Reading List on Risk Assessment and Risk Management

The following extensive reading list has been compiled from several sources such as,, Shared Assessments, Sira and Auditnet:

Predictably Irrational, Revised and Expanded Edition: The Hidden Forces That Shape Our Decisionsbook Ariely, Dan

Foundations of Risk Analysis: A Knowledge and Decision-Oriented Perspective (Wiley Series in Probability and Statistics)book Aven, Terje

Misconceptions of Risk Aven, Terje

Against the Gods: The Remarkable Story of Riskbook Bernstein, Peter

The Psychology of Riskbook Breakwell, Glynis M.

Risk Analysis of Complex and Uncertain Systems (International Series in Operations Research & Management Science)book Cox, Louis Anthony.

The Logic Of Failure: Recognizing And Avoiding Error In Complex Situationsbook Dorner, Dietrich

The Science of Fear: How the Culture of Fear Manipulates Your Brainbook Gardner, Daniel

Calculated Risks: How to Know When Numbers Deceive Youbook Gigerenzer, Gerd

Blink: The Power of Thinking Without Thinkingbook Gladwell, Malcolm

How to Measure Anything: Finding the Value of Intangibles in Businessbook Hubbard, Doug 

The Failure of Risk Management: Why It's Broken and How to Fix Itbook Hubbard, Doug

Assessing and Managing Security Risk in IT Systems: A Structured Methodologybook McCumber, John

The Drunkard's Walk: How Randomness Rules Our Lives (Vintage)book Mlodinow, Leonard

Computer-Related Risksbook Neumann, Peter G

Organized Uncertainty: Designing a World of Risk Managementbook Power, Michael

Risk: A Philosophical Introduction to the Theory of Risk Evaluation and Management Rescher, Nicholas.

The Flaw of Averages: Why We Underestimate Risk in the Face of Uncertaintybook Savage, Sam L., Jeff Danziger

The Black Swan: Second Edition: The Impact of the Highly Improbable: With a new section: "On Robustness and Fragility"book Taleb, Nassim Nicholas

Risk Analysis: A Quantitative Guidebook Vose, David

IT Risk: Turning Business Threats into Competitive Advantagebook Westerman, George and Richard Hunter


Methodology or Standards-Specific

Managing Information Security Risks: The OCTAVE (SM) Approachbook Alberts, Christopher and Audree Dorofee.

"Technical Standard - Risk Taxonomy" The Open Group


Risk Communication


Gigerenzer, Gerd. Calculated Risks: How to Know When Numbers Deceive You. New York: Simon &Schuster, 2002.

Sandman, Peter M. Responding to Community Outrage: Strategies for Effective Risk Communication.Fairfax: American Industrial Hygiene Association, 1993. Republished electronically at

Risk Matrices

Cox, Tony. "What's Wrong with Risk Matrices?Risk Analysis 28 (2008): 497-512, DOI: 10.1111/j.1539-6924.2008.01030.x.

Talbot, Julian. "What's Right with Risk Matrices."

Verbal Probability Expressions

Beyth-Marom, R., "How Probable is Probable? A Numerical Translation of Verbal Probability ExpressionsJ. Forecast 1 (1982): 256-269, doi: 10.1002/for.3980010305.

Budescu, David V., Han-Hui Por, and Stephen B. Broomell, "Effective Communication of Uncertainty in the IPCCReportsClimatic Change  (in press), doi:10.1007/s10584-011-0330-3, electronically published on 23 November 2011.

Budescu, David V., and Wallsten, Thomas G., "Consistency in Interpretation of Probabilistic Phrases" Organizational Behavior Human Decision Processes 36 (1985): 391-405.

Heuer, Jr., Richards J. Psychology of Intelligence Analysis. n.p.: Central Intelligence Agency, 1999. Republished electronically at

Kent, Sherman. "Words of Estimative Probability." Central Intelligence Agency Study for the Center of Intelligence (1964),

Wallsten, Thomas G., David V. Budescu, and Ido Erev, "Understanding and Using Linguistic UncertaintiesActa Psychologica 68 (1988): 39-52.

Wark, David L. "The Definition of Some Estimative Expressions." Central Intelligence Agency Study for the Center of Intelligence (n.d.),

Wibecke Brun, Karl Halvor Teigen, "Verbal Probabilities: Ambiguous, Context-Dependent, or Both?," Organizational Behavior and Human Decision Processes, 41 (1988), 390-404, doi: 10.1016/0749-5978(88)90036-2.


Post new comment

The content of this field is kept private and will not be shown publicly.