Recommended Reading

General

Predictably Irrational, Revised and Expanded Edition: The Hidden Forces That Shape Our Decisions by Dan Ariely

Jay Jacobs: Focused on Behavioral Economics this book gives a glimpse into the motivations of people and the rationale, biases and fallacies that influence the decision process.

Foundations of Risk Analysis: A Knowledge and Decision-Oriented Perspective by Terje Aven

Misconceptions of Risk by Terje Aven

Against the Gods: The Remarkable Story of Risk by Peter Bernstein

Jay Jacobs: I loved this book. Really put risk into context by looking at how it has been perceived throughout time. Plus this was were I first read about Pascal and others hanging out in Paris discussing Mathematics and the probability. The section on the birth of Lloyd's of London was incredibly intriguing and too short in my opinion. Just think of how many "medium risk" ships were over-insured in Lloyd's coffee shop.

The Psychology of Risk by Glynis M. Breakwell

Ron Woerner: I quickly scanned it at a local library and it appears to be a nice resource on how we think about risk. From the book description, "Risk surrounds and envelopes us. Without understanding it, we risk everything and without capitalizing on it, we gain nothing. This accessible new book from Glynis M. Breakwell comprehensively explores the psychology of risk, examining how individuals think, feel and act, as well as considering the institutional and societal assessments, rhetorics and reactions about risk. Featuring chapters on all the major issues in the psychology of risk including risk assessment, hazard perception, decision-making, risk and crisis management, risk and emotion, risk communication, safety cultures, the social amplification and social representation of risk and mechanisms for changing risk responses"

Risk Analysis of Complex and Uncertain Systems by Louis Anthony Cox

Jeff Lowder: Tony Cox is one of the top risk scholars in the world. This is a very technical (and expensive!) book, but is a must-have for anyone who is serious about risk analysis. Among its many gems, the book contains a fascinating critique of risk matrices; Cox concludes that in many cases they are worse than useless — they do more harm than good.

The Logic Of Failure: Recognizing And Avoiding Error In Complex Situations by Dietrich Dorner

The Science of Fear: How the Culture of Fear Manipulates Your Brain by Daniel Gardner

Ron Woerner: This is the book Bruce Schneier recommends on understanding how humans perceive and deal with fear. It's important to understand human perspectives of risk in order to apply proper mitigation techniques.

Calculated Risks: How to Know When Numbers Deceive You by Gerd Gigerenzer

Jeff Lowder: This non-technical book is a fascinating, empirical study in what works and doesn't work in risk communication. The author provides fascinating, empirical case studies of how risk managers' failure to understand and effectively communicate conditional probabilities has had harmful effects. Gigerenzer argues that "natural frequencies" should replace conditional probabilities in risk communication.

Blink: The Power of Thinking Without Thinking by Malcolm Gladwell

How to Measure Anything: Finding the Value of Intangibles in Business by Doug Hubbard

The Failure of Risk Management: Why It's Broken and How to Fix It by Doug Hubbard

Jay Jacobs: Both of Hubbard's books are staples for anyone attempting risk management.

Assessing and Managing Security Risk in IT Systems: A Structured Methodology by John McCumber

Jeff Lowder: Introduces the "McCumber Cube" concept for thinking about information security risks, which forces you to consciously think about risks to the confidentiality, integrity, and availability of information in each of its states (storage, transit, processing).

The Drunkard's Walk: How Randomness Rules Our Lives by Leonard Mlodinow

Jay Jacobs: Randomness is really the lack of probability and this book made me question my own belief in seeking cause-n-effect by questioning events as simply being a product of randomness.

Chris Hayes: The reason I loved this book is because it established historical context on the subject of risk and probability; dating back a LONG time ago.

Computer-Related Risks by Peter G. Neumann

Dan Philpott: Excellent source book when looking for an example of a particular RISKS.

Organized Uncertainty: Designing a World of Risk Management by Michael Power

Risk: A Philosophical Introduction to the Theory of Risk Evaluation and Management by Nicholas Rescher

Jeff Lowder: It's unfortunate this book is out of print, since all risk managers would benefit from reading it. Rescher provides much-needed clarity around the central concepts of risk evaluation and management.

The Flaw of Averages: Why We Underestimate Risk in the Face of Uncertainty by Sam L. Savage, Jeff Danziger

Chris Hayes: Savage has written an entire book about the flawed tendency to only use "average" values for modeling and decision making. He also introduces the reader to the DIST standard; which is my particular interest. I am only a few chapters in to the book - but already, it is challenging me to refine how I articulate some risk values to management.

The Black Swan: The Impact of the Highly Improbable by Nassim Nicholas Taleb

Dan Philpott: It was bound to end up here anyway so I added it. Houses the most abused current argument for the limits of risk management and metaphor for ceding responsibility, the Black Swan event.

Alex: Gaaaaahhhhhhhhhhhh!!'!!!!!!!!!!! Furrrrrrrrrr!!!!!!!!! Gnughrfuvlsnoffinhaster

Risk Analysis: A Quantitative Guide by David Vose

Chris Hayes: Absolute must have

IT Risk: Turning Business Threats into Competitive Advantage by George Westerman and Richard Hunter

Jeff Lowder: This book is surprisingly light on the methodology used to estimate the probability and impact ofIT risks, but that is more than offset by the excellent suggestions around building a culture of risk management within organizations. It also introduces the 4A framework for IT risk management, which I found to be very innovative.

Methodology or Standards-Specific

Managing Information Security Risks: The OCTAVE Approach by Christopher Alberts and Audree Dorofee

Technical Standard - Risk Taxonomy by The Open Group

Chris Carlson: A reference to FAIR is certainly handy.

Risk Communication

Calculated Risks by Gerd Gigerenzer (2002)

Jeff Lowder: Gigerenzer advocates using what he calls the "natural frequencies" approach for communicating and thinking about risks, in order to avoid the base rate fallacy.

Sandman, Peter M. Responding to Community Outrage: Strategies for Effective Risk Communication.Fairfax: American Industrial Hygiene Association, 1993. Republished electronically at http://www.psandman.com/media/RespondingtoCommunityOutrage.pdf.

Jeff Lowder: Sandman is arguably one of the top risk communication experts in the world. He is famous for his "Risk=Hazard + Outrage" model for thinking about risk communication.

Risk Matrices

"What's Wrong with Risk Matrices?" by Tony Cox (2008)

Jeff Lowder: The definitive overview of the problems with risk matrices.

Talbot, Julian. "What's Right with Risk Matrices." http://knol.google.com/k/what-s-right-with-risk-matrices.

Verbal Probability Expressions

"How Probable is Probable?" by R. Beyth-Marom (1982)

"Effective Communication of Uncertainty in the IPCC Reports" by Budescu et al. (2011)

Jeff Lowder: Provides an outstanding overview of the last 2-3 decades of empirical research into the use of linguistic or verbal expressions to communicate uncertainty or probability.

"Consistency in Interpretation of Probabilistic Phrases" by Budescu and Wallsten (1985)

Psychology of Intelligence Analysis by Richards J. Heuer Jr. – https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/psychology-of-intelligence-analysis/index.html.

"Words of Estimative Probability" by Sherman Kent – https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/sherman-kent-and-the-board-of-national-estimates-collected-essays/6words.html.

"Understanding and Using Linguistic Uncertainties" by Wallsten, Budescu, and Erev (1988)

"The Definition of Some Estimative Expressions" by David L. Wark – CIA Link

"Verbal Probabilities: Ambiguous, Context-Dependent, or Both?" by Wibecke Brun and Karl Halvor Teigen (1988)