ISACA Journal
Volume 6, 2,015 

Book Reviews 

Risk Assessment and Decision Analysis with Bayesian Networks 

Norman Fenton and Martin Neil | Reviewed by Andrew Richardson, CISA, CISM, CRISC, MBCS, MCMI 

Risk Assessment and Decision Analysis with Bayesian Networks may at first appear to be a slightly daunting book. It is made up of nearly 500 pages of quite small print, and opening a page at random may reveal quite complex equations or diagrams. But do not be afraid. Start at the beginning, and you will find it is clear that this book is written to be understandable by professional people who are interested in risk assessment and decision making; readers do not need an in-depth knowledge of statistics for the book to be enjoyable and useful.

Bayesian networks are not new and are based on a theorem dating back to 1763, created by Reverend Thomas Bayes. They describe networks of causes and effects and use a graphical framework to provide the rigorous quantification of risk factors and clear communication of the results. Bayesian networks are now widely recognised as an exciting and powerful technology for risk assessment, uncertainty and decision making.

Risk Assessment and Decision Analysis with Bayesian Networks is a practical guide to the application of Bayesian networks, and the authors provide pragmatic advice about building Bayesian models in order to ensure efficiency. This is illustrated in a way so that the reader does not necessarily have to understand complex algorithms. The book is supported by a dedicated web site ( that contains executable versions of all of the models in the book, along with exercises and work solutions for all chapters. Readers also get access to a free version of Agenda Risk, a powerful commercial Bayesian network software tool.

The book is divided into 2 parts; the first 10 chapters teach all of the basics of probability and risk and about building and using Bayesian networks. The last 3 chapters delve into detailed application of modelling operational risk, systems reliability modelling and using Bayes in a legal setting.

The more mathematical topics are placed in boxes within the page or in the appendix to provide clarity by separating them from the main text. Throughout the publication there are notes, diagrams, exercises and a list of further reading for the reader who wishes to study a specific topic in greater depth.

For those looking to begin working with Bayesian networks, this book serves as an excellent starting point and provides guidance for readers on how to develop and run a Bayesian network model for risk assessment and decision making.

Editor’s Note

Risk Assessment and Decision Analysis with Bayesian Networks is available from the ISACA Bookstore. For information, visit, email or telephone +1.847.660.5650.

Reviewed by Andrew Richardson, CISA, CISM, CRISC, MBCS, MCMI, the group information security officer at AEGON UK. Richardson has more than 25 years of experience in IT, information security, audit and risk.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.