The following are resources I recommend to anyone interested in the management of information systems security (AKA cybersecurity). The first item is my book:

Carlson, Christopher T. How to Manage Cybersecurity Risk – A Security Leader’s Roadmap with Open FAIR. Universal Publishers, 2019


The Open Group – Risk Analysis Standards, Guides and Whitepapers


Freund, Jack and Jack Jones. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, 2015.

Hubbard, Douglas W. The Failure of Risk Management – Why It’s Broken and How to Fix It. Wiley 2009

Hubbard, Douglas W. and Seiersen, Richard How to Measure Anything in Cybersecurity Risk. Wiley, 2016.

Savage, Sam L. The Flaw of Averages. Wiley, 2012


The Open Group – Security Forum

Probability Management

Society for Information Risk Analysts (SIRA)

On the Web

Data Breach Investigation Reports (DIBR)

Unified Compliance Framework