I am the author of a german textbook about risk management in cyber security (one of my professional fields of expertise).
Here is a link to its official publication page
You can also find it on Amazon.
The book deals with the entire risk management process, with a focus on proper risk analysis. Spoilers: Your red-yellow-green or “low”, “medium”, “high” stuff is bad. It was invented by people who didn’t know what they were doing (20+ years ago, including me) and then copied by other people who knew even less.