This book presents real solutions for assessing cybersecurity risk by skillfully applying the quantitative language of risk analysis to information security. It simplifies the complexity of quantifying uncertainty and sheds light on matters with little data or seemingly intangible goals—and dispels long-held beliefs about cybersecurity practices as well as provides authoritative guidance to solving problems by measuring risk. The book provides practical guide to better risk assessment by describing a very simple quantitative solution, building on it with more advanced methods, and providing detailed advice for choosing the one that best fits the reader’s needs.
New to this edition will be a new case example, some new simple measurement/estimation methods (e.g., pseudo-random number generator and the new methods for combining expert opinion), and a discussion of some objections to quantitative methods. In addition two new chapters will be added: (1) advanced Bayesian methods and (2) practical roll-out of a program from ground zero to maturity.-
Free Shipping on all Orders Over $35!*
*excludes Marketplace items.
Downloadable: Lifetime Access
We're Sorry
Sold Out
This item is being sold by an Individual Seller and will not ship from the Online Bookstore's warehouse. The Seller must confirm the order within two business days. If the Seller refuses to sell or fails to confirm within this time frame, then the order is cancelled.
Please be sure to read the Description offered by the Seller.
Summary
Author Biography
DOUGLAS W. HUBBARD is the inventor of the Applied Information Economics (AIE) method and the founder of Hubbard Decision Research. He is an internationally recognized expert in the area of decision analysis.
RICHARD SEIERSEN is the Chief Risk Officer of Resilience, a cyberinsurance firm. He is the former Chief Information Security Officer at LendingClub, Twilio, and GE Healthcare and Co-founder of the cloud native security company Soluble – sold to Lacework in 2021.
Table of Contents
Foreword for the Second Edition Jack Jones ix
Acknowledgments xiii
Preface xv
Introduction 1
Part I Why Cybersecurity Needs Better Measurements for Risk 5
Chapter 1 The One Patch Most Needed in Cybersecurity 7
Chapter 2 A Measurement Primer for Cybersecurity 21
Chapter 3 The Rapid Risk Audit: Starting With a Simple Quantitative Risk Model 43
Chapter 4 The Single Most Important Measurement in Cybersecurity 73
Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk 101
Part II Evolving the Model of Cybersecurity Risk 133
Chapter 6 Decompose It: Unpacking the Details 135
Chapter 7 Calibrated Estimates: How Much Do You Know Now? 155
Chapter 8 Reducing Uncertainty with Bayesian Methods 183
Chapter 9 Some Powerful Methods Based on Bayes 193
Part III Cybersecurity Risk Management for the Enterprise 231
Chapter 10 Toward Security Metrics Maturity 233
Chapter 11 How Well Are My Security Investments Working Together? 257
Chapter 12 A Call to Action: How to Roll Out Cybersecurity Risk Management 277
Appendix A Selected Distributions 289
Appendix B Guest Contributors 297
Index 327
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.