Security Risk Management: Building an Information Security Risk Management Program from the Ground Up 1st Edition

This book is an excellent and practical introduction to information security risk management. Wheeler starts off with overviews of basic concepts, like how to define and understand risk and its components, breaks down common pitfalls of infosec (like ignoring business needs), and launches into a usable, approachable structure that you can use to asses and deal with risk in your network or organization. The book is full of case studies and security "deep dives" where concepts introduced in the previous chapter are used in real world situations. The writing is clear and refreshingly informal, and the lessons in the book can be put into practice immediately at your organization. Wheeler even includes four chapters at the end of book that introduce a practical approach to creating a formal and effective risk management system in organizations that lack one.Overall, well written, doesn't require you to have experience in info to understand it, and useful.

Finally some sensible thinking about security and risk. As a practitioner there is huge need for fresh thinking in the IT security field. Where we are right now is just not effective or even manageable. This is a good place to start for a new or reemphasized approach. We currently have the cart before the horse. Or maybe a cart with no horse at all. Everything begins and ends with risk, and not with the newest flashy security tool.

This is good book and nothing inherently wrong with the CISSP BOK, but I don't want anyone to be discouraged by the negative reviews on here. If you are a Security Architect, or would like to be as you gain more experience in a very difficult field, this is a solid 4 star book. If you took a test and think you are some kind of "security professional" who doesn't need to learn anything else, don't buy this book, and please find another profession.

Outstanding explanation & how-to of Risk Assessments that exceeds CRISC BOK. Book is a must-read before taking the CRISC exam & marketing your resume or beginning your RA program.

Easy to read and informative. Explains the full cycle of risk management with real world examples. Will continue to use this book as a reference.

This was very helpful to me in my career. I am CRISC certified, but I found this to be a great tool as I will be starting a program from scratch and has a very down-to-earth approach.

Fantastic book that provides a valuable framework for all practitioners hoping to engage with their security organizations in a more productive relationship.

Excellent. No other Risk Management reference material is needed. An effective guide to creating framework and risk analysys process for just about any industry.