- Hardcover: 304 pages
- Publisher: Wiley; 1 edition (July 25, 2016)
- Language: English
- ISBN-10: 9781119085294
- ISBN-13: 978-1119085294
- ASIN: 1119085292
- Product Dimensions: 6.3 x 1.2 x 9.1 inches
- Shipping Weight: 1.1 pounds (View shipping rates and policies)
- Average Customer Review: 36 customer reviews
- Amazon Best Sellers Rank: #58,833 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
How to Measure Anything in Cybersecurity Risk 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Frequently bought together
Customers who viewed this item also viewed
From the Inside Flap
What if your single biggest cybersecurity risk was the risk assessment method itself? Even if your approach to assessing this critical risk makes you feel more confident about your decisions, you may actually be making things worse. How to Measure Anything in Cybersecurity Risk presents real solutions by skillfully applying the quantitative language of risk analysis to information security.
As with his previous How to Measure Anything books, measurement expert Douglas Hubbard simplifies the complexity of quantifying uncertainty and sheds light on matters with little data or seemingly intangible goalsand here he taps cybersecurity influencer Richard Seiersen to dispel long-held beliefs about cybersecurity practices and provide authoritative guidance to solving problems by measuring risk. Together, they debunk popular risk scores and risk matrices and replace them with scientifically proven, yet practical, quantitative methods.
Immediately useful, this practical guide offers an easy path to better risk assessment by describing a very simple quantitative solution, building on it with more advanced methods, and providing detailed advice for choosing the one for your needs. Regardless of your current understanding of cybersecurity or statistics, everything inside is fully accessible and equips you with a potent collection of strategies and tools from today's top experts in cybersecurity and risk assessment. This complete resource gets you there start to finish by:
- Debunking the most common arguments against using quantitative methods in cybersecurity
- Modeling risk with a variety of simple and advanced techniques for enhancing the usefulness of data in times of great uncertainty using free, downloadable spreadsheets
- Detailing a dependable, organization-wide security metrics maturity model for continuous and measurable improvement
The thought process that goes into making informed decisions with sparse data points, using the described "Lens" method to reduce estimation errors, along with the many other techniques inside, will advance how you run cybersecurity as well as how you measurably improve other types of high-stakes decisions. How to Measure Anything in Cybersecurity Risk shows you nothing is immeasurableincluding your peace of mind.
From the Back Cover
Praise for How to Measure Anything in Cybersecurity Risk
"I am excited to see a new method of risk management emerging from this book. Shifting from purely qualitative judgments and simplifications to a proven quantitative model that leverages measurements and the expertise of security professionals holds the promise for dramatically shifting how we manage cyber risk."
Patrick Heim, head of Trust & Security, Dropbox; former chief trust officer, Salesforce.com
"A refreshing voice of reason in cybersecurity risk management. Richard and Douglas successfully rise above noisy security best practices and flashy methods; practitioners have a lot to gain from the clarity within this book's pages."
Vinnie Liu, partner at Bishop Fox; author of Hacking Exposed; former NSA
"Cybersecurity has become one of the biggest risks facing companies today. There is a need to provide the tools and information for a CISO to become more of a chief information risk officer so they are better able to identify and prioritize risk, allocate resources, and develop effective risk mitigation strategies. This book helps to fill that need."
Steve Katz, the first CISO
"At a time when forecasts tell you a great deal about the forecaster but nothing about the future, comes a practical guide for capturing and articulating risk in the board room with great success."
Tim McKnight, CISO, GE; former CISO, Fidelity
Read reviews that mention
Showing 1-8 of 36 reviews
There was a problem filtering reviews right now. Please try again later.
Fundamental points made by the authors include:
- Experts who claim some elements are purely qualitative and cannot be measured are simply wrong and haven't properly defined what they are trying to measure ye.
- "We don't have enough information to measure this" is a statement that refutes itself, because it claims there IS some threshold of measurement beyond which it can be "measured" -- implying it can be measured now since it can be compared to that imaginary threshold.
- Virtually everything we encounter in any situation has already been measured and has math models for predicting behavior, we just need to figure out what we are trying to measure and find the models for it.
- Claiming "there aren't enough samples for statistical significance" shows the person doesn't understand statistics -- a LOT of useful info can be gleamed from very small samples, and all we need to do is REDUCE uncertainty to be useful, not eliminate it.
The authors guide the read through the entire process of building a gut-level intuition for basic statistical and probabilistic thinking and modeling, allowing readers to immediately stop using vague "hi/med/low" assessments (that are just as full of errors as any mathematical formulation) and start using quantifiable predictions that can be easily improved as more information becomes available.
A great leader once told me that we typically only have about 70% of the information we want to have when the time comes to make a decision. This book helps you increase that number before decision time runs out.
Great work by the authors by moving beyond theory and working to make the advice as practical as possible for the rest of us. Concepts introduced in the book can be put into play on the job tomorrow.
Side note: Don't be intimidated by the stats-heavy portions of the book. The authors and editors have done well to dumb these concepts down enough for the rest of us. Aside from perhaps 3 pages, there is very little math required to implement most of the advice in this book.