Skip to content
FREE SHIPPING ON ALL DOMESTIC ORDERS $35+
FREE SHIPPING ON ALL US ORDERS $35+
How to Measure Anything in Cybersecurity Risk - Hardcover | Diverse Reads

How to Measure Anything in Cybersecurity Risk

Availability:
in stock, ready to be shipped
Save 15% Save 15%
$60.00
$60.00 - $60.00
$60.00
$50.99
$50.99 - $50.99
$50.99
A start-to-finish guide for realistically measuring cybersecurity risk

In the newly revised How to Measure Anything in Cybersecurity Risk, Second Edition, a pioneering information security professional and a leader in quantitative analysis methods delivers yet another eye-opening text applying the quantitative language of risk analysis to cybersecurity. In the book, the authors demonstrate how to quantify uncertainty and shed light on how to measure seemingly intangible goals. It's a practical guide to improving risk assessment with a straightforward and simple framework.

Advanced methods and detailed advice for a variety of use cases round out the book, which also includes:

  • A new “Rapid Risk Audit” for a first quick quantitative risk assessment.
  • New research on the real impact of reputation damage
  • New Bayesian examples for assessing risk with little data
  • New material on simple measurement and estimation, pseudo-random number generators, and advice on combining expert opinion

Dispelling long-held beliefs and myths about information security, How to Measure Anything in Cybersecurity Risk is an essential roadmap for IT security managers, CFOs, risk and compliance professionals, and even statisticians looking for novel new ways to apply quantitative techniques to cybersecurity.

ISBN-13: 9781119892304

Media Type: Hardcover(2nd ed.)

Publisher: Wiley

Publication Date: 04-11-2023

Pages: 368

Product Dimensions: 6.20(w) x 9.20(h) x 1.30(d)

DOUGLAS W. HUBBARD is the inventor of the Applied Information Economics (AIE) method and the founder of Hubbard Decision Research. He is an internationally recognized expert in the area of decision analysis. RICHARD SEIERSEN is the Chief Risk Officer of Resilience, a cyberinsurance firm. He is the former Chief Information Security Officer at LendingClub, Twilio, and GE Healthcare and Co-founder of the cloud native security company Soluble – sold to Lacework in 2021.

Read an Excerpt

Click to read or download

Table of Contents

Foreword Daniel E. Geer, Jr. ix

Foreword Stuart McClure xi

Acknowledgments xiii

About the Authors xv

Introduction 1

PART I WHY CYBERSECURITY NEEDS BETTER MEASUREMENTS FOR RISK 5

CHAPTER 1 The One Patch Most Needed in Cybersecurity 7

CHAPTER 2 A Measurement Primer for Cybersecurity 19

CHAPTER 3 Model Now!: An Introduction to Practical Quantitative Methods for Cybersecurity 35

CHAPTER 4 The Single Most Important Measurement in Cybersecurity 55

CHAPTER 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk 81

PART II EVOLVING THE MODEL OF CYBERSECURITY RISK 111

CHAPTER 6 Decompose It: Unpacking the Details 113

CHAPTER 7 Calibrated Estimates: How Much Do You Know Now—133

CHAPTER 8 Reducing Uncertainty with Bayesian Methods 157

CHAPTER 9 Some Powerful Methods Based on Bayes 169

PART III CYBERSECURITY RISK MANAGEMENT FOR THE ENTERPRISE 197

CHAPTER 10 Toward Security Metrics Maturity 199

CHAPTER 11 How Well Are My Security Investments Working Together? 213

CHAPTER 12 A Call to Action: How to Roll Out Cybersecurity Risk Management 229

APPENDIX A Select Distributions 239

APPENDIX B Guest Contributors 247

Index 269