The following are resources I recommend to anyone interested in the management of information systems security (AKA cybersecurity). The first item is my book:
Carlson, Christopher T. How to Manage Cybersecurity Risk – A Security Leader’s Roadmap with Open FAIR. Universal Publishers, 2019
Freund, Jack and Jack Jones. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, 2015.
Hubbard, Douglas W. The Failure of Risk Management – Why It’s Broken and How to Fix It. Wiley 2009
Hubbard, Douglas W. and Seiersen, Richard How to Measure Anything in Cybersecurity Risk. Wiley, 2016.
Savage, Sam L. The Flaw of Averages. Wiley, 2012