The following are resources I recommend to anyone interested in the management of information systems security (AKA cybersecurity). The first item is my book:
Carlson, Christopher T. How to Manage Cybersecurity Risk – A Security Leader’s Roadmap with Open FAIR. Universal Publishers, 2019
Standards
The Open Group – Risk Analysis Standards, Guides and Whitepapers
Books
Freund, Jack and Jack Jones. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, 2015.
Hubbard, Douglas W. The Failure of Risk Management – Why It’s Broken and How to Fix It. Wiley 2009
Hubbard, Douglas W. and Seiersen, Richard How to Measure Anything in Cybersecurity Risk. Wiley, 2016.
Savage, Sam L. The Flaw of Averages. Wiley, 2012
Organizations
The Open Group – Security Forum
Society for Information Risk Analysts (SIRA)
How to Manage Cybersecurity Risk 