DOWNLOAD THE APP
Customer Services
Copyright © 2025 Desertcart Holdings Limited
DOWNLOAD THE APP
🛡️ Elevate your security IQ — don’t get left behind in the risk management revolution!
This well-reviewed textbook by Evan Wheeler offers a practical, beginner-friendly approach to building and managing an information security risk program. Featuring clear explanations, real-world case studies, and a fresh perspective on prioritizing risk over flashy tools, it empowers professionals to implement effective security strategies immediately.
| Best Sellers Rank | #1,432,313 in Books ( See Top 100 in Books ) #261 in Risk Management (Books) #304 in Management Information Systems #724 in Information Management (Books) |
| Customer Reviews | 4.6 out of 5 stars 100 Reviews |
B**N
An approachable, well-thought out textbook and reference guide for infosec risk management
This book is an excellent and practical introduction to information security risk management. Wheeler starts off with overviews of basic concepts, like how to define and understand risk and its components, breaks down common pitfalls of infosec (like ignoring business needs), and launches into a usable, approachable structure that you can use to asses and deal with risk in your network or organization. The book is full of case studies and security "deep dives" where concepts introduced in the previous chapter are used in real world situations. The writing is clear and refreshingly informal, and the lessons in the book can be put into practice immediately at your organization. Wheeler even includes four chapters at the end of book that introduce a practical approach to creating a formal and effective risk management system in organizations that lack one. Overall, well written, doesn't require you to have experience in info to understand it, and useful.
G**Y
Fresh Thinking, Valuable To All Practitioners
Finally some sensible thinking about security and risk. As a practitioner there is huge need for fresh thinking in the IT security field. Where we are right now is just not effective or even manageable. This is a good place to start for a new or reemphasized approach. We currently have the cart before the horse. Or maybe a cart with no horse at all. Everything begins and ends with risk, and not with the newest flashy security tool.
J**N
Not meant for "CISSPs".
This is good book and nothing inherently wrong with the CISSP BOK, but I don't want anyone to be discouraged by the negative reviews on here. If you are a Security Architect, or would like to be as you gain more experience in a very difficult field, this is a solid 4 star book. If you took a test and think you are some kind of "security professional" who doesn't need to learn anything else, don't buy this book, and please find another profession.
S**E
A Must-Read to build RA Program
Outstanding explanation & how-to of Risk Assessments that exceeds CRISC BOK. Book is a must-read before taking the CRISC exam & marketing your resume or beginning your RA program.
A**R
Awesome book for understanding IT Risk Management
Easy to read and informative. Explains the full cycle of risk management with real world examples. Will continue to use this book as a reference.
R**N
Excellent resource
This was very helpful to me in my career. I am CRISC certified, but I found this to be a great tool as I will be starting a program from scratch and has a very down-to-earth approach.
J**S
A must for all practitioners!
Fantastic book that provides a valuable framework for all practitioners hoping to engage with their security organizations in a more productive relationship.
C**S
Its a good read. Very complete information
Its a good read. Very complete information, I found it easy to read and understand and I don't have a technical background.
Trustpilot
5 days ago
1 week ago