I’m a few months late mentioning this, but the new edition of Measuring and Managing Information Risk: A FAIR Approach is out.

This isn’t a light refresh. It reflects how quantitative risk management has evolved over the last decade: what’s working, what’s not, and where organizations are still getting stuck. And no more screensaver passwords.

One chapter I’m particularly glad we expanded is the one on automation because If your quant practice depends entirely on manual spreadsheets and hero analysts, it won’t scale. Automation doesn’t mean pushing a button and getting “the risk number.” It means building repeatable scenario structures, reusable data inputs, defensible calibration approaches, and workflows that allow analysis to be embedded into how decisions are actually made.

We kept the same underlying premise as always: stop debating subjective labels. Start modeling probable loss in financial terms, with explicit uncertainty.

If you have the first edition, this one goes meaningfully deeper, especially if you’re trying to operationalize FAIR instead of just “doing an analysis.”