Below are a range of foundational books to develop a career in risk. These cover topics including behaviour, career, coaching, and more. Behaviour Micromotives and Macrobehavior, by Thomas C. Schelling (1978) Career Range, by David Epstein (2019) Coaching Coaching for Performance, By John Whitmore Consulting Humble Consulting, Edgar Schein (2016) Control Management Control Systems, Merchant Cyber Risk How to Measure Anything in Cybersecurity Risk, by Douglas W. Hubbard & Richard Seiersen The Metrics Manifesto, by Richard Seiersen Cyber Security Cybersecurity and Cyberwar: What Everyone Needs to Know, by P.W. Singer and Allan Friedman (2014) Cybersecurity First Principles, by Rick Howard (published March 2023) Economics 21st Century Economics Enterprise Risk Management Enterprise Risk Management, Marchetti Ethics, Compliance Humanizing Rules, Christian Hunt Forecasting and Future The Next 100 Years, by George Friedman Fraud Financial Shenanigans, by Howard Schilit. First published in 1993, this classic book is now into its Fourth Edition. Financial Shenanigans is an essential read to understand how companies can manipulate their financial reports through accounting gimmicks, and how to detect it. The book will equip you better to detect fraud, avoid bad investments and notice where a company’s real financial position may be misrepresented. Perfect for auditors, investors, and finance professionals. ...

[…] the Red Flags Rule ..[…] .. Sometimes it’s referred to as one of the Fair Credit Reporting Act’s Identity Theft Rules and it appears in the Code of Federal Regulations as “Detection, Prevention, and Mitigation of Identity Theft.”) The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or red flags – of identity theft in their day-to-day operations. link ...

Red Hat OpenShift is a Kubernetes-based platform for building, deploying, and managing containerised applications at scale. OpenShift can be hosted on-premises, in public or private clouds, or as a fully managed service. Hosting vendors include AWS, Microsoft Azure, Google Cloud, IBM Cloud, and as well as Red Hat OpenShift Dedicated. Learning Paths Red Hat Developer - OpenShift Learning Path. A guided learning path including use of the Red Hat developer sandbox. (Sign up required) Further reading Red Hat OpenShift (redhat.com) OpenShift (wikipedia.com) OpenShift Documentation (docs.redhat.com) [Openshift (developers.redhat.com)](https://developers.redhat.com/products/openshift/ Red Hat OpenShift Dedicatedoverview) Red Hat OpenShift security guide (PDF) Related pages Kubernetes

Regulation is how governments and other authorities address societal risks, promote fair markets, and ensure the protection of consumers and broader public interests. Financial service regulation protects markets, consumers, and overall stability, and is increasing in importance as digital risks grow. With increasing reliance on technology, institutions face an increasing threat landscape with the risk of disruption. To address this, regulators enforce measures like cybersecurity protocols and data privacy rules, helping reduce these risks and build trust in digital ecosystems.

European AI Office UK’s AI Safety Institute Further reading AI Watch: Global regulatory tracker - United Kingdom

Communication through writing, often in the form of reports, is a critical skill to master as a risk professional. Effective report writing ensures that findings and recommendations are clearly communicated to stakeholders, facilitating informed decision-making and promoting transparency within the organization. Further reading A guide to Report-writing for Internal Auditors (PDF)

Further reading Demystifying RCSA: 6 Critical Factors to Modernize Your Risk and Control Self-Assessment Framework - Metricstream What is a Risk and Control Self Assessment (RCSA)? - Auditboard Risk and control self-assessment: What’s next? How technology can evolve the RCSA process for better risk-based decisions - KPMG (PDF)

An overview of risk-based vulnerability management and its importance in cybersecurity.

Risks around Agentic AI Meredith Whittaker, president of the Signal Foundation, discusses some of the risks around Agentic AI. Further reading Signal President Meredith Whittaker calls out agentic AI as having ‘profound’ security and privacy issues - TechCrunch

Role-Based Access Control (RBAC) is a method of managing access to computer or network resources by assigning permissions to predefined roles based on job functions or responsibilities within an organization. By linking users to roles rather than assigning permissions directly, RBAC simplifies permission management, reduces the risk of unauthorised access, and enhances scalability. For example, an accountant may have access to financial reporting but not HR systems. Widely used in enterprise technology environments, RBAC supports compliance with security policies and regulatory requirements while ensuring efficient and understandable access management. ...

Further reading Schrems II a summary – all you need to know The CJEU judgment in the Schrems II case (European Parliament) (PDF) What is Schrems II and how does it affect your data protection in 2021? (Thales) Related pages US CLOUD Act