Book Review: Info Risk

​Butterworth-Heinemann; Elsevier.com; 408 pages; $49.95.

Factor analysis of information risk (FAIR) is a methodology for understanding and analyzing information risk. Measuring and Managing Information Risk: A FAIR Approach provides extraordinary detail, explaining both the essentials and fine details of the FAIR process.

This book is informative and insightful—and surprisingly engaging. Using examples, anecdotes, and metaphors, the writers keep this educational work from becoming difficult.

Comprehensively explaining FAIR ontology in all its layers and complexities, the book includes thorough definitions of the terminology, many examples for applying the concepts, and detailed explanations of each step of the process from preparation through presentation and implementation. It examines challenges and common mistakes and suggests multiple solutions to suit different cultures, leadership, and scope of work. Diagrams and tables provide specific examples and a thorough index allows for quick reference to key words and concepts.

This is advanced material presented in a style that’s often humorous while still focused. The authors’ expertise is obvious in their detailed explanations of fact and theory, and in their relaxed approach to this complex subject matter. Professionals new to thorough information risk analysis or using more simplified approaches will find this book extremely useful.

Reviewer: Lex Holloway, CPP, is director of security for Caris Life Sciences. He is a member of ASIS and serves on the ASIS Healthcare Security Council.