How to Measure Anything in Cybersecurity Risk *Kindle
A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques. Read more
Download Now
Why Must Read How to Measure Anything in Cybersecurity Risk?
I was assigned this as one of the texts for a graduate-level seminar in cybersecurity and cyberwarfare economic risk analysis. This book is remarkable in that it presents a clear framework for "non-mathies" to become statistically literate enough to debunk common misconceptions and move beyond the standard qualitative "stoplight chart" style risk matrix charts into true quantifiable probabilities. The authors hold the readers hand each step of the way, beginning with a simple 3-step process to easily replace the standard stoplight risk matrix with actual quantifiable numbers. Fundamental points made by the authors include: - Experts who claim some elements are purely qualitative and cannot be measured are simply wrong and haven't properly defined what they are trying to measure ye. - "We don't have enough information to measure this" is a statement that refutes itself, because it claims there IS some threshold of measurement beyond which it can be "measured" -- implying it can be measured now since it can be compared to that imaginary threshold. - Virtually everything we encounter in any situation has already been measured and has math models for predicting behavior, we just need to figure out what we are trying to measure and find the models for it. - Claiming "there aren't enough samples for statistical significance" shows the person doesn't understand statistics -- a LOT of useful info can be gleamed from very small samples, and all we need to do is REDUCE uncertainty to be useful, not eliminate it. The authors guide the read through the entire process of building a gut-level intuition for basic statistical and probabilistic thinking and modeling, allowing readers to immediately stop using vague "hi/med/low" assessments (that are just as full of errors as any mathematical formulation) and start using quantifiable predictions that can be easily improved as more information becomes available. A great leader once told me that we typically only have about 70% of the information we want to have when the time comes to make a decision. This book helps you increase that number before decision time runs out.
Read Now