 August 2014

4.5 4.5 out of 5 stars 211 ratings
Edition: 1st
See all formats and editions

There is a newer edition of this item:

Measuring and Managing Information Risk: A FAIR Approach
Measuring and Managing Information Risk: A FAIR Approach
$117.38
This item has not yet been released.
{"desktop_buybox_group_1":[{"displayPrice":"$58.95","priceAmount":58.95,"currencySymbol":"$","integerValue":"58","decimalSeparator":".","fractionalValue":"95","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"8gkDCmTqDVwKo2bqetXjgX8dWWrRwg%2FFoOoUCF86QO4Rcki39XTy3a1gREqISk2PwcMpRFtFhe2Wf7i8%2FJnykPprFRmRZhVOKMQT3PWuEFqjCfqzEvgSuHnu2K5XX%2BgTa2TYBHN4ttO1AtRbI5to4dzwSWNQb0ff","locale":"en-AU","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}]}

Purchase options and add-ons

Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.
Previous page
  1. ISBN-10
    0124202314
  2. ISBN-13
    978-0124202313
  3. Edition
    1st
  4. Publisher
    Butterworth-Heinemann
  5. Publication date
    22 August 2014
  6. Language
    English
  7. Dimensions
    19.05 x 2.36 x 23.5 cm
  8. Print length
    410 pages
  9. See all details
Next page

Frequently bought together

Measuring and Managing Information Risk: A FAIR Approach
$58.95
In stock
Ships from and sold by Amazon AU.
+
How to Measure Anything in Cybersecurity Risk
$74.41
Get it 7 - 17 Jun
In stock
Ships from and sold by Amazon US.
+
The Metrics Manifesto: Confronting Security with Data
$50.78
Only 2 left in stock (more on the way).
Ships from and sold by Amazon AU.
Total Price:
To see our price, add these items to your cart.
Details
Added to Cart
spCSRF_Control
Some of these items dispatch sooner than the others.
Show details Hide details
Choose items to buy together.

Related items viewed by customers

Page 1 of 1 Start againPage 1 of 1
Previous page
  1. Measuring and Managing Information Risk: A FAIR Approach
Next page

Product description

Review

"...informative and insightful―and surprisingly engaging. Using examples, anecdotes, and metaphors, the writers keep this educational work from becoming difficult... Professionals new to thorough information risk analysis or using more simplified approaches will find this book extremely useful." --Security Management

Review

A comprehensive resource that provides a much-needed, flexible methodology for measuring and managing information risk.

Product details

  • Publisher ‏ : ‎ Butterworth-Heinemann; 1st edition (22 August 2014)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 410 pages
  • ISBN-10 ‏ : ‎ 0124202314
  • ISBN-13 ‏ : ‎ 978-0124202313
  • Dimensions ‏ : ‎ 19.05 x 2.36 x 23.5 cm
  • Customer Reviews:
    4.5 4.5 out of 5 stars 211 ratings

About the authors

Follow authors to get new release updates, plus improved recommendations.
Previous page
  1. Jack Jones

    Jack Jones

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Jack has worked in technology for thirty years, and information security and risk management for twenty-four years. He has over nine years of experience as a CISO with three different companies, including five years at Nationwide Insurance. His work there was recognized in 2006 when he received the ISSA Excellence in the Field of Security Practices award at that year’s RSA conference. In 2007, he was selected as a finalist for the Information Security Executive of the Year, Central United States, and in 2012 was honored with the CSO Compass award for leadership in risk management. He is also the creator of the Factor Analysis of Information Risk (FAIR) framework.

    Currently, Jack is President and co-founder of CXOWARE, Inc. which provides risk management and risk analytics software based on FAIR. He currently holds the CRISC, CISM, CISA, and CISSP certifications and is on the ISACA CRISC Committee and the ISC2 Ethics Committee.

    See more on the author's page
  2. Jack Freund

    Jack Freund

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Dr. Jack Freund is an expert in IT risk management specializing in analyzing and communicating complex IT risk scenarios in plain language to business executives. He currently leads a team of risk analysts at TIAA-CREF. Jack has over 16 years in IT and technology working for organizations such as Nationwide Insurance, CVS/Caremark, Lucent Technologies, Sony Ericsson, AEP, Wendy’s International, and The State of Ohio. He holds a BS in CIS, Masters in Telecom and Project Management, a PhD in Information Systems, and the CISSP, CISA, CISM, CRISC, CIPP, and PMP certifications. Jack is a Visiting Professor at DeVry University and a Senior Member of the ISSA, IEEE, and ACM. Jack chairs a CRISC subcommittee for ISACA and is a member of the Open Group’s risk analyst certification committee.

    Jack’s writings have appeared in the ISSA Journal, Bell Labs Technical Journal, Columbus CEO Magazine, and he currently writes a risk column for @ISACA. Jack is also authoring a book entitled Measuring and Managing Information Risk: A FAIR Approach under contract with Elsevier. You can follow all Jack’s work and writings at riskdr.com.

    See more on the author's page
Next page

Customer reviews

4.5 out of 5 stars
4.5 out of 5
211 global ratings

Review this product

Share your thoughts with other customers
Write a customer review

Top reviews from Australia

Stephen Harris
5.0 out of 5 stars This should be a global standard
Reviewed in Australia on 16 July 2018
Verified Purchase
Superb book. I bought it after seeing Jack speak in Sydney. His talk immediately "clicked" in my mind, connecting a lot of dots, that in retrospect were obvious.
Helpful
 Report
SK
5.0 out of 5 stars Excellent book.
Reviewed in Australia on 10 September 2019
Verified Purchase
A detailed and comprehensive approach to understanding FAIR ontology. Excellent book
Helpful
 Report

Top reviews from other countries

Translate all reviews to English
Bill Neaves
5.0 out of 5 stars An essential tool for Risk practitioners
Reviewed in Canada on 18 May 2018
Verified Purchase
The. FAIR methodology is an important part of the toolkit for Risk Management practitioners. This book does a superb job of introducing FAIR as a quantitative assessment methodology. Among other things, it deals with the practical reality of doing risk assessments in a large organization and communicating results to executives.
Report
Shield Wall
5.0 out of 5 stars An informative risk analysis model
Reviewed in the United Kingdom on 25 April 2020
Verified Purchase
If you are looking for a new way of efficiently articulating risk to your senior execs, I would highly recommend adding this to your reading list.
One person found this helpful
 Report
Marek Weber
3.0 out of 5 stars Not "really" helpful to actually use FAIR
Reviewed in Germany on 16 January 2018
Verified Purchase
Reading the book is a start, but it is not really helpful. Yes, certain information are supplemented to the free material that can be found on the internet. Here are my main points, why the book is just partially useful:

1. Ok, it is a good point that it is not a book supposed to teach Monte-Carlo-simulations. I get this part. There are good study materials that do the job. But, and this is the big but, there is no explanation or any kind of useful information on how the variables interact from a mathematical viewpoint. Knowing this would allow to program it yourself, for example with python or r. Of course, understanding the math behind Monte-Carlo-simulations and how they work, it is possible to come with a solution (your solution). But that is my point, you must came up with the (your) solution, it is no shown or descripted in the book. Therefore you cannot be sure whether you “solution” on how you have interpreted the FAIR model is somewhat right or not.
2. The book is just to “hook” you up. In order to go further you need the FAIR training. Many information bits are missing in the book, preventing you to actually using it. I know that because of my “aha” moments during “a product” presentation by a certain company, offering there FAIR “Tool”. During the presentation, certain aspects on how to use FAIR become clearer.

Reading the book is not helpful to actually use FAIR in a useful manner. In order to do that (well guess what, yes that’s right!) you need the offered training, provided (guess again) by the same company, that is behind FAIR (yes a company, check out who is behind the training and FAIR, too!).

The book is therefore only partially useful, more to hook you up, even if you do understand Monte-Carlo-simulations, so do not expect too much from the book.
5 people found this helpful
 Report
Steve Poppe
5.0 out of 5 stars The CISO's Bible
Reviewed in the United States on 21 April 2015
Verified Purchase
In a world where seemingly everything is oversold, this is the rare exception that is undersold. The title succinctly states, without drama, the authors’ broad ambit. They over-deliver. The book is nothing less than a manifesto for quantitative management of information security risk.

Consider how radical it is to promise a truly quantitative approach to cyber risk management in a world dominated by numerous qualitative “frameworks,” red-yellow-green heat maps, thousand-item one-size-fits-all questionnaires, subjective and qualitative scales of likelihood and impact, and fake math like “red times green equals yellow”. And then consider how transformational it is to deliver on the promise.

Other reviewers have nicely discussed the book’s coverage of the FAIR taxonomy. Suffice it to say that MMIR is your best friend in understanding the Open Group FAIR standards. Freund and Jones bring a potentially dry subject alive with many “Talking About Risk” sidebars that tell of their experience with FAIR methods in practice. These war stories make the content accessible and relevant. I especially appreciate the authors’ informal style that is conversational without being verbose and humorous without being patronizing or cute. What the war stories leave out chapter 8 fills in with numerous example analyses. A worked example is better than a thousand war stories.

If giving a thorough rationale for and introduction to FAIR were all that MMIR did, it would be worth its weight in gold. But wait! There’s more!

It’s the “managing” part, chapters 11-14, that constitutes another breakthrough beyond FAIR. There Freund and Jones begin laying out (one senses it is a work in progress) a risk management ontology, built on the FAIR risk measurement ontology. In rethinking the classification of controls in the context of threat event frequency, vulnerability, and loss mitigation, they provide ways to assess and – yikes! – quantify the potential value of control improvements, in isolation or in combination. This gives the CISO the beginning of a way to manage the control environment, not just the threats.

But controls not consistently adhered to are both false comfort and all too common. Therefore F&J suggest that variance in the application of controls is perhaps the single most important set of infosec management metrics. As the old saw goes, if you cannot measure it you cannot manage it, and if you do not know how well your controls are operating on a continuing basis, then what confidence can you have in the millions of dollars invested in technology and staff?

Which brings us to metrics. It is perhaps not surprising that a methodology based on quantitative analysis lends itself to meaningful metrics. F&J offer many concrete suggestions far superior to the grab-bag of metrics found in vendor dashboards (measure what’s cheap and looks cool) and other books. These are real metrics that the CISO can use to … manage risk.

And managing risk is really why we do all this stuff. Making good decisions on both operational and strategic levels requires good data derived from reliable instruments and methods. It is in managing risk that MMIR is truly seminal and profound.

If they do another edition Freund and Jones should consider adding a subtitle, “The CISO’s Bible,” because CISOs will find themselves coming back to it time and again. Or maybe that is the next book.
15 people found this helpful
 Report
David Vose
2.0 out of 5 stars Lot of terms to learn for basic ideas
Reviewed in Germany on 27 April 2021
Verified Purchase
This is more a branding exercise for a lexicon set and RiskLens software than a real treatise on how to quantify cyber risk. The only mention of probability distributions gives a perplexing description.

The principle is good - leading people through the things they should consider when evaluating risk, but after that it turns to a very prescriptive method that does not allow for non-financial risks, or mitigations, etc.
One person found this helpful
 Report