How to Measure Anything in Cybersecurity Risk 2nd Edition by Douglas W Hubbard, RICHARD SEIERSEN ISBN 9781119892304 1119892309

How to Measure Anything in Cybersecurity Risk 2nd Edition by Douglas W Hubbard, RICHARD SEIERSEN – Ebook PDF Instant Download/Delivery: 9781119892304 ,1119892309
Full download How to Measure Anything in Cybersecurity Risk 2nd Edition after payment

Product details:
ISBN 10: 1119892309
ISBN 13: 9781119892304
Author: Douglas W Hubbard, RICHARD SEIERSEN

A start-to-finish guide for realistically measuring cybersecurity risk

In the newly revised How to Measure Anything in Cybersecurity Risk, Second Edition, a pioneering information security professional and a leader in quantitative analysis methods delivers yet another eye-opening text applying the quantitative language of risk analysis to cybersecurity. In the book, the authors demonstrate how to quantify uncertainty and shed light on how to measure seemingly intangible goals. It’s a practical guide to improving risk assessment with a straightforward and simple framework.

Advanced methods and detailed advice for a variety of use cases round out the book, which also includes:

• A new “Rapid Risk Audit” for a first quick quantitative risk assessment.
• New research on the real impact of reputation damage
• New Bayesian examples for assessing risk with little data
• New material on simple measurement and estimation, pseudo-random number generators, and advice on combining expert opinion

Dispelling long-held beliefs and myths about information security, How to Measure Anything in Cybersecurity Risk is an essential roadmap for IT security managers, CFOs, risk and compliance professionals, and even statisticians looking for novel new ways to apply quantitative techniques to cybersecurity.

How to Measure Anything in Cybersecurity Risk 2nd Edition Table of contents:

PART I: Why Cybersecurity Needs Better Measurements for Risk

CHAPTER 1: The One Patch Most Needed in Cybersecurity

Insurance: A Canary in the Coal Mine

The Global Attack Surface

The Cyber Threat Response

A Proposal for Cybersecurity Risk Management

Notes

CHAPTER 2: A Measurement Primer for Cybersecurity

The Concept of Measurement

A Taxonomy of Measurement Scales

The Object of Measurement

The Methods of Measurement

Notes

CHAPTER 3: The Rapid Risk Audit

The Setup and Terminology

The Rapid Audit Steps

Some Initial Sources of Data

The Expert as the Instrument

Supporting the Decision: Return on Controls

Doing “Uncertainty Math”

Visualizing Risk With a Loss Exceedance Curve

Where to Go from Here

Notes

CHAPTER 4: The Single Most Important Measurement in Cybersecurity

The Analysis Placebo: Why We Can’t Trust Opinion Alone

How You Have More Data than You Think

When Algorithms Beat Experts

Tools for Improving the Human Component

Summary and Next Steps

Notes

CHAPTER 5: Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk

Scanning the Landscape: A Survey of Cybersecurity Professionals

What Color Is Your Risk? The Ubiquitous—and Risky—Risk Matrix

Exsupero Ursus and Other Fallacies

Communication and Consensus Objections

Conclusion

Notes

PART II: Evolving the Model of Cybersecurity Risk

CHAPTER 6: Decompose It

Decomposing the Simple One‐for‐One Substitution Model

More Decomposition Guidelines: Clear, Observable, Useful

A Hard Decomposition: Reputation Damage

Conclusion

Notes

CHAPTER 7: Calibrated Estimates

Introduction to Subjective Probability

Calibration Exercise

More Hints for Controlling Overconfidence

Conceptual Obstacles to Calibration

The Effects of Calibration

Beyond Initial Calibration Training: More Methods for Improving Subjective Judgment

Notes

Answers to Trivia Questions for Calibration Exercise

CHAPTER 8: Reducing Uncertainty with Bayesian Methods

A Brief Introduction to Bayes and Probability Theory

An Example from Little Data: Does Multifactor Authentication Work?

Other Ways Bayes Applies

Notes

CHAPTER 9: Some Powerful Methods Based on Bayes

Computing Frequencies with (Very) Few Data Points: The Beta Distribution

Decomposing Probabilities with Many Conditions

Reducing Uncertainty Further and When to Do It

More Advanced Modeling Considerations

Wrapping Up Bayes

Notes

PART III: Cybersecurity Risk Management for the Enterprise

CHAPTER 10: Toward Security Metrics Maturity

Introduction: Operational Security Metrics Maturity Model

Sparse Data Analytics

Functional Security Metrics

Functional Security Metrics Applied: BOOM!

Wait‐Time Baselines

Security Data Marts

Prescriptive Analytics

Notes

CHAPTER 11: How Well Are My Security Investments Working Together?

Security Metrics with the Modern Data Stack

Modeling for Security Business Intelligence

Addressing BI Concerns

Just the Facts: What Is Dimensional Modeling, and Why Do I Need It?

Dimensional Modeling Use Case: Advanced Data Stealing Threats

Modeling People Processes

Conclusion

Notes

CHAPTER 12: A Call to Action

Establishing the CSRM Strategic Charter

Organizational Roles and Responsibilities for CSRM

Getting Audit to Audit

What the Cybersecurity Ecosystem Must Do to Support You

Integrating CSRM with the Rest of the Enterprise

Can We Avoid the Big One?

APPENDIX A: Selected Distributions

Distribution Name: Triangular

Distribution Name: Binary

Distribution Name: Normal

Distribution Name: Lognormal

Distribution Name: Beta

Distribution Name: Power Law

APPENDIX B: Guest Contributors

Appendix B Contents

Decision Analysis to Support Ransomware Cybersecurity Risk Management

Bayesian Networks: One Solution for Specific Challenges in Building ML Systems in Cybersecurity

The Flaw of Averages in Cyber Security

Password Hacking

How Catastrophe Modeling Can Be Applied to Cyber Risk

Index

People also search for How to Measure Anything in Cybersecurity Risk 2nd Edition:

borrow how to measure anything in cybersecurity risk
    
how to measure anything in cyber risk
    
how to measure anything in cyber security
    
how to measure anything in cybersecurity pdf
    
measure anything in cybersecurity

Tags: Douglas W Hubbard, RICHARD SEIERSEN, Measure Anything, Cybersecurity Risk