The presence of potential risks to an organization or individual is greater than ever, now in the digital era. Understanding your vulnerabilities and what you can do to mitigate those risks is fundamental.
Here is a list of books that offer a breakdown of information security and risk management since its beginnings and rise in need. The importance of having a deeper understanding of risk management and well-planned structures in place has become evident, especially in recent years, due to the pandemic and the sudden change in how business is conducted. Knowing how to best implement a secure system in your organization to assess your vulnerabilities and lessen potential risks is vital.
Principles of Information Security 6th Edition by Michael E. Whitman and Hebert J. Mattord
A comprehensive and easy-to-follow read in giving an introduction to different aspects of the Information Security field. This book highlights important keywords to focus on, all the while providing the definitions of those words for quick, easy access, when needed, for reference or review. A helpful read, especially for beginners in the field, who are looking to master the latest technology and developments, taking a managerial approach, this book emphasizes all aspects of information security, rather than just a technical control perspective, with information also being presented through risk management charts. With detailed explanations to ensure understanding, you get an overview of the entire field of information security, related elements, used terminology, and a history of the discipline as you learn how to manage an information security program. This edition of Principles of Information Security provides the latest practices with all new examples that explore the impact of emerging technologies, such as IoT, the cloud, etc.
Risk Savvy: How to Make Good Decisions by Gerd Gigerenzer
The book provides insight into the broadening and understanding of risk and probability. As per the common view, humans are probability-blind and predictable decision-makers. With this in mind, the book makes for a good read on useful tools for dealing with risk and uncertainty, arguing that it is perfectly possible to remove our seemingly hardwired cognitive biases, where the author provides three important angles of probability for the reader. In the digital era, science is really about building models that make useful predictions. Models will not make much sense if you do not understand the underlying concepts of risk and related terms, and usually, the risks you are chasing will come to pass in a totally unanticipated manner. The author notes how sometimes the rule of thumb, relying on heuristics, may perform better than a complex strategy suggested for a problem. Risk Savvy tackles several topics with a primary focus on understanding statistics in terms of relative frequency.
The Essentials of Risk Management, 2nd Edition by Michel Crouhy, Dan Galai, Robert Mark
A suitable read for both risk and non-risk professionals to best understand the importance of staying up-to-date with the continuously evolving best practices, methodologies, infrastructures, and many more concepts, tools, and resources of risk management. An easy-to-understand guide that introduces to the reader the increasing demand to perform sophisticated assessments of organizations’ risk exposure. Risk management is no longer limited solely to risk management specialists, now, stakeholders, employees, and investors must understand, as well as be satisfied, with the organization’s risk management program. It delves into the latest methods for implementing an Enterprise Risk Management approach within organizations, measuring and transferring risk, as well as measuring risk management transparency. Using examples from real-life scenarios, the authors draw lessons and thoroughly explain shortcomings in traditional risk management by discussing frameworks, governance, and operational risk, among others.
Fundamentals of Information Systems Security 3rd Edition by David Kim and Michael G. Solomon
An easy to read, with lots of references, this book explains information systems security to those involved in, or interested in pursuing the IT field and offers a comprehensive overview of the essential concepts in information security. A good resource for readers who are seeking fundamental knowledge relating to the terminologies and proper handling regarding compromise data and how to mitigate these risks, and those who desire additional material on information security standards, education, professional certifications, and compliance laws. The authors note the importance of an organization to develop policies in order to have secure systems in place for smoother business operations, as well as explaining several types of malicious attacks, what different methods can be used to infiltrate a system, and how to combat those circumstances. An exploration of how businesses, governments, and individuals are operating today in a digital world, as well as the new risks, threats, and vulnerabilities associated with it.
