Measuring and Managing Information Risk,

Edition 2 A FAIR Approach

Editors: By Jack Freund and Jack Jones

Publication Date: 08 Dec 2025

0 Reviews

Hazards

The publication contains no hazards

Conformance

PDF/UA-1
The publication contains a conformance statement that it meets the EPUB Accessibility 1.1, WCAG 2.1, Level AA standard. Please see https://bornaccessible.benetech.org/certified-publishers/ for further details of our compatibility testing.
The publication was certified on 20250728
Accessibility addendum
The certifier's credential is https://bornaccessible.benetech.org/certified-publishers/
For detailed accessibility information, see Elsevier’s website at https://www-elsevier-com.ucc.idm.oclc.org/about/accessibility
Compatibility tested
For queries regarding accessibility information, contact [email protected]

Ways Of Reading

This e-publication is accessible to the full extent that the file format and types of content allow, on a specific reading device, by default, without necessarily including any additions such as textual descriptions of images or enhanced navigation.
Short alternative textual descriptions
Information-rich images are described by extended descriptions
Visualised data also available as non-graphical data
All contents of the digital publication necessary to use and understanding, including any text, images (via alternative descriptions), video (via audio description) is fully accessible via suitable audio reproduction.

Navigation

The contents of the PDF have been tagged to permit access by assistive technologies as per PDF-UA-1 standard.
Index with links to referenced entries
Page breaks included from the original print source
Elements such as headings, tables, etc. for structured navigation

Additional Accessibility Information

All (or substantially all) textual matter is arranged in a single logical reading order (including text that is visually presented as separate from the main text flow, e.g., in boxouts, captions, tables, footnotes, endnotes, citations, etc.). Non-textual content is also linked from within this logical reading order. (Purely decorative non-text content can be ignored).
The language of the text has been specified (e.g., via the HTML or XML lang attribute) to optimise text-to-speech (and other alternative renderings), both at the whole document level and, where appropriate, for individual words, phrases or passages in a different language.
For readers with color vision deficiency, use of color (e.g., in diagrams, graphics and charts, in prompts, or on buttons inviting a response) is not the sole means of graphical distinction or of conveying information
Content is enhanced with ARIA roles to optimize organization and facilitate navigation
Where interactive content is included in the product, controls are provided (e.g., for speed, pause and resume, reset) and labelled to make their use clear.
Content provides explanations for unusual words, abbreviations, acronyms, idioms, jargon in an accessible form, such as glossaries, scripted pop-ups.

WCAG v2.2

Product Content

Content includes any type of illustrations.
The primary content is text.
Content includes a significant number of actionable (clickable) cross-references, hyperlinked notes and annotations, or with other actionable links between largely textual elements (e.g., quiz/test questions, ‘choose your own ending’, etc.).
Content includes photographs, whether in a plate section / insert or not.
Content includes figures, diagrams, charts and/or graphs, including other ‘mechanical’ (i.e. non-photographic) illustrations.
Content includes chemical notations, formulae.
Content includes mathematical notations, formulae.

Note

This product relies on 3rd party tooling which may impact the accessibility features visible in inspection copies. All accessibility features mentioned would be present in the purchased version of the title.

Measuring and Managing Information Risk: A FAIR Approach, Second Edition provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity using the Factor Analysis of Information Risk (FAIR) methodology developed over ten years and adopted by corporations worldwide. This new edition covers such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, and also includes new chapters and essays from industry professionals. It provides a step-by-step guide to help managers make better business decisions by understanding their organizational risk.

The field has advanced significantly in the past 10 years and this all-new edition reiterates the importance of the foundations of risk measurement but adds information about modern methods to integrate quantitative risk assessment methods into your security programs. This includes the integration of security telemetry data, outside data sources, approaches to automating FAIR assessments, and how to align methods and programs to security standards and regulations. Further discussed is how such approaches are being used by third-party agencies to provide CRQ data to the investors, underwriters, and regulators. This book is a valuable resource for all those who need the foundations, methods, and techniques for measuring, assessing, and communicating cyber risk to enable an organization to build an organizational IT risk management program. It serves as both a practical how-to guide for those new to the industry as well as tenured professionals that need a formalized guide for implementation.

Key Features

Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization, with insights on how to apply the FAIR methodology based on over 15 years of applied experience
Balances theory with practical applicability and relevant stories of successful implementation
Includes examples from a wide variety of businesses and situations presented in an accessible writing style
New to this edition: new chapters on Standards and Regulatory Alignment, Building Quantitative Risk Programs, and Assessment Automation, as well as significant revisions to cover the new FAIR-CAM standard and short essays from others in the industry

About the author

By Jack Freund, VP, Head of Cyber Risk Methodology for BitSight, US and Jack Jones, Co-founder and president of CXOWARE, Inc., US

1. Introduction
2. Risk Concepts
3. FAIR Risk Ontology
4. FAIR Terminology
5. Measurement
6. Analysis Process
7. Interpreting Results
8. Risk Analysis Examples
9. Common Problems
10. Controls
11. Standards and Regulatory Alignment
12. Organizational Risk Decision Making
13. Metrics
14. Implementing Risk Management
15. Building Quantitative Risk Programs
16. Assessment Automation
17. Risk Measurement Red Flags
18. Invited Contribution

ISBN: 9780443134845

Page Count: 380

Retail Price :

Security and risk executives, directors, managers, and analysts; IT risk managers; information security professionals, students of OpenGroup’s FAIR Certified Risk Analyst Certification Exam, graduate business or IT students taking courses in risk management and IT security Those new to the field of cybersecurity, including people in mathematical or quantitative professions (mathematics, economics, accounting, and business management), as well as those in adjacent professions such as life sciences