The following are resources I recommend to anyone interested in the management of information systems security (AKA cybersecurity). The first item is my book:
Carlson, Christopher T. How to Manage Cybersecurity Risk – A Security Leader’s Roadmap with Open FAIR. Universal Publishers, 2019
The Open Group – Risk Analysis Standards, Guides and Whitepapers
Freund, Jack and Jack Jones. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, 2015.
Hubbard, Douglas W. The Failure of Risk Management – Why It’s Broken and How to Fix It. Wiley 2009
Hubbard, Douglas W. and Seiersen, Richard How to Measure Anything in Cybersecurity Risk. Wiley, 2016.
Savage, Sam L. The Flaw of Averages. Wiley, 2012
The Open Group – Security Forum
Society for Information Risk Analysts (SIRA)
On the Web
Data Breach Investigation Reports (DIBR)