Risk related books are a dime a dozen nowadays. Many are rehashing the stuff that was new and hot a couple of decades ago, fewer are keeping up with the industry maturation and even fewer are applying the academic learnings to the industry. Here’s a short list of a few books that I’ve read in the past and re-read now, either for reference, for new appreciation of the depths that I missed before, or to see if they’re still current.
Risk management is by definition very academic, and I don’t mean that in the pejorative meaning as is too frequently bandied about in the industry. By academic I mean simply: “unless you know exactly what you’re doing and why, you’re probably doing it wrong.”
This is a very typical “academic” book on risk, taking in its sights 20 of the most popular misconceptions and I’m sure most risk practitioners will have seen at least half of them during their career. The most popular misconceptions are dealt with early in the book. Personal note: nothing says “I have no idea what I’m doing” than using and presenting expected value in risk calculations. Serious tome, in places deep in statistics, in other places deep in social aspects of risk.
This book turns the typical “risk management” and “risk analysis” terms on their head. Understandable, seeing that the term “risk analysis” is older and more commonly used by professionals than the current “risk management everything” trend promulgated by business graduates and compliance nerds. This is a reference book that you will return to time and again, and whilst some parts may date it a bit and other parts may feel a bit light on the ground it is still one of the few go-to books.
Measuring and Managing Information Risk: A FAIR Approach Kindle PDF by Jack Jones and Jack Freund
Yes, this book is written with FAIR (Factor Analysis of Information Risk) in mind, but is a perfect reference for those (of us) that are deep in information risk management and need a decent framework to support their work. FAIR provides a strong framework, but it will not make your bad inputs suddenly appear great. Other books will help you evaluate inputs to get decent outputs, present those to the decision makers and ensure that you are cognizant of biases and shortcuts that may have been taken.
The Feeling of Risk: New Perspectives on Risk Perception Kindle by Paul Slovic
Whilst it is true that risk and perception of it are not the same thing empirically (risk exists regardless of if you’re perceiving it or not and it is independent of your perception of it) the understanding of the power of risk perception is necessary for risk professionals that hope to do their job right. Risk perception affects the decision maker’s decisions more than any “by the numbers” risk calculation ever could. Good risk communication will take risk perception in its stride. If there’s work that marries Psychometric Paradigm (Hello, Fischhoff) with Cultural Theory (Hello, Douglas and Wildavsky) it is the work of Slovic.
The Thinker’s Toolkit: 14 Powerful Techniques for Problem Solving Kindle by Morgan D. Jones
Understanding and properly formulating the problem is the heavy lifting of any risk assessment and successful decision making. This book won’t let you just jump into “analysis” without first considering the problem from all perspectives and then reformulating the question until you arrive at the root cause. There are plenty of activities for the reader and those really help internalise the proper analysis structure and thinking about problems. Helpful, very helpful to intelligence analysts and extremely helpful to risk analysts. Get it, you won’t regret it. (And it’s a bargain, compared to other books on the list).