
Here are some of the best-selling books on information security risk management:
- “Security Risk Management: Building an Information Security Risk Management Program from the Ground Up” by Evan Wheeler
- “The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice” by Jason Andress and Steven Winterfeld
- “Security Risk Assessment: Managing Physical and Operational Security” by John M. White
- “IT Risk: Turning Business Threats into Competitive Advantage” by George Westerman and Richard Hunter
- “Information Security Risk Management: Understanding ISO 27001” by Alan Calder and Steve Watkins
- “Risk Management Framework: A Lab-Based Approach to Securing Information Systems” by James Broad and Andrew Green
- “Cybersecurity and Infrastructure Protection: Background, Policy, and Issues” by Thomas A. Johnson
- “The Manager’s Guide to Cybersecurity Law: Essentials for Today’s Business” by Tari Schreider
- “NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems” by National Institute of Standards and Technology
- “Information Security: Principles and Practices” by Mark Merkow and Jim Breithaupt.
InfoSec Risk Assessment

ISO 27001/ISO 22301 RISK ASSESSMENT TOOLKIT