- Audible Audio Edition
- Listening Length: 10 hours and 21 minutes
- Program Type: Audiobook
- Version: Unabridged
- Publisher: Audible Studios
- Audible.com Release Date: November 29, 2016
- Language: English
- ASIN: B01MXORDBA
- Amazon Best Sellers Rank:
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
How to Measure Anything in Cybersecurity Risk Audiobook – Unabridged
|New from||Used from|
|Free with your Audible trial|
Customers who bought this item also bought
Would you like to tell us about a lower price?
Top customer reviews
The forward states that "you can't manage something that you cannot measure." The book then goes on to evaluate traditional approaches to measuring cybersecurity risk, proposes improvements to such approaches and introduces more effective approaches and techniques.
These approaches and techniques apply not only to "perimeter defense” mechanisms and “access controls" traditionally associated with cybersecurity – they also apply to data use issues associated with data privacy versus cybersecurity. Recent changes in international data protection laws – which encompass both cybersecurity and data privacy – require that data be transformed into a “protect first” mode rather than remaining in "use first" mode where data remains vulnerable while in use.
The new EU General Data Protection Regulation (GDPR) which goes into effect in 2018, and which includes fines of up to 4% of global revenues for infractions, calls this “protect first" mode "Data Protection by Default." Data Protection by Default under the GDPR requires that techniques be applied at the earliest opportunity (e.g., by pseudonymizing data at the earliest opportunity) so that data use is limited to the minimum extent and time necessary to support a specific product or service as expressly authorized by a data subject.
Data Protection by Default and other “protect first” data protection regimes will require effective measurement of risks so they can be effectively implemented and managed. For these reasons, this book should be on the reading list of both cybersecurity as well as data protection professionals.
That being said, the book is in my library and it does have useful new analytical material.
Particularly good is the explanation of the notion that mostly everything is some measure of something. Case in point: in a recent meeting I asked my colleagues to rate something Low Mod High. Someone objected that that was 'so subjective'. My reply was Yes, but at least we will know what people think subjectively, and also - you know - we can train to be better estimators...it's in the book and that's a major contribution.
So, like I wrote to Mr. Hubbard when he rightly pushed back on my original 3 stars / re-hash but good review, he's correct: the book has a lot more than just a rehash; I stand corrected.