How to Measure Anything in Cybersecurity Risk (eBook)
368 Seiten
Wiley (Verlag)
978-1-119-89232-8 (ISBN)
A start-to-finish guide for realistically measuring cybersecurity risk
In the newly revised How to Measure Anything in Cybersecurity Risk, Second Edition, a pioneering information security professional and a leader in quantitative analysis methods delivers yet another eye-opening text applying the quantitative language of risk analysis to cybersecurity. In the book, the authors demonstrate how to quantify uncertainty and shed light on how to measure seemingly intangible goals. It's a practical guide to improving risk assessment with a straightforward and simple framework.
Advanced methods and detailed advice for a variety of use cases round out the book, which also includes:
- A new 'Rapid Risk Audit' for a first quick quantitative risk assessment.
- New research on the real impact of reputation damage
- New Bayesian examples for assessing risk with little data
- New material on simple measurement and estimation, pseudo-random number generators, and advice on combining expert opinion
Dispelling long-held beliefs and myths about information security, How to Measure Anything in Cybersecurity Risk is an essential roadmap for IT security managers, CFOs, risk and compliance professionals, and even statisticians looking for novel new ways to apply quantitative techniques to cybersecurity.
DOUGLAS W. HUBBARD is the inventor of the Applied Information Economics (AIE) method and the founder of Hubbard Decision Research. He is an internationally recognized expert in the area of decision analysis.
RICHARD SEIERSEN is the Chief Risk Officer of Resilience, a cyberinsurance firm. He is the former Chief Information Security Officer at LendingClub, Twilio, and GE Healthcare and Co-founder of the cloud native security company Soluble - sold to Lacework in 2021.
A start-to-finish guide for realistically measuring cybersecurity risk In the newly revised How to Measure Anything in Cybersecurity Risk, Second Edition, a pioneering information security professional and a leader in quantitative analysis methods delivers yet another eye-opening text applying the quantitative language of risk analysis to cybersecurity. In the book, the authors demonstrate how to quantify uncertainty and shed light on how to measure seemingly intangible goals. It's a practical guide to improving risk assessment with a straightforward and simple framework. Advanced methods and detailed advice for a variety of use cases round out the book, which also includes: A new "e;Rapid Risk Audit"e; for a first quick quantitative risk assessment. New research on the real impact of reputation damage New Bayesian examples for assessing risk with little data New material on simple measurement and estimation, pseudo-random number generators, and advice on combining expert opinion Dispelling long-held beliefs and myths about information security, How to Measure Anything in Cybersecurity Risk is an essential roadmap for IT security managers, CFOs, risk and compliance professionals, and even statisticians looking for novel new ways to apply quantitative techniques to cybersecurity.
DOUGLAS W. HUBBARD is the inventor of the Applied Information Economics (AIE) method and the founder of Hubbard Decision Research. He is an internationally recognized expert in the area of decision analysis. RICHARD SEIERSEN is the Chief Risk Officer of Resilience, a cyberinsurance firm. He is the former Chief Information Security Officer at LendingClub, Twilio, and GE Healthcare and Co-founder of the cloud native security company Soluble - sold to Lacework in 2021.
Foreword for the Second Edition Jack Jones ix
Acknowledgments xiii
Preface xv
Introduction 1
Part I Why Cybersecurity Needs Better Measurements for Risk 5
Chapter 1 The One Patch Most Needed in Cybersecurity 7
Chapter 2 A Measurement Primer for Cybersecurity 21
Chapter 3 The Rapid Risk Audit: Starting With a Simple Quantitative Risk Model 43
Chapter 4 The Single Most Important Measurement in Cybersecurity 73
Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk 101
Part II Evolving the Model of Cybersecurity Risk 133
Chapter 6 Decompose It: Unpacking the Details 135
Chapter 7 Calibrated Estimates: How Much Do You Know Now? 155
Chapter 8 Reducing Uncertainty with Bayesian Methods 183
Chapter 9 Some Powerful Methods Based on Bayes 193
Part III Cybersecurity Risk Management for the Enterprise 231
Chapter 10 Toward Security Metrics Maturity 233
Chapter 11 How Well Are My Security Investments Working Together? 257
Chapter 12 A Call to Action: How to Roll Out Cybersecurity Risk Management 277
Appendix A Selected Distributions 289
Appendix B Guest Contributors 297
Index 327
| Erscheint lt. Verlag | 5.4.2023 |
|---|---|
| Sprache | englisch |
| Themenwelt | Wirtschaft ► Betriebswirtschaft / Management |
| Schlagworte | Business & Management • Business Statistics & Math • Computer Science • Computer Security & Cryptography • Computersicherheit • Computersicherheit u. Kryptographie • Informatik • Wirtschaftsmathematik • Wirtschaftsmathematik u. -statistik • Wirtschaft u. Management |
| ISBN-10 | 1-119-89232-5 / 1119892325 |
| ISBN-13 | 978-1-119-89232-8 / 9781119892328 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 5,6 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
